Tailscale. Create an account, put the client on the LAN device, put the client on the remote device, log in on both, you’re done. It bypasses NAT, CGNAT, and the firewall through some UDP black magic fuckery. As long as the router allows outgoing connections, it will work.

If the factory resets cause the router to lose connection to the ISP, though, then nothing will work.

Tailscale Funnel will let you expose a host to everyone on the internet. You’ll need the Tailscale client running on either the Jellyfin host or a reverse proxy pointing to it. Tailscale itself will act as a reverse proxy with TLS encryption, plus a DNS server.

Exposing a service to the internet will always present some risk. You should definitely run your LXCs as unprivileged, unless needed otherwise, to mitigate the potential damage if an attacker escapes the container, or put the services in full virtual machines.

external access

Do you want the Jellyfin server to be accessible from only within your tailnet, or anywhere from the internet?

Simply dual-booting is viable. My Win10 + Arch worked well for over a year. If you’re worried about Windows Update nuking the EFI partition, you can clone a backup of just that partition (dd or a dedicated tool like Clonezilla) that you can then restore from a live environment if needed. Another option, if the disk becomes unbootable, is to boot into a live environment from a USB stick and simply reinstall GRUB into the EFI partition.

(edit) It’s also a good idea to reduce the frequency of forced updates. You can do that using WinUtil.

By looking.

The “before” is me in 2021 when I first experienced KDE Plasma’s customizability.

The “after” is me today, suffering with QML and Javascript because I must create my perfect Quickshell or I will fucking die.

You need two separate SSDs. One for Linux, one for Windows.

• Install Linux on SSD-A. Make sure it has an EFI system partition with a bootloader in it (GRUB, systemd-boot, REFInd), don’t use an efistub. If the installer is done, disconnect the SSD to be safe.
• Install Windows on SSD-B with the desired updates. It will create its own EFI partition.
  • Optionally, you can create a separate NTFS volume for your C:\Users so you don’t have to mount the entire system on Linux if you need to access your files.
• Boot into Windows. Use a tool to completely disable the updates. I use WinUtil by Chris Titus.
• Reconnect SSD-A.
• Boot and enter the firmware configuration. In the boot device list, make sure SSD-A has a much higher priority than SSD-B! You can even remove SSD-B from the bootable devices.
• Boot into Linux. In the bootloader configuration, create an entry that targets the Windows C: volume on SSD-B.
  • Alternatively, you can just use the firmware’s boot menu to boot from SSD-B.

Done. If you need to update Windows, physically disconnect SSD-A and boot from SSD-B.

Do what they did with Thunderbird. https://blog.thunderbird.net/2023/05/thunderbird-is-thriving-our-2022-financial-report/

So why is Mozilla shoving AI garbage nobody asked for into Firefox? I seriously doubt that their severely overpaid execs don’t have some kind of profit incentive.

They did not, in fact, get away with it.

The Linux user is still picking out the distro.

I think you forgot level 6: happily growing crops and raising chickens on a remote farm where the most high-tech device for miles is a rotary hoe.

TORVALDS is a powerful Great Prince of Hell who has 618 legions of demons under his command. He gives true answers of all things past, present, and yet to come; he reveals the secrets and source of the kernel if asked; and he grants to the conjurer power and authority over devices and binds them to the conjurer’s will.

The issue was ARP-related after all. Since all computers were cloned from the same image, the VMs ended up having the same MAC address, which caused collisions.

I think you need four distinct MAC addresses for this setup, are they all different?

We have a winner!

The classroom computers were mass-deployed using Clonezilla, from a disk image that already had the VM pre-configured. As a result, every VM had the same MAC address. Bridged networking put both hosts and both VMs in the same broadcast domain, which caused collisions in the ARP tables. I randomized the MAC address of one VM and everything suddenly started working.

It’s never been an issue since we’ve never needed to use anything other than the default NAT adapter, so I’ve never even questioned it. I found the solution after plugging the computers directly into an access switch without success, and cross-checking show mac address-table with the MAC reported by the VMs revealed that they were identical.

I checked ip neighbour (it also shows the ARP table, so I assume they’re identical), and it showed REACHABLE and STALE for addresses I could ping, but FAILED for the remote VM’s address. I will check arp -a when I get the chance, though.

Something about child processes, maybe?

Even HDR is still “beta” on KDE iirc.

That’s a weird comparison because HDR is never going to happen on X.org (nor probably in the X11 protocol or clients). Wayland is being actively developed and the developers took it from something that can be made to work with some effort and some concessions to something that will reliably work in most cases. The year isn’t 1987 – software isn’t being written by nerds for nerds who can tinker and fix issues or add new features as a patchwork of unmaintainable code.

My home PC, about once a week, or whenever I have to install new software. My work PC, about once a month because the nvidia driver takes fucking ages to update because of DKMS.

As for the servers under my professional care… it depends. Most of the servers that I made run Debian that I update three times a year whenever the downtime is acceptable for the university (spring break, late summer, early december) or if a CVE needs fixing (e.g. xz-utils). One internet-facing server that I inherited still runs Ubuntu 16.04 because some teachers can’t possibly live without some legacy software and will throw a tantrum if upgrading is even mentioned – that one gets zero updates, and I got the dean’s promise in writing that I wouldn’t be held responsible for it.

The big virtualization server still runs ESXi 6 because the university didn’t want to pay for a lifetime license when it was available, doesn’t want to pay for a subscription now, and doesn’t want the downtime required to fully migrate to Proxmox VE. So it gets no updates. Plus it has a bad SSL cert and I need Chromium’s thisisunsafe to bypass the error.

It’s fucking rough out here.