The end result is exactly the same.

The difference is that you can install an iso on a computer without an internet connection. The normal iso contains copies of most or all relevant packages. Although maybe not all of the latest and most up to date ones, the bulk are enough to get you started. The net install, like the name suggests, requires an internet connection to download packages for anything except the most minimal, bare-bones configuration. The connection would hopefully be nearly as fast if not faster than the iso and be guaranteed to have the latest updates available which the iso may not. While such a fast connection is usually taken for granted nowadays, it is not always available in some situations and locations, it is not always convenient, and some hardware may have difficulty with the network stack that may be difficult to resolve before a full system is installed or may require specialized tools to configure or diagnose that are only available as packages.

In almost all cases, the netinst works great and is a more efficient and sensible way to install. However, if it doesn’t work well in your particular situation, the iso will be more reliable, with some downsides and redundancy that wastes disk space and time.

Things like windows updates and some large and complex software programs and systems often come with similar “web” and “offline” installers that make the same distinctions for the same reasons. The tradeoff is the same, as both options have valid use cases.

To be fair, in the case of something like a Linux ISO, you are only a tiny fraction of the target or you may not even need to be the target at all to become collateral damage. You only need to be worth $1 to the attacker if there’s 99,999 other people downloading it too, or if there’s one other guy who is worth $99,999 and you don’t need to be worth anything if the guy/organization they’re targeting is worth $10 million. Obviously there are other challenges that would be involved in attacking the torrent swarm like the fact that you’re not likely to have a sole seeder with corrupted checksums, and a naive implementation will almost certainly end up with a corrupted file instead of a working attack, but to someone with the resources and motivation to plan something like this it could get dangerous pretty quickly.

Supply chain attacks are increasingly becoming a serious risk, and we do need to start looking at upgrading security on things like the checksums we’re using to harden them against attackers, who are realizing that this can be a very effective and relatively cheap way to widely distribute malware.

You can also automate this with autossh which is designed for exactly this kind of persistent tunnel. Although a simple “while” loop might seem like the intuitive way to keep it running, autossh is very reliable and takes care of all the corner cases for you.

It is mostly a myth (and scare tactic invented by copyright trolls and encouraged by overzealous virus scanners) that pirated games are always riddled with viruses. They certainly can be, if you download them from untrustworthy sources, but if you’re familiar with the actual piracy scene, you have to understand that trust is and always will be a huge part of it, ways to build trust are built into the community, that’s why trust and reputation are valued higher than even the software itself. Those names embedded into the torrent names, the people and the release groups they come from, the sources where they’re distributed, have meaning to the community, and this is why. Nobody’s going to blow 20 years of reputation to try to sneak a virus into their keygen. All the virus scans that say “Virus detected! ALARM! ALARM!” on every keygen you download? If you look at the actual detection information about what it actually detected, and you dig deep enough through their obfuscated scary-severity-risks-wall-of-text, you’ll find that in almost all cases, it’s actually just a generic, non-specific detection of “tools associated with piracy or hacking” or something along those lines. They all have their own ways of spinning it, but in every case it’s literally detecting the fact that it’s a keygen, and saying “that’s scary! you won’t want pirated illegal software on your computer right?! Don’t worry, I, your noble antivirus program will helpfully delete it for you!”

It’s not as scary as you think, they just want you to think it is, because it helps drive people back to paying for their software. It’s classic FUD tactics and they’re all part of it. Antivirus companies are part of the same racket, they want you paying for their software too.

That’s what LCARS means, it’s the name of the computer console in Star Trek. In the show, it stands for “Library Computer Access and Retrieval System” although it’s often used for stuff other than the library computer too.

Almost like the context matters and the world isn’t entirely made up of black and white binary choices because we’re not robots or computers and discrete logic does not apply to human moral arguments.

It is. The web was eventually corporatized and the corporations sucked all the air out of the room suffocating anything too small to compete. The fediverse is, if not taking it back, at least opening a space for those who don’t want to consume from a fully corporatized web. These include many of the people who used to make “websites” instead of “apps” or “platforms”. When people complain that it doesn’t have as much content as say, Reddit, I look at that as a benefit, it’s helping solve the (massive) discovery problem by self-curating thoughtful people who can curate content intelligently and provide real opinions and meaningful thoughts. The signal to noise ratio is much higher, and it’s refreshing.

Magsafe is a really great idea, it’s just a shame Apple came up with it first and I can’t wait for it to be the universal standard for all types of external connectors forevermore. It’s as close as we can get to wireless without being wireless.

