I used a boox for maybe 7 or 8 months? I do not recommend them.

There is a native ebook reader. It is… real bad. And the book management is similarly really weak. Great for throwing a quick PDF on there, not so much for having a “library” as it were where you don’t necessarily want to have to remember which was book 3 of the series while you are on a plane. Not sure if the Calibre support got better to help with this (I know the Calibre devs recently made a huge effort to support non-Amazon devices) but when I used it it was all about you building your own folder structure.

But mostly it is designed around taking advantage of being an android tablet with an e-ink display. So just use the actual kindle app and so forth. Which, on paper (hee hee), is really cool. In practice, you rapidly realize that the kindle et al apps are designed with a fast refreshing display and most of the UX is built around holding a phone in your hands and not gripping a good sized tablet on its edges. LOTS of accidental page skips and font shenanigans.

Also, the android it runs is fairly out of date which is a pretty hefty security concern.

And there is a LOT of “mysterious” traffic going off to servers in China. How much that bothers you is… up to you.

Switched to a kobo and incredibly happy with that.

There are two layers to this (actually a lot more but)

What you are describing is mostly supply chain. It is the idea that the package manager’s inventory should be safe. And that is already a nigh impossible task simply because so many of the packages themselves can be compromised. It seems like every other year there is a story of bad actors infiltrating a project either as an attack or as a “research paper”. But the end result is you have core libraries that may be compromised.

But the other side is what impacted OP and will still be an issue even if said supply chain is somehow 100% vetted. People are inherently going to need things that aren’t in a package manager. Sometimes that is for nefarious reasons and sometimes it is just because the project they are interested in isn’t at the point where it is using a massive build farm to deploy everywhere. Maybe it involves running blind scripts as root (don’t fucking do that… even though we all do at some point) and sometimes it involves questionable code.

And THAT is a very much unsolved problem no matter what distro. Because, historically, you would run an anti-virus scan on that. How many people even know what solutions there are for linux? And how many have even a single nice thing to say about the ones that do?

And this for a $60 perpetual license program that i should buy anyway because it’s for work

Just to pile on: NEVER pirate stuff you use for work. Audits are a thing (especially if said software company gets suspicious for whatever reason) and you WILL be thrown under the bus at a moment’s notice and put on an industry wide shitlist because you are just too much of a liability after you get caught once.

Pirate for fun and hobbyist use. The moment you are getting paid, go legit.

For a (first) NAS, I generally discourage this.

Office liquidation desktops are great for home servers (if you aren’t paying for power). But they generally are very limited on storage. Limited bays to install hard drives and limited SATA ports. So you rapidly end up with drives just sitting on the bottom of the case and real jank pcie boards to extend your storage.

Which then becomes a HUGE issue when you have a drive failure. Because now you need to actually identify which drive is the failed one which involves reading off serial numbers and, depending on the setup/OS, making sure you get the order right when you plug them back in.

Whereas a 4-bay NAS generally has dedicated hardware and hot swap bays which make this trivial. You might never actually use the hot swap capability, but it makes checking which drive is the bad drive fairly trivial.

Also, a good 4 bay NAS is REAL easy to unplug and put in the trunk of your car during a disaster. Don’t ask me how I know.

I don’t have direct experience with them, but my understanding from youtubes is that the ugreen NASes are specifically designed for you to just ignore their OS and install your own (so truenas or proxmox).

Hardware tinkering is more limited but… there is very much a question of how much of that people actually do.

Raspberry pi: No. Or, at least, not without doing something to make sure you have a real storage backend and aren’t just running it off an SD card. The wear on SD cards is exaggerated and largely minimized if you use an OS that is configured to be aware of it but you are also increasingly relying on a ticking time bomb.

Mini PC/NUC? I am a huge fan of these and think they are what most people actually need for stuff like home assistant, adguard, etc. Just understand you are going to be storage limited sooner than you expect and you can oversubscribe that CPU and memory a lot faster than you would expect.

My general suggestion? Install proxmox on the mini PC and deploy on top of that. If/when you decide you want something more, migration is usually pretty easy.

And if you just want a NAS? It is really hard to go wrong with a 4 bay NAS from one of the reputable vendors (which may just be ugreen at this point?) as those tend to still come out cheaper than building it yourself and 4 disks means you can either play with fire with RAID5 or not be stupid and do RAID1.

