Look a flagpole

I’m not going to watch the video, but what’s the procedure for switching between Linux and Windows? Usually you dedicate a GPU entirely to VFIO, with a 2nd GPU for the host OS (or run headless).

Anyway, will it work? Yes, minus some anti-cheat software. Will it be a simple solution? Well, once you get things stable, yes. The tech behind this is mature, but it can be a rabbit hole.

I would look into a non-Nvidia GPU for your 2nd PCIe x16 slot (x4, shared with the 2nd M.2 slot FYI). Good idea to check IOMMU groups before buying anything, but modern AMD motherboards are usually fine. Blacklist the Nvidia drivers and dedicate the 3070 to VFIO to make your life easier, and run Linux off the secondary GPU. Intel A380 might be a good choice. Do gaming stuff on Windows and stream via Parsec/Looking Glass/Moonlight+Sunshine; everything else on Linux.

deleted by creator

Mostly just as a wrapper for Docker. The main issue I’ve run into is Docker’s union file system functionality doesn’t work when backed by ZFS, so disk usage can balloon out of control. I wouldn’t use this in production but don’t tell me how to live my life mom.

Beyond various Docker stacks I also have a Certbot container that uses Snap (sigh), and Hashicorp Vault container which runs as a vanilla SystemD service. I run Wireguard as part of my OPNSense VM. That’s something I would run in a VM since it’s exposed to the internet. I have an older MinIO and Concourse CI Docker Compose config that I’d love to run in LXC but I suspect that isn’t realistic.

Note on Vault, I haven’t been able to get mlock to work (used to prevent sensitive memory from being swapped). By all accounts it should just work in LXC, but since it isn’t and there’s no swap on the host I just turned it off. I may migrate Vault to a VM at some point.

I’m personally just interested in lightweight environments with good enough isolation and don’t break all the time over nothing. Docker mostly accomplishes that for me. LXC + Docker also mostly accomplishes that.

(My heart yearns for FreeBSD Jails but with decent tooling)

I originally excited by Podman, but ultimately migrated away from it. Friendship ended with Ubuntu and Docker -> CentOS and Podman -> Proxmox + Debian LXC (which has its own irritations but anyway). Off the top of my head:

• Can’t attach a containers to multiple networks. Most of my Docker Compose stacks have an Nginx reverse proxy and a network for each service.
• But you can use pods. However since they share the same network interface if you have multiple legacy services that both insist on, say, port 80 they can’t be in the same pod. They also don’t isolate services, nor can you assert a specific pod is the one listening on a forwarded port.
• Pods also have DNS issues with Nginx. It kept crashing since it couldn’t resolve the hostnames of the other containers in the pod, even if they were already running. If you launch a shell inside an Nginx container the other container hostnames resolve fine. I suspect the problem is the container is launched before its behind-the-scenes DNS infrastructure is ready.
• Podman lets you use secrets on normal containers (yay) but if the secret changes you have to recreate the container. Amazing synergy with rotating TLS certificates.
• Endless issues with SELinux and bind mounts. My Nginx container kept crashing because SELinux didn’t like the TLS certificate bind mount. This is where I reflected on the endless parade of random issues that I had no interest in solving and finally threw in the towel.

I brought all this up in another community and was told the problem was [paraphrased] “people keep trying to use Podman like they use Docker” - whatever that means. I do like a number of design choices in it, like including the command used to create containers in the metadata, and how it’s easy to integrate into SystemD for things like scheduled updates.

Cockpit is pretty slick though, need to install it on my bare metal Debian host.

Honestly, I’d be more curious what topics where the media does nail the nuances of. Are there any at all?

If he’s someone that’s normally good at being funny - that is good at finding humorous observations and wording things that get people to laugh - then I’d say he’s messing with you.

I would mess with him right back by acting like I’m very seriously trying to understanding the joke and ask increasingly dumb questions until he realizes that yes, I knew exactly what he was doing. Or a knowing smirk if that’s too much.

(Yes this comment is very revealing about my childhood)

This might not be what your friend is going for, but I smirked slightly and this is how I interpret it:

I particularly like jokes that take something absurd and launder it through the structure of things that do make sense. Everything in your friend’s joke is factually true. It’s structured as a logically consistent argument.

And yet it is completely nonsensical. No one has ever thought that windows make something move. It invoked a slightly confused response in me, which is why I found it funny.

It’s not a great joke, but I might tell it to feel out someone’s sense of humor plus whether they pick up on that I’m doing so. I think the analogy to Windows makes it a weaker joke, but I would give that as an explanation just to mess with someone a little.

