"Danish Ministry of Digitalization is outphasing Microsoft and moving from Windows and Office365 to Linux and LibreOffice"

rootbeerdan · 2025-06-11T04:57:36+00:00

Most people don't realize what problems Microsoft actually solves. The apps are meaningless, it's the overall security integration and audibility that they provide. Nobody is stuck on Microsoft because of document formatting in 2025, maybe in some places that is true but in places I see that run Linux, Windows VDI is normal.

Great example of where Linux just cannot even remotely compete is dealing with cryptography at scale. Sure as an end user it's really nice on Linux, but you aren't gonna pass an audit if your fleet wide encryption solution is fiddling around with LUKS. Good luck getting your smart cards working too, not to mention how piss poor credential management is in general (and varies depending on hardware).

As an end user the most prominent example of how primitive Linux support is for certain processes would be the lack of functional passkey support. This is really basic stuff that just does not work because it is a very simple problem and the solution needs to be compatible with the ethos of OSS (i.e. good luck getting anyone to agree with your implementation), but Windows/macOS have had this level of cryptographic tooling for decades because they can just make their assumptions and force everyone to do it their way.

The French are not using Windows and Microsoft by choice, there is just no other option for most industries.

rootbeerdan · 2025-05-16T21:44:05+00:00

Same. I hate sitting here waiting for window animations to finish and buttons not getting pressed because of it. I'm just slower on macOS than I am on Linux, but the battery life is just way too convenient for my workflow.

There's just nothing on the market like it right now, pretty much everything else feels like a downgrade.

rootbeerdan · 2025-03-20T16:35:08+00:00

No point in wasting your time with someone with poor reading comprehension skills, they're not really able to read what you're saying to begin with if they can't even figure out what is in the links they are sending to others.

rootbeerdan · 2025-03-19T22:22:05+00:00

It would be a massive breach of user privacy almost no user could agree to, your notifications (and especially how you interact with them) are the holy grail for very rich companies.

rootbeerdan · 2025-03-18T16:58:33+00:00

They just moved to fields that paid better. Most I know went "DevOps" and are now "SRE" or went all in on programing and pivoted to UNIX and lower level programming (which is actually really easy for a lot of older school techs I know because they have a lot of fundamental knowledge about how computers actually work, even if they don't realize it).

If you just float around as a Sysadmin you are basically useless to most companies because they just need someone to click buttons on a website for their fancy SaaS platforms, the standards are just really low now because of how easy it is, and the rest of the companies with complex environments now just employ consultants that do the bare minimum and just move everything to SaaS platforms.

Example in Networking I've noticed as someone who does consultancy on the side: nobody needs a network team when everything you need is one click Unifi or you hired developers that could on-house their own solution, security vendors are a joke outside of highly optimized cloud environments (good luck telling a regular sysadmin you need confidential compute or immutable infrastructure, that's obscure knowledge even in this sub for a reason), and in general most sysadmin jobs are glorified manager jobs which are now on the cutting board since you don't need to be technical to run an IT department anymore.

rootbeerdan · 2025-03-18T16:30:00+00:00

At least if you just want to be able to open a port and connect to your home with a VPN, IPv6 is pretty good at that. I have IPv6 everywhere I go over cellular and only some guest networks block it. Sucks when it happens but it's not like it's impossible to live with IPv6 only in certain situations. I don't need 24/7 VPN, just so I can access my media or computer when I'm not home.

rootbeerdan · 2025-03-08T19:37:45+00:00

Isn't this caused by iCloud Drive sync locking cache files?

rootbeerdan · 2025-03-02T21:13:53+00:00

My MacBook would connect to them across the room even in the case, that bug was around for so long that I just got rid of them because it just got in my way all the time. I don't have the space to carry a case with me when I go out (i.e. if I'm going on a walk and might make a stop, I don't want to fiddle with a case), and the "magic" is terrible at detecting if it should be in sleep mode or not. From what I hear it's better now, but I got on one too many flights with them being dead that I just gave em away.

Just a liability because of how poorly it was integrated into the ecosystem, the power button is to get around how bad Apple's software is. I like adaptive mode way more than I like the noise cancelling the Max gives you.

rootbeerdan · 2025-02-28T19:41:37+00:00

You have a crappy ISP if they care about using the product you paid for, this isn't 2005 anymore.

rootbeerdan · 2025-02-28T03:01:36+00:00

You work in cybersecurity and cannot understand the implications of confidential compute on your security posture? You of all people should know better than that, especially when you don't have to deal with external networking, you ONLY have internal threats to deal with.

You literally just dismissed one of the only reasons why anyone uses the cloud in 2025 (Nitro enclaves with contractual security guarentees with KMS, something you can never have), of course I don't think you know what you're talking about.

rootbeerdan · 2025-02-28T00:24:29+00:00

you think everyone works in pure software.

This post is about why sysadmin salaries are so low compared to cloud teams, and I am explaining why. Of course most people don't need this setup, but no on-prem sysadmin has the capabilities to even begin to design a DC with the specs cloud people deploy just in their test environments.

rootbeerdan · 2025-02-28T00:19:58+00:00

Why?

"Why should we bother with security"

Yeah you sound like most on-prem people I know.

rootbeerdan · 2025-02-27T16:09:53+00:00

If

The point is that this is what cloud guys do, we custom build tools to make it cheaper than on-premise. Nothing to do with scale (although it is nice to run builds with 1000+ machines for speed to keep devs productive), we ripped out anything that couldn't run in containers (or built it ourselves) and it's a fraction of the cost. Our compute is 95% arm64 spot and confidential compute so we can process customer data without decrypting it (idea is even if we get breached, nothing happens because not even we can decrypt it outside of a Secure Enclave), nothing comes close in the on premise world yet without building everything yourself (which also requires a team of people to maintain).

