Yeah I was not a fan of paying for Spotify and them cramming ads of podcasts down my throat when I wanted to listen to music. Plus their shuffle is a joke. Music discovery was pretty sweet though

Hard Fork: for keeping up with the biggest tech news. they do dissecting of potential impact if stuff.

Lex Fridman: He interviews really interesting subjects. I'll listen to subjects I'm interested in based on who they are or the subject matter they are an expert in. Lot's interesting tech folks. My favorite episode so far is with John Carmack: Doom, Quake, VR, AGI, Programming, Video Games, and Rockets. Epsidoe is 5 f***king hours but broke it up into several sessions and Carmack is so good in articulating, it flew by.

Huberman Lab: before software I liked biology and medicine. I like these occasionally because I get to learn how systems outside of software/hardware work. These I will watch/listen in a sitting as one would to a movie. It demands your attention to follow along. (I don't like when doctors have podcasts with all the "alternative medice" BS. But Huberman is an active researcher at Stanford and in charge of a lab that cranks out sweet research. Def credible dude and very methodic and tries to rule out bias).

I tried Logitech's wave keys at the store and I fell in love with them. I have several custom keyboards (including a HHKB with topre keys and WASD Code keeyboard) and this puts them to shame, unfortunetly. Can pick it up for $56 USD.

https://www.logitech.com/en-us/products/keyboards/wave-keys.html

• The shape is not those crazy ergo keyboards but the keys are very easy to reach, and you will not have to adjust to a new layout if you are comfortable with laptop keys.
• The keys have more travel than laptop keys but less than mech keyboards (on average).
• The Keys are also effortless to press but offer resistance.
• Bluetooth and if you use wireless Logitech mouse you can use the same BT receiver.
• They have them at Staples and Best Buy, so you can go and try it out.

As for programming, I found the WASD Code keyboard to be pretty customizable with their hardware switches. I can flip a switch and boom, my Caps Lock is now another Ctrl, etc. But you can do that in the OS as well. They go around $99 and you can pick different keys. Not sure if they have any wireless ones

https://www.wasdkeyboards.com/code-v3-87-key-mechanical-keyboard-cherry-mx-blue.html

cool thanks.

Well I'm glad to hear these things being worked on and worked out

I see. That's a good question because I'm not even aware of other "orchestrators" outside of kubernetes 😅

I agree that by design Flatpak aims to provide a secure environment through sandboxing; in practice, the implementation has gaps that can lead to security risks, particularly when apps are granted extensive filesystem access. This can undermine the effectiveness of the sandbox and potentially expose systems to vulnerabilities. HOWEVER, being on an immutable system, these risks are mitigated to some degree.

I'm particularly hopeful for Flatpak's promise of fine grained permissions. Flatpak is developing a fine-grained permission system with portals for external interactions, BUT this system relies on integration with toolkits like GTK, rather than app-specific APIs, complicating its implementation. There is more info in the linked article in the previous post, and here it is again.

Admittedly I'm not familiar with distrobox, but my caution is for any approach that distributes containerized programs with their own runtimes; they proved to be a real headache on my "mutable" system and my nvidia GPU until I switched to rolling OS.

I'm glad you found some candidates to potentially resolve your issue. What distro did you end up using? I'm curious to give it a go next chance I have some free time. Cheers.

TIP: programs that run inside docker containers should be compatible with the host system's kernel.

If you want to run a container targeted for a linux distro on windows, you need some intermediate that will translate Linux sys calls to windows ones. I don't have experience with this but I believe that's what WSL accomplishes? Among other things.

Regarding your question about lock-in, if I understand it correctly, you are targeting the kernel really, thats the "engine". So "lock-in" is about the same as you choosing which OS to target.

TL;DR: If I were to choose an immutable OS to run on my propriety graphics cards I'd choose an immutable distribution with rolling releases or hardware enablement packages, which tend to do a better job of keeping these graphics libraries up-to-date for new hardware.

I don't have a recommendation but I just learned about immutable Linux OSes from this post. I could see benefits of immutable OS files, but I've been skeptical about package distribution like flatpak and snap, at least in their current state.

Dont get me wrong, the workflow of flatpack is great, but in my experience, apps from flatpack typically ship with their own runtime and don't rely on system runtimes (likely why you have GPU driver issues). As a software developer, I obviously prefer to ship with all dependencies and runtimes so I don't have to rely on the system to be updated but this comes with downsides:

A major problem with alternate runtimes is drivers. New graphics hardware needs new graphics libraries which have a ton of dependencies. Mesa depends on LLVM for compiling shaders. The NVidia driver depends on a kernel module whose version must exactly match that of the library. All of these libraries have their own transitive dependencies like libdrm, libstdc++ and glibc. If you want new hardware to work, you need to be using new versions of all of these libraries.

