I’ve been happy with whc.ca for hosting…been using their pro account for years. I generally use canspace.ca for domain registration, and have done so for more than 10 years without issue.

I can’t provide specific advice for tailscale, but I can share my notes for my own use case, which is for PCs that are safely behind the home firewall. You’d want to adjust your ssh/smb settings accordingly. You shouldn’t need any rules for ProtonVPN, as you’re likely just trying to block incoming connections, not outbound.

It’s my understanding that Fedora opens ports 1025-65535/tcp and 1025-65535/udp by default.

To lock down to sane defaults (--permanent saves the settings directly, avoiding the need to run firewall-cmd --runtime-to-permanent separately):

sudo firewall-cmd --permanent --remove-port=1025-65535/tcp
sudo firewall-cmd --permanent --remove-port=1025-65535/udp
sudo firewall-cmd --permanent --add-port=27031/udp  # steam remote play
sudo firewall-cmd --permanent --add-port=27036/udp  # steam remote play
sudo firewall-cmd --permanent --add-port=27036/tcp  # steam remote play
sudo firewall-cmd --permanent --add-port=27037/tcp  # steam remote play

Ensure that ssh and samba-client are listed as allowed services too (sudo firewall-cmd --list-all).

• Firewalld must be reloaded before rule changes will take effect: firewall-cmd --reload
• Changes will reset upon reboot unless made persistent by using --permanent or by committing all changes with --runtime-to-permanent

Common commands:

sudo systemctl enable --now firewalld   # enable and start firewalld service
sudo systemctl disable firewalld
sudo systemctl stop firewalld

sudo firewall-cmd --state               # show running state of firewalld
sudo firewall-cmd --get-active-zones    # list active zones
sudo firewall-cmd --get-zones           # list all zones
sudo firewall-cmd --get-default-zone    # list default zone
sudo firewall-cmd --list-ports          # list allowed ports in current zone
sudo firewall-cmd --list-all            # list all settings
sudo firewall-cmd --reload              # reload firewall rules to activate any rule modifications

Add/remove ports, services, IPs:

sudo firewall-cmd --add-port=port-number/port-type      # allow incoming port  (tcp,udp,sctp,dccp)
sudo firewall-cmd --remove-port=port-number/port-type   # block incoming port
sudo firewall-cmd --add-service=<service-name>          # allow incoming service (see /etc/services)
sudo firewall-cmd --remove-service=<service-name>       # block incoming service (see /etc/services)
sudo firewall-cmd --add-source=192.168.1.100 (or 192.168.1.0/24)    # whitelist incoming IP or IP range
sudo firewall-cmd --remove-source=192.168.1.100 (or 192.168.1.0/24) # remove whitelisted IP or IP range

Block an IP or IP range (rich rules):

sudo firewall-cmd --permanent --add-rich-rule="rule family='ipv4' source address='192.168.1.100' reject"
sudo firewall-cmd --permanent --add-rich-rule="rule family='ipv4' source address='192.168.1.0/24' reject"

Whitelist IP for specific port (rich rule):

sudo firewall-cmd --permanent --add-rich-rule='rule family="ipv4" source address="192.168.1.100" port protocol="tcp" port="3306" accept'

Removing a Rich Rule

sudo firewall-cmd --permanent --remove-rich-rule='rule family="ipv4" source address="192.168.1.100" port protocol="tcp" port="3306" accept'

As a fellow Atomic user, my completely biased opinion is that you’ve made a good choice of distro for switching from Windows.

Don’t sweat the need or desire to layer a few packages. I see a lot of folks stress over this as if it’s a hard rule they are breaking. It’s a general recommendation and little more. I would be surprised if most users don’t layer at least one package (or even a few).

On my main workstation, running Kinoite at the moment, some of the layered packages include:

• distrobox
• gdm (sddm refuses to respect autologin)
• kate
• ksystemlog
• syncthing
• vim-enhanced
• virt-manager
• virt-viewer

Same, I’ve switched all of my workstations to Kinoite and Silverblue over the past 18 months, and couldn’t be much happier about it.

