It doesn't. You can still run Incus on other platforms of choice.
Sample size 1 here, but a big advantage of the 'full-stack' approach is things like network config, storage management, boot safety etc all work out of the box and you then get a single API (and nice client) for the whole machine. I get the benefits of cloud infra, like not having to care (too much) about sysadmin, from some hardware sitting in the corner.
Previously I would still need to be maintaining that base layer too. That still makes sense for some environments, but particularly for home I just want my lights and music to work, and be able to play.
Yeah, I already maintain that base layer, and like being able to just run it on Debian, like I said. But, one of the awesome things about Incus is how easy it is to move instances around the LAN (or WAN, I suppose). I don't need super rigorous failovers for most things running at home, but just because it's so easy, I typically always do have a recent copy of every container I run (blogs, home automation servers, various web apps, etc) on a different machine, so when one machine goes down it's super easy to just start the equivalent instance on the other machine.
I run instances I need to interact with (e.g., do development in containers via SSH and remote-editors, with occasional Remote Desktop) on my very-fast Linux workstation — that also does other stuff like local development, web browsing, etc., but most instances that don't need power run on my old 56-core Xeon enterprise server (used, they are roughly as cheap as a Mac Mini).
Incus makes it super easy to move instances around, and from a skim of the announcement it looks like you could just put Incus OS on some machine you have lying around and drop it into an existing config like that with minimal effort.
I look forward to trying it out, even if my "main" Incus will probably remain on my actual manually-curated Linux desktop.
IMO the client certs are pretty elegant from a technical perspective. It works well with the CLI, but the browser experience is different enough to cause at least some base level wtf-ery.
Yeah, most enterprise deployments of Incus use OIDC for authentication and then OpenFGA for authorization with permissions typically synchronized with something like AD/Entra.
TLS certs remain used for some role account type stuff and as a break glass type of access for when OIDC is unavailable and there's an emergency. A nice characteristic of TLS certificates is that they can be generated safely in a HSM which you can then dump into a safe, works well in the corporate world, much better than passwords for this kind of thing.
Oh man that was weird; I opened the video in a private browsing thing to not pollute my watch history and the version I got was automatically translated to Dutch, including voiceover which I presume is AI driven to try and match the tone of the original video. Still a bit robotic though.
While I have my browser configured to prefer Dutch, the second one is English; I wish I could tell it / them that I don't want them to translate anything if it's in one of those languages.
Wezterm runs everywhere, but lets me customise it once and keep that config uniform across all machines.
I can have a single config [0], wrap that in a nix expression [1] for anywhere that runs home-manager / NixOS and then also check it out and symlink on Windows machines as my portal to WSL. As my preferences change, my tooling stays consistent and familiar everywhere it's needed.
I use Ghostty, but the same thing. I have a flake based setup, which means I have the same environment and programs across all my
Macs, Linux machines and WSL terminals.
Takes me about 30 minutes to spin up a new Mac laptop, with 99% of all setup done, down to system preferences.
Linux (nixOS) a little longer because for a brand new machine I may need to do a little hardware specific bootstrapping, but if I’m paving the same machine about the same.
That seems to be especially true on HN. Other forums there is some of that as well, but HN it seems nearly every single comment section is like 75% (random number) pointing out faults in the posted article.
Although I normally loathe pedantic assholes, I've found the ones on HN seem to be more tolerable because they typically know they'll have to back up what they're saying with facts (and ideally citations).
I've found that pedantic conversations here seem to actually have a greater potential for me to learn something from them than other forums/social platforms. On other platforms, I see someone providing a pedantic response and I'll just keep moving on, but on HN, I get curious to not only see who wins the nerd fight, but also that I might learn at least one thing along the way. I like that it's had an effect on how I engage with comment sections.
I have showdead on, and almost every single flagged post I've seen definitely deserves it. Every time it wasn't "deserved", the person simply took an overly aggressive tone for no real reason.