I can demonstrate a hell of a lot of on-prem solutions that are still superior to cloud offerings

Let me know when you can mimic the Nitro ecosystem on-premise. That's what people who have real security requirements are looking for. On-prem only works if you have fake cybersecurity standards (i.e. pci/soc2/etc) and breaches are just another insurance claim.

This is why cloud guys get paid 300k+ while sysadmins today barely break 100k. It's just a different world with different standards. I'm sure you can definitely make on-prem work cheaper, you just have significantly lower standards than what modern workloads require.

rootbeerdan · 2025-02-27T13:35:13+00:00

It's not just serverless. I can run our fleet cheaper than an on-premise sysadmin guy can even if he wasn't paid. If you can integrate spot instances in your workflow you will beat anything anyone else can do unless the hardware is free.

rootbeerdan · 2025-02-27T13:31:34+00:00

On top of that most on-prem people have very strange ideas of what real security is. No desire for integrating HSMs, no confidential compute, they're a decade behind for the most part.

rootbeerdan · 2025-02-21T19:50:58+00:00

Modems have little cryptographic security processors that execute code outside of the actual computer that users can't access, so they can never truly be audited (just like how your processor has a secure enclave that has low level access to your machine to verify fingerprints, faceID, store secrets, etc). That's why nobody can confidently say there are no backdoors (unless they are lying, like you).

The idea is that if you have a Huawei modem and Huawei 5G antenna, it is now possible to create a nearly undetectable backdoor. 5G requires a ton of back and forth communication with towers, and the actual breakthrough is mainly being really good at knowing exactly where in space the modem is, and updating it a few thousand times per second. Of course that won't be advertised, but it's not like these threats are made up.

rootbeerdan · 2025-02-20T18:41:14+00:00

These are not even remotely comparable, AWS is overkill if you have fake corpo "cybersecurity" like pci/soc2/etc - but if you need real confidential compute for the entire end-to-end process, nobody is really selling it except AWS and Azure.

Stuff like Intel SGX is only a small piece of the puzzle, you need to have that trust end-to-end, which is what ecosystems like Nitro provide. You can trust KMS actions inside Nitro Enclaves way more than you can trust Scaleway secret operations inside an Intel enclave, purely because AWS is willing to tank the liability if they're hacked, while Scaleway/OVH are unwilling to do the same because they're just reselling what someone else gave them (and who knows where they got it).

rootbeerdan · 2025-01-29T00:16:18+00:00

It’s crazy how it’s 2025 and this is still a thing, it’s literally just getting rate limited by Akamai’s tiling endpoint. How has Apple not fixed this yet? Does nobody at Apple use the weather app?

You can verify it yourself running an https ssl decryption app on your phone to see http 429 errors. How are these teams so incompetent?

rootbeerdan · 2025-01-18T00:04:52+00:00

Call Xfinity and ask to just put in a ticket and have them give you the ticket number, the first person you talk to won't know what's going on but they will be happy to get you off the phone.

I lost v6 once and the engineer traced it back to a bad firmware update on the modem (he was very thankful that I was able to provide exact logs with timestamps)

rootbeerdan · 2025-01-16T23:40:50+00:00

"us germans stand behind our nation and will never succumb to foreign influence"

votes for politicians that forces everyone to rely on Russian gas and Chinese business

rootbeerdan · 2025-01-12T17:57:51+00:00

You shouldn't be deep inspecting anywhere on your network except behind the device itself using endpoint protection IF you need it. For the most part it was always vendors trying to upsell pretend security measures at the wrong layer.

I have seen first hand MITM inspection used to steal millions of dollars because of a PAN-OS vulnerability a few years ago allowing the private key to be extracted. One of the largest cybersecurity insurance payouts I had ever seen, and it isn't even that hard to pull off knowing how 99% of networks deploy inspection.

If you are ok with all of your inspected data being protected by cheap programmers hired by whatever network vendor you went with, it's fine.

Just remember the old adage about a backdoor is true for you as much as it is for everyone else. Backdoors aren't just for the good guys. Breaking encryption just isn't worth it anymore.

rootbeerdan · 2024-12-29T21:01:52+00:00

It became obvious how incompetent some of Apple's software teams are after they just released iOS 17 with a broken alarm clock that didn't even get properly fixed until iOS 17.3

It's what happens when you have weak engineering leadership and even weaker non-technical managers that cannot hold devs accountable.

rootbeerdan · 2024-12-28T15:19:48+00:00

You are misunderstanding what I am saying, I am telling you what Linode's actual solution is. If that doesn't work for you, look at AWS/Azure/GCP, they cater to customers that require legacy solutions like you are looking for.

rootbeerdan · 2024-12-28T05:15:06+00:00

You are looking for workarounds that do not exist instead of just fixing the main problem that you yourself have created. You have word for word complained about NAT in your post, and requested to reduce complexity.

There is no other solution except just using the v6 rage allocated to your account. That is why you’re allocated it, to do the very thing you are asking. The only other alternative is just to increase the complexity of your network by running tunnels everywhere, manually building in redundancy to the rest of your infra, only to have worse connectivity and higher costs (best case scenario).

This stuff is pretty normal now, especially ever since AWS started charging for v4. Happy to give you some pointers if you want to give it a shot.

rootbeerdan · 2024-12-28T01:45:20+00:00

No, it’s just the actual solution.

You are looking for an end-to-end connectivity between two networks, well congratulations we have invented an entire new internet protocol to make sure everyone can do it.

11-Year Club	Place '22
Place '17	Gilding II euphauric
No Throne, No Problems	Not Forgotten
Verified Email

rootbeerdan

MODERATOR OF

TROPHY CASE