Just some Internet guy

He/him/them 🏳️‍🌈

  • 11 Posts
  • 1.77K Comments
Joined 1 year ago
cake
Cake day: June 25th, 2023

help-circle
  • The key there is the switch does most of the work in hardware, so you can have 1G going between all ports with no CPU usage, so the internal 1G port doesn’t matter as much, and the hardware acceleration lets it efficiently handle routing across VLANs without involving much of the internal port. Those internal switches can usually handle VLANs and basic NAT nesrly entirely on its own.

    With a single external 2.5G port you lose that because your traffic will have to go in the router and back out to the switch to cross VLANs, so it’s basically a 1.25G link. And it needs to be a managed switch too since the router doesn’t come with a built-in one anymore. Best you can do is software VLANs but the other device will need to also use the VLAN explicitly in that case, as there’s no switch to give you untagged ports.


  • I think the main reason is Google wants to provide a predictable environment for the developers where not too many things can be changed so it doesn’t visually break apps. Because for big corps really, really want their branding to be perfect, can’t be caught with a screenshot of their app in Comic Sans.

    You used to be able to install some pretty sick theme packs but over time everyone started shipping apps with its own hardcoded themes and theme libraries such that it looks identical between devices, so now we’re stuck with whatever Google says is how it should look.

    Back when I was a developer I had to turn off my theme for every demo because the clients would keep focusing on that and not their fucking app, and keep complaining it clashed so hard with their brand colors. Which I’m sure is part of why the stock theme now is so flat and neutral vs the Holo/Honeycomb days.


  • I’m struggling to think what one can even do with just two ethernet ports of different speeds. It’s begging to be used as a gateway, VPN or firewall but you can’t because you’ll top out at 1G anyway. And assuming one of them is the LAN side, supposedly it’ll be going to a switch so the router will never see LAN traffic anyway, only stuff through it which hits the bandwidth limitation.

    I guess technically one could bond the WiFi and 1G link to make use of the 2.5G link? Or as an AP like it’s got 2.5G upstream and passes through another AP down the line using the 1G port.

    Very questionable specs.

    E: it occured to me this looks like a potentially really good standalone AP if you give it 2.5G upstream and then branch off to another device down the line like some Ubiquiti ones do. But the form factor is ugly as hell to be mounted on a ceiling…






  • Did you set the DPI in your RDP client? I had this too with my Windows VM, and it would just reset whenever I’d change it in Windows. Changed it in the FreeRDP flags and now the scale is correct, Windows applies 150% whenever I RDP in.

    EDIT: My exact command

    wlfreerdp /u:Max-P /v:192.168.1.149 +fonts -aero +clipboard +decorations +window-drag +async-channels +async-input +async-update -compression /dynamic-resolution /rfx /t:"Windows 10" /w:2560 /h:1440 /sound /scale-desktop:150 /scale:100
    

    /scale-desktop is the one that controls the Windows side, whereas /scale controls the local side, so in this case Windows scales and I display it as-is, but you can also do the reverse and save some bandwith if the legacy app would just bitmap scale anyway.


  • Central package management.

    When you install a package, it keeps track of all the files so when you uninstall it, it removes them all. There’s various ways to scan and remove untracked files, but on a Linux system you can basically be ask it “where does this file comes from?” and it’ll just tell you “oh, that’s from mpg123, and you have it installed because VLC and Firefox need it to decode some AVIs”. And if you really don’t want it for some reason, it can also go uninstall everything that needs it too.

    It makes it pretty hard to corrupt a system or uninstall important stuff. In the reverse, it also knows what is needed, so if you install VLC, it will also install all the codecs with it, and those are also automatically available to other apps too usually.


  • Been on Linux since 2007, so for me it’s kind of the opposite. You just get settled with your OS after a while, you’re used to how it works.

    For me the immediately missing features is customizability in window management. I’m not a tiling fan, but I still miss basic convenience features like middle click paste, press alt and drag windows around or press alt and right click to resize windows from whichever side is the closest to the cursor. The different way it arranges windows (Linux tries hard to make them fit in unused space whereas Windows just opens it in the middle of the screen). Another big one is if you have a window focused and try to scroll another window in the background with your mouse cursor over it, it’ll still scroll the focused window even though the mouse cursor isn’t on it. Focus steal prevention is non-existent so if you’re typing and another window pops open, it steals your keyboard input. The search bar is like, utterly useless, so is the Microsoft Store. The start menu doesn’t open instantly like it has to load it every time. When you uninstall something there’s still leftover crap of it everywhere.

    Thankfully when it comes to Linux apps, their open nature means the majority of them just have Windows builds anyway, and what doesn’t would work in WSL. So really all I can miss is the inherent flexibility and openness Linux gives me.




  • They do sometimes end up used as agree/disagree buttons, but they’re intended to be more about whether it’s good content that provides some value, and downvotes are when you don’t provide any value. This leave room for disagreement without downvoting a well written post that does add to the discussion.

    I use downvotes for spam, and posts/comments what are just plainly wrong, incorrect, misleading or dangerous. Stuff I think is good gets upvoted, and stuff I disagree with but there’s otherwise nothing wrong with it, I don’t vote.



  • Using a third-party boot manager like rEFInd helps to bridge the gap with dubious motherboards that don’t implement the UEFI spec right. Just make sure all the installed distros have their own ESP, then you can get into whatever distro’s GRUB via rEFInd. And it’s pretty.

    The issue is usually around fighting for the same ESP, and not all distro’s GRUB finding the other distros, and made worse by some UEFI firmwares not offering all available EFI applications as bootable so you end up stuck with the wrong GRUB.



  • You can always slap LVM or btrfs or ZFS on top to get more. But even with something more basic like ext4 you can still install multiple distros as long as they’re in their own folder, and when you pivot root you pivot to a folder of it, it doesn’t have to be the root of any filesystem. If you have a BIOS system technically you don’t even need a partition table as syslinux fits the ext4 header and can boot from ext4.

    I’d probably just do btrfs subvolumes or ZFS datasets though, more reliable and more manageable. And you don’t waste space with individual partitions either.




  • No, that’s why signed kernel+initramfs+LUKS+dm-verity: protect the boot process all the way into userspace where you do have network access. From there you can request the TPM signs messages with a preloaded key it will only allow using it if you went through the whole secure boot process. It’s exactly what Android does with Play Integrity and the strong integrity flag.

    That way you can prove to the server that the computer is still secured and untampered with up to that point, which means the script that deals with the periodic checkin should be running untampered as well. If you’ve secured down the Linux install appropriately, it should be impossible for the user to gain enough privileges to request the key again from the TPM or extract the data key out of the mounted filesystem. That also means you can trust the system to block mounting any drives, force VPN on, make sure your MDM runs, all that stuff.

    You can reset the BIOS, boot from USB, all that stuff still, but then it would also wipe the TPM and so the OS no longer bootable, and obviously no signed TPM messages either so even if you find the script and how it works, at that point you don’t have the ability to sign the messages so the server won’t give you the data partition’s key either. The moment you tamper with it, it breaks the trust chain and the keys are gone. Can’t flip a single bit on the system and boot partitions without the checks failing.

    It’s not bulletproof, some laptops you can sniff the TPM bus in minutes due to design flaws, but in theory as long as the hardware holds it’s pretty secure. And obviously you can always just take a picture of the screen, no avoiding that. But it puts enough hurdles it’ll stop most opportunistic exfiltration. One bad move and you wipe the keys, so you better know exactly what you’re dealing with or you have one embarassing and incriminating email to write to IT to have them reprovision the keys.