Like dgdft said, if you’re using certbot, it should typically be running on the machine that your endpoints are hosted on. Enterprise solutions don’t require this, but they have other means of deploying certificates automatically and alarming if they are unable to, before they expire. My organization has dashboards showing which certs expire and when, and it triggers alarms at least a month before anything goes wrong.

High stakes automation should always have alarms on error, and since certs have set expiration dates baked into them, you can alarm far before anything goes wrong. Apparently, Riot didn’t have that.

Also, more frequent renewals make it so that people are less likely to forget it exists. Because of that, along with the possible security ramifications, 2 to 10 year certs should never be used, in my opinion. A 10 year cert will always get kicked on to the next team and it’s very possible for things to fall through the cracks.

What makes you think I don’t do this on embedded devices? I’m not about to dox my self with specifics, but I do this exclusively for embedded hardware as my job. We even do it for devices not directly attached to our network. It’s really not difficult so long as you have control of your enterprise hardware (which, you should, unless your management is terrible at their jobs). Hell, even the routers we use have this functionality built in, failure alarms and all.

If this is a problem for you, it’s probably at an organizational level, and not a technical issue.

I work in DevOps, this is one of the easier things to automate. It’s common for certs to be issued on a 90 day basis these days, no way that would be maintainable without automating.

They obviously don’t or they wouldn’t exist.

Got it, so in your case, if it applies to your argument, it’s possible and works “every time ever”, and if it goes against your argument, it doesn’t exist and no one is boycotting.

You are not arguing in good faith, and only want to be right in this instance.

I’m sure you’ve never bought a display, GPU, or computer with HDMI, and I’m sure you’ve advocated for your friends and family to stop buying anything with HDMI certification. Right?

How does a subscription compare to TV purchases? How does that one instance of politically driven consumer action equate to “every time ever”? Have you heard of Nestlé? People have boycott them forever and they still exist. Why?

…extremely well? Can you provide an example of the contrary?

Can you provide evidence of it working extremely well?

My bank apps work on Graphene with the exploit protection compatibility mode enabled, even the ones that require Play Integreity API.

It should be noted that while you can do this, it can increase your attack surface, defeating a lot of the point of Graphene. Before I started using Graphene, I was a huge fan of rooting and getting full control of my device, so I definitely understand the appeal. But I don’t think I would root Graphene myself, automated or otherwise.

The AI we’ve had for over 20 years is not an LLM. LLMs are a different beast. This is why I hate the “AI” generalization. Yes, there are useful AI tools. But that doesn’t mean that LLMs are automatically always useful. And right now, I’m less concerned about the obvious hallucination that LLMs constantly do, and more concerned about the hype cycle that is causing a bubble. This bubble will wipe out savings, retirement, and make people starve. That’s not to mention the people currently, right now, being glazed up by these LLMs and falling to a sort of psychosis.

The execs causing this bubble say a lot of things similar to you (with a lot more insanity, of course). They generalize and lump all of the different, actually very useful tools (such as models used in cancer research) together with LLMs. This is what allows them to equate the very useful, well studied and tested models to LLMs. Basically, because some models and tools have had actual impact, that must mean LLMs are also just as useful, and we should definitely be melting the planet to feed more copyrighted, stolen data into them at any cost.

That usefulness is yet to be proven in any substantial way. Sure, I’ll take that they can be situationally useful for things like making new functions in existing code. They can be moderately useful for helping to get ideas for projects. But they are not useful for finding facts or the truth, and unfortunately, that is what the average person uses it for. They also are no where near able to replace software devs, engineers, accountants, etc, primarily because of how they are built to hallucinate a result that looks statistically correct.

LLMs also will not become AGI, they are not capable of that in any sort of capacity. I know you’re not claiming otherwise, but the execs that say similar things to your last paragraph are claiming that. I want to point out who you’re helping by saying what you’re saying.

Hmm, strange that the config file didn’t work - that’s actually how I do it (but with Mullvad and wireguard). No installation necessary if you can figure out why it’s not working.

Totally fair - you gotta find and use what works for you!

Yeah, I’ll only buy it on a deep discount, and after they change it to be actual Civ.

Ah, yeah, if your VPN only provides a run script you may need to try it in distrobox and see if it works there. It’s probably trying to put libraries in immutable portions of the install. Good work figuring Linux out, I know it can be a bit daunting at first but you’ll get the hang of it!

Oh my god, finally. This is how it should have been released in the first place.

That’s what immutable means in this case. You can’t modify outside of your user directory, at least not directly, on immutable distros. The files outside of your ~ home path are read-only. You can override that a few different ways, however. If your VPN has a flatpak, that’s the easiest way to get it up and running. If you don’t care about more space (minimal, if you only do it for your VPN) being used, you may be able to follow your VPN’s fedora instructions, replacing dnf with rpm-ostree. That will likely allow you to install as you can in other distros.

Feel free to ask any questions if you have any, I’m happy to help.

