USB enclosures tend to be less reliable compared to SATA in general but I think that is just FUD. It’s not like that’s particularly bad for software RAID compared to running with the enclosure without any RAID.

The main argument for not doing that is I believe mechanical: Having more moving parts mean things might, well, move, unseating cables and leading to janky connections and possibly resulting failure.

You will kill your USB controller, and/or the IO boards in the enclosures

wat.jpeg

Source: 10+ years of ZFS and mdadm RAID on USB-SATA adapters of varying dodginess in harsh environments. Of course errors happen (99% it’s either a jiggly cable, buggy firmware/driver, or your normal drive failure) but nothing close to what you speak of.

Your hardware is not going to become damaged from doing software RAID over USB.

That aside, the whole project of buying new 4TB HDDs for a laptop today just seems misguided. I know times are tight but JFC why not get either SSDs or bigger drives instead, or if nothing else at least a proper enclosure.

If you consider ZFS and don’t mind having the machine offline for a day or two you could fill it up with real (backups!) or a bunch of representative fake data and run some tests/benchmarks before you fully commit. It depends a lot on how the data is structured and what you’re running on it and it’s possible it will run fine.

On nginx, most of the upstream work on new features is in Nginx Plus, not benefitting free nginx. Several nginx devs have been disagreeing with the way this has been done and the way the project is being managed and left to work on forks. Maybe people who agree with the OP sentiment should look into freenginx and angie.

https://www.phoronix.com/news/Nginx-Forked-To-Freenginx

https://mailman.nginx.org/pipermail/nginx-devel/2024-February/K5IC6VYO2PB7N4HRP2FUQIBIBCGP4WAU.html

https://en.angie.software/angie/docs/

http://freenginx.org/

Some things that happen when I go to duckduckgo.com that also go against that:

• Harvesting the third-party cookies it can (example: github.com)
• Attempting to enumerate browser extensions
• Attempting to enumerate crypto wallet addresses from extension wallets like MetaMask

It’s extremely nosy. They used to do canvas fingerprinting until browsers started prompting about it.

IDK about the claim of directly selling searches to IG and likely it’s a bit more convoluted than that (or OP has malware) but it’s a more believable idea than that of DDG actually being respectful of user privacy. There is absolutely no legitimate reason for DDG to gather this data for the purpose of providing their search service, yet they do.

Yo momma still ugly today, FishFace.

The OP is about hosting forwarding or recursive DNS for lookups, not authoritatative DNS hosting (which would be yet at least one separate server).

I count two servers (one clusterable for HA). How is that a lot for a small LAN?

More would also be normal for serving one domain internally and publicly. Each of these can be separate:

• Internal authoriative for internal domain
• Internal resolvers for internal machines
• Internal source-of-truth for serving your zone publicly (may or may not be an actual DNS server)
• Public-facing authoritative for your zone serving the above
• Secondary for the above
• Recursing resolver of external domains for internal use

Some people then add another forwarding resolver like dnsmasq on each server.

It seems the DHCP is handing out the fire wall’s ip for DNS server, 100.100.100.1 is that the expected behavior since DNSmasq should be forwarding to TDNS 100.100.100.333. Why not just hand out the TDNS address?

You could and that should work but then it’s not called forwarding anymore. It does forwarding because that’s what you configured. Both approaches are valid.

I have an opnsense firewall with DNSmasq performing DHCP and DNS forwarding to the Technitium server

Your initial instinct was right, you do want to auto-apply security fixes.

unattended-upgrades does allow you to configure this somewhat.

You could try this https://feddit.online/post/1359926#comment_6688858

Doesn’t sound like this is screen blanking as it happens during use but to rule it out you could temporarily disable that with xset -dpms and xset s off on X11. https://wiki.archlinux.org/title/Display_Power_Management_Signaling#Xorg

Oh, I see now that by “crashes”, you mean your whole system freezes?

Normally you might not have kernel logs left after that. In preparation if you think it might happen and want to gather the kernel log, you can put up a shell in the background and let this run: sudo dmesg -Tw | sudo tee -a /var/log/mykernel.log

Digested HN comments:

I really do feel like XFCE on x11 is the logical choice, it “just works” and every app runs well

Also try LXDE and LXQT if you would like a ‘lighter KDE’ vibe instead of the ‘lighter gnome 2’ vibe of XFCE.

I’m a longtime fan of XFCE. I try all sorts of DEs from time to time on spare computers, but I reliably come back to XFCE, which is really just a fairly low-resource, stable embodiment of the classic GNOME feel.

I’m genuinely wondering why everybody hates modern GNOME.

Wayland just seems really unstable to me

Xfce is the definition of comfy computing.

I suspect this machine might be memory constrained and if so zfs might push it to its limits if it’s already close.

If it has <8G and doesn’t already have decent headroom I’d think twice about ZFS depending on how its going to be used

I worry I could be risking data corruption or something swapping to this setup

I really hope this is just a turn of speech and you’re not actually planning to put swap on those HDDs

If you launch a process from CLI, you can redirect its standard output (stdout) and standard error (stderr) to files. Errors messages might be there.

foo >> /tmp/gamelog.out 2>> /tmp/gamelog.err  

Maybe the application is already saving logs or crashdumps to disk. If the game has just crashed, you can search for files modified during the last minute: find $HOME /var/log -mmin -1

That might turn up some clues on where to look.

If you have to dig deeper, look into strace (premium subscribers only).

Bah.

Mint’s fine and Kate runs all right on it and Cinnamon. All it takes is configuring your normal Qt theming to be pretty.

With your edit that yields a succinct proof that things are nuanced 😉

Nope but I guess a workaround would be to make a oneshot workaround-nvidia-gpu.service systemd unit file that runs the command and have the lxc autostart depend on it?

Might be something about PCI resets that running the command triggers 🤷‍♀️

Right, there’s the immutable root aspect. Guessing the other answer you got fills in the missing piece there and that Silverblue perhaps mounts the system flatpaks on a different r/w filesystem than the read-only /. Check output of mount to see.

At the end of the day it’s up to you if you prefer to keep the system clean and run flatpak unprivileged, or centralize updates under root.

The one catch I can think of with flatpak --user is that it obviously won’t work if /home is mounted with noexec, which is otherwise a good security measure (and IMO not doing that defeats a lot of the security wins of immutable distros). Unless you apply the same mounting strategy to the flatpak xdg user dirs, which is certainly an option but not something everyone will bother with. But then again maybe that’s exactly what you want anyway to make your Flatpak installations smoothly portable across distros.

Without looking into it at all, there are plenty of possible valid reasons why someone would choose to pick a fresh pseudonym for a project like this. I think it’s important that we don’t lose that, socially.

Give it time and let them prove themselves if this is relevant to you.

You are not helping!

(But also not wrong)