Solar Bear

Your example of Ubuntu being a good desktop is a web service run by Canonical that is relevant to maybe 1% of users, if not less?

Look, I’m happy that it works great for your use case. But this doesn’t matter to most users, and it’s also not even intrinsic to Ubuntu itself. OpenSUSE also has fantastic build services. Basically all major git services do too.

The counter to low-quality “Ubuntu sux” posts is not low quality “nuh uh it’s actually super epic!!!” posts, but that’s all we ever get. I’ve seen this pattern for probably fifteen years now, and it’s exhausting. If you don’t care about the criticisms and want to keep using it, then keep using it. More power to you. I probably use things you think are garbage. Hell, Windows users think we both use garbage. I’m just tired of people desperate to justify their choices like they need to “prove” something to everyone who disagrees.

There are plenty of high quality takedowns of Ubuntu, but so rarely are there high quality defenses of it, generally because the criticisms are correct. Nobody ever talks about what makes Ubuntu good, not even Ubuntu users. Arch users will yap your ear off about ArchWiki and AUR. I’ll evangelize Nix to anybody who will listen as the future of advanced Linux management. OpenSUSE Tumbleweed fans will not shut up about rollbacks and bleeding edge software. Fedora users… well, Fedora users are usually busy out there actually doing productive things with their time instead of pointless internet squabbles.

But what is Ubuntu strong at? I genuinely have no idea. All I ever see Ubuntu users say is that it “sucks the least”, in some vague indescribable way. That it’s not as bad as everyone says, that Snaps are actually fine, etc. Always on the defensive. If Ubuntu is actually good, somebody needs to get out there and make a case for what it’s good at, besides being featured as the default instructions for running proprietary third-party software.

I don’t know why we’re still doing snap discourse in 2025. I’m going to be harsh and direct.

It has a proprietary server backend. This is objectively true. Theoretically you can build an open source backend, but nobody has completed a full implementation of it.

If you don’t care about that, you can use Ubuntu, nobody is stopping you. You don’t need other people’s approval. Which is good, because of the people who disapprove, you’re never going to get their approval until it’s actually open sourced. You’re not going to convince anybody here to stop caring that it’s proprietary. So just get over it and use your own operating system without airing your insecurities online about it.

Something you might want to look into is using mTLS, or client certificate authentication, on any external facing services that aren’t intended for anybody but yourself or close friends/family. Basically, it means nobody can even connect to your server without having a certificate that was pre-generated by you. On the server end, you just create the certificate, and on the client end, you install it to the device and select it when asked.

The viability of this depends on what applications you use, as support for it must be implemented by its developers. For anything only accessed via web browser, it’s perfect. All web browsers (except Firefox on mobile…) can handle mTLS certs. Lots of Android apps also support it. I use it for Nextcloud on Android (so Files, Tasks, Notes, Photos, RSS, and DAVx5 apps all work) and support works across the board there. It also works for Home Assistant and Gotify apps. It looks like Immich does indeed support it too. In my configuration, I only require it on external connections by having 443 on the router be forwarded to 444 on the server, so I can apply different settings easily without having to do any filtering.

As far as security and privacy goes, mTLS is virtually impenetrable so long as you protect the certificate and configure the proxy correctly, and similar in concept to using Wireguard. Nearly everything I publicly expose is protected via mTLS, with very rare exceptions like Navidrome due to lack of support in subsonic clients, and a couple other things that I actually want to be universally reachable.

“Let’s remove the social element of our social movement”

Great so what’s left at that point, the free value FOSS provides to corporations?

Whatever you get for your NAS, make sure it’s CMR and not SMR. SMR drives do not perform well in NAS arrays.

I just want to follow this up and stress how important it is. This isn’t “oh, it kinda sucks but you can tolerate it” territory. It’s actually unusable after a certain point. I inherited a Synology NAS at my current job which is used for backup storage, and my job was to figure out why it wasn’t working anymore. After investigation, I found out the guy before me populated it with cheapo SMR drives, and after a certain point they just become literally unusable due to the ripple effect of rewrites inherent to shingled drives. I tried to format the array of five 6TB drives and start fresh, and it told me it would take 30 days to run whatever “optimization” process it performs after a format. After leaving it running for several days, I realized it wasn’t joking. During this period, I was getting around 1MB/s throughput to the system.

