Look - I can’t prevent my mom from being on facebook and playing candy crush. Nothing I say or do will make that happen. I can improve the situation by:

• Introducing alternatives and hope they spread (Chat with your mom on Signal)
• Reducing data harvesting during ”passive” behaviour (e.g. reduced permissions for apps. Graphene is probably the best here, but good luck getting your mom on that)
• Reducing data harvesting by the phone vendor (Samsung, Google, Apple). This is primarily done by buying an iPhone, simply due to incentives. (Again, good luck getting your mom on Graphene).

If I go too hard on my mom, she’ll just buy herself a cheap chinese android without telling me. Is that better?

Let’s stop perfect getting in the way of better.

For the threat models and data harvesting the general consumer (i.e. our moms) will face, MacOS does a far better job than Windows and iOS far better than Android (and no, your mom isn’t actually using a pixel with Graphene. Maybe she could, but she isn’t. Not really.)

If Apple can’t satisfy your threat model and privacy posturing, fine. But don’t assume everyone’s requirements are the same as yours, that’s how we scare people away.

Don’t pay for it. But use it. A lot.

GPUs are very expensive, so if you have them generating (for free) short stories of happy little kittens riding the subway in Manhattan or whatever, you are costing them a lot of money. Just don’t give them any data.

”Eventually”

As if Teams was ever a usable product.

Space ain’t happening.

I can see the point of underwater datacenters though, for some very specific use cases. Compute heavy workloads with high energy densities could possibly make sense to ”free cool” below water. DLC everything and pump the heat straight into the ocean.

They most likely run smaller pools and have their redundancy and replication provided by the application layers on top, replicating everything globally. The larger you go in scale, the further up in the stack you can move your redundancy and the less you need to care about resilience at the lower levels of abstraction.

ZFS is fairly slow on SSDs and BTRFS will probably beat it in a drag race. But ZFS won’t loose your data. Basically, if you want between a handful TB and a few PB stored with high reliability on a single system, along with ”modest” performance requirements, ZFS is king.

As for the defaults - BTRFS isn’t licence encumbered like ZFS, so BTRFS can be more easily integrated. Additionally, ZFS performs best when it can use a fairly large hunk of RAM for caching - not ideal for most people. One GB RAM per TB usable disk is the usual recommendation here, but less usually works fine. It also doesn’t use the ”normal” page cache, so the cache doesn’t behave in a manner people are used to.

ZFS is a filesystem for when you actually care about your data, not something you use as a boot drive, so something else makes sense as a default. Most ZFS deployments I’ve seen just boot from any old ext4 drive. As I said, BTRFS plays in the same league as Ext4 and XFS - boot drives and small deployments. ZFS meanwhile will happily swallow a few enclosures of SAS-drives into a single filesystem and never loose a bit.

tl;dr If you want reasonable data resilience and want raid 1 - BTRFS should work fine. You get some checksumming and modern things. As soon as you go above two drives and want to run raid5/6 you really want to use ZFS.

Look, there is a reason everyone who actually knows this stuff use ZFS. A good reason. ZFS is really fucking good and BTRFS has absolutely nothing on it. It’s a toy in comparison. ZFS is the gold standard in this class.

You have four sane options:

• mdraid raid5 with BTRFS on top. Raid5 on BTRFS still isn’t stable as far as I know, not even in 2026.
• Mirror or triple mirror with mdraid. Have the third drive in the pool as more redundancy or outside the pool as separate unraided filesystem.
• Same as above, but BTRFS. Raid1 is stable.
• ZFS RaidZ1 (=raid5)

(Not sure about bit rot recovery when running BTRFS on mdraid. All variants should at least have bit rot detection.)

To reiterate, every storage professional I know has a ZFS-pool at home (and probably everywhere else they can have it, including production pools). They group BTRFS with Ext3, if they even know about it. When I built my home server, the distro and hardware was selected around running ZFS. Distros without good support for ZFS were disregarded right away.

I started experimenting with the spice the past week. Went ahead and tried to vibe code a small toy project in C++. It’s weird. I’ve got some experience teaching programming, this is exactly like teaching beginners - except that the syntax is almost flawless and it writes fast. The reasoning and design capabilities on the other hand - ”like a child” is actually an apt description.

