ParanoidPenguin.net

A look at the traffic originating from my Tor Exit relays

Sat, 14 Feb 2026 10:10:20 +0100

Have you ever wondered which clearnet web domains (as in not onions) are the most popular among users of The Onion Router project (Tor)? Is there any evidence to support the popular mainstream opinion that Tor is predominantly used by people with malicious and criminal intent? To add some spice to this question in 2026, I’ve aggregated non-identifiable data based on DNS queries made by my five Tor exit relays.

Disclaimer

This article does not pretend to be based on any scientific research, and the sample data is too small to provide any real value. I am also guilty of overstating the value of DNS logs when it comes to understanding traffic from Tor users. Only non-identifiable data has been used, and there are no attempts to perform any correlation with specific users or exit nodes.

Available data

Exit relays: 5
Log period: 1 week
Aggregated log files: 5
Total lines parsed: 60159688

An Unbound DNS server showing DNS queries from a Tor Exit Relay.

Classifying, extracting, and accumulating

All my Tor Exit relays use the Unbound DNS server. I have a mix of FreeBSD and Linux-based relays. I’ve made a Python script to parse the aggregated Ubound logs to identify and classify the data down to registrable domains and suffixes in a few steps.

Here is the gist of it.

Step one: Classify

WEB: Normal lookups
RDNS/PTR: Reverse DNS / PTR
IP-ISH: forward lookups where the hostname encodes an IP address

Step two: Normalize, extract, and discard

Extracting the registrable domains (eTLD+1) sounded like an easy task, but later, I realized that my increasingly growing list of regular expressions was not up to the task. My thanks to John Kurkowski for providing tldextract: A Python library to parse URLs.

The result

After discarding enumerated queries and malformed/unwanted patterns from the logs, we’re left with the following:

Class	Count	Share
WEB	22192644	98.818%
IP-ISH	249316	1.110%
RDNS/PTR	16224	0.072%
Total	22458184	100.000%

The top lists.

Finally, it’s time to break it all down. Let’s find out what the majority of Tor users are doing on the Internet.

Hackers (1995). Just because this article needed a cool image :)

Top 25 - Most popular domains

The moment of truth, unfiltered.

#	Registrable domain	Count	Category
1	digitaloceanspaces.com	881207	Cloud storage / object storage
2	amazonaws.com	568758	Cloud infrastructure
3	googlevideo.com	467369	Video CDN / streaming
4	fbcdn.net	271484	CDN / static content
5	google.com	130091	Search / web services
6	googleapis.com	103697	API platform
7	adsco.re	95874	Advertising / redirects
8	REDACTED	91342	Adult content / video CDN
9	blogspot.com	90937	Blogging / publishing
10	REDACTED	84911	Adult content / video CDN
11	REDACTED	82825	Adult content / media sharing
12	cloudfront.net	82121	CDN
13	tiktokcdn.com	60569	CDN / media delivery
14	googlesyndication.com	57701	Advertising / ad-serving
15	tiktokv.com	55131	Video delivery / backend
16	apple.com	51101	Technology / official site
17	REDACTED	49051	Adult content / video CDN
18	gvt1.com	48721	CDN / cache / updates
19	REDACTED	42730	Adult content / video CDN
20	amazon-adsystem.com	41343	Advertising / tracking
21	doubleclick.net	39803	Advertising / tracking
22	REDACTED	39792	Adult content / video CDN
23	cdninstagram.com	38169	CDN / media delivery
24	outlook.com	36901	Email / webmail
25	microsoft.com	36735	Technology / official site

To the surprise of no one, the Internet is currently being overrun by big tech and the advertising industry. The most surprising result in this list, as far as I’m concerned, is that Blogspot is still alive. And DigitalOcean is (apparently) a big player in the realm of object storage.

If we just focus on regular domains that users visit directly, we get a slightly different list.

Top 25 - Most popular regular domains

#	Registrable domain	Count	Category
1	google.com	130091	Search / web services
2	blogspot.com	90937	Blogging / publishing
3	apple.com	51101	Technology / official site
4	outlook.com	36901	Email / webmail
5	microsoft.com	36735	Technology / official site
6	amazon.com	36169	E-commerce
7	facebook.com	31662	Social media
8	ipleak.net	31348	Security / testing
9	sblo.jp	31324	Blogging / publishing
10	reddit.com	26889	Forum / social news
11	naver.com	26299	Portal / search
12	trezor.io	25623	Crypto hardware wallet
13	ask.com	21820	Search / web portal
14	mozilla.net	21782	Software / services
15	squarespace.com	20862	Website builder
16	yahoo.com	19915	Portal / email / news
17	torproject.org	19785	Privacy / nonprofit
18	tumblr.com	18621	Blogging / social
19	wordpress.com	18515	Blogging / publishing
20	yandex.ru	17417	Portal / search
21	roblox.com	17006	Gaming
22	instagram.com	16659	Social media
23	twitter.com	16408	Social media
24	youtube.com	15513	Video / streaming
25	live.com	15161	Email / web portal

Speaking of Blogspot, I’ve looked at the list of subdomains, and as far as I can see, it’s all just regular blogs by everyday people. The most popular one belongs to a techno artist promoting his music.

