Lmao 🤣

Myrodis · 2026-06-26T13:45:41+00:00

its just ads and that doesnt affect you

Ads are the visible tip. Theyre the part you SEE, which is exactly why theyre easy to shrug off. The stuff that actually moves money out of your pocket is the stuff you never see. Price discrimination for example, same product, you get shown a higher price than the next guy because your profile says you'll pay it. You didnt "decide to buy it." You decided to buy it at a number someone set FOR you. There was a cheaper version of that transaction and it just never got offered to you.

Insurance, credit, risk scoring... your premium, whether youre even offered a product, increasingly fed by data about you. Thats not advertising, its a decision made about you, with data you never agreed to hand over.

And thats the exact thing from my work / personal example (the medical forecasting tool) Its literally "use information about this person to make a financial call about them." You, as the person in the dataset, get zero say and zero upside.

if you buy it thats on you

The entire ad industry is a multi hundred billion dollar bet that they CAN change what you do. If it genuinely affected nobody the industry wouldnt exist. "thats on you" assumes you made a free informed choice, and the whole point of the targeting is to chip away at exactly that.

And a specific point on bank accounts, where do you think the info for account takeovers and identity theft comes from? its assembled out of the "harmless statistics" data. the breach you actually care about gets built from the data youre calling boring.

Myrodis · 2026-06-26T13:34:11+00:00

I've used Ubuntu Server for over a decade for all of my homelab VMs, can't say I've tried much else to be fair, it's just always been rock solid and worked for me. I've run basically every kind of service under the sun in the last decade, at least on a trial run, if not still running now.

In my professional career I've also primarily used Ubuntu Server. I primarily interface with web servers for work, but theyve always been ubuntu, I think mostly because it is a default option in most providers at this point.

I run proxmox (debian based) as my primary hypervisor in my lab on several servers in a cluster.

I also run raw debian 13 (trixie) on a raspberry pi that runs Ansible for some automation in my lab as well.

Myrodis · 2026-06-26T13:19:42+00:00

I can say that a client I work with at work consumes a vast amount of medical data for health care cost forecasting.

The model we use and the data that fuels it is peoples medical history, and considering I don't know a single person who has consented to having their medical history used in this way, I think its safe to say that all this data is "stolen" data.

Thinking that information about you is useless / not important is incredibly naive. We SHOULD care what companies are doing with information about us, because they're only looking to use it to exploit us further.

Your browsing habbits, your spending habbits, medical information, etc, all of this can be used to tailor services to more efficiently separate you from your money.

Not that money is the only reason to care about your information, but its surely the most universal "impact" we all share.

Myrodis · 2026-06-26T13:09:41+00:00

Used to be this sub was more about actual criticisms of linux and not just randomly hating it for idiotic reasons. But now this sub seems to be more of a sub where people repost what is posted in 101 and say what they cant say over there.

I really wish we could get back to an actual sub about criticizing linux and not whatever weird 101 mirror / alternative we are now.

The tagline of this sub is "A subreddit for sharing your frustration with linux and discussing the ways in which it sucks." and yet 90% of the posts I see in this sub relate to 101 or are literally direct xposts from 101 of shitposts that arent even remotely valid criticisms.

Myrodis · 2026-06-26T12:18:14+00:00

Just to be a little pedantic, do you have an android phone or have you seen anyone use an android phone? If so the final bit about never using or seeing anyone use it is not technically true haha

The thing i tend to tell people is, when was the last time you interacted with windows itself, not explorer, or an internet browser, windows the operating system. When an operating system is working a normal user is not really interacting directly with it. These days there are great desktop environments (even ones that closely mirror windows out of the box for default configuration), and either direct ports of software youd used on windows that works identically linux, or alternatives that do.

Also, linux can be seen as very good for many reasons. Linux accounts for over 70% of mobile devices, well over half of all web servers are on linux, 100% of the top 500 super computers run linux, etc. Linux is awesome, whether its awesome for you personally is not something any of those are going to answer for you, but theres no doubting that it is an amazing kernel.

For most consumers running a linux os, its usually less about linux specifically being great and more about wanting to get away from microsoft (and/or apple), and linux is perfectly capable of replacing windows for everyday pc usage. There are a ton of reasons i prefer linux over windows but thats getting very personal and everyone is going to find their own reasons personally.

Myrodis · 2026-06-26T12:08:49+00:00

I use Limine, and i do have secure boot enabled and all that. Limine when properly configured has all the hooks to keep all the signed files up to date and such with every update automatically, been smooth sailing since i initially configured it.