Its cops. They just saw a black kid and figured they could plant a dime bag or a toy train after the fact.

Presumably most of those services on the same physical host are running in containers? So just add tailscale as a sidecar to that. Each container will be its own host as far as your tailnet is concerned and have its own internal IP. The official tailscale youtube has tutorials on that because it maps much better to a portainer based setup and more or less requires clients to have the tailnet running constantly (which, in my opinion, defeats the purpose of selfhosting but you do you).

Or do a mess with SRV records and… good luck with that

Wait… if you JUST want your domain to point to the tailscale IP and to only work when the client is on the tailnet, this is… super duper easy?

Just install tailscale. Go to your dashboard, and get the IP. And point your domain at that. No tunnels or reverse proxies needed.

This is one of the big problems with tailscale for home users. For people who only access a system remotely (e.g. a corporate VPN) it is amazing. For people who are both on and off network… yeah.

What I actually settled on was NOT using one of my domains and to instead just use the tailscale FQDNS in all situations. Mostly because I saw they added more human readable names so it is now like foo.happy-panda.ts.net instead of foo.tb12415161613616161616.ts.net

• Externally? I just activate the tailscale app and I can see foo.sad-hamster.ts.net with zero additional config. Which is good if I am using an app on my phone or helping someone I trust set up their own machine without needing to drive/fly out there with a laptop.
• Internally? I actually just added a simple DNS override locally (I use unbound via opnsense for this but you can also do it with a pihole if you really want to). So foo.sad-hamster.ts.net goes to foo.localdomain which goes to a 192.x IP seamlessly

End result is that I don’t need any special config in any devices or apps and everything just uses the tailscale FQDN regardless of whether it is a “client” connected to the tailscale itself. Which ALSO avoids issues where things stop working during an internet outage.

I’ve seen alternative setups that specify their own DNS server in their tailnet and… that is a lot of effort if you ask me. Also it seems to be the leading cause of “When I connect to my tailnet I can’t see the outside internet anymore”.

The big drawbacks to this are that it makes assigning actual certs rather messy since the same FQDN goes to multiple very different IPs… at least one of which being a potential security vulnerability since it is assigned by whoever controls the LAN you are on at any given moment. Not the end of the world and, truth be told, I am less likely to bother with proper certs for fully internal resources (unless I am getting paid to do it). So no NEW risk vectors.

The other is that you are kind of at the mercy of tailscale corp changing their business model entirely and suddenly having to deal with the fqdn that points to your plex server now actually being used for the latest dating app and everything catching on fire until you remember you did this. But that is a problem that is multiple years down the road…

Also, depending on what DNS/network shenanigans you do, this could cause other issues. But that is why you always test things yourself.

so you mean unauthorized apps wont be running on android?

That is indeed the plan and what is meant by “starts restricting FOSS apps” (which is an incorrect statement but whatever)

https://arstechnica.com/gadgets/2025/08/google-will-block-sideloading-of-unverified-android-apps-starting-next-year/

However, making that happen outside of its app store will require Google to take a page from Apple’s playbook and flex its muscle in a way many Android users and developers could find intrusive. Google plans to create a streamlined Android Developer Console, which devs will use if they plan to distribute apps outside of the Play Store. After verifying their identities, developers will have to register the package name and signing keys of their apps. Google won’t check the content or functionality of the apps, though.

(…)

Google says that only apps with verified identities will be installable on certified Android devices, which is virtually every Android-based device

What was argued was that people can basically just compile/download and deploy their own apps via development tools. Which is unfeasible for the vast majority of users for skill reasons but also, as I said, likely to be blocked by google themselves in the not too distant future.

I’ve seen differing reports on that one. One Q&A with a google rep that made it sound like android studio (? The IDE/toolkit) could still do whatever without a key but with a lot of vague reference to other modes and programs.

Which, to me, reeks of “Sooner than later, all devs will need a key”. Because if it were really that clean cut, they would be screaming it from the mountain top.

Is this manageable for the non-dev by chance?

Not really.