I don’t really know what to think yet. The ability to automate refactoring across a project in a more ”free” way than an IDE is kinda nice. While I enjoy programming, data structures and algorithms, I kinda get bored at the ”write code”-part, so really spicy autocomplete is getting me far more progress than usual for my hobby projects so far.

On the other hand, holy spaghetti monster, the code you get if you let it run free. All the people prompting based on what feature they want the thing to add will create absolutely horrible piles of garbage. On the other hand, if I prompt with a decent specification of the code I want, I get code somewhat close to what I want, and given an iteration or two I’m usually fairly happy. I think I can get used to the spicy autocomplete.

I can only offer you garbage specs along with really shitty build quality for 1kEUR. It’s certified as ”not a direct fire hazard”. Take it or leave it. (/s)

I have high hopes for framework, but last time I was in the market they still had some things to resolve.

The M-series hardware is locked down and absofuckinglutely proprietary and locked down and most likely horrible to repair.

But holy shit, every other laptop I’ve ever used looks and feels like a cheap toy in comparison. Buggy firmware that can barely sleep, with shitty drivers from the cheapest components they could find. Battery life in low single digits. The old ThinkPads are kinda up there in perceived ”build quality”, but I haven’t seen any other laptop that’s even close to a modern macbook. Please HP, Dell, Lenovo, Framework or whoever , just give me a functional high quality laptop. I’ll pay.

Moving people from closed commercial offerings onto something self hosted is enough work without gatekeeping US open source projects, even if they are flawed. If we want to move normal people away from the commercial offerings onto something better, we can’t do things like that. Better save such warnings for when they are actually needed (”Project X has been dead for five years and is full of security holes, you should migrate to project Y instead”). Keep the experience positive regardless.

You do you, but different people have differing requirements and preferences. Don’t scare them away please.

Because dockers record with regards to security is questionable, and some people like to get automatic updates from their distro. For me personally, I think the design of Docker is absolute garbage. Containers are fine, but Docker is not the correct mechanism for it. (It’s also nothing new, see BSD jails and Solaris zones.)

Immich on Nixos works perfectly, and I also get automatic updates.

The relative size of the double handling is the potential problem. I think Nvidia is just trying to extend the gold rush for a bit longer.

Agreed, it’s not perfect, especially not with regards to drivers from some of them. But:

https://insights.linuxfoundation.org/project/korg/contributors?timeRange=past365days&start=2024-12-31&end=2025-12-31

I expect that the ability of B2C-products to keep their code somewhat closed keeps them from moving to other platforms, while simultaneously pumping money upstream to their suppliers, expecting them to contribute to development. The linked list is dominated by hardware vendors, cloud vendors and B2B-vendors.

Linux didn’t win on technical merit, it won on licensing flexibility. Devs and maintainers are very happy with GPL2. Does it suck if you own a Tivo? Yes. Don’t buy one. On the consumer side, we can do some voting with our wallets, and some B2C vendors are starting to notice.

Do this:

• Calculate the total power cost of running it at 100% load since 2014
• Calculate Flops/Watt and compare with modern hardware
• Calculate MTTF when running at 100% load. Remember that commercial support agreements are 4-5 years for a GPU, and if it dies after that, it stays dead.
• In AI, consider the full failure domain (1 broken GPU = 7+ GPUs out of commission) for the above calculation.

You’ll probably end up with 4-6 years as the usable lifetime of your billion dollar investment. This entire industry is insane. (GTX 1080 here. Was considering an upgrade until the RAM prices hit.)

Nvidia sells plenty of GPUs for actual money, they are good for it.

No, the real issue is the depreciation for the people owning GPUs. Your GPU will be usable for 4-6 years, and 2-4 of those years will be spent as ”the cheap old GPU. After that time, you need new GPUs. (And as the models are larger by then, you need moahr GPU)

How the actual fuck do these people expect to get any ROI on that scale with those timeframes? With training, maybe the trained model can be an asset (lol), but for inference there are basically no residual benefits.

I agree with your morals and your end goal.

How do you want to fund the development of Open Source? Because currently most of it is funded by corporations, in turn funded by ”corporatist simping”. The expectations of the average user simply can’t be fulfilled by hobbyist developers, and then we need funding. How do we get the Windows user ”John Smith” to personally fork over money to the correct developers?