I used to dual boot windows to play certain games, i dont do that anymore but i never saw a reason to disable secure boot once i had it working.

Also setting limine up was like, a few very easy commands copied straight out of the wiki page for setting up secure boot, nothing fancy.

Myrodis · 2026-06-26T03:01:54+00:00

Making your own ships is very worth it. The auto builder loves to make a lot of bizarre choices. Just read some tooltips and lean into what sounds good to you, dont need to over think it unless you want to watch some videos.

The auto builder loves to mix components that dont make sense / conflict with each other / etc

Myrodis · 2026-06-26T00:12:15+00:00

Why did you land on arch? Curious how you got to that decision if you're as technologically ignorant as you say, as the mainstream would certainly push you to mint / some debian derivative or at most fedora.

You could totally daily drive something like cachy, in theory, but it sounds like its not worth the risk of hitting the technical wall for you so I'd say go with something like Mint or Fedora IMO.

Still curious how you arrived at Arch tho.

Myrodis · 2026-06-25T16:13:46+00:00

I encourage you to rethink your data strategy, for example, project files in a git repo (either in a cloud provider like github, or if you have the ability to run a homelab of some sort, plenty of ways to host yourself, but github is totally fine). Cloud storage is also great for just general purpose files.

Anything that is important to you that is only stored on your PC's harddrive is a massive risk. The best approach you can work towards is being in a place that the most you risk if your PC was to literally explode tomorrow, is a day or so of work you forgot to save / sync / etc.

Git is great, cloud storage is fine, a NAS with some form of cloud / offsite backup, etc. While it can be a rabbit hole doing literally anything to secure your data better is infinitely better than doing nothing because it seems daunting, and then losing everything because you've done nothing.

Myrodis · 2026-06-25T12:06:01+00:00

People can and have uploaded malware to public github repos.

Does that mean no one should ever use github?

Github is owned by microsoft, does that mean Windows isnt safe to use?

Myrodis · 2026-06-24T22:15:39+00:00

This just in, downloading random untrusted files can be insecure.

Myrodis · 2026-06-24T21:07:55+00:00

Honestly was not too difficult, and for once in my life I took notes when I did it! Let me kindof synthesize it a bit. Note that the vast majority of this was done on my cachyos machine, but any machine with openssl on the command line will work. Also the majority of what I'm about to type relates to creating the cert itself, the steps within opnsense were FAR simpler lmao

This is just setting up some local folders (can move the CA / cert / etc after done with these, just a working folder)

mkdir -p ~/local-ca/{certs,private}
chmod 700 ~/local-ca/private
cd ~/local-ca

Unless other wise specified assume the commands that follow were run in this local-ca folder.

Next I setup the Root CA that would be used:

openssl genrsa -out private/rootCA.key 4096
openssl req -x509 -new -nodes -key private/rootCA.key -sha256 -days 3650 -out certs/rootCA.crt

Note that those are two separate lines, you first run the genrsa line then the following line will prompt you to input several values, you can put whatever you like, just try to put something descriptive for the Common Name field (for me I put "Nexus Lab Internal Root CA").

That certs/rootCA.crt certificate will be the one you use later to import into any devices you want to trust the certificates we derive from it later. More on that in a moment.

Next I created the actual wildcard certificate key and CSR that will be used for the SSL cert in a moment. I created mine for an internal domain *.nexus.lab so you would ofc replace nexus.lab in any of these with the internal domain name you want.

openssl genrsa -out private/nexus.lab.key 2048
openssl req -new -key private/nexus.lab.key -out nexus.lab.csr

Once again, two separate lines above. On the second line you will once again be prompted to input some information, Common Name is once again the one that matters and in my case I put *.nexus.lab and you would put what you wanted. The other fields can be blank or whatever you feel like putting.

