Forgive my ignorance as I am very new to networking. Does it not look like it is the other way around? Your certificate manager tries to connect to Let’s Encrypt and fails? Even with DNS challenges, your certificate manager has to tell Let’s Encrypt to check your DNS records somehow.

What did you not like about Headscale? I started using it recently and it seems fine so far. Works identically to Tailscale.

Sorry, but posting an article and changing it’s title (which also turned click-baity) with no comments of your own is quite uninteresting.

I watched SomeOrdinaryGamers for a few years and it became quite uninteresting near the end of that period. I stopped completely when he told his audience not to buy Nintendo Switch 2 and went ahead and bought it shortly after. That guy is not honest or genuine.

Sure, but that’s much harder to do undetected. Don’t let perfect be the enemy of good. Secure Boot still prevents against particular types attacks.

I have been using T14s Gen 6 (AMD) for over a year now and it works perfectly

If you have to choose between one, then yes; full disk encryption is superior. But they should ideally be used in tandem.

Without secure boot, you are vulnerable to evil maid attacks. A bad actor can modify your bootloader (which has to remain unencrypted) in a way that allows them to steal your encryption keys. Secure Boot prevents running unsigned bootloaders, which negates this risk.

BLOB already includes “binary”. That’s what the first B is for.

Sorry, couldn’t stop myself.

DXVK was the last (IMO) major key in enabling proper Linux gaming.

Here’s a short interview with the creator of DXVK.

Prior to this Wine was able to run some simple Windows applications, but games (which heavily rely on GPU acceleration) lagged quite a bit behind since DirectX is a Windows exclusive graphics API. Instead, on Linux we have Vulkan which is similarly feature rich, but an open standard. DXVK translates DirectX API calls to Vulkan, which GPUs on Linux can understand, similar to how Wine translates Windows syscalls to the Linux alternatives. Even though Wine existed for a long time, DXVK’s development started quite a bit later.

Entire Linux gaming happened because one guy wanted to play Nier Automata on it. Don’t underestimate some one guys.

Nice. Unfortunately, it does not offer choosing Immich as an image viewer. I guess this is on Immich to fix, though.

Oh, didn’t know Forgejo was ever intended to have federation. That’s so cool!

I’d say go with LineageOS

Where meme

I don’t know much about it but I am all for open-source hardware.

I don’t see how systemd is in wrong here. Curious, what would you change about it?

When I need to create scratch files I usually operate in /tmp. Almost all directories there that I saw were using randomized paths (e.g. UUIDs). I guess this is to prevent problems mentioned in the article. So, I believe this would be a vulnerability of snap, not systemd.

I use Fedora where /tmp is created as tmpfs, which lives in RAM and is cleared when the system is shut down. I wonder what’s the benefit of Ubuntu’s approach.

Do they imply Wayland forces apps to have CSDs? It is only GNOME that does it.

I run it in a rootless Podman container using Quadlets. Instead of opening the server’s ssh port, I only port-forward the container’s ssh port (e.g. 22 -> 2222). I have sign-ups enabled, since I want people to be able to contribute (or just create issues). But I have configured the server so that nobody can create a repository. They can still fork my repos and send a pull request.

I have yet to experiment with Actions. I assume the safest option would be to only enable it for my own commits, but I am not sure.

It doesn’t need to know your age. It just provides a way to take a note of your birth date, only if you want to. The system already has a place to write your name and home address. All are optional and practically nobody uses them.