Does it lock up when booting? Fedora’s kernel has issues booting on Surface devices since Fedora 39.
You either need to switch kernels (e.g. linux-surface kernel) on a different machine or switch distro.
Running an outdated Fedora version is not the solution.
That only applies to the GNOME variant, the KDE spin is missing the third party repo toggle.
At least the Flathub repo is fixed on the GNOME variant now. The Nvidia repo is added but the driver is not installed, meaning you still need to use the CLI to install the drivers.
No, it’s like buying a car without understanding how the engine works, which a lot of people do.
It caters to a middle ground that barely exists, meaning it doesn’t have enough options for a power user and too many for a newcomer.
For example, a newcomer doesn’t know what a root account is and doesn’t have to care, yet they have to choose if they want to enable or disable the account. They can also remove their administrator privileges without knowing what it means for them. I get asked what a root account is every time somebody around me tries to install Fedora.
I recommend spinning up a Ubuntu 24.04 VM and taking a look at their installer.
They have a clear structure on how to install Ubuntu step by step while Fedora presents you everything at once. They properly hide the advanced stuff and only show it when asked for it. They have clear toggles for third party software right at the installer and explain what they do. Fedora doesn’t even give you the option to install H264 codecs or Nvidia drivers.
It also looks a lot cleaner and doesn’t overload people with too much info on a single screen. And yet it can still do stuff like automated installing and has active directory integration out of the box, where the Fedora installer miserably fails for a “Workstation” distro.
The Fedora installer works, but it doesn’t do much more than that and the others do it better in many areas.
Long-time Fedora user here. I do not think Fedora is noob friendly at all.
I really like Fedora for their newish packages without breaking constantly. I still would not recommend it for beginners.
Yes, because Docker becomes significantly more powerful once every container has a different publicly addressable IP.
Altough IPv6 support in Docker is still lacking in some areas right now, so add that to the long list of IPv6 migration todos.
Shoutout to Frictional Games (known for Penumbra, Amnesia, Soma) who publish many of their older (commercially successfully) games on their GitHub: https://github.com/FrictionalGames
There is this notion that IPv6 exposes any host directly to the internet, which is not correct. When the client IP is attacked “directly” the attacker still talks to the router responsible for your network first and foremost.
While a misconfiguration on the router is possible, the same is possible on IPv4. In fact, it’s even a “feature” in many consumer routers called “DMZ host”, which exposes all ports to a single host. Which is obviously a security nightmare in both IPv4 and IPv6.
Just as CGNAT is a thing on IPv4, you can have as many firewalls behind one another as you want. Just because the target IP always is the same does not mean it suddenly is less secure than if the IP gets “NATted” 4 times between routers. It actually makes errors more likely because diagnosing and configuring is much harder in that environment.
Unless you’re aggressively rotating through your v6 address space, you’ve now given advertisers and data brokers a pretty accurate unique identifier of you. A much more prevalent “attack” vector.
That is what the privacy extension was created for, with it enabled it rotates IP addresses pretty regularily, there are much better ways to keep track of users than their IP addresses. Many implementations of the privacy extension still have lots of issues with times that are too long or with it not even enabled by default.
Hopefully that will get better when IPv6 becomes the default after the heat death of the universe.
Will take a look at the talk once I get time, thanks. If you can find the original one you were talking about, please link.
For servers, there is some truth that the address space does not provide much benefit since the addressing of them is predictable most of the time.
However, it is a huge win in security for private internet. Thanks to the privacy extension, those IPs are not just generated completely random, they also rotate regularily.
It should not be the sole source of security but it definitely adds to it if done right.
With NAT on IPv4 I set up port forwarding at my router. Where would I set up the IPv6 equivalent?
The same thing, except for the router translating 123.123.123.123 to 192.168.0.250 it will directly route abcd:abcd::beef to abcd:abcd::beef.
Assuming you have multiple hosts in your IPv6 network you can simply add “port forwardings” for each of them. Which is another advantage for IPv6, you can port forward the same port multiple times for each of your hosts.
I guess assumptions I have at the moment are that my router is a designated appliance for networking concerns and doing all the config there makes sense, and secondly any client device to be possibly misconfigured. Or worse, it was properly configured by me but then the OS vendor pushed an update and now it’s misconfigured again.
That still holds true, the router/firewall has absolute control over what goes in and out of the network on which ports and for which hosts. I would never expose a client directly to the internet, doesn’t matter if IPv4 or IPv6. Even servers are not directly exposed, they still go through firewalls.
Anything connected to an untrusted network should have a firewall, doesn’t matter if it’s IPv4 or IPv6.
There’s functionally no difference between NAT on IPv4 or directly allowing ports on IPv6, they both are deny by default and require explicit forwarding. Subnetting is also still a thing on IPv6.
If anything, IPv6 is more secure because it’s impossible to do a full network scan. My ISP assigned 4,722,366,482,869,645,213,696 addresses just to me. Good luck finding the used ones.
With IPv4 if you spin up a new service on a common port it usually gets detected within 24h nowadays.
Right you are, but don’t start telling everyone so I can’t silently download my lossless albums from Tidal, Deezer and Qobuz anymore.
I use ROCm for inference, both text generation via llama.cpp/LMStudio and image generation via ComfyUI.
Works pretty much perfectly on a 6900 XT. Very fast and easy to setup.
I had issues with some libraries only supporting CUDA when trying to train, but that was almost 6 months ago so things probably have improved in that area as well.
Yes, but it is the cause for having issues jumping between networks and never having proper IPv6 support.
What issues are you having? I have no issues with switching between networks and using IPv6 on Fedora KDE.
The only thing I ever noticed was that its stubborn with releasing its DHCP IP addresses and there is no refresh button in KDE. Disabling and enabling again usually solves that, although not sure if that is on NetworkManager or dhclient.
Everything is “out of scope” with GNOME these days it seems.
It is, that’s why it is not a suitable DE for people that need more than the basics. I wish they were better with adding advanced features but they are not and probably never will be.
KDE might not be as pretty and flashy but it is pretty extensive when it comes to settings and fast with implementing new features.
NetworkManager is not the cause for having multiple UIs, that is just one of the side effects of GNOME going for the minimalistic approach. It’s never going to have all settings in their simple UI because that’s out of the scope for the GNOME project.
If having advanced network settings in a single UI is important to you, use KDE. It has wifi, static IPv4/IPv6, VLANs, routes, bridges, VPN and much more all in one interface.
That’s the reason I used the VLC alpha for a long time, it’s fixed there.
Moved away from VLC for music playback since then.
This seems like common sense, no?
Hindsight is 20/20. As seen in the post, there’s not that many APIs that don’t just blindly redirect HTTP to HTTPS since it’s sort of the default web server behaviour nowadays.
Probably a non-issue in most cases since the URLs are usually set by developers but of course mistakes happen and it absolutely makes sense to not redirect HTTP for APIs and even invalidate any token used over HTTP.
That website is horrible, reads like somebody having a temper tantrum.
I really like that you can view who upvoted/downvoted a post on Lemmy. Makes for some interesting analysis on some posts.