Other interesting findings

DNS queries seem like a more reliable indication of the popularity of your favorite Linux distro than Distrowatch’s infamous ranking.

Top 10 - Most popular GNU/Linux distributions

#	Distro	Registrable domain	DNS rank
1	Ubuntu	ubuntu.com	349
2	Debian	debian.org	606
3	Tails	tails.net	1104
4	Qubes OS	qubes-os.org	1680
5	Arch Linux	archlinux.org	3032
6	Fedora	fedoraproject.org	3239
7	Oracle Linux	oracle.com	5859
8	Gentoo	gentoo.org	7445
9	Manjaro	manjaro.org	7599
10	Red Hat (RHEL)	redhat.com	8176

Quite the difference from Distrowatch’s top 10. In fact, a few of the top 10 distributions from Distrowatch’s list had zero DNS requests.

FQDN / subdomains

I won’t be publishing this information in detail, as some companies seem to believe that DNS zone files are hidden or somehow secret information. Alas, there is no need to guard the server on the other end of the pointer. Deploy and forget, I guess, the benefits of automation.

However, I’ll make one exception to this rule. Apple has a few peculiar ones, including pancake.apple[.]com and swallow.apple[.]com.

Additionally, the poor and starving children forced to assemble your next iPhone in a faraway country are sending Morse signals from captive.apple[.]com. Mean-spirited geo-political jokes aside, this record was probably coming from Tim Cook himself, being held captive and forced to watch the Melanie premiere from inside the White House.

Logs on Tor Exit relays?

You should always have a “no logging” policy on Tor relays!

This seems entirely reasonable if you’ve never hosted servers. Tor relays (like anything else available on the Internet) are constantly under attack, and without any logs, you’re just fumbling through the dark.

Alpine Linux review – The desktop experience

Sun, 28 Dec 2025 12:03:31 +0100

Alpine Linux is designed to be a small, simple, and secure Linux distribution. For many, it’s the default choice for containerization. In fact, you might already be running an Alpine container somewhere as a part of a deployment without even knowing that it’s there.

I quite enjoy the ease of administration and the sans systemd part of Alpine Linux. I’ve never experienced any issues worth mentioning while running it. Alas, that was before I decided to turn Alpine Linux into a fully featured KDE Plasma desktop experience.

Welcome to Alpine Linux 3.21, stylishly dressed in KDE Plasma 6.

What makes Alpine Linux different

I think the official website sums it up well: “Alpine Linux is a security-oriented, lightweight Linux distribution based on musl libc and busybox”.

As an added benefit, keeping the distribution small, simple, and secure also keeps systemd out of the mix. However, how well do Alpine Linux’s musl libc and busybox work out when we move from servers to desktop systems? Are there any benefits in using musl and busybox compared to glibc and GNU coreutils used by most other distributions?

Out-of-the-box security features

In this context, out-of-the-box refers to being supported by the default installer. For personal usage, your mileage may vary, but these security features are usually required for enterprise usage.

Version	SecureBoot	Encryption	SELinux	AppArmor
Alpine 3.21	❌	✅	❌	❌

Hardware

I’ve installed Alpine Linux on my 6-year-old XPS 13 7390 that once upon a time came pre-installed with Ubuntu Linux 18.04.

Manufacturer: Dell Inc.
Product Name: XPS 13 7390 
Processors: 8 × Intel® Core™ i7-10510U CPU @ 1.80GHz
Memory: 15.3 GiB of usable RAM
Graphics Processor: Mesa Intel® UHD Graphics

Installation

Before getting started with Alpine Linux, new users should familiarize themselves with the Alpine User Handbook and the Alpine Linux Wiki. These resources might save new users some time and potential frustration, and are well worth skimming through.

Users can take advantage of the interactive setup-alpine installation script to have a base system ready to go in a few minutes. It’s straightforward and contains the options you’ll expect without any fancy GUI dialogs.

Well, that was both fast and easy. What’s next?

Configuration

Do you want X or Wayland, Gnome, KDE, XFCE, or maybe Mate? Alpine Linux offers a variety of configuration management scripts that do the heavy lifting for you.

Typing in setup-xorg-base / setup-wayland-base and setup-desktop in the terminal will provide you with an almost feature-complete Linux desktop in five minutes.

Be aware that setting up a desktop environment will require enabling the community repository. This means that the packages are not directly supported by, nor receive updates from, the Alpine core team.

Packages in community repository are those made by users in team with the official developers and close to the Alpine package process.
Source: Alpine Linux Wiki

The aforementioned configuration management scripts will install any kind of desktop flavour you desire and handle all the dependencies and relevant services. It’s a convenient and functional process that gives the user the perfect amount of freedom to choose their own building blocks.

Daily usage

So far, so good, so what. After playing around and making sure that my Alpine Linux KDE Plasma 6 installation was running smoothly, I decided to get some work done. I have a set of applications that I need to have on any system. Among those are the Tor Browser, and this is where I hit my first musl roadblock.