That’s a great post too, thanks for sharing it here. My hope is that folks might still manage to find this info through search engines, even if Lemmy isn’t yet as highly indexed as other platforms.

If it were me and there was no way to have an additional drop installed from the exterior, I would still consider running a single cable through the living space to your desired location, as discreetly as possible.

It’s difficult to suggest exactly how to do so without pics or a floorplan, but I would try to match the wall or trim color and keep the cable tucked close to the floor and/or ceiling throughout the run.

Once in place, the cable will quickly disappear into your surroundings and you’ll be left with rock solid reliable networking.

And I don’t even care if they keep it as a “tray”. I’d be content with integration into the dash if they can make it work smoothly. For example, just having the app start minimized as a regular icon (or segregated icon) in the dash…just something at this point.

I’m happy to see it’s finally happening, and I hope they left its implementation flexible.

What I’d really love to see (aside from triple buffer) is a real solution to the system tray situation. AppIndicator is problematic for some apps and under certain X11/Wayland desktops, and even when it works well it is cumbersome to use compared to traditional tray implementations. Hoping we see a new approach soon.

In the meantime, I’ve been enjoying a revisit to KDE Plasma under Kinoite and I have to say I’m really impressed with both DEs!

Our Smart TV is offline 99% of the time, so I rarely see the smart features. We’ll sometimes have company stay over and they’ll connect the Ethernet to use the built-in streaming apps with their own credentials, so it’s a nice option to have and it doesn’t impact us otherwise.

JF’s UI hasn’t really done it for me for whatever reason…I have it running in an LXC already and mostly use it at my workstations.

I have a JF instance running on Proxmox as well, but it hasn’t won me over yet. Still, I know a lot of folks do prefer it to Kodi and others so there must be something to it.

As others have said, just buy a TV that meets your A/V needs and don’t connect it to the internet.

I know everyone talks about Jellyfin these days, but Kodi is an excellent option too if you don’t need streaming to multiple devices. I use Kodi via LibreElec on an rpi4 and it’s been great. All media is stored on my home server and shared over Samba, but you can easily store it locally on the box if you don’t have a server.

For music streaming, I run a separate instance of miniDLNA on my server, since I like to browse-by-directory for my music instead of relying solely on metadata. This also allows you to stream to any DLNA-friendly device on the LAN.

I’ve digitized my disc collection and just keep the physical media as a backup. The local library has a huge selection of media too…and if we don’t use it, we’ll lose it.

deleted by creator

No worries, the screen should always lock after sleep or idle regardless of SDDM. KDE uses a separate kscreenlocker app for that functionality once your desktop session has started. It’s worth noting the kscreenlocker doesn’t rely on the SDDM theme in any way, as the two are completely separate processes. So, your lock screen will always match your active KDE theme.

Just a suggestion…if you’ve enabled disk encryption during installation, consider enabling autologin for SDDM so you’re not having to enter two credentials at boot. You’ll rarely ever see your greeter again, so it won’t really matter which theme is used.

And if you did not enable disk encryption, consider doing so as the security and privacy benefits are significant for most users.

That sounds like a time saver for sure. I imagine that some of those elements (grammar rules) are widely available everywhere, while others (practice dialogues, activity suggestions focused on the use of language) would require a fairly specific training model.

Thanks for sharing! I’m probably too set in my ways to ever utilize AI for things like this. I never use virtual assistants like Alexa or Google either, as I like to vet and interpret the source of information myself. Having the citations would be handy, but ultimately I’d want to read them myself so the IA/VA just becomes an added step.

If a layman may ask, what are folks even using AI/LLMs for mostly? Aside from playing around with some for 10-15 mins out of simple curiosity, I don’t have a practical use for platforms like ChatGPT. I’m just wondering what the average tech enthusiast uses these for, outside of academia.

Like X11, xwayland is not as secure as a pure Wayland environment but I think it’s important to note that hundreds of thousands of desktop Linux users are likely still running X11.

So, in my opinion, it is not ideal to run xwayland but still completely acceptable for most users who don’t have special security requirements.

Overall a good watch, but his continuous reaching under the table is a bit awkward lol.