I’ve not been following things super closely, but the idea would be that each user would get their own developer key and then locally compile and deploy whatever apps they want as though it were a project they themselves were working on. The first bit is not too dissimilar from how a lot of people with XBOXes made dev accounts to install emulators. But the latter is going to get real messy and REAL compromised REAL fast as people just use third party tools and binaries that will inevitably be compromised.

I’m feeling a dumbphone alt may be the only viable path

It really depends on what your use case is. If you actually just talk to people on phones? Uhm… I am not even sure where you would find a dumb phone at this point, but that will probably work for voice calls and SMS using just your carrier and MAYBE wifi. But anything that involves apps, which is a shockingly large part of the world, will be a mess. Some you can (and should) do workarounds (banking apps, for example) but others you are kind of up a creek since your options are to use a modern phone or not be able to (for example) see your kid’s daycare schedule.

Yeah. There are a few useful websites I end up at that serve similar purposes.

My usual workflow is that I need to be able to work in an airgapped environment where it is a lot easier to get “my dotfiles” approved than to ask for utility packages like that. Especially since there will inevitably be some jackass who says “You don’t know how to work without google? What are we paying you for?” because they mostly do the same task every day of their life.

And I do find that writing the cheat sheet myself goes a long way towards me actually learning them so I don’t always need it. But I know that is very much how my brain works (I write probably hundreds of pages of notes a year… I look at maybe two pages a year).

One trick that one of my students taught me a decade or so ago is to actually make an alias to list the useful flags.

Yes, a lot of us think we are smart and set up aliases/functions and have a huge list of them that we never remember or, even worse, ONLY remember. What I noticed her doing was having something like goodman-rsync that would just echo out a list of the most useful flags and what they actually do.

So nine times out of 10 I just want rsync -azvh --progress ${SRC} ${DEST} but when I am doing something funky and am thinking “I vaguely recall how to do this”? dumbman rsync and I get a quick cheat sheet of what flags I have found REALLY useful in the past or even just explaining what azvh actually does without grepping past all the crap I don’t care about in the man page. And I just keep that in the repo of dotfiles I copy to machines I work on regularly.

I would generally argue that rsync is not a backup solution. But it is one of the best transfer/archiving solutions.

Yes, it is INCREDIBLY powerful and is often 90% of what people actually want/need. But to be an actual backup solution you still need infrastructure around that. Bare minimum is a crontab. But if you are actually backing something up (not just copying it to a local directory) then you need some logging/retry logic on top of that.

At which point you are building your own borg, as it were. Which, to be clear, is a great thing to do. But… backups are incredibly important and it is very much important to understand what a backup actually needs to be.

And that makes The Protomen releasing Act 3 today make even more sense.

And here I thought fuckface said absolutely nothing of worth.

I guess deeply stupid racist pedophile clocks are right once a year? For the wrongest of reasons.

This is nothing new. Christians have been treating this as a thought exercise for eighty ish years and evangelicals and Mormons have periodically decided it was brownie points for them to forgive hitler.

There was an article thirty or so years back that did a deep dive on orson scott card that argued the Ender Series was a thinly veiled example of this.

Homie? I want you to know that while I am going to be inflammatory, I am not insulting you. In a slightly sane world, that should be fine.

NEVER work with children. “Hey kids. You can go home or you can stay with me and a few others and learn how to use a computer!”. At best you are setting yourself up for some awkward phone calls when Little Jimmy gets caught looking at something his parents don’t approve of.

If you are a close family friend and the parents understand what you are going to be teaching their kid (and obviously want you to teach it), go for it. If you are just watching them while they eat orange slices? Don’t fucking go anywhere near that. Let the teachers who actually train in how to handle these situations do it.

And the other aspect: Kids (and most adults) are not rational or intelligent. They aren’t going to take “Hey, if Susie sends you nudes don’t put them on this server because it will get me sent to prison as a diddler” as education on why they should not fucking do that.

If you ever want to get scared straight as it were? Take a teacher out for drinks (and you better pay for them!). You’ll hear LOTS of horror stories and get even a glimpse into the kind of hell they have to put up with.

The show Black-ish (like a lot of Kenya Barris’s work) has a LOT of problems. But the number of times teacher friends have shared https://www.youtube.com/watch?v=6jqmj0ILwfM. And it is not at all exclusive to black people (or even men).