The main issue you’ll run into is nicher proprietary software being hard to install, but that’s what containers are for. The main one I see is if you need to install some proprietary VPN client it gets annoying, but since you’ll be running a VM anyway you can do some network trickery. My work’s antivirus only works on Ubuntu and RHEL, proprietary kernel modules so it’s got to be at least one of those kernels.

Linux is Linux, nothing’s impossible to solve even with Bazzite’s immutability. Worst comes to worst you make your own images and it’s not that hard, you basically just fork it on GitHub and let the CI do its thing.

But do you have time to fiddle to make it work and take the risk, or do you want to play it safe? How confident are you with Bazzite’s more advanced topics?

Gotta condition americans to the norm of guilty until proven innocent early!

And hopefully ad blockers too.

It’s been a while, but I believe you do need the annoying new XML/SVG thing as it also doubles as the splash screen animation when you open an app as well. You can embed a PNG in those but vector is preferred because of screen resolutions.

Wishing you great success with your app, disabilities are wildly underserved especially in open-source.

Wine has always done that, last seen on Plasma 5 (I switched to Wayland with Plasma 6), and I remember that being a thing way back in 2007 too. Valved patched the scaling in Proton as well I believe so that might be why it didn’t do that.

It behaves how fullscreen apps work on Windows, takes over your whole display and messes with the resolution and all.

It’s supposed to scale correctly, but otherwise Gamescope will take care of that particular issue.

Kinda annoying on Xorg when the game just decides my screen should be 800x600 and then proceeds to crash and leave me at 800x600 on a 4K display with scaling set to 200%.

It seems to have picked up “circle” as the distro. You’ll need to replace that with the matching Ubuntu or Debian version of what this version of ElementaryOS is.

It’s derived by both a key from the TEE and the PIN/password.

The reason for that is so you need both the user’s correct password, and the TEE to agree to hand out the key, which it may refuse to do if there’s been too many attempts. When you factory reset it just generates a new key, instantly making all the previous data permanently inaccessible. The TEE will also wipe the key if you unlock the bootloader or try to break in the wrong way.

It’s still only roadblocks though, extract the key from the TEE and you have unlimited attempts on what are usually weak 4-6 digit PINs. It’s not a lot of tries. Then you better hope you had a good password.

Biometrics are worst than a pin in a situation where your phone us hooked up to Cellebrite, because most likely they can just take your fingerprints, or make you press the sensor by force. Or even worse with facial recognition, because they can just wave the phone in front of you to unlock it.

It’s generally not super good otherwise either, at least not as a reliable way to derive an encryption key while being tolerant enough to damaged skin and positioning and all.

Biometrics are a good compromise for daily convenience: most people care about if they lose their phones or it gets stolen, and a thief will just factory reset it and flip it especially of the full qwerty keyboard pops up. Biometrics are still usually backed by a PIN or password, so biometrics makes it bearable to use a strong password since you only need to enter it once every couple days. And that password is the encryption key, so in BFU state you’re safe.

What do you want the UI for? For configuration it’s usually meh because it’s the kind of thing you configure by config file, often generated config files even. For stats it’s where it gets interesting, usually third-party options like Grafana is used along with something like Prometheus to collect the metrics.

When it comes to easy configuration, newer options go for the zero configuration angle rather than a nice UI to configure it. Just need some Docker tags and Traefik automagically configures itself, so the UI is just for viewing information.

I don’t remember the exact details but it didn’t work right. That was arguably a couple years ago on a server distro approaching EOL, may have been long fixed. It involved Android 4.4.

Few of them for most use cases, especially a VPS. My server have a couple of IPs each mapping to a different VM, they can all claim 22/80/443 as you’d expect, but that’s just basically the same as having a bunch of VPSes anyway.

It’s useful for some other uses like, I might want to dedicate an IP for VPN exit that doesn’t expose any services.

Another use is sometimes you just want two things to stay entirely separate, even if on a technical level it could work with a reverse proxy. It can eliminate some class of exploits like request smuggling.

One use case I’ve had for a customer is they have a system that can only do TLSv1.0, which is wildly obsolete and exploitable. So that particular API endpoint was served from a secondary IP, that way I can continue to enforce TLSv1.2+ on the primary IP. It’s possible with some reverse proxy magic with HAproxy, but I could also just make a new server block in the existing NGINX bound to that IP and call it a day.

I think that’s what Friendica is supposed to be, decentralized Facebook.

The performance is a good point. You can do the striped mirror with ZFS too and still get the advantages of ZFS.

I think you can do all of that through the Proxmox UI, but it shouldn’t be too hard to do on the CLI either. You just make two mirror sets and you’re good to go. ZFS should automatically distribute the load across the two mirrors.

I’d probably do RAID-Z with ZFS rather than RAID10, better space utilization and better error correction. Should be able to easily set that up in the Proxmox web UI.

Everything else sounds good. Don’t worry too much about it, you will find things you wish you did differently regardless, that’s part of the learning experience.

The graph suggests it started declining well before AI became mainstream. I’m sure it accelerates it, but it had already long peaked.

Maybe, just maybe, most of the big questions have been asked and answered already.

These days when I look something up it’s been answered like 8 years ago, and the answer is still valid. And they aggressively mark questions as dupes, so people aren’t opening too many repeat questions.

LDAC works just fine on Linux, but may be a different package or repo since it’s somewhat proprietary. Just worked out of the box for me on Arch.

You can return multiple A/AAAA records for the root, the TLD delegates the whole thing to your nameservers and it’s free to return whatever you want. Registrars actually do let you set records on the TLD’s zone, it’s called glue records and they’re typically used to solve the nameserver chicken and egg problem where you might want to be your own nameservers. Mine’s set that way:

~ $ drill NS max-p.me
;; ->>HEADER<<- opcode: QUERY, rcode: NOERROR, id: 32318
;; flags: qr rd ra ; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;; max-p.me.    IN      NS

;; ANSWER SECTION:
max-p.me.       3600    IN      NS      ns2.max-p.me.
max-p.me.       3600    IN      NS      ns1.max-p.me.

The me registrar will give you the IP for those two so you can then ask my server for where max-p.me really is.

The bigger issue is usually there’s a bunch of stuff under your root domain like MX records, TXT records, potentially subdomains. That’s a huge problem if you need to CNAME the root to a hosting provider, as the CNAME will forward the entire domain including MX and TXT records. Cloudflare sort of works around that with server side flattening of CNAMEs, but that’s not standard. But if you have a www subdomain, then it’s a complete non-issue. And really, do you want to delegate your MX records to WP Engine?

The main reason people went without the www is the good old “it looks cooler and shorter” while ignoring all the technical challenges its brings, and that’s probably why browsers now hide the www so that website designers don’t have to do this atrocity.

want someone to prove his LLM can be as insightful and accurate as paid one.

The full DeepSeek model is available for download, and should generate about the same quality answers as the official one, with the bonus of less censorship. I pretty trivially got it to talk about the Tiananmen Square, and they can’t even ban me for it.

That said, that’s rarely the point. It’s usually because you can, a cost saving measure, sometimes you plainly just don’t need a good model, sometimes you want privacy, sometimes you need privacy at the cost of quality.

If your business is shoving customer reviews into a model, you really don’t need the best model for it to tell you how angry the customer is.

Personally I just do it for fun and because I can. Sometimes you just do things for no other reason than because you can.