Fail2ban config can get fairly involved in my experience. I’m probably not doing it the right way, as I wrote a bunch of web server ban rules — anyone trying to access wpadmin gets banned, for instance (I don’t use WordPress, and if I did, it wouldn’t be accessible from my public facing reverse proxy).

I just skimmed my nginx logs and looked for anything funky and put that in a ban rule, basically.

Windows is just as hard as linux, harder even with all the layers of obscurity.

With Windows, there is 1 current version of Windows (11), 1 “almost current” (10), 1 “outdated but you’ll maybe see it” (8.x) and only a few “you’ll probably only see this in obscure situations” versions. Linux has as many “parent” distros/package management systems (apt, rpm, pacman, etc.). This definitely complicates things, as each distro family does things slightly differently.

And we haven’t even touched the window manager/DE choices, of which there are a ton (as opposed to Windows). “Combinatorical explosion” maybe isn’t the right phrase, but you get the idea — Debian with i3wm is wildly different from Fedora Plasma.

This is all a good thing though, as Linux users tend to like the choice and flexibility — but it does mean that the “right way” to do something on Linux is very dependent on your particular setup, which isn’t the case with Windows.

(I have used Linux for the last 20+ years, and it’s definitely my preferred setup, and am lucky enough that I rarely use Windows for work, and never for personal use.)

And many folks have headless setups — raspberry pis, home servers, VPSs, etc. It’s kinda overkill to install a desktop environment on a headless box if the only reason you need it is so you can VNC into it for a simple task that could be done over ssh.

For some (most?) of us, we don’t have ssh access open to the world, so everything is over a VPN. So I can just use NFS over WireGuard which afaik is fairly secure, if you trust your endpoints, and works great over the Internet.

On linux you can"t install or uninstall anything if you are not root

That’s not true at all. You generally can’t use your distribution’s package manager to install or uninstall without elevated privileges. But you can download packages, or executables with their own installer, and unpack/install under your home directory. Or, you can compile from source, and if you ./configure’d it properly make install will put it under your home.

Standard Linux distributions don’t place restrictions on what you can and cannot execute; if it needs permissions for device access of course you’ll need to sort that out.

I switched from raspberry pi and orange pi to a cheap Intel NUC, and I think it’s just a much nicer experience.

The pi is great fun, but the HW transcoding on a NUC “just works,” and the SSD and 16GB RAM opens a lot of doors. My N100 NUC was less than $150, and it included everything (case, power supply, 500GB SSD).

My pi found new life as an off-site backup: attach a big HDD, set up WireGuard, and have a cronjob do daily rsync and snapshots. I have it set up at in-laws, and it works great.

I would bet that if you remux BBB to an mkv and play that through JF, it won’t transcode — I think it will just remux it back to mp4. Just a guess…

Interesting — I wonder if it only displays the first reason for having to mess with the stream, e.g., if it’s really that it’s an unsupported container, video, and audio codec.

Possible to try playing an h264 mkv (maybe Big Buck Bunny)? Since your screenshot is h265 I wonder if it indeed needs to transcode because that’s unsupported (in addition to mkv).

unless everyone is using hardware acceleration

I think that’s what (almost) everyone does. My little N100 works just fine with QSV.

Is it definitely transcoding? JF can remix without transcoding iirc.

I think there’s a bias in the US against this sort of thing that doesn’t exist (or not to the same extent) in Europe due to the age of the cities/buildings.

In the US, a building from the 1700s is a historic artifact to be cherished, while in parts of Europe a building from the 1500s is just the local pub.

So, the US is often hesitant to modify these old buildings, but Europe seems to have more of a perspective of “it’s a building, not a museum, let’s give it new life by modifying it.”

This is just from the perspective of me, from the US — and I think these old/new buildings are really neat!

IIRC that was the release that cleaned up the make output substantially.

Duh, just read it back from /dev/random

You will recover the data, you just need to wait long enough.

That’s how I started using Linux — big book with CD, I think it was “RedHat Linux Secrets 5.4” or something. 2.0 or 2.2 kernel.

Honestly, it was fantastic. And almost all of it is still relevant today. (Some of the stuff on xfree86 and the chap/pap stuff not so much.)

But it gave a really solid (IMHO) intro to a Linux/*NIX system, a solid overview of coreutils, etc. And while LILO has been long replaced, and afaik /sys didn’t exist at the time, it formed a good foundation.

I’ll refrain from commenting on any init system changes that have taken place since then.

It’s mostly so that I can have SSL handled by nginx (and not per-service), and also for ease of hosting multiple services accessible via subdomains. So every service is its own subdomain.

Additionally, my internal network (as in, my physical LAN) does not have any port forwarding enabled — everything is over WireGuard to my VPS.

My method:

VPS with reverse proxy to my public facing services. This holds SSL certs, and communicates with home network through WireGuard link configured on my router.

Local computer with reverse proxy for all services. This also has SSL certs, and handles the same services as the VPS, so I can have local/LAN speeds. Additionally, it serves as a reverse proxy for all my private services, such as my router/switches/access point config pages, Jellyfin, etc.

No complaints, it mostly just works. I also have my router override DNS entries for my FQDN to resolve locally, so I use the same URL for accessing public services on my LAN.

As a long-time Debian user, I’d have to throw my vote behind Slackware for the title of most UNIX-y, which is I guess a bit different from most Linux-y.

Debian got me through grad school, but Slack got me through undergrad on a hopelessly underpowered old ThinkPad — Volkerding is a legend, and Slack will always be dear to my heart.

This happened to me when Debian switched from SysV to systemd. I am not the only person who experienced this (e.g., https://bbs.archlinux.org/viewtopic.php?id=147478 ).

This is not to say the systemd behavior is wrong, but it essentially changed the behavior of fstab. Whether this is Debian’s fault, Arch’s fault (per the above link), systemd’s fault, or my fault is a fair question. But this committed that most egregious of sins per our Lord and Savior Torvalds — it broke my userspace.

My favorite was when the behavior of a USB drive in /etc/fstab went from “hmm it’s not plugged in at boot, I’ll let the user know” to “not plugged in? Abort! Abort! We can’t boot!”

This change over previous init behavior was especially fun on headless machines…

Getting TLS certs will be complicated

I just use Let’s Encrypt with a wildcard domain — same certs for public and private facing domains. I’m sure this isn’t best practice, but it’s mostly just for me so I’m not too worried :)