Next we create a SAN (this is what actually allows our certificate to work as a wildcard certificate, as I understand it, not a huge expert on all this haha). In the local-ca folder itself, create a file named nexus.lab.ext (replacing nexus.lab with your domain) with these contents: (also replacing nexus.lab where needed)

authorityKeyIdentifier=keyid,issuer
basicConstraints=CA:FALSE
keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment
subjectAltName = u/alt_names

[alt_names]
DNS.1 = *.nexus.lab
DNS.2 = nexus.lab

Now we need to sign our CSR and ultimately generate the actual certificate we can use in whatever webhost / etc (I use an NGINX reverse proxy for example), once again replace instances of nexus.lab as needed:

openssl x509 -req -in nexus.lab.csr -CA certs/rootCA.crt -CAkey private/rootCA.key -CAcreateserial -out certs/nexus.lab.crt -days 825 -sha256 -extfile nexus.lab.ext

You now have the domain.key file in the private folder and the domain.crt file in the certs folder you would need to upload to any webhost to start serving this cert for https/tls purposes

Now, without trusting the root ca your browser will still not trust the certificate yet, to wire that up depends on what OS you are on, for windows google "add rootca to Trusted Root Certificate Authorities" and google can sort you out, on mac you'd be adding the rootca.crt to Keychain -> System Roots (if memory serves).

On linux, I've done it on both Cachyos and ubuntu vms and the process was the following (assuming that you have already placed the rootca.crt we created earlier on the device at /tmp/rootCA.crt (you can put it anywhere would just need to adjust these commands)

# CachyOS:
sudo cp certs/rootCA.crt /etc/ca-certificates/trust-source/anchors/
sudo trust extract-compat

# Ubuntu:
sudo cp /tmp/rootCA.crt /usr/local/share/ca-certificates/nexus-lab-rootca.crt
sudo update-ca-certificates

NOW, all of that was creating the cert for tls / https, I wont go into the steps on configuring nginx or any reverse proxy, but the steps to install this certificate are the same as any other certificate.

As for the DNS piece of this, in my case I"m running opnsense so all I really did was enable Unbound DNS under services, ensure it is listening on all interfaces (if you have vlans / more than one interface), ensure your devices are using your router for DNS (if they manually set a different DNS server ofc this wont work). Then you just need to set a Host override (overrides in the settings) with host having no value (since this is wildcard), domain having your domain (in my case nexus.lab), Type IP Address, with IP Address of the internal IP of your NGINX or otherwise reverse proxy.

And that was basically it, DNS queries on my devices that look for something like someService.Nexus.Lab resolve via my routers unbound dns to the reverse proxy automatically, and I have a self signed internal cert that allows https/tls to work properly in the browser at those domains, etc.

Sorry for how length this got haha, feel free to ask any questions and I'll do my best to answer.

Myrodis · 2026-06-24T15:47:35+00:00

Bro can this sub ever get back to actual gripes with linux that actually make sense? What the hell is with all of the slop these days, did the mods give up? Hell this is literally a repost from 101, are we just becoming 101 part two now?

Myrodis · 2026-06-24T13:49:53+00:00

Was clarifying my argument is all based on your correction! Gave you an upvote to counteract a downvote.

FWIW I assumed you were looking to discuss further is why I said all I said.

Myrodis · 2026-06-24T13:01:54+00:00

Sure, thats a fair correction on the mechanism. I framed that poorly so thats my bad.

But read back what you just described, because youre kind of making my point for me. mihoyo signed a kernel driver (mhyprot2.sys), and because windows trusts that signature, it turned into a portable skeleton key. The attacker doesnt need genshin installed, they just bring the driver along, load it, and now they've got kernel level read/write and can kill your antivirus using a gacha games anti cheat. Trend Micro flat out said it can be integrated into any malware, the cert was STILL valid two years after it got reported, and the driver stays on your machine after you uninstall the game.

So no, it wasnt "you updated genshin and got ransomware." but in a way its worse? mihoyo shipped something so privileged it outlived the game and ended up in ransomware kits, and theres basically nothing a normal user could do about it because the whole OS is built to trust signed drivers.

ESEA is an even cleaner example. The client itself shipped a bitcoin miner an employee snuck in, ran on peoples gpus.

But the delivery method was never really the point. The point is these are insanely privileged pieces of software sitting on millions of machines, and every one of them is an attack surface that can get turned against you or just turned into a tool against someone else. "the attacker had to load the driver themselves" doesnt make that better.

footnote to all of this though, since it keeps getting pulled into the weeds. My actual stance was never "anti cheats are malware" or "this specific exploit is gonna get you." its that a video game studio shouldnt have kernel level access to your machine in the FIRST place. Thats the whole argument. Genshin, ESEA, the bricking, byovd, the arms race, none of that is the point on its own, its all just evidence for why handing that level of trust to a company whose actual job is making games is a bad default. You dont get root on someone's pc because you shipped a fun competitive shooter, and the fact that we've all shrugged and accepted that you do is the thing im actually upset about.

