That's not bad at all gonna have to check it out. I host my site on digital ocean it's on the smallest single core 1gb ram droplet. I run crowdsec and nginx and a couple other little things and it sits around 40% ram usage. Costs 6$ a month and I added 4 weeks worth of automatic weekly backups for $1.50 a month.

I can deal with $7.50 for a little static web server.

They do offer a free $200/60 day credit if you get in with one of the free Linux Foundation cloud classes which is plenty to play with.

I would second any Thinkpad that has USB C charging. That's what I'm looking to get next. Renewed ones are <$300

I remember when Ubuntu came out I was working in a PC repair shop. Not gonna give any opinion on this but the standard procedure for people wanting a fresh XP but didn't have a license key was "well it's $90 for a fresh install, or we can put a pirate pro corporate on it". I e-mailed canonical and they sent me a whole stack of Ubuntu CDs in nice branded sleeves. I kept it by the register and started offering that as an alternative to piracy for people that didn't have a license key and didn't wanna fork over the cash for one, Not many people chose that option, but I had a lot of good talks with people and plenty of people took a CD to try the live Ubuntu. I hope some of them ended up making the switch. I'm kinda disgruntled with conical these days but I'm an old greybeard who grew up in Slackware. I still recommend Ubuntu to beginners along with fedora.

https://gitlab.gnome.org/chergert/ptyxis

Ptyxis is my current go-to. It can detect available pods or toolboxes (maybe docker too haven't tested it) and you can open terminals directly into them. It also highlights ssh terms and root shells differently.

There are a huge number of built-in color schemes as well and I've had no trouble finding any configuration option I've found myself wanting to look for.

It's also available on flathub so it's easily installed in most distros.

I wasn't aware of the Github pages being free that's neat. It is fully static (running on nginx but generated with hugo) and I use freedns.afraid.org for the domains. Good to know thanks for the tip :)

I'm not sure where this software comes from, but you should try to get a merge to fix this to default. I'd give it a thumbs up after some testing for sure.

gofumpt and gofmt are the best. One of the reasons if I have a choice I'll code in go. I heard rumblings that rust was working towards having rustfmt be a standard crate.

No offense taken we all have different knowledge and background. I have a general understanding of podman, but now I'm going to go play with it a bit at some point and get more familiar with it.

Docker is Apache 2.0 licensed. It is open source. Or at least all of the important parts. I'm not sure about docker desktop. It's partly that I just have a lot of experience with docker, and partly just that it's what is supported in most projects' documentation. The fact that a lot of the Linux foundation training uses docker is another reason I've got more experience with it.

As far as what you are talking about people have been trying for years. The Pirate Bay wanted to develop a new method of being entirely decentralized. Odysee is working on something like blockchain/torrents combined that is very interesting. We have I2P and TOR which have some of the features you mention. I'd love to see it happen where the big companies didn't control things.

There is progress though. https://letsencrypt.org/ is non-profit, and there are a variety of open source projects using this to automate TLS certificate signing.

Check out https://www.sigstore.dev/how-it-works and pay special attention to Fulcio and Rekor. It's not for web certs, but it's still a very interesting take on a certificate authority.

There's no technical reason what you are saying couldn't work. It just comes down to how do you trust it, and if you can't at all, it doesn't do much good anyway. That's the problem to be solved. You could compromise somewhere in the middle but then you have to work out what is acceptable. I suppose the level of trust could be configurable, with different nodes earning a different level of trust, and you could configure your accepted levels for DNS or CA. It's an interesting idea.

I dual booted a few times back in the days of winxp and win7. Never had a good experience somehow windows or a grub update always messed up things. Haven't ran windows in years but when I have to it goes on a separate drive now.

I second this. I run fedora on my desktop and debian on the server. Docker works great on debian as well.

Hugo is a static website generator used frequently for blogs. hugo bear blog is just one of the themes for it I happened to like so I used it. It does build reactive sites so that they look good on a phone or a pc.