Do not buy SMR drives for any parity RAID usage, ever. It is fundamentally incompatible with how parity RAID (RAID5/6, ZFS RAID-Z, etc) writes across multiple disks. SMR should only be used for write-once situations, and ideally only for cold storage.

I explained my reasoning and you made no attempt to engage with it and just asked a question I already answered in depth. I’m not sure what you want, but it’s clearly not an answer.

Hard disagree. Everything you learn on Arch is transferable because Arch is vanilla almost to a fault. The deep understandings of components I learned from Arch have helped me more times than I can count. It’s only non-transferable if you view each command as an arcane spell to be cast in that specific situation. I’ve fixed so many issues over the years using this knowledge, and it’s literally what landed me my current job and promotions.

Arch is why I know how encryption and TPM works at a deeper level, which helped me find and fix the issue a Windows Dell PC was having that kept tripping into Bitlocker recovery. Knowledge of Grub and kernel parameters that I learned from Arch’s install process is why I was able to effortlessly break into a vendor’s DNS server whose root password was lost by the previous sysadmin before me when everybody else was panicking. Hell, it even helps in installing other distros, because advanced disk partitioning is a hot mess on a lot of distro GUI installers, so intimate knowledge of what I actually need helps me work around their failings. Plus all the countless other times that knowledge has helped me solve little problems instantly, because I knew how it worked from implementing it manually. When my coworkers falter because the GUI fails them and they know nothing else, I simply fix it with a command.

If you use Arch and actually make the effort to learn, not just copy and paste commands from the wiki, you will objectively learn a lot about how Linux works. If you seek a career in Linux, there’s nothing I can recommend more than transitioning to using Arch (not Garuda, not Manjaro, Arch) full-time on your daily driver computer.

Anyways, after about a decade I’ve recently switched to NixOS. Now there’s a distro where the skills you learn can’t be transferred out, but the knowledge I gained from Arch absolutely transferred in and gave me a head start.

RETURN OF THE KING

Your response is “why are you doing X, you should do Y”

Because they’re right, you shouldn’t do X. I know that’s not a satisfying answer for most people to hear, but it’s often one people need to hear.

If the process must run as root, then giving a user direct and unauthenticated control over it is a security vulnerability. You’ve created a quick workaround for your issue, and to be clear it is unlikely to realistically cause you problems individually, but on a larger scale that becomes a massive issue. A better solution is required rather than recommend everybody create a hole in their security like yours in order to do this thing.

If this is something that unprivileged users reasonably want to control, then this control should be possible unprivileged, or at least with limited privilege, not by simply granting permanent total control of a root service.

This is ultimately an upstream issue more than anything else.

Refurbished drives get their SMART data reset during the process, they absolutely had more than that originally.

Recent NixOS convert, where has this work of art been all my life

There’s 102 people mentioned in that commit and two of them happen to meet in the comments of a meme thread on Lemmy of all places. I love the Internet.

Docker is open source, licensed under Apache-2.0. Not really sure what you’re talking about.

If you’re waiting for Jellyfin to run some kind of relay like Plex, you’ll be waiting a long time. That takes a lot of money to upkeep, and the demand for people who self-host FOSS and then want to depend on an external service is very minimal, certainly not enough to sustain such a service. I’d recommend just spending a weekend afternoon learning how to set up Nginx Proxy Manager and being done with it, the GUI makes it very easy.

I chose Bookstack for the same situation. It’s dead simple in usage and maintenance. No issues yet!

I will have an OG Xiaomi Mi Box and it’s absurd how over the years it went from a purely functional media device to a complete shit show covered ads. Genuinely disgusted me every time I turned the TV on. I couldn’t stand it anymore, I had to tear out the launcher with ADB and replace it with FLauncher.

I wish Kodi wasn’t such a pain in the ass to deal with, especially for YouTube. We really need a new FOSS media center application. Until then, at least FLauncher works for now as a simple app switcher for a handful of Android apps.

Recently started using Tempo with Navidrome. Haven’t had more than a few days of use yet, but everything has worked exactly as expected! Can’t ask for much more than that.

If I were to list every FOSS project that has lasted longer, I’d have to spend all day writing the post. winRAR is unique in that it’s one of the only pieces of long-lasting proprietary software that didn’t die or turn to crap. Such things are not unique or even rare in FOSS.

WinRAR will either die, or be sold and squeezed by its new owners. Nobody lives forever and no asset goes unflipped in this market. You can say you won’t update, but that just leaves you vulnerable.