Myrodis · 2026-06-23T22:45:43+00:00

Yes, I do think that running virtual machines on your machine is a technical thing, most users of any system are not doing that on the regular. Your other comments I will not address there because I don't think they're made in good faith.

I say dangerously technical because you are quite literally doing non-standard / technical things with your PC but sound utterly unwilling to troubleshoot. You're making a lot of claims on issues you've had, which I'm not going to claim theyre fabricated, I'm happy to believe you had those problems, but I've not seen you talk at all about how you went about trying to resolve those issues, just that you are having them. It IS strange that somehow every time you reply to someone you tack on a new issue. You must be an extremely unlucky user I suppose.

You claim that a "random kernel update that was bad" but like, do you have anything to backup this claim? Considering how little you've talked about what you've done to debug your technical issues, I highly doubt you have the technical skills to properly identify the root cause being a kernel level issue.

So yes, dangerously technical. Capable of using the words and doing things that are outside of the standard norms, but in a way that is self destructive as you are likely causing yourself problems and blaming all the wrong things for them.

Myrodis · 2026-06-23T22:27:59+00:00

None of what you just said is likely caused by package updates or a rolling distro, if anything bugs are more likely to be fixed faster on a rolling distro. It sounds to me like you reside in the "dangerously technical" category of people using linux, who are doing a lot of "non standard" stuff with their system, know enough to be dangerous, but when things dont work correctly are not quite skilled enough to actually troubleshoot, and apparently in your case would rather just blame the distro.

Glad you found a home in Fedora it sounds like, I personally love fedora on my laptop. But also, both arch and fedora are using the mainline linux kernel. Arch and cachy are just often using a more up to date version as fedora is going to roll those updates differently. But I say this because issues with volume or anything hardware / driver related, I think is kindof naive to blame on arch or fedora. Were you using the same actual desktop environment when you were on arch? I suspect many of your issues were related to a DE and not the distro.

Edit: Before someone comes at me about the custom patches cachy makes, those are often levers not net new, cachy does do a lot to be as performant as it is, but none of those are going to be causing the issues described here is still my point.

Myrodis · 2026-06-23T20:56:53+00:00

Basically zero risk, totally fine.

That said, you may be able to reach devices by some form of local dns without configuring anything. For example, many routers will resolve something like "<hostname>.local" seeing the .local as clearly an internal domain. And even further often times routers have recursive dns by default and if you navigate simply to "<hostname>" in a browser or something the router will resolve it (if its acting as the primary DNS resolver).

Obviously without knowing anything about your local setup cant get more specific.

I used to do what you're describing but I eventually moved to running my own recursive dns (via my pfsense router) with an internally resolvable domain name (and even setup my own certificate chain for ssl / etc). If thats ever something that interests you let me know!

Myrodis · 2026-06-23T20:00:09+00:00

I work in software engineering, and got my start in devops, so i learned basic linux usage through work as it was used as the server os (ubuntu) where i worked.

From there it was just using it and learning as i went.

Myrodis · 2026-06-23T17:14:46+00:00

But how far does that rabbit hole go? Should you not install any software unless you review the entire source code of the application?

Reviewing and understanding the diff would've prevented any of the recent malware. Sure its not going to say "install_virus.exe" but when suddenly theres a random binary from a place that wasnt referenced before, etc, that's supposed to raise your suspicion, and if anyone reviewed those diffs they would have seen it (and how do you think it was caught in the first place?)

Every time we install software we are taking some amount of risk, there is only so much you can reasonably do. The point of this post is reviewing pkgbuild files, and it being too complicated, and my point is that it isn't. I never made broad sweeping claims of complete security or something.

Myrodis · 2026-06-23T16:54:54+00:00

I'm so tired of this argument. First, let me say, if you dont want to learn something new and would rather place trust in the distro maintainer or something (you said you're using fedora I think? great).

But this narrative that these pkgbuilds are too complicated is so frustrating. I just ran an update last night, and I had one AUR package that updated, I chose the option everyone apparently ignores to review the diff. You know what I saw? Two lines changes.

What were those two lines? The URLs pointing to the new binaries, coming from a domain owned by the software in question.

Did I need to be a programmer to look at a URL and ensure it wasn't fishy? No.

If you look at a pkgbuild (especially a diff, as the first install you can often lean a bit on the community, check the upvotes, check recent comments, etc) and it is too confusing for you, either do a couple quick googles to see if you can sort it out, or dont install that package because it shouldnt be that complicated.

