Fully agreed. On almost any atomic distro, /home/user is writeable like usual, so any attacker is able to persist itself by editing ~/.bashrc
and putting a binary somewhere.
Fully agreed. On almost any atomic distro, /home/user is writeable like usual, so any attacker is able to persist itself by editing ~/.bashrc
and putting a binary somewhere.
NixOS is immutable and atomic, but it isn’t image-based.
Immutable simply refers to how the running system configuration can’t be changed by simply putting a file somewhere (e.g. copy a binary to /bin
, which is a bad idea).
For example, Fedora Atomic and derivatives are image based, although they are more flexible than the A/B types like SteamOS.
OpenSUSE MicroOS uses btrfs snapshots to apply updates atomically, and is more flexible than most image based immutable distros.
Edit: But I don’t think those terms have a single definition, so how would you differentiate these terms?
MPV also supports pipewire.
For no particular reason, except for btrfs taking up less RAM. I don’t know their specs, but the lack of RAM was my reason for deciding against btrfs for my large non-mirrored HDD.
I personally really like btrfs for my large media HDD because it makes copying large files an instantaneous operation.
Also, it’s useful to have 6 hourly snapshots in case *arr upgrades something or anything else happens (btrbk).
It’s not necessary almost any time, but the times I needed it a CoW FS with snapshots came in handy.
Edit: Also, btrfs does check summing, so it’s possible to detect bit rot.
Because YouTube pays Louis Rossmann, compared to selfhosting video which costs tremendous amounts of money through bandwidth.
Yes, ~/.local/share/flatpak
includes all user installed flatpaks, while /var/lib/flatpak
includes all system wide installed flatpaks. Both include repository information and required runtimes (i.e. dependencies).
This does not include user data, which is stored in ~/.var/app
.
Make sure to test your backup just in case on another system/VM.
Thanks to image-based distros like Fedora Atomic, I skipped the asking to update step. They download and apply updates in the background, and then the new image gets selected on next boot.
Given Fedora doesn’t do major changes in point releases, nothing breaks (until I do a manual upgrade to a new (half-)yearly major release).
Not having a terminal does not make sense (unless in a business context). For some people (my mum) it’s as if it doesn’t exist anyway, so why remove it.
I remember taking my first selfhosting/Linux steps a year or so after the launch of Let’s Encrypt with a Pi 3. At the time, most tutorials didn’t set up https at all, and if they did, they were self signed certificates (resulting in browser warnings).
Self-signed certificates are annoying and creating them was a series of copy pasting long, weird commands, usually using long exspiration dates (manual renewing sucks).
Not long after, guides started recommending certbot. Nowadays reverse proxys like caddy set up TLS automatically.
At least that’s how I remember it, given my complete lack of knowledge about Linux at the time.
Yes, the restriction to a single VPN client is annoying.
Blocking ad/telemetry domains can be done by adding Adguards DNS servers in the OS settings. Sadly blocking apps Internet permissions completely is not possible (except on OS like LineageOS, CalyxOS or GrapheneOS).
Symphonium is a great Android music player which connects to a Subsonic or Jellyfin server (or any other protocol like SMB).
Navidrome is a music server which implements the Subsonic protocol. This means apps like Symphonium can connect to it.
Any old PC is enough, even a Raspberry Pi is fast enough for a music server.
Anything more like SSL (https) and a domain is optional for getting it working, and only a benefit if used outside of your home network. Using Tailscale makes a domain/SSL unnecessary and also no longer needs messing around with networking (e.g. no opening ports on the router).
Yes. 1TB SSDs can be bought new for 50€, 500GB for even less. For some people this is expensive depending in the region (e.g. I also know someone who uses an HDD). But given the price of other pc parts it isn’t something to cheap out on (a 1TB/2TB HDD is also 50€).
The survey was originally sent out on reddit /r/selfhosted, so I expect most respondents are from there.
Global hotkeys have been addressed on KDE, but no applications actually support it — one of the reasons being that no other desktops support it. Typical chicken-egg problem.
No, I haven’t connected a Pi to a 4k TV.
FreeTube does not have controller support, and for AndroidTV I’d recommend SmartTube.
Kodi/LibreELEC is able to do all of it, but IMO it’s not a good experience for browsing YouTube and I don’t know how well the third party Steam Link integrations work.
This is why I’d also recommend LineageOS Android TV, which supports Pi’s thanks to konstakang. But I’m not sure why it’d work better than a FireTV stick, since both run AndroidTV.
Edit: I’ve had an issue where the Pi 5 wouldn’t boot AndroidTV, until I tried to turn it on again after a few weeks. So I’d recommend sticking with the FireTV + SmartTube + Jellyfin + Steam Link (unless you’ve got a Pi 5 lying around anyway).
Edit 2: The Pi 5 + Android TV had issues with HDMI-CEC of the TV, so I had to buy a remote with a USB adapter. This sends the wrong signals (e.g. keyboard enter, not what Android TV expects), which is fixable with some app remapper. Maybe it’ll work better for you, but the FireTV is likely the easier solution.
Yes.
If VPN’s actually won’t be able to protect its users from copyright claims anymore, there’ll still be anonymisation networks like I2P (at least so long as encryption isn’t banned).
Yes, it’s slow atm, but if it was included in more torrent clients and enabled by default, speeds would likely get better.
Because they use the official apps/web-vault, they don’t need to implement most of the vault/encryption features, so at least the actual data should be fine.
Security audits are expensive, so I don’t expect it to happen, unless some sponsor pays for it.
They have processes for CVEs and it seems like there wasn’t any major security issues (altough I wouldn’t host a public instance for unknown users).
Good point. I’ll have to stop using immutable and stay with atomic (and declarative).
Interestingly
/bin
and/usr/bin
are not in PATH by default, so/bin/chewy
can only be executed by its path directly and won’t affect the systems reliability.