VIM for the win. I really enjoy the built in file browser accessed by the command :explore

I also code in go frequently and go-fmt and go-lint etc work flawlessly. You can use whatever LSP you want so you get your code tips and autosuggestion etc.

The tabs and split window functions are nice too. Plus if you learn Vi well it's on almost every system in existence. Nano not so much

My site is on a rented server at digital ocean. Some providers do more or less to protect you themselves though. I don't think digital ocean does much monitoring or protecting, I've had servers on there compromised in the past that would have been caught by my current setup. It can't hurt in any case.

I also run crowdsec on my home setup but I don't have any open ports at home and never get alerts. I had suricata running and plugged into crowdsec as well so it would handle blocking for both, but suricata never got to get any action with crowdsec blocking malicious activity, so I disabled it to save resources.

I know I know. If you wanna install certbot another way feel free. Share it with me I'm sure it'll take up less space. I only did it that way because it's the certbot official©®™ instructions. That and I had issues with the other method I tried.

I'd suggest one of the fedora atomic installs, maybe even get a couple renewed Thinkpads all set up, one with kde and one with gnome and let them play with them for a few days. I was the only engineer in my company that ran Linux and the bosses only concession was that I carry a windows PC too when he was onsite with me so he'd understand what I was doing, but he provided a nice one for me so I never complained.

They aren't exactly CLI but I really like obsidian for taking notes. It's not open source though. Logseq is good too and is OSS. Both use markdown for formatting so if you are familiar with writing pages on GitHub you'll have no trouble. Even if not markdown is super easy to learn. That and all of your data stays local and in open formats. I edit my stuff in a terminal anyway.

Just look up obsidian OSINT on YouTube you'll find some good stuff on how to use it.

Another thought is just use markdown files and a directory structure in a private git repo. You'd be able to interact with it locally entirely in the terminal with vim etc and have the option of going online and searching or organizing etc. You could probably even use a cli browser for that part if you wanted.

Awesome it is good to see the bearblog getting some love. Just to keep it short mostly. I was debating adding another article continuing this one using nginx for that part. I could add a section to this one though. Or would you use something other than nginx, I'm open to suggestions. I checked yours out, it's a bit snappier than mine :) . What are you running?

Nice. I might have to clone that setup for fun. What do you use for CI? I've got jenkins running but I've been wanting to play with gitlab CI/CD too.

I do a lot of my dev work in docker containers, simply so I'm in a clean environment. Doesn't hurt in ease of backup either. No particular reason not to use docker, I also wanted to keep it kind of brief and simple. The guide I originally read that inspired me had a lot of things that were very outdated, and as I worked through getting it working on debian 12 I generally stuck with the source providers instructions when things weren't already packaged for dpkg, or alternatives were more complex.

I am currently mulling around doing extensions on this guide and adding links at the bottom, or just extending this one a bit. Also just thinking about writing a guide for other stuff too. I've been helping people on discord and irc a bit recently and some of what I know might be useful to someone.

I don't know everything by any means far from it, but I've been around since my first beOS and slackware installs a long time ago and I've picked up a lot. I worked developing and deploying pfsense images for a company years ago and have just had a lot of random experience in linux and bsds over the years.

I've got plenty of experience with docker and I've heard of traefik but never used it. Thanks, I'm gonna look into it.

Thanks for the tip I'll definitely take a look! That's not bad at all and I prefer yearly payments.

Np. Trying to find the exact page but I just checked the last logs in journalctl after each crash to determine that's what it was. If you search Wayland + kwin + Intel GPU crash you get lots of hits. It can be fixed but now that I know it's very specific to my setup and already fixed in future versions I'm not so worried.

Awesome thanks!

I could have swore I tried it. facepalm I'll check that out then I might edit that part.

Mine is a 2020 with 32gb storage and 3gb ram but same ballpark. I just replaced my PC earlier this year but the Chromebook is next. I'm looking at renewed HP elitebooks or renewed ThinkPads, but I'm not sure either come in a size OP would want.