Never had a single functional problem with Nextcloud, other than the fact that it’s oppressively slow with the amount of files I’ve shoved into it. Mind you I also don’t use MySQL/MariaDB which I consider a garbage-tier DB. Despite Postgres not being the “Recommended DB” for Nextcloud it works perfectly for me. Maybe that’s the difference.

Nah, I wanted to love NixOS, and granted it seems like a perfect fit for my recommendation, but a bunch of things about it rub me the wrong way. It’s just not for me. I’ve always been most comfortable with Debian and that’s what my setup script is designed for. Lots of apt.

I would need to factory reset the whole server for that, which would be … highly inconvenient for me. It took me quite a long time to get everything working, and I don’t wanna loose my configuration.

This is your actual problem you need to solve. Reinstalling your server should be as convenient as installing a basic OS and running a configuration script. It needs to be reproducible and documented, not some mystery black box of subtle configurations you’ve forgotten about ages ago. A nice, idempotent configuration script is both convenient and a self-documenting system for tracking all the changes you’ve ever implemented on your server.

Once you can do that, adding whatever encryption you want is just a matter of finding the right sequence of commands, testing it (in another docker perhaps) and then running your configuration script to migrate your server into the desired state.

$400 is pretty steep. That is probably more than a lot of the computers this would be plugged into.

I can’t live without my Nextcloud + Email server. Having all my personal files, contacts, email, calendar, and other personal information immediately accessible synced and backed up with a single app on any device or platform I want to use, is a dream come true, and I get to do it without any Big Tech, avoiding their lock-in and privacy invasion and without any fees or limits beyond my own hardware.

OpenVPN is how I can access it from anywhere in the world, so that gets an honorable mention too.

That’s kind of like seeing a story where a car crashed into someone’s living room and saying “I don’t see the benefit of having houses” even though:

• This is very rare
• Not all sites have equal risk of this happening
• The alternatives you would likely propose have even bigger risks.

A Dockerfile is basically just a script that starts a container image (ranging from standard Linux OS installs like ubuntu or debian or alpine to the very specialized pre-made containers with every piece of software you want already installed and configured and everything unnecessary stripped away) and then does various stuff to it (copies files/dirs from local, runs commands, configures networking). It’s all very straightforward, and if you know how to write a bash script or even just a basic batch file that’s pretty much all its doing, and the end result is a container, which is basically a miniature Linux virtual machine (that is supposed to be “single purpose” but there’s no technical limitation forcing it to be)

The simplest way to create a container is to use a standard OS container as I mentioned and install the software you want exactly as you normally would in that OS, using the OS package manager if you want, following tutorials for that OS or installing manually using the instructions from the software itself. Either way should work fine. Again, it’s basically not much different from having a virtual machine running that OS. You can even start up a root bash prompt and install it that way if you prefer, or even connect over ssh by running an sshd server on it (although that’s totally uneccessary and requires extra work).

For basic Dockerfile syntax, look at other people’s Dockerfiles and realize you probably don’t need 90% of the more complex ones. There are millions of them out there, you should be able to find some simple straightforward ones and just mimic those. Will you run into “gotchas”? Sure you will, Docker is full of them, and when you do your Dockerfile will get a little more complex as you find a way to deal with the problem Docker has created for you. Here’s a pretty simple tutorial example of a Dockerfile that just installs a bunch of packages from Debian and doesn’t even run any specific services, or alternatively here’s a Dockerfile that does nothing but run and configure an ssh server like I mentioned above (again that’s totally unnecessary normally but the point is you can certainly do it if you want to!)

Counter rant: This is why we built encryption and VPNs many years ago. This is a solved problem, but rather than solving it you’d rather just complain ineffectually about it. The solution, the product of years of work of technical people and privacy people, is sitting right there staring you in the face available for you to use as a free service, a paid service, or your own self-hosted service. Use a VPN, that’s what it’s for.

“GL iNet” has a dizzying array of products and some are designed for this (you can find them for sale on the usual scumbags). Surprisingly, for a niche brand you’ve likely never heard of the firmware is surprisingly robust and has a small but loyal community. Expensive, and you might not want to carry an extra piece of hardware to provide a bulletproof VPN connection, but worth it for the security IMO.

Godot is looking much better to me today than it did yesterday.

I read the title as “NVR hardware for a frigate” and was like WTF kind of self-hosting are you doing with military hardware on a warship.

Now I kind of want a warship.

If anyone’s having problems loading the images due to Google rate limiting, Internet Archive has mirrored the article here