I’m not going to watch the video, but what’s the procedure for switching between Linux and Windows? Usually you dedicate a GPU entirely to VFIO, with a 2nd GPU for the host OS (or run headless).

Anyway, will it work? Yes, minus some anti-cheat software. Will it be a simple solution? Well, once you get things stable, yes. The tech behind this is mature, but it can be a rabbit hole.

I would look into a non-Nvidia GPU for your 2nd PCIe x16 slot (x4, shared with the 2nd M.2 slot FYI). Good idea to check IOMMU groups before buying anything, but modern AMD motherboards are usually fine. Blacklist the Nvidia drivers and dedicate the 3070 to VFIO to make your life easier, and run Linux off the secondary GPU. Intel A380 might be a good choice. Do gaming stuff on Windows and stream via Parsec/Looking Glass/Moonlight+Sunshine; everything else on Linux.

It’s easy* to setup Hashicorp Vault with your own CA and do automated cert generation and rotation, if you are willing to integrate everything into Vault and install your root CA everywhere. (*not really harder than any other Vault setup, but yaknow). I may go down this route eventually since I don’t think a device I don’t control has ever accessed anything I selfhost, or ever will.

I have a wildcard subdomain pointing to my public IP, and forward port 80 to an LXC container with certbot. Port 80 appears closed outside the brief window when certbot is renewing certs. Inside my network I have my PiHole configured to return the local IP for each service.

Nothing exposed to the internet at all. There is a record of my hostnames on Let’s Encrypt but not concerned if someone will, say, deduce apollo-idrac is the iDRAC service for a Dell rackmount server called apollo and the other Greek/Roman gods are VMs on it. Seemed like a house of cards that would never work reliably, but three odd years later I only have issues if a DNS resolver insists on bypassing my PiHole. And that DNS resolver is SystemD-ResolveD which should crawl back into whatever hellhole it came out of.

They could hijack your site at any time, but with a copy of your live private certs they (or more likely whatever third party that will invariably breach your domain provider) can decrypt your otherwise secure traffic.

I don’t think there’s significant real tangible risk since who cares about your private selfhosted services and I’d be more worried about the domain being hijacked, and really any sort of network breach is probably interested in finding delicious credit card numbers and passwords and crypto private keys to munch on. If someone got into my network, spying on my Jellyfin streaming isn’t what I’m going to be worried about.

But it is why CSRs are used.

Friction between Snap and AppArmor is to be expected. The corporate sponsor of Snap, Canonical, is well known for their icy relationship with the corporate sponsor of AppArmor, Canonical.

The layoff includes Mary Kirby, who’s been a core writer in the Dragon Age franchise since the first game. Saw takes that the layoffs are just eliminating multiplayer positions, but that’s not true.

I’ve long suspected that Dreadwolf will make or break BioWare. Since it’s following the same script as Andromeda and Anthem - endless delays, no public progress just lots of b-roll and concept art - I don’t think development is going well. ME: Legacy might have bought BioWare some breathing room but I can’t interpret this as anything other than death throes for the studio.

BioWare is dead, long live Larian and Spiders?

I’ve found the idea of LXC containers to be better than they are in practice. I’ve migrated all of my servers to Proxmox and have been trying to move various services from VMs to LXC containers and it’s been such a hassle. You should be able to directly forward disk block devices, but just could not get them to mount for an MinIO array - ended up just setting their entire contents to 100000:100000 and mounting them on the host and forwarding the mount point instead. Never managed to CAP_IPC_LOCK to work correctly for a HashiCorp Vault install. Docker in LXC has some serious pain points and feels very fragile.

It’s damning that every time I have a problem with LXC the first search result will be a Proxmox forum topic with a Proxmox employee replying to the effect of “we recommend VMs over LXC for this use case” - Proxmox doesn’t seem to recommend LXC for anything. Proxmox + LXC is definitely better than CentOS + Podman, but my heart longs for the sheer competence of FreeBSD Jails.

Do you have any trouble with cooling or anything with them? Got like a billion unused PCIe lanes in my Dell R730 and can think of a few things that might benefit from a big NVMe ZFS pool.

Likely an attempt to claim there’s fewer calories per slice, even though people will just cut it in quarters instead of fifths.

Specifically Endless Dungeons, which is a spiritual successor to Dungeon of the Endless and comes out in a few months.

@TrenchcoatFullofBats I think this is the winning answer. Looks like it’s about a 1060 6GB, which should be enough horsepower for several desktop VMs, and keeps open my full profile slots should I ever want to install something even more powerful in the future. vGPU support is also nice so I don’t have to juggle which VM gets which GPU.

@Nilz Do you know if the WX 5100 supports SR-VIO? Getting mixed answers about what if any AMD GPUs support it, but having VMs share a single physical GPU would be a perfect solution.

@Nugget Yeah an older Quadro like the P600 is the fallback option. Looks like they run about $50 used on eBay.

Actually I lied, according to the Dell manual the full profile slots have a connector that provides PCIe power though I’d have to buy a cable for it. Long term the answer might be to get a used V100 and dive deep into the vGPU rabbit hole (erp).

@JustEnoughDucks I am planning on getting an Intel Arc for my Jellyfin server at some point. Have an old Dell SFF with a 8700 that I think I’ll eventually stuff into a 2U chassis. It’s probably overkill for my VM server though, since the VMs really just need to not lag in desktop application work (aka IntelliJ) and play Youtube videos without obvious framing.

Only issue I had with a similar setup is turns out the old HP desktop I bought didn’t support VT-d on the chipset, only on the CPU. Had do some crazy hacks to get it to forward a 10gbe NIC plugged into the x16 slot.

Then I discovered the NIC I had was just old enough (ConnectX-3) that getting it to properly forward was finicky, so I had to buy a much more expensive ConnectX-4. My next task is to see if I can give it a virtual NIC, have OPNsense only listen to web requests on that interface, and use the host’s Nginx reverse proxy container for SSL.

If you live by a major university, they likely have property disposition where you can pick up slightly older equipment, sometimes for super cheap.

Absolutely, and you can generalize that to any sort of requirements are worthless if they don’t have as much teeth as the power they are trying to check.

Supervisor cats would also like to remind you to replace the flapper if you don’t know how old it is.

While I would also pump the brakes a bit on any particular effort, the Biden administration is pushing back against the dominate thinking of “antitrust bad” that emerged in the 70s. I believe he’s made a lot of appointments reflecting that, which hasn’t happened since the Carter administration.

What kicked off that shift? Robert Bork’s 1978 book The Antitrust Paradox, which is yes that Robert Bork. I honestly think people could use more knowledge about the sausage is made when it comes to government.

I agree with your point. Metaface is the most hilariously transparently bad actor on the internet. That well is so poisoned there’s no olive branches that will save their reputation. The incentives for these companies are clear and produce a consistent pattern: build something useful and start building walls around it so you can exploit whatever you’ve built to produce the most shareholder returns. Any instance that cooperates with a Bookmeta instance is willfully ignorant how it will end, even if MaceTook truly does not have malicious plans at the start.

But beyond the other responses, I think it’s worth thinking deeper on this. It’s easy to reduce it to “It’s simple. We kill the Zuckerberg.”

There have always been bad actors, and will always be bad actors. There are probably bad actors in the room with us right now. If this whole threadiverse experiment is going to survive, it needs to be able robustly handle them even when the bad actors can bring a lot of resources to bear.

Also the real fun happens when TheMeta.Com starts proposing changes to ActivityPub. Even if the changes are purely technical and make perfect sense there’s going to be slapfights.