Proton/Wine/KDE would not be in their current state unless they got that sweet proprietary Valve money. In our current world we need to use corporate money to further open source, not fight it. Follow the stream and steer the flow. Given time, we can diversify funding and control.

Yes. Kinda.

How do you think Linux devs get paid? The devices are locked down, sure, but there are strong incentives to upstream code and fund further development upstream. Linux ”won” because of this. You can’t build and develop Linux for such a wide audience and hardware flora with a bunch of hobbyists.

As Linus himself said plenty of times - GPL2 was the correct choice. Roku, Tizen, Chromebooks and Amazon garbage are absolutely within what the developers intended, and the devs are doing the work after all.

From a consumer standpoint, I absolutely agree with you, open everything is wonderful. However - commercial interests currently fund most OSS development. Without those funds, development stops and developers must take other paying jobs (probably closed source). Would be nice to change this, but then we need to completely pivot our funding model. You need to pay devs, either directly or indirectly (taxes, foundations, etc).

So far, the open source community hasn’t been very good at figuring out funding models for consumer products. It usually ends with the development team needing to put food on the table, so they add a subscription and close down parts of the project. About two seconds later, the project has ten forks and the original author can’t buy groceries.

”Buy me a beer” simply isn’t s viable mechanism to fund open source. How should we do it?

Personal preference: Slowly move the public sector towards open source, and require them to provide financial aid to products they use. Not perfect, but something that could happen gradually, without shocking the system.

tl;dr: yes, but also no.

Look, I’m not saying BitLocker isn’t flawed. I’n m saying the alternatives on Linux are shit. All the primitives are there, and you can do it on Linux, with lots of work, testing and QC of all software updates on all your hardware (or else you’ll do manual entry of disaster recovery keys for the next decade). But on Windows it’s a checkbox to encrypt the entire fleet, along with management of recovery keys.

Also, on audits: for people doing checkbox security (i.e. most regulated industries), this is very easy to audit. You just smack in ”Bitlocker” and you are done. For some, the threat isn’t really information loss, it’s loss of compliance (and therefore revenue). Stupid, but here we are. If you mean actual security, then you are probably correct.

A smart cart only authenticates and identifies the user - it can’t do attestation of the boot chain. If we use a smart card for disk encryption, a malicious or compromised user can just pop out the SSD, mount and decrypt (using the smart card) on a separate machine and extract/modify data without a trace. If you use SB, the TPM and disk encryption as intended, you can trust both the user (via smart card) and the machine (probably via a Kerberos machine key). Basically, this method prevents the user from accessing or modifying data on their own machine.

Again, on Windows this is basic shit any Windows sysadmin can roll out easily following a youtube tutorial or something. Providing those same security controls on Linux will yield a world of pain.

We really need to make this easy on Linux. systemd-boot and UKIs are trying, but are not even close to enough.

You need to have secure boot in order to have the disk decrypt without user input, otherwise the chain is untrusted. You can (and probably should) load your own keys into the firmware and sign everything yourself. MS has nothing to do with it, except that BitLocker is much better than anything any Linux distro has to offer today.

You need to have the disk decrypt without user input, and you can’t have the secret with the user. (As the user is untrusted - could be someone stealing the laptop.) The normal Linux user mantra of ”I own the machine” does not apply here. In this threat model, the corporation owns the machine, and in particular any information on it.

As for sudo, this is why we have polkit. (Yes, technically root, but you get my point)

And as for number 7 - this is why most Windows fleets use ”Software Center” or similar. No reason you can’t do the same on Linux, just that no one has done it yet. (I mean, you can, with pull requests into a puppet repo, but that’s not very user friendly)

Hate RHEL all you want, but first take a look at what distros have any kind of commercial support at all from software vendors. This is the complete list: RHEL, sometimes Rocky, sometimes Ubuntu. Go ask your vendor about Fedora Silverblue and see what happens. The primary reason to run Linux like this is usually to use a specific (and probably very expensive) software that works best on Linux, so distro choice is usually very limited to what that software vendor supports. (And when they say Linux, they are really saying ”the oldest still supported RHEL.)

Basically, corporate requirements go completely against the requirements of enthusiasts and power users. You don’t need Secure Boot to protect your machine from thieves, but a corporation needs Secure Boot to protect the machine from you.