Linux distributions, especially those with rolling releases or hardware enablement packages, do a great job of keeping these libraries up-to-date for new hardware. Bundled runtimes do not. Source.

I'd recommend checking out that article I linked as source. There are also security concerns of using apps, some of which are mitigated by having an immutable filesystem, but there are more points and this comment is long enough as it is.

EDIT: I reread my comment and it comes off as "immutable bad, blah blah". Truth is I don't know much about these OSes but I wanted to point out that distributing apps in containers comes with its own challenges; which I gather is necessary for immutable OSes. So my TL;DR is to narrow down to a distribution that is immutable and has a rolling release or distributes hardware enablement packages.

I heard in their Q3 2023 quarterly earnings call that 6 years ago they left a PCIe slot free in every server so they could accommodate upgrades in the future as they grew. They were suspecting it'd be with the boom of AI/graphics cards but didn't want to commit to it yet.

Now they are plugging up that empty PCIe slot with newest gen graphics cards with their launch of Workers AI.

This is cool because they had foresight to make an uncomfortable decision initially but were able to respond to their growth objectives without spending capital expense to upgrade the entire servers.

Their recent blog on the design of the new servers is mostly around temperature, efficiency, and rack density. So unfortunately no hints at what's to come.

This is interesting. Don't have an opinion on it yet.

I wonder what effect this will have on developers' code reuse practices and how it comes across in the interview.

At work I often look at my previous work for how to do boilerplate stuff. And in my recent interview experience I had more opportunities to use the internet and other examples. Very practical

When I was in college, two older classmates whom I respected got into a hilarious argument of why Gnome was awesome and now eats rocks (their views, I had no views).

Their elaborate and very specific descriptions of functions and inconveniences drew up a picture of functionality and a e s t h e t i c I had never experienced on windows. So I proceeded to install a distro and take it for a ride

I would appretiate if someone could explain the practical utility of snippets because it just dawned on me how useful they might be.

cool. yeah you would know best, I see you're very involved on this instance

any utility in enforcing/suggesting a post template that address (for example)

1. What task are you accomplishing with this code?
2. How is it implemented (give an overview of your solution)?
3. Why did you choose this approach (if several valid approaches exist)?
4. What specifically, if anything, do you want suggestions on. Security, best practices, etc (Optional)

This is the best suggestion for DIY, I can even get away without a printer and just write by hand. Perfect! Wish I could pin this comment.

nothing wrong with being self taught, you could follow these basics topics before poking holes in firewall.

1. VLANS: learn how to separate your LAN into networks with different security requirements. For wireless, try to make a "main" and "IoT" network so that IoT network that can't talk to your "main" network but "main" can reach IoT devices. For wired, try to have a Management network, and a "Dirty network" etc.
2. Firewalls and Routing: You will need to be able to route between your VLANS and set firewall rules to allow certain traffic. Best practice is block everything and allow only what you need.
3. NMAP: learn how to do NMAP scans of your network to discover hosts and their open ports/services. This is a similar approach that "hackers" and script kiddies use on the public internet to find vulnerae and open services. Being able to probe your own network is crutial in understanding how others might approach in penetrating it.
4. Wireguard VPN: Learn to access your network remotely by setting up a wireguard VPN. Wireguard is preferred because it is "stealthy" and will not respond to unsolicited attempted to probe your network. Start small by using wireguard to access between VLANs so you don't run the risk of using the internet.
5. NGINX and Reverse Proxy: If necessary, learn to expose your services or blog or website by only exposing nginx and proxying to your services. Many guides on securing NGINX exist. Try not to expose anything, but sometimes necessary if you want others to reach your website/blog/hosting etc.

That's a rough outline that you can use to guide yourself and achieve milestones with hands on experience. In your pursuit you'll run into certificates and domain name hosting and stuff. But all this is on the web so let your curiosity (and paranoia) drive! Have fun!!

The table of contents hints there is only one section relevant to security, Lab Firewall Config.

Anyone have experience with this book that could vouch for other chapters that explore best practices for security?

you're incredibly helpful! thanks for linking these threads

welp! thanks for laying it out.

I'm curious how, if at all, this will affect Brave browser who is chromium based but natively bakes in ad block and tracker block. I assume manifest v3 is an API change, so unless Brave uses the API under the hood they should not be affected. But their performance is pretty stellar so maybe they have something more native to achieve this.

EDIT: WOW! checked the bug tracker and manifest V3 announcement goes back to 2018

I saw V2 extensions will be disabled but in my lack of webdev experience I fail to point to what is prohibitive in V3 that uBlock Origin cannot migrate to.

Anyone have a better understanding and can clue us in?