For real, full AMD on Fedora is incredibly stable and smooth.

You keep saying this, but then do not elaborate very much. A lot of your comments in this thread have been something about Bazzite being bad/complicated/slow. Bazzite is not necessarily more complicated, it’s actually a lot less complicated in most ways and is difficult to break by design, as are other immutable distros. This is precisely why it is pushed to new Linux users. It’s a good starting point to have something that just works and not have to worry about much. I think a lot of long time Linux users are used to having full control over every piece of the OS, and have (like yourself) come to expect all distros to work that way. That’s fine and I totally understand that, but you should also consider that those who have not built the same habits from non-immutable might prefer a more hands off approach. I’ve used Linux for almost two decades, and I daily drive immutable because it’s so stable. I’m able to scratch the itch of wanting to mess with stuff by using distrobox, and if I’m really messing around, just using rpm-ostree. Sure, it’s different than normal distros, and it’s not for everyone, but it got my partner to use Linux on their own without any issues.

It’s okay to suggest other options for sure, but don’t get snarky when people are suggesting what works for them. The main benefit of Linux is that you have a choice in the first place, and you aren’t going to be stuck with whatever distro you’re using if they decide to do something catastrophic.

There is no such thing as a one-fits-all distro.

I’ve never had an issue with any community tools on an immutable distro. Especially distros that have distrobox, but for the most part, the community tools I’ve needed use lutris or flatpak and do not require compilation. Do you have an example of some of the tools you’re talking about? I’m not necessarily doubting you, I just haven’t encountered it before. You can also still install things (at the cost of image space) with rpm-ostree.

Did you set up secure boot during setup of Bazzite, out of curiosity? It has the ability to function with it and should prompt you if I remember correctly.

Cachy won’t necessarily be a magic bullet for Nvidia drivers, especially for older GPUs.

It’s a good option though, I just wanted to set expectations.

People suggest Bazzite because it just works and is difficult to break or otherwise have things to wrong. I’m not sure what you mean by “struggles to keep up”, can you explain?

Also, you know about rpm-ostree and distrobox, right?

They think line won’t go up if they don’t shove it down every user’s throat. They’ve put most of their eggs in that basket.

That’s the thing, though, EAC can run on Linux if the devs allow it. There are games that use EAC that run just fine on Linux.

I used to be huge into Battlefield. Even on Linux, I played the shit out of BF4. But I will never be sad about avoiding kernel level anticheat. I don’t even feel like I’m missing out, quite the opposite really, especially after Saudi Arabia bought out EA. Why would I ever want kernel level anything from them? They’d have to pay me.

I guess that’s all to say that I just don’t play those games, and I’m better off for it. I think we should be educating other gamers on what they’re sacrificing to play these games for little reduction in cheaters (BF6 has them, I’ve seen videos of it). Is it really worth it to have a Saudi rootkit on your computer to play that game? Are they willing to sacrifice their security, privacy, and digital freedoms so they can play a game for a couple of hours a day or week? If so, that’s fine, but games that use kernel level anticheat tend to try to mask the risks of running them, which is fucked.

I pray that my Pixel 9 is my last Pixel.

That’s insane, I have never heard of such a thing, but I’m in the US where most banks don’t even have non-sms second factor.

The optical sensors are blinding in the dark and unreliable in my experience (I had a Pixel 7 non-pro). Also I do think you can get Verizon to unlock it for you, could be wrong though.

Graphene devs said that they’re working on it and have made progress. Just that it’ll take longer than previous phones. I wouldn’t fearmonger about Pixel 9s being the last yet.

I mean, that’s fair, but I use it for the two factor feature in Graphene.

Unfortunately none of them have easily replaceable batteries. I wouldn’t get anything below the 9 due to the terrible, terrible optical fingerprint sensors on the others. The 9 and up use proper ultrasonic fingerprint sensors.

It definitely didn’t help that I bought a Pro B50 which shipped yesterday. My bad, everyone.

You can use Graphene’s web installer in a chromium based browser, even from another Android phone if you have one. So they don’t necessarily require a full blown PC. You can even do it from your steamdeck, if you were so inclined.

Nah, I didn’t even bother. I only play 5 & 6.

I really dislike the name “Nothing”.

I can’t put my finger on it, but I don’t trust System76 anymore. It could be because of their development halt of Pop while they worked on Cosmic leaving a bad taste in my mouth, but nonetheless, I don’t think I’d buy hardware from them, especially at this price.

The tests that outperformed were in docked (not handheld) mode anyway, which means comparing this to the Deck is not really valid. Compare it to a gaming PC or console instead.

BS. There are plenty of community hosted servers of games that operate with no issues. This has corp written all over it.

Yeah. In my case, I’m mainly only doing this for irreplaceable data, such as documents and photos.

Not disagreeing with you

the Playstation 2 launched at $299 USD.

Not disagreeing with you, but with inflation that’s about $558 as of this comment.