They could hijack your site at any time, but with a copy of your live private certs they (or more likely whatever third party that will invariably breach your domain provider) can decrypt your otherwise secure traffic.

I don’t think there’s significant real tangible risk since who cares about your private selfhosted services and I’d be more worried about the domain being hijacked, and really any sort of network breach is probably interested in finding delicious credit card numbers and passwords and crypto private keys to munch on. If someone got into my network, spying on my Jellyfin streaming isn’t what I’m going to be worried about.

But it is why CSRs are used.

Friction between Snap and AppArmor is to be expected. The corporate sponsor of Snap, Canonical, is well known for their icy relationship with the corporate sponsor of AppArmor, Canonical.

Do you have any trouble with cooling or anything with them? Got like a billion unused PCIe lanes in my Dell R730 and can think of a few things that might benefit from a big NVMe ZFS pool.

@TrenchcoatFullofBats I think this is the winning answer. Looks like it’s about a 1060 6GB, which should be enough horsepower for several desktop VMs, and keeps open my full profile slots should I ever want to install something even more powerful in the future. vGPU support is also nice so I don’t have to juggle which VM gets which GPU.

Yep unfortunately. I would start with an Nvidia Shield or similar on the Samsung if that’s definitely where you want the 4k content. That’s more or less what I did, though I’ve evolved to where I want streaming to work perfect out of the box on whatever screen I feel like using.

The good news is you don’t need a lot of server (that’s good)

But you want very specific functionality (that’s bad)

Optimal hardware is not expensive, a reasonably modern Dell/HP/whatever desktop is probably fine (that’s good)

But it’s more complicated than “find something with H264/H265 support” because there’s like eighty flavors of everything and you might want things like AV1 so you don’t have to swap hardware in the future and you can run into problems where driver or library issues just randomly breaks certain codec combinations and there’s no Just Buy This answer. (…)

… that’s bad. (can I go now)

Your options are something with more HP on the server side, or something that can direct play at the TV side. I’ve discovered a Ryzen 3300X is just not quite powerful enough to transcode 4k content, so I’m in the process of migrating media off my NAS and onto a dedicated server with an Intel 8700. The easiest path on the server side is to get an older Dell/HP/whatever desktop with as new of an Intel CPU as you can find - newer iGPUs support more codecs, but the 8th generation (like my 8700) seems to be a decent sweetspot. The Intel A380 also supports everything under the sun and is pretty cheap. Keep in mind you’ll need PlexPass or switch to Jellyfin if you want GPU transcoding.

On the playback side, I think Nvidia Shield is your best bet. I’ve found my Roku stick works well with most video content, but generally needs transcoding if I turn on subtitles :/ I used an M1 Mac Mini as an HTPC, which handled everything extremely well but it’s not as TV friendly nor as cheap - if it supported HDMI 2.1 and 4k120hz output I’d probably still be using it as an HTPC.

@Nilz Do you know if the WX 5100 supports SR-VIO? Getting mixed answers about what if any AMD GPUs support it, but having VMs share a single physical GPU would be a perfect solution.

@Nugget Yeah an older Quadro like the P600 is the fallback option. Looks like they run about $50 used on eBay.

Actually I lied, according to the Dell manual the full profile slots have a connector that provides PCIe power though I’d have to buy a cable for it. Long term the answer might be to get a used V100 and dive deep into the vGPU rabbit hole (erp).

@JustEnoughDucks I am planning on getting an Intel Arc for my Jellyfin server at some point. Have an old Dell SFF with a 8700 that I think I’ll eventually stuff into a 2U chassis. It’s probably overkill for my VM server though, since the VMs really just need to not lag in desktop application work (aka IntelliJ) and play Youtube videos without obvious framing.

A little while ago, I read an argument that Traverse City, MI will be the next Portland. I think that’s right. There’s a lot of outdooring within a day drive, and it’s pretty affordable.

Your main downsides are summer wildfire smoke will presumably be a regular thing going forward, and winters are cold with lots of snow thanks to lake effect. Michigan politics are interesting, and Traverse City is in a historically red part of the state - but I think that’s changing.

500k will definitely get you a good house unless you want something extremely new or right downtown. That particular listing is also one block away from one of my favorite breweries of all time.

“Healthier” is a fuzzy, difficult to define concept in food, but there’s minimal nutritional differences between canned, frozen, and fresh fruits and vegetables. Avoid cans with BPA lining and anything with lots of added salt or sugar, but otherwise don’t worry about it.

The practical answer is whatever helps you not eat takeout all the time is what you should stick with. If you are worried, prewashed salad lettuce packs are pretty cheap and are a manageable two meals. I really hate juggling the shelf life of produce as well.