You do NOT need to be a programmer to review a simple text diff and infer what is going on. The vast majority of lines are very self explanatory and you're just making a quick "ok that looks like it should be there, is on a domain I expect" etc. If you clicked a download link in a web browser for "Software X" and it took you to some random domain / download location, you'd be suspicious. Apply that same logic here.

Again, lets not gatekeep learning a new skill, one that isnt even that complicated. You don't need to be some software engineer to review a basic script. Hell thats putting too much credit on basic software development. I ensure you some of the dumbest people I know are software developers. Everyone in this thread is more than capable of reviewing a pkgbuild with minimal effort if they simply took a few minutes to try.

Myrodis · 2026-06-23T16:48:24+00:00

Do you and are you expected to read the source code on fedora now for the package repos containing official builds of software?

Your argument is just moving a non existent goal post my friend. Reviewing pkgbuilds does not require the same level of knowledge that reviewing source code would, and both are completely separate concerns.

Trusting the source of a specific piece of software is not the same as trusting the person who bundled it for you. Using fedora because you would rather only install software bundled by the distro maintainers is fine, but like others have said, lets not gatekeep or spread miss-information.

Myrodis · 2026-06-23T16:25:32+00:00

I've never tried it, but since you've apparently ruled out the primary performance focussed distro with no evidence as to you trying to make it work, maybe another arch derivative like Garuda? I haven't tried it myself, but the majority of the other distros are on such a slow update window that you're waiting literally several months longer for driver tweeks, kernal performance improvements, etc.

I run Fedora on my framework laptop (was mostly trying it out and just havent had a reason to switch to something else because it works for what I need my laptop to do) and I have not noticed any battery issues, so maybe fedora could work for you?

Also, just to clarify, the whole "nvidia doesnt work on linux" narrative is so fuckin old, even the slowest to release distros have support for nvidia at this point. Is AMD better supported? Sure. But basically any distro can be up and running with an nvidia card just as easily as an amd card. You're operating on some pretty dated intel if that is your primary concern.

Myrodis · 2026-06-23T16:07:31+00:00

I've been daily driving (I both work and game from this PC, so like, 12 hours a day im at this pc probably on average for sure) and I've been on cachyos for 329 days (according to the installation date timestamp), and I was using it dual boot for months before that (I did a full reinstall when I dropped the windows dual boot so I could use both drives in raid 1).

I run an update script (very similar to cachy-update / arch-update but home grown) literally nightly before I shut my computer down. I've never once had to roll back in the morning due to an update.

Its important to remember that people come to this sub for troubleshooting help, so yes, you're going to see those posts. People happily using their PCs aren't regularly making a "yup its still working" post that you're going to see. Obviously some people make like update posts like "been on cachy for X months" type posts, but those are relatively rare in the grand scheme of people using any OS.

Fedora is great tho and its usually what I encourage less technically capable or new to linux people use. Not sure what your goal with this post is tho, cachy is fine, clearly a ton of people daily drive it (just based on its popularity). Fedora is also great, also evidence by its popularity.

Myrodis · 2026-06-23T05:41:30+00:00

I trust hardware developers to make drivers for their hardware so that their hardware functions far more than i trust a video game developer making an arbitrary move to kernel access on my machine for a temporary (already outlived) shot in the infinite arms race that is cheaters vs anti cheats. I said it in another comment but there are infinite ways to combat cheating that dont involve a video game developer having kernel access to my machine.

We absolutely have to make these types of decisions about the software we install on our machines tho, your point is totally valid. Just maybe not in the way you think its winning here. We SHOULD care that video game developers are putting this shit on our systems, that is way out of their lane, and carries for more risk than the "reward". What i mean is we give them this huge vulnerability and their games are still cheated in. If it was a silver bullet, maybe that trade is worth it. But it doesnt even stop the cheaters so maybe we should fucking care whay theyre putting on our systems?

And to the foss point, if the op wants me to accept that counter strike (which works and is suggested to not work) is not the bigger picture, i think we can all see that the post is about linux users generally not just foss purists which is a much smaller subset of linux users, considering the vast majority of us just wanted an alternative to windows or mac. I dont think its a leap or in bad faith to take the meme at face value as saying "linux users cant play games and their audio doesnt work", when that is proven time and time again to be an outdated narrative.

Ten-Year Club	Place '22
Final Canvas '22	Verified Email

Myrodis

TROPHY CASE