Dang I wish did more with the Mimic3 project. They have SSML support which just seems like an awesome way to address the mono voice issue in tts for books to me.

I do it with k3s right now on fedora. I like it personally.

Nice thing if you use k8s settings up persistent net storage with something like longhorn is an option too.

Harvester cluster my everything. I really want to play around with having my servers being stationary, a togo cluster (laptops, and UPS in a suit case), and PC all in the same cluster.

Right now they are all segmented rke2 clusters, but Harvester should make running vms way easier too.

Distrobox. Building weird projects is nicer when I can start from a fresh system each time.

Wireguard for network access, istio gateway for exposing services, and keycloak for SSO. I want to experiment with Teleport for more fine grained access to my services.

If I had more exposed services I would mess with crowdsec for some another firewall rule set and maybe even exposing it through a TOR service proxy.

Oh what? Dope.

Typically you have main and guest to isolate them You also have different networks for different bands because they use different radios (2.4GH and 5GH) with both having tradeoffs of range and speed. Some have triband as well so that you can isolate high performance devices because every device on a network increases latency slightly, and more so a radio only support one broadcast method at a time and will downgrade its self to the least common dominator for the devices connected to it.

For increased distribution you can use IPFS to host got repos as well (https://docs.ipfs.tech/how-to/host-git-repo/).

DRM will always be a difficult on untrusted devices. I think signal has some options to restrict it

Does send meet what you need?

I remember using it for the self expiring feature. It also is built to use e2e so the sever only handles encrypted data.
I am not sure on the others though.

I’m a leftest and “psychically DDOSing you” is so funny to me.

Foss from places with known APTs are more secure than non-foss too personally. It would be daytime robbery compared to an inside job to implement spyware. It’s been done and should be monitored for though.

Hey being pretty is a valuable thing! I’m a pretty function over form guy myself but a more beautiful thing makes me want to use it more.

Heck I open krita sometimes because its a pretty app, and play with just a little

I’m definitely a fan of Gitlab pages for simple webpages I just want on the Internet. It’s nice to have the code hosted anyways (gives me that off site back up safety so my stuff at home can go down if needed).

We used to use smart data to predict when to order new drives and on really bad looking days increase our redundancy. Nothing like getting a bad series of drives for PB of data to make you paranoid I guess.

I’m not sure honestly if we are agreeing or disagree lol

Nix for building OCI containers is great and Nixos seems like a great base system too. It seems like a natural step to take that and use it to define our a k8s system in the future as well.

I’m currently doing that with OpenTofu (Terraforms opensource successor) and Ansible but I feel like replacing those with nix may provide a real completeness to the codification of the OS.

Barring k8s though, at least until it’s gets so simply you might as well use it, podman is so far the go to way to run containers instead of Docker (for both of the reasons you mentioned!). That and flatpaks for GUI apps because of the portals system!

For sure! Most seem to be random git repo level of reviewed instead of being seriously tested and hardened. I really wish we had more of an source for reliable audits of containers, and flatpaks. Just someone trusted or collectively running trivy, clair, sonarqube, etc, posting the results publicly, and having tools like podman/K3s/etc have sane defaults for checkibg it against containers on pull.

Podman desktop! https://podman-desktop.io/

Both! Sandboxing from containers and configuration control from nix go well together!