Came to second this. I have an old hp Chromebook that is indestructible, has insane battery life, and still has a few years of updates left. The built in Linux terminal is fine and just about anything you can get through apt-get, dpkg, or otherwise works fine as well (if there is an arm version), it'll even add menu entries for GUI apps.

I do light reading or dev work on it, and use the built in terminal to keep track of and ssh into my remote boxes. I take it on the road to take notes or hop on a wifi.

When I first got it the interface was kinda crap for a laptop, but through the updates (dark mode, new menu, etc) it's actually just fine now.

It's slow, low ram and only usable for a few tabs at a time, but for what I use it for it does fine, and it was cheap enough I won't cry if it dies.

Hey thanks I'm sure they will be!

Hah did not know about that thanks!

I knew that worked for a lot of stuff. That used to be what I'd try first but I honestly just use a venv for pretty much anything that uses pip nowadays. Still helpful to know there is a package though thanks! I intend to test it out.

Thanks :) Exactly. I do a lot of development and testing in an alpine linux container, simply because it has much newer versions of libraries and musl c. If I can get it to compile there, and on debian, I'm in good shape as far as compatibility goes. I used to really enjoy Arch and the rolling updates when I was younger, but I've gotten to where I don't want to mess with things constantly changing.

I use python venv for nearly everything I do python, and the way go is setup does make it extremely easy since it uses a per user environment anyway.

I had no idea it was standard. I had heard they had issues with it not being able to handle certain constructs so they were working on getting it to a place it would perform better. Has this changed? I'm not a rust person, but I intend to be. I've barely made it 1/4th way into the book (just started in the past month and I've been busy), but I have a good background in programming and so far it's been super easy. I'm really enjoying how specific the compiler is, and the binary sizes vs Go.

I have a similar issue specific to my Intel graphics, debian 12, and kde. It's fixed in the newer kernel in debian Trixie. In my case I was able to set up a keybind to ctrl-alt-backspace which kills the graphics server. I have to catch it quick or it'll lock up completely, but it's something to try. I'm on 15 days uptime now I've probably had to do that about 5 times.

My site is also statically generated from templates I keep in a private git repo hosted on github I keep local backups of, but I do the generating directly on the server. I just pull the site and generate it manually whenever I do an update. I like the sound of your setup better thanks for the pointers!

Oh gotcha. It was late when I replied :p. You absolutely get security with a layer of separation from hosting remotely. I monitor my home network and have a similar setup but I don't host anything from here. I never get attacked or probed at all compared to my remote server. Just having those open ports makes you a target. Once a few scanners pick up on you hosting content you will absolutely start getting attacked. Another benefit is you don't have to have any passwords on your remote host, just an ssh key. They can bruteforce all they want, good luck without a zero day. You also keep your personal IP address out of peoples scope by not hosting from the local network.

I used to run much heavier protection on my home network, but after keeping an eye on all the logs and alerts for a while I realized I was just wasting ram and storage space mostly. Sane firewall settings is enough for a typical home, and something like crowdsec is probably overkill.

Now if you are hosting stuff it's a different story. I would actually harden my local network MORE than I did the remote one due to much more of my personal stuff being on my local network. My remote host being compromised would be a mild hassle at most, It does self backups once a week, and I have my entire site in a private git repo I sync to. It would take a few minutes to throw up another server, if my home stuff got compromised a lot more damage could be done.

Excellent thank you! I'll check this out.

Awesome I'll look into it for sure!

😱 I had no idea. I just went and read through that wow. I hope they don't sell to someone scummy.

Thanks that's good to learn!

Just came here to say you could always look for alternative projects that have this built in as well. I'm not sure what logs you as looking at, but it might be best to contribute or request this feature directly for the software.

For example I use crowdsec and they have a button on the logs pages that will anonymize the entire page and is great for taking screenshots.

I agree with another poster that getting something to work with a number of different logs would be a huge undertaking and unrealistic for most solo devs. I do think asking whatever project could be a start. I'd love if journalctl and syslogd etc had a flag to anonymize the log output.

Personally often times I just open the screenshot in gimp and pixelate out the areas I want hidden, but that's not an automated solution.