In short, I've never seen somebody flagged simply for having the wrong opinion. Even controversial opinions tend to stay unflagged, unless they're incredibly dangerous or unhinged.
I've seen a few dead posts where there was an innocent misunderstanding or wrong assumption. In those cases it would have been beneficial to keep the post visible and post a response, so that readers with similarly mistaken assumptions could have seen a correction. Small minority of dead posts though. They can be vouched for actually but of course this is unlikely to happen.
I agree that most dead posts would be a distraction and good to have been kept out.
It’s a blunt tool, but quite useful for posts. I read most dead posts I come across and I don’t think I ever saw one that was not obviously in violation of several guidelines.
OTOH I don’t like flagging stories because good ones get buried regularly. But then HN is not a great place for peaceful, nuanced discussion and these threads often descend into mindless flame wars, which would bury the stories even without flagging.
So, meh. I think flagging is a moderately good thing overall but it really lacks in subtlety.
Agreed, flagging for comments seems to function pretty well for the most part, and the vouch option provided a recourse for those that shouldn't have been killed.
On stories however, I think the flag system is pretty broken. I've seen so many stories that get flagged because people find them annoying (especially AI-related things) or people assume it will turn into a flame war, but it ends up burying important tech news. Even if the flags are reversed, the damage is usually done because the story fell off the front page (or further) and gets very little traction after that.
Just imagine this comment of yours would get flagged. Was it something very valuable and now the discussion is lacking something important? Surely not, but how would you feel? So what that you have some not so mild and not so "pleasant" opinion on something - why flag the comment? Just let people downvote it!
> I've found the ones on HN seem to be more tolerable because they typically know they'll have to back up what they're saying with facts (and ideally citations).
Can you back this up with data? ;-)
I see citations and links to sources about as little as on reddit around here.
The difference I see is in the top 1% comments, which exist in the first place, and are better on average (but that depends on what other forums or subreddits you compare it to, /r/AskHistorians is pretty good for serious history answers for example), but not in the rest of the comments. Also, less distractions, more staying on topic, the joke replies are punished more often and are less frequent.
That's a sampling bias. You're not seeing the opinions of every single person who has viewed an article, just the opinions of those who have bothered to comment.
People who agree with an article will most likely just upvote. Hardly anyone ever bothers to comment to offer praise, so most comments that you end up seeing are criticisms.
True true, one of my favorite things is watching the shorts on home improvement or 'hacks' and sure enough there is always multiple comments saying why it won't work and why its not the right way. Just as entertaining as the video.
There's a bit of a trend of vendors packaging mobile CPUs in desktop form factor which are a good candidate for this. Rather than the prebuilt mini PCs this also includes mini-ITX boards. Personally I use the Minisforum BD795i SE, but there are others too.
Check for PCIe bifurcation support. If that's there you can pop in a PCIe to quad M.2 adapter. That will split a PCIe x16 slot into 4 x M.2s. Each of those (and the M.2s already on the motherboard) can then be loaded with either an NVMe drive or an M.2 to SATA adapter, with each adapter providing 6 x SATA ports. That setup gives a lot of flexibility to build out a fairly extensive storage array with both NVMe and spinning platters and no USB in sight.
As a nice side effect of the honestly bonkers amount of compute in those boards there's also plenty of capacity to run other VM workloads on the same metal which lets a lot of the storage access happen locally rather than over the network. For me, that means the on-board 2.5GbE NIC is more than fine, but if not you can also load a M.2 to 10GbE adapter(s) as needed.
I don’t at the moment. This setup is new and my current hot storage needs are pretty minimal so I’m all in on NVMe. When that changes though thats the expansion plan. ASM1166 based boards seem to be an ok choice, but don’t have any personal recs there (yet).
I've not used any of them, but from my shopping some of them are multiport SATA adapters, and some of them are a single port SATA adapter plus a SATA port multiplier. I would expect the port multiplier variants to be dodgier.
reply