The question that I have to ask: what category of CLI apps (or even some examples) exist that are too complex to maintain a few versions simultaneously as native packages but are not complex enough to just use an OCI container for them instead?

The flatpak documentation has a semi-relevant page on setting up a flatpak repo utilizing gitlab pages and gitlab’s CI runners on a pipeline. Obviously, you’d need to substitute Gitlab Pages for a webserver of your choice and to port the CI logic over to Gitea Actions (ensuring your Gitea instance is setup for it).

A flatpak repo itself is little more than a web server with a related GPG key for checking the signatures of assembled packages. The docs recommend setting up the CI pipeline to run less on-commit to the package repos and more on the lines of checking for available updates on interval, though I imagine other scenarios in a fully-controlled environment such as a selfhosted one might offer some flexibility.

As I am teaching myself right now maintainable selfhost setups using popular apps (admittedly with Kubernetes vs something minimal in functionality like Docker Desktop), there is a lot of complexity involved in getting these services both functional and maintainable while also having to consider the security implications of various setups.

While I agree the concept of self-host is a good thing to advocate, I think the complexity and difficulty involved not just to do it, but to do it right is going to be a straight cliff of a learning curve for those not already technically inclined in databases, networking, and filesystems/block storage.

Honestly, taking the burden of being IT for a reasonable subscription cost for your efforts is a better way to go, especially if the setup allows for expanding your offerings to other members in a localized community.

Alongside many others, I agree that using QEMU through GUI frontends like virt-manager or GNOME Boxes, or even server-focused solutions like Cockpit+VM plugin or Proxmox layered on top of your installation.

I just want to note a decent point against other solutions like VirtualBox or the VMWare products that work on Linux: these solutions that don’t rely on QEMU almost certainly need the user to install out-of-tree kernel modules (that in some cases may also be proprietary). QEMU and its frontends don’t need out-of-tree modules in a majority of distros and can work out of the box with all features (given BIOS configuration of the host and hardware supports them).

I started dual booting Linux after an upgrade to an insider preview of Windows 10 soft-bricked my Windows 7 install. I later stopped booting into Windows and eventually reclaimed the partitions to extend whatever distro was installed at that point when the actual release of Windows 10 decided to attempt automatically upgrading my Windows 7 system, soft-bricking it a second time. 2016 onwards, I haven’t used Windows on my systems outside of occasionally booting LTSC in a VM.

Running the same memory constraints on a 1.18 vanilla instance, most of the stack memory allocation largely comes from ramping the render distance from 12 chunks to 32 chunks. The game only uses ~0.7 GiB memory non-heap at a sane render distance in vanilla whereas ~2.0 GiB at 32 chunks. I did forget the the render distance no longer caps out in vanilla at 16 chunks. Far render distances like 32 chunks will naturally balloon the stack memory size.

For clarification, this is Vanilla, a performance mod Fabric pack, a Fabric content modpack, Forge modpack, etc. that you are launching? If it’s the modpack that you describe needing 8gb of heap memory allocated, I wouldn’t be surprised the java stack memory taking ~2.7 GiB. If it’s plain vanilla, that memory usage does seem excessive.

Depending on version and if modded with content mods, you can easily expect Minecraft to utilize a significant portion memory more than what you give for its heap. Java processes have a statically / dynamically (with bounds) allocated heap from system memory as well as memory used in the stack of the process. Additionally Minecraft might show using more memory in some process monitors due to any external shared libraries being utilized by the application.

My recommendation: don’t allocate more memory to the game than you need to run it without noticeable stutters from garbage collection. If you are running modded Minecraft, one or more mods might be causing stack-related memory leaks (or just being large and complex enough to genuinely require large amounts of memory. We might be able to get a better picture if you shared your launch arguments, game version, total system memory, memory used by the game in the process monitor you are using (and modlist if applicable).

In general, it’s also a good idea to setup and enable ZRAM and disable Swap if in use.

The VRR problems are specifically related to either monitors not supporting Freesync over HDMI or the user running a monitor expecting HDMI VRR to work on HDMI 2.1 specs (>4k@60hz or equivalent bandwidth negotiation requirements). I would concur a small subset of users is correct for the use-cases where this becomes a problem.

