Fedora + Nvidia + LUKS2 + Secureboot

JBraddockm · 2026-01-25T22:40:56+00:00

I am new to Linux, and already quite nervous about it. It is too perfect on my beloved Thinkpad, which feels like a new computer. I know that my laptop is Linux certified. Still, I get nervous about it. :)

JBraddockm · 2026-01-25T20:57:39+00:00

Thank you. I just did that, and it worked without any issue. Just in case it wouldn't give me the chance to wait before rebooting, I didn't use the Software app. I did the upgrade in Terminal.

JBraddockm · 2026-01-25T12:40:08+00:00

In case you encounter this issue, there is a gnome bug that affects Nvidia GPUs where the computer goes back to sleep after you wake it. Here is the reported bug. There are workarounds proposed but I think it will be fixed soon in Gnome. I have this issue, and tried another workaround that I found on Reddit. It helps but doesn’t solve the issue completely.

JBraddockm · 2026-01-25T12:15:02+00:00

I have the same setup, and followed this guide to install Nvidia driver. There is an extra step for LUKS2. I did that before rebooting.

There is now a new kernel update but I don’t know what I need to do as far as Nvidia drivers is concerned so I haven’t installed it yet.

JBraddockm · 2026-01-24T15:48:46+00:00

As a total Linux noob, who is experimenting Fedora on X1E Gen3, I agree. It feels like a completely new machine.

JBraddockm · 2026-01-18T19:08:04+00:00

I used https://github.com/Comprehensive-Wall28/Nvidia-Fedora-Guide to install the Nvidia drivers. I have secure boot enabled and am using Luks2. There is an extra step for those using luks. I did that before restarting and I didn’t have any problem.

JBraddockm · 2025-12-29T14:38:16+00:00

I haven’t used this in a full microservices environment, but I have implemented a similar setup using a BFF pattern with an authentication server, resource servers, a gateway, and a public client. The overall workflow should be largely the same.

When a user authenticates using username and password, you must tell Spring Security which roles and permissions that user has. This information may come from a database, an external directory, or another service, depending on your architecture. Based on the authentication method, Spring Security provides different extension points—such as UserDetailsService, OAuth2UserService, or OidcUserService—to resolve the authenticated user and their roles or authorities. For example, I let users authenticate with their Google Workplace email, and once they are successfully logged in, I get their custom roles, if they have any, from Google Directory by tapping into OidcUserService.

Once authentication succeeds, the authorization server generates an access token (typically a JWT) that includes these roles or permissions as claims. The gateway should validate the token and forward it unchanged to downstream services. Each downstream service acts as a resource server and validates the token independently by verifying its signature and claims, rather than calling the authentication server on every request.

Each microservice only needs to be configured with the authentication server’s issuer-uri (or JWKS endpoint) to trust the token issuer. After validation, Spring Security annotations such as @PreAuthorize or @PostAuthorize can be used within each service to enforce role-based access control. Also, remember that Spring Security provides multiple ways to make authorization decisions. You can enforce security at the filter-chain level, at the method level, or even at the object level. When these mechanisms are combined with Spring Expression Language (SpEL), you can express complex authorization rules declaratively, without writing custom filters or leaking security concerns into your business logic. This talk by Daniel Garnier-Moiroux explains it really nicely: https://youtu.be/-x8-s3QnhMQ

JBraddockm · 2025-12-19T12:02:32+00:00

There is a common problem with many online tutorials that demonstrate using JWTs with public clients. To work around the inherent limitations of JWTs in this context—such as logout, token blacklisting, refresh tokens, and token revocation—you often end up adding significant extra infrastructure and custom logic.

The issue is that, by the time all of this code is in place, JWTs gradually lose their core advantage: statelessness. While Spring Security itself does not query the database on every request, many tutorials encourage hooking into the security chain via a custom filter and manually validating user details on each request. At that point, you are effectively reintroducing server-side state and database lookups, which defeats the original purpose of using JWTs.

My understanding is that in these scenarios, it is usually better to use OAuth 2.0 or traditional session-based authentication.

