To delegate the responsibility of securing login data to a company better equipped to deal with it (in theory at least). You can also use an external OIDC provider.

#define EIGHTY (4 * 20)

Tailscale. Create an account, put the client on the LAN device, put the client on the remote device, log in on both, you’re done. It bypasses NAT, CGNAT, and the firewall through some UDP black magic fuckery. As long as the router allows outgoing connections, it will work.

If the factory resets cause the router to lose connection to the ISP, though, then nothing will work.

Tailscale Funnel will let you expose a host to everyone on the internet. You’ll need the Tailscale client running on either the Jellyfin host or a reverse proxy pointing to it. Tailscale itself will act as a reverse proxy with TLS encryption, plus a DNS server.

Exposing a service to the internet will always present some risk. You should definitely run your LXCs as unprivileged, unless needed otherwise, to mitigate the potential damage if an attacker escapes the container, or put the services in full virtual machines.

external access

Do you want the Jellyfin server to be accessible from only within your tailnet, or anywhere from the internet?

Why do I need it to be integrated into fucking Notepad?

The rate at which every security practice is being torn down for the sake of clankers is giving me suicidal tendencies. Surely you will not regret giving the token-based randomness machine root access!

Simply dual-booting is viable. My Win10 + Arch worked well for over a year. If you’re worried about Windows Update nuking the EFI partition, you can clone a backup of just that partition (dd or a dedicated tool like Clonezilla) that you can then restore from a live environment if needed. Another option, if the disk becomes unbootable, is to boot into a live environment from a USB stick and simply reinstall GRUB into the EFI partition.

(edit) It’s also a good idea to reduce the frequency of forced updates. You can do that using WinUtil.

Windows Update has a habit of eating the EFI partition. That’s how I finally switched to full-time Linux. LTSC doesn’t update as frequently as Win10 Pro, and probably doesn’t touch the EFI partition as much, so there’s a smaller chance for that to happen.

Dual-booting can work for years without issue. My method just ensures that Windows Update has absolutely zero chance to fuck with the ESP.

Why would I? They haven’t broken any rules, and we haven’t had a good troll post since Madthumbs left.

By looking.

If you have IPv4 addresses, I guarantee you’re behind at least one NAT gateway. What you need is a Tailscale subnet router, or something equivalent from another service.

In the most basic configuration, the Tailscale client facilitates communication (by using some UDP black magic fuckery) between one host it is running on and another host it is running on that are both connected to the same tailnet (the virtual network between Tailscale hosts). For this purpose, it uses addresses from the 100.64.0.0/10 “shared address space” subnet. These addresses will only be reachable from within your tailnet.

If you want an entire subnet (e.g. your LAN) to be accessible within your tailnet, you need to set up a subnet router. This involves configuring the Tailscale client on a device within the target subnet to advertise routes (tailscale set --advertise-routes=192.168.1.0/24), allowing the host to advertise routes in the admin page (Machines -> … -> Edit routes), and configuring the Tailscale client on external hosts to accept advertised routes (tailscale set --accept-routes).

If you want your servers to be accessible from anywhere on the internet, you’ll need Tailscale Funnel. I don’t use it personally, but it seems to work. Make sure you understand the risks and challenges involved with exposing a service to the public if you want to choose this route.

The “before” is me in 2021 when I first experienced KDE Plasma’s customizability.

The “after” is me today, suffering with QML and Javascript because I must create my perfect Quickshell or I will fucking die.

You need two separate SSDs. One for Linux, one for Windows.

• Install Linux on SSD-A. Make sure it has an EFI system partition with a bootloader in it (GRUB, systemd-boot, REFInd), don’t use an efistub. If the installer is done, disconnect the SSD to be safe.
• Install Windows on SSD-B with the desired updates. It will create its own EFI partition.
  • Optionally, you can create a separate NTFS volume for your C:\Users so you don’t have to mount the entire system on Linux if you need to access your files.
• Boot into Windows. Use a tool to completely disable the updates. I use WinUtil by Chris Titus.
• Reconnect SSD-A.
• Boot and enter the firmware configuration. In the boot device list, make sure SSD-A has a much higher priority than SSD-B! You can even remove SSD-B from the bootable devices.
• Boot into Linux. In the bootloader configuration, create an entry that targets the Windows C: volume on SSD-B.
  • Alternatively, you can just use the firmware’s boot menu to boot from SSD-B.

Done. If you need to update Windows, physically disconnect SSD-A and boot from SSD-B.

Do what they did with Thunderbird. https://blog.thunderbird.net/2023/05/thunderbird-is-thriving-our-2022-financial-report/

Firefox isn’t used by the “general public”. The general public doesn’t give a shit about open-source or which corporate logo is stamped on their copy of Chromium. Many won’t even look past Edge, and the rest will likely use Chrome because everyone does already.

No, Firefox is used by the enthusiasts who care about not using Chromium; about actively choosing control over convenience. Now Mozilla Corp is pissing off that same audience by doing what Google does – shoving AI up everything. To date, every decision regarding AI has met with pushback from their own userbase. Being the lesser evil does not grant them a free pass for every boneheaded decision.

If they need cash, they can fire that fuckwit of a CEO, roll the savings back into their engineers and products, and go on a funding campaign promising to actually improve their products like Mozilla Org Foundation did with Thunderbird.

So why is Mozilla shoving AI garbage nobody asked for into Firefox? I seriously doubt that their severely overpaid execs don’t have some kind of profit incentive.

They did not, in fact, get away with it.

Ubuntu is the corporate business owner that got its starting capital from running a brick-and-mortar shop.

RHEL is the offspring of corporate business owners with generational wealth.

All they had to do was remove all the bits that made it an Assassin’s Creed game and it would’ve been perfect. But they did Skull & Bones instead. It’s like they hate easy money.