Windows is cleaning up a lot of legacy drivers. A bunch of printers (+ scanners) that predate updates to the printer driver framework in recent versions of windows just don't have functioning drivers anymore, despite being perfectly functional.
All these devices work out of the box on linux, more or less.
Most devices that you can buy for under $400 now run on ARM chips (frequently Mediatek). We're talking tablets (with keyboards), convertibles, even outright laptops (i.e. "netbooks"). These things qualify as computers. They are replacing traditional laptops, just as those replaced desktops.
If we're looking at sub-$400 computers, especially on ARM, it seems like we have to include the large segment of ChromeOS devices that only run Linux out of the box (or at all, generally).
Referring to Intel Chromebooks (i.e. laptops), that segment is now dwindling in size much as its predecessor (Intel Windows netbooks) did a few years ago. Most low-end ChromeOS devices now run on ARM. And Android is nipping at their heels.
Netbooks were originally Linux. MSFT created a special licensing class just to try to undercut it. It wasn't great, but because Windows and Microsoft licensing, it quickly took off. People realized Windows on netbooks sucks, thought that meant that netbooks sucked, and eventually netbooks died. Until, arguably, ChromeOS arrived.
Sure. And all of those devices run Linux. Some of them even run other Linux OSs decently; one of my daily drivers is an ARM Chromebook running postmarketos.
It is not trivial to get FOSS Linux onto a write-protected Intel Chromebook, compared to a Windows netbook of yore. It is harder still to get it onto an ARM Chromebook or Android tablet. PostmarketOS is a bit simpler (or at least better documented) but it is not a full Linux distro.
Installing a fully-fledged FOSS OS on low-end general-purpose computing hardware is getting harder. Certainly for the non-techies who have to be part of FOSS if it is to survive.
I think it's better and worse in slightly different ways. On the one hand, yeah a Chromebook won't let you touch the default OS without switching to developer mode, and won't let you install a new OS without disabling the write-protect screw or firmware option. On the other hand, every ChromeOS device allows you to do exactly that, and then you can run whatever you want and you should have at least some support for upstream Linux because ChromeOS upstreams their drivers. (I will happily agree that the Android device situation is awful.)
> PostmarketOS is a bit simpler (or at least better documented) but it is not a full Linux distro.
By what definition is PMOS not a "full" distro? It's Alpine plus some extra stuff, including device tweaks and out-of-the-box desktop environments.
Most devices in that class I see run some vendor flavor of Android or ChromeOS and not Windows, so definitionally speaking they do run Linux out of the box.
Yes but it's a bit academic. The problem is that getting a FOSS distro of Linux onto low-end general-purpose computing hardware is harder now than it was a decade ago. I speak from bitter recent experience.
Oh, I know perfectly well what you mean. The move to the SoC paradigm has serious implications for the future of computing freedom. I can't imagine how we might be able to fight this crap, realistically.
Most non-Apple branded keyboards are NOT tested with mac; so it doesn't trust any electronic tags/labels, nor does it keep a database. Easiest thing to make it work 100% without asking the user to identify their layout, is to press random keys so the mac knows where things are mapped.
And sometimes, it seems like there's no fallback if you have no [working] smartphone. I knew someone who had a working smartphone, but a broken camera for few months. Couldn't scan any qrcodes to use these services till the phone was replaced.
I agree on principal, but I often find that the GUI abstractions don't always map to the linux tooling/terminology/concepts, which often ends with a head bashing against the wall thinking "this is linux, I know it can do it, and I can do it by hand, but what is this GUI trying to conceptualize?!?!"
I was recently introduced to a Barracuda router, and bashed my head against the wall long enough to discover it had an ssh interface, and linux userland, and was able to solve my immediate problem by directly entering the commands to get it to [temporarily] do what I needed. (Of course, using the GUI to reapply settings wiped my manual configuration...)
I've used pfsense, OpenWRT, Barracuda, Verizon's OEM router (Actiontec) and they all represent the same functionality wildly differently.
> I've used pfsense, OpenWRT, Barracuda, Verizon's OEM router (Actiontec) and they all represent the same functionality wildly differently.
Worth noting that pfSense (and OPNsense) are not Linux-based, they're based on BSD, specifically FreeBSD. While it's possible to have standard router OS web UIs that are cross platform, the underlying technology is different, so it's not really a surprise that there will be differences in how the devices running these OSes are configured.
The primary reason I stick to iptables instead of nft is that I already learned iptables decades ago, and some software I interact with still defaults to iptables and/or does not have full support for nft.
Why do you doubt the sanity of people sticking to iptables? What makes nft compelling?
My main reason is that nft applies configs atomically. It also has very good tracing/debugging features for figuring out how and why things aren't working as expected.
That said, I think many distros are shipping `iptables` as the wrapper/compatibility layer over nft now anyways.