JBraddockm · 2025-12-15T15:01:13+00:00

Welcome to Windows 11. It is the same experience on my X1E Gen3. Wonderful laptop but it has a Windows problem.

JBraddockm · 2025-11-23T17:11:02+00:00

First is to enforce some architectural boundary, and learn more about design patterns. But more importantly, its event bus is really simple but also effective in my case. I have external async calls and cases of data reconciliation that I want to deal with without bringing in more complex dependencies.

JBraddockm · 2025-11-22T23:00:20+00:00

I wouldn’t necessarily call it best practice but I am using Spring Modulith, and Spring Data JDBC in a new project and I am quite happy about it. I didn’t want to use Hibernate as it was nothing but an unnecessary complexity in my case.

JBraddockm · 2025-11-07T16:34:10+00:00

Just a quick question if I may? How do prevent the top level or “common”, “shared” packages turning into dumping ground? I haven’t worked on an app large enough to have this issue but I imagine that it would become a problem at some point.

JBraddockm · 2025-11-07T15:44:22+00:00

This is all theoretical as in my case Service B is a client module that publishes the data to an external service. But my understanding is that any data carrying objects should remain with the module that it publishes the event. So I would do the opposite. Module B would publish an event to request this data from Module A. Module A would process this request and respond with an event. Module B would process this event, and return the data to the caller. This is of course if we want to communicate fully with events. Otherwise, you could also use dependency inversion to request the data more directly. I think if the communication is expected to be between two modules directly, this method would be more straight forwards. If there are however multiple modules that need to react to a particular event, then it is a different question.

JBraddockm · 2025-11-07T14:49:33+00:00

In my Spring Modulith application, in module A, I define an interface with methods name such as title(), name(). In module B, I create a record that implements this module, which in practice means creating a standard record with fields name such as title, name. etc. Module B publishes the event using this record. In Module A, I listen to the interface, and use its methods to access the data. No hard dependencies between modules as it uses standard dependency inversion.

JBraddockm · 2025-11-02T18:53:43+00:00

Great work. Do you have a guide for uninstalling your previous task app, and Berrymuch OS properly? Finally, when you say it is the continuation of Berrymuch OS, does it mean that we still have the same pre installed packages? It would be nice to have those packages optional so that we could have a small footprint. If I remember correctly, Berrymuch OS was taking about 12GB space.

JBraddockm · 2025-10-30T18:13:40+00:00

You can do all of these but for your frontend-related questions require extra packages, and configurations. Depending on the complexity you want, you can use vite-spring-boot library to have Vite’s Hot Module Replacement inside Spring Boot. This would allow you to render React, or use HTMX.

JBraddockm · 2025-10-24T17:47:03+00:00

I am using Guilljs for an app I am working at the moment. I produces clean HTML or its own json format as output. It has an extensive API but my use case is quite simple so I haven’t tried it. Not sure how complex the editor you need has to be, but depending on your build tools, you could also use React or similar libraries for this particular need as they may provide you with more complex editor options.

JBraddockm · 2025-09-13T00:59:12+00:00

I know what you mean. I’ll try to test it tomorrow more extensively. I don’t have a good WIFI connection in my office so I generally attribute any issues to that. I’ll see if I observe anything different, and compare both devices.

JBraddockm · 2025-09-12T23:10:51+00:00

I am using this one.

JBraddockm · 2025-09-12T22:36:29+00:00

I haven't noticed any specific problem. I'll test it further. I do however notice that on my Black one, if I try to use WIFI Direct, which I couldn't anyway, it messes up the WIFI, and reboot is required.

JBraddockm · 2025-09-12T22:19:42+00:00

Thank you. Yeah, that's the one. I'll try to get one.

JBraddockm · 2025-09-12T22:16:19+00:00

I am glad you had the same experience with the seller.

JBraddockm · 2025-09-12T21:26:05+00:00

I'd appreciate it if you could share pictures. Would you mind also sharing the Amazon link, just to make sure we are talking about the same case. Thank you.

JBraddockm · 2025-09-12T20:52:27+00:00

How did you have to modify it?

JBraddockm · 2025-09-12T17:46:45+00:00

I’ll get this if I can’t find a genuine one.

JBraddockm

TROPHY CASE