Largely things look good. It might be a good idea looking for a motherboard that has Intel ethernet rather Realtek. I’m also a bit curious if the barebones VRM design on the board is adequate as well.

Generally, yes. It’s not nearly as bad as say 2015 but NVidia has a long standing history of being difficult to deal with, and users having to make constant compromises. For instance, NVidia hasn’t had properly working Wayland support on most environments until recently due to the awful flickering that many users experienced. Things like power saving, dual GPU handoff, general OpenGL performance, frame stability and tearing (X.Org), etc. have been either historical and/or current pain points for using NVidia GPUs vs AMD or Intel GPUs.

For many with unstable ISP connections, http downloads can get corrupted. Torrents are superior in this regard as the file gets split into blocks that each get checksummed for integrity after completion. This helps to ensure that the large iso is actually complete and won’t just be garbage on an attempted install. Even if you checksum the iso from http download, you have to pull the entire thing again if it is damaged whereas the torrent would just repull the damaged blocks automatically.

2-2-1 still insinuates having a remote backup. I don’t see how this particular threat destroys a 2-2-1 setup.

I’d imagine mpd with one of many frontends would work well enough. You’d just need to use a dummy music library directory with symlinks to your four music storages for mpd to pick up and catalog everything.

On my Fedora KDE install on 40, hibernate is now an available power option. The install has been in upgrade cycles since 35 at this point. I would imagine that barring different DEs showing different power options being a possibility, it is more on detecting hardware compatibility for functional hibernation.

If that is the case, the developer should have likely noted otherwise before closing the issue as the final piece of discussion. That is good to know that your experience hasn’t dropped the OS into base Windows 11. If as you say is true, the developer should also really spend some time cleaning up the README and clarify that base Tiny11 can actually be updated in-OS. I will still test in a VM later today to confirm that Tiny11 doesn’t actually erode or degrade on update for myself.

From the Github README:

Also, for the very first time, introducing tiny11 core builder! A more powerful script, designed for a quick and dirty development testbed. Just the bare minimun, none of the fluff. This script generates a significantly reduced Windows 11 image. However, it’s not suitable for regular use due to its lack of serviceability - you can’t add languages, updates, or features post-creation. tiny11 Core is not a full Windows 11 substitute but a rapid testing or development tool, potentially useful for VM environments.

It literally says that it cannot be updated from a built OS install. You need to reinstall tiny11 by rebuilding the install image with a newer Windows 11 base image. Obviously it would be best to do this every time there is a security patch release for Windows 11.

EDIT: Rereading further, the bigger Tiny11 image might be able to be updated in-OS. I’m going to dig through the ps1 scripts to see if the README holds up to that un-noted capability.

EDIT2: I don’t see any registry edits that knock Windows Updater offline. I’ll test it in a VM to see if things work (from prebuilt when it eventually downloads). Though I am unsure at this moment if such an image’s changes will survive a Windows update at all.

EDIT3: VM not tested yet, but an issue on the GitHub seems to corroborate my initial assumption.

EDIT4: VM tested. Things claimed to be patched out (Edge) came back with one of the cumulative updates applied shortly after install. Other cumulative updates are being blocked (error instantly on attempt to install after download) (perhaps unintentionally). Image downloaded claimed to be for 23H2, but Windows 11 22H2 was installed, seemingly with no way to actually upgrade. I think my point stands.

Do note that this system is liable to leave your computer vulnerable as it has no way to update itself from within the OS.

This image would be fine for booting short-term VMs as long as you periodically rebuild and reinstall it, but not ready for consumer use.

The A485 is actually such a terrible laptop. I would never reccomend such garbage to anyone considering mine almost never worked properly. I had in three years have six main board replacements for various hardware faults. Not a single of the boards has been free from severe hardware faults.

I have been utilizing BunkerWeb for some of my selfhost sites since it was bunkerized-nginx. It is indeed powerful and flexible, allowing multi-site proxying, hosting while allowing semi-flexible per-site security tweaks (some security options are forcibly global still, a limitation).

I use it on podman myself, and while it is generally great for having OWasp CRS, general traffic filtering targets and more built on top of nginx in a Docker container, the way Bunkerweb needs to be run hasn’t really remained stable between versions. Throughout several version upgrades, there have been be severe breaking changes that will require reading the setup documentation again to get the new version functional.