Pen danger to the eye is obvious to most people. Cancer caused by a lifetime of drinking is not.

I’m trying to indicate that docker has its own kinds of problems that don’t really occur for software that isn’t containerized.

I used the immich issue because it was actually NOT indicated as a breaking change by the devs, and the few of us who had migrated the same compose yml from older veraions and had a problem were met with “oh, that is a very old config, you should be using the modern one”.

Docker is great, but it comes with some specific understanding that isn’t necessarily obvious.

For one, if the compose file syntax or structure and options changes (like it did recently for immich), you have to dig through github issues to find that out and re-create the compose with little guidance.

Not docker’s fault specifically, but it’s becoming an issue with more and more software issued as a docker image. Docker democratizes software, but we pay the price in losing perspective on what is good dev practice.

zfs overlay / docker snapshot issue has been solved since 2021. Proxmox is also well into 8.3, 8.0 has been stable since early 2023.

Current modern supercomputers are actually a mesh of relatively lower spec machines, not a single “computer”, per se. The cost of these isn’t the hardware, it’s the low-latency interconnects and writing the software that can carry out jobs in a massively parallel way.

There’s a give-and-take here, where disclosing the vulnerability should be done soon enough to be responsible to affected users, but not so late that it’s seen as pandering to the vendor.

We’ve already seen how much vendors drag their feet when they are given time to fix a vuln before the disclosure, and almost all the major vendors have tried to pull this move where they keep delaying fix unless it becomes public.

Synology hasn’t been very reactive to fixing CVEs unless they’re very public. One nasty vulnerability in the old DSM 6 was found at a hackathon by a researcher (I’ll edit and post the number later), but the fix wasn’t included in the main update stream, you had to go get the patch manually and apply it.

Vendors must have their feet held to the fire on vulns, or they don’t bother doing anything.

Jeff Geerling and Craft Computing have recently reviewer these units on YouTube and they’re fairly optimistic about them.

Do you have xattr fixed for the underlying zfs?

Your main character syndrome is showing.

It wasn’t, really. It was passed around as IP for a long time like a used car everyone wanted to fix & sell, but no one wanted to do anything with.

I know this is a joke, but honestly, this would support the artist more than the past 75 years of labels and streaming corps, which is IMO high seas piracy in itself.

Whoah, dude.

Not only are you being told what could have and will ward off unplanned breakage, but you have somehow characterised yourself as an unsuspecting victim here? Inaccurate and really inappropriate comparison.

You knew enough to take on deploying a service, now comes the grown-up part where you hedge against broken updates.

I like Kitty, but the terminfo stuff happens often enough for me that it’s a no-go.

Normally, I would fiddle with workarounds, but the author of Kitty has no plans to make Kitty play ball.

Changing policy? Sure, do it with signcards and gatherings. But when the people do overthrow their oppressors, it is with force of some kind.

Inefficient ineffective

Protests don’t work if the governing body has no respect for the voice of the people.

Not sure if this is serious, but you know it’s gibberish for presenting fonts?

I’m not exactly sure what you’re suggesting. Isn’t that more or less what I just said?

The libcamera build does work on an sp6, but it’s not useful, since discord and others don’t support libcamera devices.

I have a surface pro 6, bought used for cheap. With the surface Linux kernel, almost everything works.

I built support for the front and rear cameras using the surface Linux instructions and they work, however it’s not a working solution, since ms Teams pwa or discord can’t use libcamera devices.

One thing you should be aware of, though, is that the tablet experience is only really workable in Wayland, so you’ll have to forgo non-wayland apps and desktop environments. Gnome is… not great.

Also, there are several gotchas with wayland. I use flameshot for screenshots, which is broken on Wayland with scaling. Scaling also breaks default firefox on Wayland.

Sorry, didn’t mean to turn this into a Wayland comment.

The hard work the folks at surface Linux have done is amazing, and I’m happy to daily drive my surface.

EFI can also live in firmware memory.

You can pull the linux drive, boot from the windows drive, and if one of the firmware updates was for efi, windows will trash the entry for your Linux disk.

This has happened for me many times, I had to use a grub rescue disk to rebuild the efi table.