chameleon

Basically yes. Rancher Desktop sets up K3s in a VM and gives you a kubectl, docker and a few other binaries preconfigured to talk to that VM. K3s is just a lightweight all-in-one Kubernetes distro that’s relatively easy to set up (of course, you still have to learn Kubernetes so it’s not really easy, just skips the cluster setup).

Most paid certs aren’t worth much anyway. Payment and delivery info for DV certs isn’t validated by anyone, it’s literally the same concept as Let’s Encrypt. OV and EV are the only ones that theoretically have any value, but nobody is using those ever since they got rid of the URL bar labeling; even Amazon is on DV nowadays.

The main reason many sub-communities are stuck on Telegram (and Discord) are the public group chat/broadcast channel related features. Signal still has a 1000 member group size limit, which is more than enough for a “group DM” but mostly useless for groups with publicly posted invite links. Those same groups would also much rather have functional scrollback/search on join instead of encryption.

Gonna add a dissenting “maybe but not really”. YT is really aggressive on this kinda stuff lately and the situation is changing month by month. YT has multiple ways of flagging your IP as potentially problematic and as soon as you get flagged you’re going to end up having to run quite an annoying mess of scripts that may or may not last in the long term. There’s some instructions in a stickied issue on the Invidious repo.

My dotfiles aren’t distro-specific because they’re symlinks into a git repo (or tarball) + a homegrown shell script to make them, and that’s about the end of it.

My NixOS configuration is split between must-have CLI tools/nice-to-have CLI tools/hardware-related CLI tools/GUI tools and functions as a suitable reference for non-Nix distros, even having a few comments on what the package names are elsewhere, but installation is ultimately still manual.

It’s absolutely not the case that nobody was thinking about computer power use. The Energy Star program had been around for around 15 years at that point and even had an EU-US agreement, and that was sitting alongside the EU’s own energy program. Getting an 80Plus-certified power supply was already common advice to anyone custom-building a PC which was by far the primary group of users doing Bitcoin mining before it had any kind of mainstream attention. And the original Bitcoin PDF includes the phrase “In our case, it is CPU time and electricity that is expended.”, despite not going in-depth (it doesn’t go in-depth on anything).

The late 00s weren’t the late 90s where the most common OS in use did not support CPU idle without third party tooling hacking it in.

Elixir, or Gleam/pure Erlang/some other Erlang VM language. I think Erlang is extremely cool and I’ve enjoyed the little time I spent with Elixir. I also have absolutely no use case to make proper use of it.

Eh. I’ve been on the receiving end of one of those inboxes and the spam is absolutely, utterly unbearable. Coming up with a better system than a publicly listed email address is on Google at this point, because there is no reasonable way to provide support when you need a spam filter tuned up to such a level that all legitimate mail also ends up in spam.

Personally, I do believe that rootless Docker/Podman have a strong enough security boundary for personal/individual self-hosting where you have decent trust in the software you’re running. Linux privilege escalation and container escape exploits fetch decent amounts of money on the exploit market, and nobody’s gonna waste them on some people running software ending in *arr when Zerodium will pay five figures for a local privilege escalation or container escape. If you’re running a business or you might be targeted for whatever reason (journalist or whatever) then that doesn’t apply.

If you want more security, there are container runtimes that do cooler security stuff under the hood, like Firecracker/Kata Containers implementing a managed VM, or Google’s gVisor which very strongly intercepts kernel syscalls and essentially reimplements Linux in userspace. Those are used by AWS and Google Cloud respectively. You can integrate those into Docker, though not all networking/etc options are supported.

For that card, you probably have to set the radeon.si_support=0 amdgpu.si_support=1 kernel options to allow amdgpu to work. I don’t have a TrueNAS system laying around so I don’t know what the idiomatic way to change them is.

Using amdgpu on that card has been considered experimental ever since it was added like 6 years ago, and nobody has invested any real efforts to stabilize it. It’s entirely possible that amdgpu on that card is simply never gonna work. But yeah I think the radeon driver isn’t really fully functional anymore either, so I guess it’s worth a shot…

Company offering new-age antivirus solutions, which is to say that instead of being mostly signature-based, it tries to look at application behavior instead. If Word was exploited because some user opened not_a_virus_please_open.docx from their spam folder, Word might be exploited and end up running some malware that tries to encrypt the entire drive. It’s supposed to sniff out that 1. Word normally opens and saves like one document at a time and 2. some unknown program is being overly active. And so it should stop that and ring some very loud alarm bells at the IT department.

Basically they doubled down on the heuristics-based detection and by that, they claim to be able to recognize and stop all kinds of new malware that they haven’t seen yet. My experience is that they’re always the outlier on the top-end of false positives in business AV tests (eg AV-Comparatives Q2 2024) and their advantage has mostly disappeared since every AV has implemented that kind of behavior-based detection nowadays.

.eu has custom rules for whois. You’re not allowed to use privacy/proxy services for anything other than the mandatory publicly shown email field, but for domains registered by an individual, that email field and the user’s preferred language are the only things displayed. They’ve had those rules even prior to GDPR.

For the debugging thing on Linux, the major tunable is kernel.yama.ptrace_scope.

vim has better default keybindings/commands that allow for less movement of your hands. Nowadays, in reasonably current versions of nano, that’s mostly it. The main difference is nano is somewhat usable but extremely inefficient unless you learn it, while vim forces you to learn it to get anything done at all, which also pushes people to spend a bit of time learning it in general.

If you’re sure of the numbers you’re using, vim’s ability to repeat commands is also helpful. In practice I find that it’s really hard to make use of them beyond low numbers, where nano can still achieve things in similar amounts of keypresses. Eg something to delete 3 words like <escape>3dwi can be done similar with a sequence like Alt-A ^→ ^→ ^→ ^K in nano. Make it 20 words and nano is going to be a lot slower, but that’s quite an uncommon action.

But the practice is that nano users don’t spend time learning any of that and just hold delete until the words are gone, which takes forever. Everyone that can do basics in vim quickly learns that you can dw words away and make it 3dw to delete 3 of them. The default, easiest to use & access tool for any given situation gets blamed not just for its flaws, but also for the users that don’t want to spend time learning any tool.

qalculate. It’s a calculator. A good one, though. You can put in 2 * x = 5.5 or 100 inches to meters and get an answer, it loads fast, it keeps history, the arrow keys work and it has all the fancy scientific buttons you’d ever want too.