I think I started back in the day with Ubuntu Gnome, with some dabbling in Manjaro and then Arch.

But since then I have used Fedora Workstation, and then Fedora Silverblue / Fedora Kinoite (immutable versions of fedora, with the past several years on Kinoite [kde] over Silverblue [gnome])

On the server side of things, I am using Debian (with everything running in podman containers).

If I were to consider migrating, it would be to migrate my laptop to secureblue (likely, rebasing the OS image rather than clean-installing) and migrate my Windows 11 desktop to bazzite. Both of these are still based on Fedora’s immutable base, albeit with changes to the base OS image. At some point in the future, I would also consider migrating my server to an immutable OS, however, which one remains to be seen.

As of now I am currently using FreshRSS, although before I properly deploy this to other users in my family / friends I might give Tiny Tiny RSS (tt-rss) a shot as well. I don’t think the differences will matter for end-users as the majority of mine will likely all be using it through the API via a mobile app (e.g NetNewsWire (ios & mac), FluentReader (desktop), CapyReader (android) etc. etc.)., however the main difference that will dictate which one I stick with is the filtering capabilities and the ease of setup of article-collection with readibility / mercury to remove extrenuous content / ads.

I am also quite interested in miniflux, although it is quite intentionally bare bones. It lacks a plugin api (a potential security improvement), and instead natively supports many of the things people would use plugins for (native youtube-nocookie embedding / invidious embedding, integrations with readlater services like instapaper and wallabag, etc., integrated article fetching and parsing with readibility [and can change user agent / cookies to bypass bot protections]). It also seems to have a bit better security stance (supporting modern web browser features like passkeys, content sanitization, sanitizing url parameters in share links automatically etc.).

Miniflux definitely feels like the best ratio of ootb functionality + security, but the UI of FreshRSS feels more natural if you envisage less techy users to use it (and in my case I see one person using the website over an app).

That is what it seems like based on what I have read :/

I guess the best option in my case then is likely to add them as a non-admin user to my tailnet. The only concern I have is with the potential of one user deactivating the VPN connection unkowingly, which is probably where Funnel comes in as a better option, but I would prefer to avoid serving stuff on the web when possible. (It is specifically a FreshRSS instance for now)

Yes, there is two ways you can go about this. The way that you are thinking of (and the way that I would ideally like to go about this) is as listed on this help article. This is perfect for sharing a home server to some friends, and letting them access a given service without seeing any of your personal devices.

The other option is to have just one tailnet, but having multiple users as detailed here. Notably this can be a security regression (if you don’t limit access on a per-user basis with ACLs), but is ideal for sharing access to your entire network with your spouse / older children within the context of self-hosting.

For example, I have a friend who has shared a minecraft server with me and that is an ideal example of sharing one node to a seperate tailnet. I am an admin of the server, and can manage the docker container for it + the backup sidecar and the SMB share, but that is where my access to his network structure ends.

This contrasts the situation with my partner for example, where we share a tailnet (with seperate user logins) to make things like gamestreaming just that much easier to setup. Hypothetically I can use ACLs to limit access to stuff like the Cockpit web-management portal, or block the SSH port, but I don’t feel like I need to in my specific case.

Addendum: I also think sharing the device out strips it of its subnet routes + services, which is part of the problem I am running into where I do want it to strip subnet routing (my elderly parents DO NOT need access to my printer), but I ideally want to be able to still use tailscale serve + services + https certificates to be able to share my self-hosted RSS feed reader for them (ad-free, no AI slop, much better for my one parental figure with early-onset dementia).

Addendum 2: I highly recommend exploring tagging + ACLs if you are looking into personal usage / seperation of networks. It is just a much easier approach of seperating devices that are owned and operated by the same person. I would only explore multi-tailnet option when it is different users and you want to share a very limited scope of your network.

I still think a syncthing client of some form is ideal. As someone else mentioned there is the option of using the Syncthing Tray devs experimental android build. To avoid issues with sync-conflicts / maintain high-availability access to the most recent file, I sync the databse to a raspberry pi with the encryption option selected (not that the pi is untrusted per se, but it is a device that doesn’t need access to the file, it just serves the most recent changes to other devices since often my laptop / phone / desktop are not all on at the same time).

I think it’s important to see these types of efforts, while I’ll never go out and buy a MacBook the effort isn’t wasted since it gives current users more freedom and future people buying used laptops more options for Linux compatible hardware.

Without a project like this, that hardware will end up being e-waste a lot sooner than it should be, when Apple drops support. At least to me I see an ethical and moral imperative for projects like this, but I also understand people’s grievances with Apple.

I understand why they wouldn’t want to suddenly change the branding of existing projects though.

