I use Kopia to perform incremental encrypted backups (with some retention policy of up to two years) and store them on Backblaze B2, which is reasonably cheap.

The 3D stuff around games is actually the smaller problem. It’s performance critical but it’s basically “just” one API (bundle) to implement that then covers a big chunk of the game’s implementation.

Productivity software usually consists of a shit ton of other stuff. They would probably render fine, but then they ship with a weird ass licensing management system that will deny to work. Or parts of or even a whole app use .NET and suddenly you have the complexity of all the WinAPI calls hidden behind .NET Framework. Maybe the app does a few lowlevel WinAPI calls themselves on top, that Wine didn’t need to implement so far. Or the app you want to run is only distributed via Windows Store as UWP; the necessary APIs also haven’t been implemented yet.

Wine is awesome, but it’s not fully covering all the shit Window’s APIs offer.

A company that lets you use Linux as a main OS might not like if you also want to run Windows in a VM.

My point was rather to be careful when you use it, to not get into legal trouble (especially because it just works with the default settings).

Unless you somehow use it commercially. Then the missing license could cause legal issues.

That, on the other hand, is only viable, if you are sure, data never needs to expire. Dedicated backup solutions work with retention policies.

Where I could see an LLM being useful is categorizing entries and maybe proposing sanitization (for example when the payment provider uppercases or abbreviates stuff)

From maybe to definitely not.

Just to clarify: OwnCloud or OwnCloud Infinite Scale (OCIS)?

The main advantage of SB is TPM. At runtime the key isn’t available and unlocking your disk works automatically as long as nothing has been tampered with (which is then also a nice canary: if you suddenly have to enter your password during boot, something’s off).

Even having no pre-boot PIN with SB on is nice, then you only need your user space login where you could even use fingerprint reader if you like. For servers they can already start serving without anyone having to intervene manually (which is nice after power outage, for example).

So yeah, SB, TPM and FDE are a very nice bundle that heavily secures against the most relevant attack vectors.

For the user they come with the OS

That’s my point, though. Plasma isn’t an OS. You can can have a OS that ships Plasma with Calligra instead of LibreOffice and Falkon instead of Firefox. Or neither, and instead they give you a greeter with the choice to pick your browser. Or the OS is minimal and doesn’t bundle any of them. In Arch for example you normally don’t even get Konsole or Dolphin unless you install them (or you pick the nuclear option and install _all _ KDE packages which also includes a ton of stuff you likely never need).

Probably some fastboot shit. I like the idea of fastboot… if only it wasn’t so tied to Windows.

The ONLY thing I don’t like about it is having to finish the install of windows before you can wipe the ssd.

Why? Can’t you get to the bios, change to usb boot loader, boot linux and wipe the disk?

AUR is the place for unverified submissions. The verified stuff typically ends up in the main repos.

The preinstalled apps are not a feature of KDE (or Gnome, XFCE, etc.). Actually they all are structured in a very modular way where you can use or omit individual components. Firefox and LibreOffice are completely independent of it even; they merely add compatibility layers to make the integration more seamless.

What you experienced was something to attribute to the distribution you chose. They are the ones to decide which components to bundle and preinstall. That is also the reason why so many distributions exist in the first place, because different teams/devs have different visions about what the desktop should look and feel like after install.

If your client(s) accept irregularly changing remote certs (i.e. they don’t do cert pinning), it should work. If both cloudflare and you use the same CA, it would likely work even with cert pinning. Certainly possible, but increases the complexity of the overall setup.

Possible, true. But then the setup also becomes more complicated. In addition you end up with different certs for local and remote access, which could cause issues with clients if they try to enforce cert pinning for example.

Cloudflare tunnel likely terminates TLS on the edge. So if you bypass it, you don’t have HTTPS. Not a problem locally, but then destroys the portability of the URL (because at home you need http and outside you need https). Might as well use different hosts then.

I think you won’t regret it. If the container startup installs stuff, you might lock yourself out when the remote server has issues, your network has issues, or if the package you install changes due to an update.

With it baked into an image, you have reproducible results. If you build a new image and it doesn’t work anymore, you can immediately switch back to the old one and figure out the issue without pressure.

The idiomatic way would be to build your own image. That’s exactly the strength of the layering of container images.