Fail2ban config can get fairly involved in my experience. I’m probably not doing it the right way, as I wrote a bunch of web server ban rules — anyone trying to access wpadmin gets banned, for instance (I don’t use WordPress, and if I did, it wouldn’t be accessible from my public facing reverse proxy).

I just skimmed my nginx logs and looked for anything funky and put that in a ban rule, basically.

I’m gonna try to guess the most likely LLM response to your post, trained on reddit data:

“This.”

How’d I do?

Newer macOS is not Unix certified.

It’s UNIX 03 compliant https://en.m.wikipedia.org/wiki/Single_UNIX_Specification

One or two Linux distros were (are?) UNIX certified, though.

Haha yeah that was the counter example I was thinking of. I agree completely — you could make a Gentoo from source beginner distro, and I think you could make it reasonably “idiot proof,” but it would still be a bad user experience most likely (too much time spent compiling).

If your distro can’t be forked into a “beginner distro” then it’s fundamentally flawed IMHO.

To be clear, I’ve used Arch as my daily drivers for a while, and while it’s not the best fit for my needs (I use Debian mostly), there’s nothing that I experienced that was incompatible with a “beginner” distro.

You can also drop cache for debugging by running something like echo 3 | sudo tee /proc/sys/vm/drop-caches

But remember that the kernel knows best — this RAM will automatically be freed up when needed and you should never run this except for debugging (or maybe benchmarking).

I have one SSID with pihole (which I use), and one without. Works pretty well, if you’re ok with a VLAN-aware network.

Ah, good point!

Dell XPS 13 Snapdragon seems like it’s trying to compete with the Air.

I’ve been super happy with it. Knock on wood it’s been super reliable. I have a single ZFS drive, take snapshots with various retention policies, nothing fancy.

Another fun thing is to set up a reverse proxy on it as an endpoint for services on your local (home) network which can only be accessed by VPN. For example, my Jellyfin service isn’t public facing, but I didn’t want e.g. my parents to need to set up WireGuard. So instead they can point their TV to a raspberry pi on their network to access the service — even a first gen RPI can handle Jellyfin reverse proxy over WireGuard for moderate bitrates!

I’m not mad at the huge amount I pay in taxes. I’m mad about what I get in return.

WireGuard, and an external HDD. Run at a remote location for off-site backup.

I do this with a raspberry pi 3 at the in-laws. I copied the data over locally before setting it up, and after that it’s just nightly incremental rsync, which is fine even over my slow (35Mbps) upload.

And over twice the GDP.

“Wow you signed the document in blood, you must be really hardcore.”

“No I’m just cheap.”

That’s…pretty believable.

The amount of money you save (and invest) isn’t accurately depicted with this though. Living expenses don’t necessarily grow with take home, if you keep lifestyle creep to a minimum.

So what this means is that if you make $100k and save $10k/year, if you start making $200k you can save the same $10k/year, plus the entire additional $100k after taxes (let’s just say that’s $50k+). So you doubled your salary but your savings went up 6x+.

But “included” doesn’t mean free. You still paid for it.

If you don’t want to sail the high seas, and you don’t want to pay, the library is a great, free option.

Ah, pretty sure that’d be the whole OnStar transceiver, too (which isn’t a bad thing to disable…).

I thought the antenna itself was behind a fuse (as in, feedline has an inline fuse) which would be a peculiar design I think.