I’m not sure if I agree, I feel like the long term damage of keeping the names is greater than changing them now to Fedora Plasma Atomic (Formerly Kinoite) / Fedora Atomic Workstation (Formerly Silverblue). Leaving them as is, is just going to create more confusion in the future to new users who won’t immediately understand why the naming convention is different for the other spins and will create more confusion for documentation / support threads online.

I feel that I am 50:50 on it, immutable at least conveyed more information about what it is while Atomic feels a lot more “buzz-word-y” and does not convey as well what it means. Regardless, I’d say the bigger issue is keeping the old Silverblue & Kinoite names, they really should change them even if it means having a ~2 year period of having “Formerly Silverblue / Kinoite”.

Thank you for the very thorough reply! For god knows what reason I get this error: error: app/org.mozilla.firefox/x86_64/stable not installed when running the xdg-open firefox-reader command, yet manually running flatpak run --user org.mozilla.firefox about:reader?url=https://example.com works just fine. I’ll have to troubleshoot it when I have a bit more time ;p

Thanks again for your very thorough write up and the linked articles. Have a good day :)

Update: It seems like on my system, the --user flag was the issue, removing it made the script function. I am using Fedora Kinoite (Immutable version of KDE Plasma), so perhaps it is just a difference in how flatpak is configured between distros? I’ll have to read into it more later.

I’ll keep my answer focused on KDE Connect as I no longer use a TWM. You can most definitely use KDE Connect in non-Plasma environments. For non-Plasma (and non-Gnome ^* ) environments you can just install the kdeconnectd package. Then, to start the KDE Connect daemon manually, execute /usr/lib/kdeconnectd. You can schedule this to autostart as a systemd unit, or in the config for your TWM (I know in sway/i3 you could start it, I’m assuming it is similar for many other options)

If you use a firewall, you need to open UDP and TCP ports 1714 through 1764. If you use firewalld specifically, there’s an option to enable KDE Connect rather than manually specifying it. This also let’s you have it only work on private networks and not public if you so chose.

See Arch wiki for more details

*For gnome I would recommend using gs-connect even if you have a tiling extension

£ KDE-Connect: does that work on TWMs? Is there a good implementation? Can I use GSConnect elsewhere too?

I’d much rather use a separate Firefox (now Mozilla I think) account for my professional work. I also would prefer having separate extensions, notably Zotero connector is kind of useless for my personal browsing

Most of the documents I produce are converted to PDF or printed, so I use Nimbus Roman or Nimbus Sans (I believe). I do use Open Dyslexic font

For UI I really enjoy Inter, although Ubuntu, Roboto and IBM Plex Sans are also nice

For terminal I use Hack, although Source Code Pro is nice

The other nice thing for “state funded media” is they often have translations for international audiences

For example CBC / Radio-Canada also have an international page, Radio-Canada International offered in English, French, Spanish, Chinese, Arabic etc.

I am sticking around for the time being. While it is a community project, Red Hat is still the legal entity representing it and is a sponsor of the Fedora Project. I am confident that Fedora will continue to exist (or if RedHat ruins it, the community would fork it), consequently I feel that this is more a question of morals / ethics or desire to distance oneself from Red Hat products. With switching you would likely be giving up either KDE or immutability, until OpenSUSE’s Kalpa matures more. Regardless, I’m not sure how much benefit Red Hat gets from you being a Fedora user. Unless you contribute to the project itself or are using Fedora as a means to gain more knowledge for using RHEL products in enterprise.

Some relevant articles for people interested; Fedora Project Wikipedia governance section, Fedora Project Wiki regarding the proposed “Foundation” and the mailing list discussing the “Foundation”.

To elaborate further on what Vani said below, Fedora is an independent community run project but Red Hat does provide some funding to the project. Fedora is also “upstream” of RHEL / CentOS so it is not impacted like Alma / Rocky.

It goes both ways though, if beehaw isolates itself enough the rest of the fediverse will make its own communities that effectively replace the ones we lost from them defederating.

As of now they’re blocking 387 communities according to this

I have debated on hosting my own SearXNG search instance but I am not sure if I would benefit. I would likely be the only one using it but I would personally only use it for ddg, startpage, brave search etc. or in other words everything but google and bing. Is this what you do or do you share yours among others?

They really succeeded in creating good ambience for all of the different areas!

I feel like part of the 90s vibe is that it’s federated and that most of the community doesn’t have the toxicity that reddit had. I would argue that “feeling” disappeared when more things became consolidated into large companies rather than having many smaller forums or widespread use of open protocols like rss, xmp etc.

I have been enjoying it so far, the software feels quite similar to old reddit in many ways but the community so far is a bit less toxic. If anyone is wishing to use it on iPad I recommend going to your instance and in the share menu adding it to the home page as there isn’t yet a good option for iPad.

I am also looking forward to the addition of 2fa in the next update