Things like desktop automation, screen sharing, screen recording, remote desktop etc. are incredibly broken, with no hope in sight because the core design of Wayland simply didn’t account for them(!?), apparently.

Add to that the decision to push everything downstream into compositors, which led to widespread feature fragmentation and duplicated effort.

Add to that antagonizing the largest graphics chipset manufacturer (by usage among Linux desktop users) for no good reason. Nvidia has never had an incentive to cater to the Linux desktop, so Linux desktop users sending them bad vibes is… neither here nor there. It certainly won’t make them move faster.

Add to that the million little bugs that crop up when you try to use Wayland with any of the desktop apps whose developers aren’t snorting the Koolaid and not dedicating oustanding effort to catching up to Wayland – which is most of them.

people dont like change

I cannot use Wayland.

I’m an average Linux desktop user, who has an Nvidia card, has no need for Wayland “security”, doesn’t have multiple monitors with different refresh rates, uses desktop automation, screen sharing, screen recording, remote desktop on a daily basis, and uses lots of apps which don’t work perfectly with Wayland.

…how and why would I subject myself to it? I’d have to be a masochist.

Honestly I’ll just send it back at this point. I have kernel panics that point to at least two of the cores being bad. Which would explain the sporadic nature of the errors. Also why memcheck ran fine because it only uses the first core by default. Too bad I haven’t thought about it when running memtest because it lets you select cores explicitly.

Welp no change. I’m guessing the motherboard firmware already contained the latest microcode. Oh well, was worth a try, thank you.

It’s a pain in the butt to swap CPUs one more time but that may pale in comparison to trying to convince the shop that a core is bad and having intermittent faults. 🤪

This sounds like my best shot, thank you.

I’ve installed the amd-ucode package. It already adds microcode to the HOOKS array in /etc/mkinitcpio.conf and runs mkinitcpio -P but I’ve moved microcode before autodetect so it bundles code for all CPUs not just for the current one (to have it ready when I swap) and re-ran mkinitcpio -P. Also had to re-run grub-mkconfig -o /boot/grub/grub.cfg.

I’ve seen the message “Early uncompressed CPIO image generation successful” pass by, and lsinitcpio --early /boot/initramfs-6.12-x86_64.img|grep micro shows kernel/x86/microcode/AuthenticAMD.bin, there’s a /boot/amd-ucode.img, and an initrd parameter for it in grub.cfg. I’ve also confirmed that /usr/lib/firmware/amd-ucode/README lists an update for that new CPU (and for the current one, speaking of which).

Now from what I understand all I have to do is reboot and the early stage will apply the update?

Any idea what it looks like when it applies the microcode? Will it appear in dmesg after boot or is it something that happens too early in the boot process?

BIOS is up to date, CPU model explicitly listed as supported, memtest ran fine, not using XMP profiles.

All hardware is the same, I’m trying to upgrade from a Ryzen 3100 so everything should be compatible. Both old and new CPU have a 65W TDP.

I’m on Manjaro, everything is up to date, kernel is 6.12.17.

Memory runs at 2133 MHz, same as for the other CPU. I usually don’t tweak BIOS much if at all from the default settings, just change the boot drive and stuff like “don’t show full logo at startup”.

I’ve add some voltage readings in the post and answered some other posts here.

Everything is up to date as far as I can tell, I did Windows too.

memtest ran fine for a couple of hours, CPU stress test hang up partway through though, while CPU temp was around 75C.

Yep, it’s explicitly listed in the supported list and BIOS is up to date.

RAM is indeed at 2133 MHz and the cooling is great, got a tower cooler (Scythe Kotetsu mark II), idle temps are in the low 30’s C, stress temp was 76C.

Motherboard is a Gigabyte B450 Aorus M. It’s fully updated and support for this particular CPU is explicitly listed in a past revision of the mobo firmware.

Manual doesn’t list any specific CPU settings but their website says stepping A0, and that’s what the defaults were setting. Also I got “core speed: 400 MHz”, “multiplier: x 4.0 (14-36)”.

even some normal batch cpus might sometimes require a bit more (or less) juice or a system tweak

What does that involve? I wouldn’t know where to begin changing voltages or other parameters. I suspect I shouldn’t just faff about in the BIOS and hope for the best. :/

The Hoffman recipe is 12g of coffee, 250ml of water, 2 minutes steep time, give a small swirl to the recipient, steep another 30 seconds, then press down slowly over at least another 30 seconds. You can find the video on youtube.

There are many other factors involved such as the size of the grind, the uniformity of the grind, the temperature of the water, the steeping time, and the quantities of coffee and water – so really the recipe is just meant as a starting point. You will need to dial it in for each different batch of coffee.

Most of these factors have to do with caffeine extraction aka “yield”. More time steeping, hotter water, more water & coffee and finer grind all increase extraction but in different ways, and over-extraction usually ends up tasting bitter. The opposites decrease extraction and under-extraction ends up tasting sour. The Hoffman recipe is a balanced start.

With the Aeropress you have easy access to all these factors and can customize the brew extensively but you have to do some trial and error.

Well that’s the nice part about the Aeropress, the process is so customizable that you can find a good recipe for just about any coffee.

The Hoffman recipe is not meant to be perfect, just a safe starting point. It can’t possibly fit every single coffee batch out there.

Ironically, if Graphene would succeed, it would lead to a system that’s every bit as locked down as a manufacturer’s Android. GrapheneOS would also not allow you to have root etc.

IMO Graphene wants a place at the big player table. They’re not in it for user freedoms.

You should not have to open such a permissive rule. Like you’ve seen, docker will set firewall rules as needed if you have services that actually need to listen on the public interface.

If you’ve run that permissive input command on the VPS it’s most likely not a good idea.

What exactly are you trying to do? If you’re trying to use curl from inside a docker container that is not the correct way to achieve that. In fact you should not need to do anything like that, outside connections should be allowed (OUTPUT), and incoming collections (INPUT) should be allowed only if they’re related to an already ongoing connection (look up the ESTABLISHED flag).

Any extra flag you can offer that would narrow things down would also be welcome. When you write firewall rules you should be as restrictive as possible. For example since this is curl you’re probably going to connect to ports 80 and 443 so you can add --dport to restrict the ports to the OUTPUT rule. And you should specify the interface (in this case docker0) in almost all cases.

You. Don’t. Store. Secrets. In. Plaintext.

SSH stores the secret keys in plaintext too. In a home dir accessible only by the owning user.

I won’t speak about Windows but on Linux and other Unix systems the presumption is that if your home dir is compromised you’re fucked anyway. Effort should be spent on actually protecting access to the home personal files not on security theater.

It’s s great fit for people with goldfish memory span.

Threads is only federated in name. It’s simply Meta’s taking advantage of Twitter’s downfall. It’s as centralized and under Meta’s thumb as they come.

Only the Tailscale pairing server is proprietary but there’s a FOSS self-hostable alternative called Headscale.

The Tailscale clients are FOSS.

There isn’t much of a guide, you install the Tailscale clients and make an account on their website. After you enroll your devices to the account with a code they’ll be able to access each other via private IPs on an encrypted network based on WireGuard.

You can connect among devices with unsecured protocols like VNC because they’ll be inside the encrypted network. And this works with any app and any protocol not just remote desktop — you can use Syncthing, access files, access any services you want securely etc.

It’s GPL, they have to also provide the source. And you benefit from all the rights they do.

“Business” licenses try to prevent competition while still benefiting from free contributions, and pass it as “fairness”. But how is it fair for anybody except that particular company? What about the contributors? If OBS used such a license and reaped all the benefits would you still contribute to them?