Bullied? When they find out how much money there is to be made in surveillance business, they will do it voluntarily.

Anyone looking to use jails might find BastileBSD helpful. It's a nice and modern jail manager.

I was looking at TrueNAS CORE to see if it was a viable way to bsd-jail Linux containers. I'm really only doing this to get some protection from supply chain attacks given I'm fairly promiscuous at git-clone-and-run-a-build. Before that I was aiming for the same with Bastille and had got to the give up stage because it felt too fiddly to set up. This was a year ago. Maybe its better now

Unfortunately trunas core is dead now.

zVault is a fork that is effortless to migrate in-place, but pointless because it has had no updates since the fork, it's no different from just continuing to run the derelict final version of truenas core.

That just leaves xigmanas which I have not tried yet, but looks like a simpler more pure nas without the jails or vm manager, which people have told me can be filled by bastille.

Or really, I'm thinking rather than even xigmanas it probably makes more sense to just use plain freebsd and never get stuck like this again.

The host is stuck at 13.3. 13.3 went fully EOL December 2024. The pkg repos don't even supply packages for that any more. I have a bunch of services that run in jails, and currently I can just barely squeak by by "illegally" updating the jails to 13.5. It's not officially supported by upstream freebsd but I seem to be getting away with it for now. But even 13.5 is not going to last much longer. Then what?

So really the FreeNAS ui was nice an all, but not so nice as to be worth being stuck like this now. I probably should have just skipped it and just used plain freebsd which would never have had any such problem.

So maybe assuming zvault continues to not update when I finally need to move some jail past 13.5, maybe the next move is not even to xigmanas but just plain freebsd.

Never understood why satoshi was a prime windows user.

I know this comment is effectively a side tangent on a side tangent. but that was always the strangest thing to me as well. I remember in 2012 when I was debating fiddling around with Bitcoin. that was one of the things that turned me off. I was sure that there was no way something as brilliant as this was supposed to be was developed by windows user.

Which surely says something about all these ideological purity tests

Windows developers (like sysadmins) are of two kinds in my experience.

People who don't understand shit about how the system behaves and are comfortable with that. "I install a package, I hit the button, it works"

.. and

People who understand very deeply how computers work, and genuinely enjoy features of the NT Kernel, like IOCP and the performance counters they offer to userland.

What's weird to me is that the competence is bimodal; you're either in the first camp or the second. With Linux (+BSD/Solaris etc;) it's a lot more of a spectrum.

I've never understood exactly why this is, but it's consistent. There's no "middle-good" Windows developer.

The (install package, press button, it works) is great when you just want a boring OS since the interest is elsewhere rather than an itch on making the machine as perfect extension of onself.

The machine and installation is just fungible.

I think I've had Linux as a primary OS 2 times, FreeBSD once and osX once, what's pulled me back has been software and fiddling.

I'm on the verge of giving Linux or osX another shot though, some friends has claimed that fiddling is virtually gone on Linux these days and Wine also seems more than capable now to handle the software that bought me back.

But also, much of the software is available outside of Windows today.

Unix is easier to understand than the NT mess and everything it's in the open and documented, so you can achieve a good level of knowledge in the middle. OTOH in order to understand NT deeply you must be a reverse engineer. Also, on the other side, crazy experts under Wine (both ways, Unix and NT) OpenBSD and 9front do exist on par of these NT wizards. It just happen with Unix/9f you climb an almost flat slope (more in the second) due to the crazy simple design, while with NT the knowledge it's damn expensive to earn.

With 9front you OFC need expertise on par of NT but without far less efforth. The books (9intro), the papers, CSP for concurrency... it's all there, there's no magic, you don't need ollyDBG or an NT object explorer to understand OLE and COM for instance.

RE 9front? Maybe on issues while debugging, because the rest it's at /sys/src, and if something happens you just point Acid under Acme to go straight to the offending source line. The man pages cover everything. Drivers are 200x smaller and more understandable than both NT and Unix. Meanwhile to do that under NT you must almost be able to design an ISA by yourself and some trivial compiler/interpreter/OS for it, because there's no open code for anything. And no, Wine is not a reference, but a reimplementation.

That's kinda true for older/integrated parts of Windows, lots and lots of functionality that people have come to rely on over the years, but also huge black-boxes that you need to not be intimidated at probing into to solve weird issues (that often becomes understandable if you have enough experience as a developer to interpret what the API surface tells about the possible internal implementation).

Probably bc, Windows users live in walled knowledge domains that tend to reinforce levels of competence (or lack of competence).

Gamers tend to be somewhere in the middle though.

Is there any technical writeup which explains how the isolation exactly works, on containers and VMs? I have always heard the high level arguments of weak isolation, same kernel, etc but never the implementation details.

"Since the abstraction layers have quadrupled, let's not just care about the actual performance anymore!"

Krebs lack any sort of real credibility. He's pushing out slop with a govern-mentalist propaganda. Tech journalists are the worst form to gather any actual information.

Krebs has some credibility in this space because he used to post well-informed takes on these topics, not stuff like this.

His record has never been flawless, but the guy actually put in the work to learn Russian to be able to read these forums. He just doesn’t anymore.

All of his dox articles are based on sloppy practices from threat actors.

So? At least the reporting used to be mostly accurate and trustworthy.

Here we can see that Krebs is now willing to publish stories he hasn’t even attempted to verify

State sponsored cyber attacks are news to you? It's been a thing since more than 2 decades now.

Not the attacks themselves, I would expect that kind or sabotage that actively provokes negative outcomes in people’s lives to have a more respectful/competent reasoning behind than “meh there’s a few leftovers and we had to do something”

The mentioned botnet didn't intentionally take down I2P. It's run by bunch of kids who don't know what they're doing.

It's 10, not 9. And there are severe problems with having a total of 10 DA be the essential source of truth for whole network. It would be trivial to DDoS the DAs and bring down the Tor network or at the very least, disrupt it: https://arxiv.org/abs/2509.10755.

It's the only complaint I have of the current state of Tor. Anyone should be able to run directory authority, regardless if you trust the operator or not (same as normal relays).

Couldn't you

A: Run your own network that trusts the existing plus whatever nodes you think ought to be and convince everyone that this is better if it is

B: Run a node and convince others to trust yours so that eventually there is 11 then 12 and so forth?

Anyone can. The DA code is open source and is used whenever you run a testnet. You can also run a DA on the mainnet - how do you think the 10 primary DAs exist? They're not 10 computers owned by a single organization - they're 10 mutually trusting individuals. However, most of the network won't trust you.