As someone who recently switched over from iptables to nftables on one of my machines, the only thing that's better with nftables are sets and maps...
And, like, maybe I'm missing something, but I've found that sets are insufficiently powerful and maps are insufficiently well-documented. You can't have nested sets... that is sets that are defined (partially or completely) in terms of other sets. You also can't share sets across tables (or have "global" sets)... so that list of interfaces that'd be really good to apply to all of your rules? Yeah, you've gotta duplicate it in every damn table. And maps? My big beef with them is that the documentation makes two things very unclear:
1) What part of the nftables rule is going to do a lookup of the key in the map and what part will get the value. Like, seriously. Check out the nft(8) man page and look at their mapping examples. The k:v selection and insertion logic is clear as mud. I can guess a couple of possible interpretations, but if they explicitly state the logic, I must have skipped over it.
2) If it's even possible to have a multi-component key, to -for example- cook up a "verdict map" that fills out the statements:
You also lose the really nice tabular status display that 'iptables -L -n -v' provides you... instead you get a nested abomination that (on the one hand) thankfully isn't fucking JSON, but (on the other hand) isn't JSON, so you have to cook up a processor if you want to transform it. You also lose the really nice, well-thought-out CLI help text for doing basic shit, like, suchas "List the goddamn rules in the fucking ruleset". Even the nft(8) man page takes its sweet time getting around to telling you how to do that really fundamental task.
"The CLIs are much less nice to use" is kind of a theme I've noticed with some of these replacement networking-management tools. 'bridge' is way less nice to use than 'brctl' [0], 'ss' is quite a bit more obnoxious than 'netstat', etc, etc.
Though, to be clear, I find 'ip' to be a much better tool than 'ifconfig'... at least the Linux version of 'ifconfig'. Maybe the BSD version is great.
[0] It doesn't help at all that you have to use both 'ip' and 'bridge' to manage bridges.
Are they? I recently had to learn nftables and they seem to be iptables but with a slightly nicer syntax and without pre-defined chains. But otherwise, nftables directly maps to iptables and neither of them seem similar to pf.
I guess I'm different. I typically want my router/firewall/network services box to Just Work. I've made a career in deep-in-the-weeds system administration and engineering. Having to hunt down man pages, examples, tutorials, etc for the dozen or so fiddly bits make up a modern Linux- (or BSD-) based router was fun the first time, not so much the 10th. Been there, done that, got the t-shirt.
I will concede that the OpnSense UI is far from perfect. I would really like to see a device-centric view that lets me set all the things related to that device from one screen (or possibly one screen with multiple tabs). For example, if I add a Roku device to my network, I want to enter in the MAC address and then be taken to a screen where it will let me set the hostname, pick a static IP address, hand it a specific DNS resolver IP, see all of the traffic going to/from the device, only allow it access to the Internet between during certain hours, etc. All of this currently requires jumping around between multiple disconnected parts of the OpnSense UI.
I feel almost exactly the same as you on the subject. When I was young and starry eyed I built my own router out of a PC running openBSD, all by hand. Nice learning experience, interesting OS, but definitely not maintenance free especially around system updates as back then openBSD packages and sys upgrades required recompiling everything. Now I do the same mini-PC thing as the OP's article but I just put OpnSense on it. Agree the UI can be maddening at times but the thing is rock solid, and has very polished update and upgrade mechanisms. Built-ins/plugins are great - unbound, wireguard, openvpn suricata, backups to git etc. Also I like that it is BSD based, my network experience was learned on Cisco's and Junipers in an ISP setting and Linux networking has always driven me crazy
I've been running OpenBSD as a router for almost 20 years I think? These days, the only ongoing maintenance it requires of me is running `syspatch` and `pkg_add -u` periodically to keep things up-to-date, and then `sysupgrade` when a new release comes around. It's way more hassle-free than in the old days.
I had a similar experience with FreeNAS (now called TrueNAS): I'm sure it's great for some people, but I ended up fighting the abstraction layer way more than I benefited from it. I personally found it easier to just run Samba on plain FreeBSD/OpenZFS.
I LOVED the TI calc forums. I got my hands on enough parts (and went to radio shack to get the rest) to make my own cable from the parallel port to the 2.5mm jack they had back then.
I'm still amazed they cost as much now, as they did 30 years ago, but if you just realize you're buying a license for decent computer algebra system (CAS), at least in the ti-85/89/etc models, it kinda makes sense.
It's an unbelievably thin stranded wire, but the wires are coated so they can be in contact with each other without shorting. It's all twisted around a thin thread of cotton or nylon to add strength, then then encased in it's sheath.
The trick is to gently scrape the stranded wire with a blade for the solder to stick and to make a good connection.
All these devices work out of the box on linux, more or less.
reply