The Tor Browser, like a lot of software, is built for glibc and refuses to run on Alpine Linux. Some programs will run by installing gcompat (a library that provides glibc-compatible APIs for use on musl systems), but this is not a drop-in replacement for glibc and won’t work with the Tor Browser.

To circumvent the problem, I decided to deploy a Docker container for the Tor Browser and integrate it with the desktop environment. Four hours and a lot of Wayland issues later, and I finally had it running.

Running the Tor browser in a desktop-integrated Docker container on Alpine Linux.

On to the next one. However, I quickly decided not to repeat this Docker exercise, like ever, so I started looking for an alternative approach with JetBrains’ Rider IDE. Rider is available as a flatpak, which works fine on Alpine Linux, but it’s not from JetBrains themselves. Alas, since the binary does not run on Alpine Linux, I needed to containerize it.

Long story short, I ended up installing Distrobox as an alternative to manually configuring Docker containers.

Distrobox is a tool that lets you use different Linux distributions in containers with full integration with the host system.

I’ve never used Distrobox or comparative tools like Fedora’s Toolbox before, but I now fully understand the appeal of such tools. What set me back hours to configure manually with Docker was “magically” delivered upon a plate with a couple of commands in Distrobox.

Running the Tor browser from a Fedora container with Distrobox on Alpine Linux.

However, I now once more have a Fedora installation to take care of as the container base system. Preferably, I would avoid having to maintain multiple distributions with Alpine as the host, but I see no way around it apart from sideloading a full version of glibc. But then, what would even be the point in running Alpine Linux?

Apart from the initial software incompatibility issues I faced, Alpine has been chugging along nicely on my old Dell XPS for the better part of the year. It’s really a neat and simple system to manage and keep up to date. The Alpine Package Keeper (apk) is quick and easy to use, and offers the functionality you’d expect to manage your system, and nothing more.

Issues

Until recently, the only non-trivial issue I faced was SDDM (The Simple Desktop Display Manager) failing after an update, so I had to switch to LightDM. I believe the issue with SDDM was related to some systemd dependency, but I did not really bother to investigate.

My one real “what have I messed up now” moment came during the recent upgrade to Alpine Linux 3.23. That process ended prematurely and abruptly with an mkinitfs failure.

mkinitfs is failing during the Alpine Linux 3.23 release upgrade.

I have no idea how I walked into this one; perhaps it could be related to the new APK 3.0 version. The solution, at least for me, was to switch from BusyBox cpio to GNU cpio.

Anyhow, Alpine 3.23 has been the only release upgrade so far that, in my experience, was not “just working”.

Another minor issue I’ve faced with BusyBox’s Almquist shell is that the majority of my shell scripts are less POSIX-compliant than I imagined. Anyhow, that’s more of a me problem than an ash problem.

Conclusion

Is Alpine Linux suitable as a desktop environment? Well, like most things in life, it depends. Personally, I have enjoyed the experience for the most part, and it works well with my needs. However, it does feel a bit like fitting a square peg in a round hole. Alpine’s strengths as a minimal container system with musl and busybox feel wasted and even outright counterproductive on the desktop.

Still, Alpine Linux is stable, unassuming, and predictive to work with. Qualities I deeply admire (and usually miss) in a Linux distribution these days. If you do not need the proprietary NVIDIA drivers or depend on AppImages or snap, then by all means, Alpine Linux it is.

Year one of hosting Tor exit relays

Sat, 08 Nov 2025 11:10:05 +0200

It’s a dirty job, but somebody’s got to do it. Well, actually, that’s not quite true. I’ve been mirroring this blog as an onion site since 2016, so I figured it was time to contribute a little time, effort, and money towards the infrastructure of the Tor network. Besides, running Tor relays has always been on my bucket list, and I am getting old. No more time to waste ;)

Why host Tor relays?

That’s a good question. It’s not like the Tor project is lacking bandwidth or (technical) resources. Personally, I would like to see more individuals with the technical knowledge and resources run their own Tor relays. I believe that’s an important countermeasure to dilute the pool of relays run by three-letter agencies.

We are sadly living in a time and age where every surveillance nightmare is about to come to pass. Browsing the web using the Tor browser might soon be the only viable option to access what’s left of a free and open Internet. Case in point from the European Union, currently working on implementing regulations to sacrifice the security and privacy of their citizens on the altar of “save the children”.

An Ubuntu-based Tor exit node monitored with the command-line tool Nyx.

Will you go to jail for other people’s crimes?

While the notion is a bit of hyperbole, it’s one of the most frequent questions I get asked. Unfortunately, it’s still a public conception that the Tor network is predominantly used by criminals. Here, I simply implore you to do your own research. For the record. I have not anonymized my personal data with any provider of the computing services I’m renting. Everything is traceable back to me by design.

Prerequisites for running a Tor relay

You’ll likely not want to be running Tor relays on your home network, so the first order of business is to find a cloud-based provider. As a starting point, the Tor community offers a “Good and Bad ISPs” list. Understandably, due to the expected abusive traffic, complaints from other network providers, and high potential for IP blocklisting, few mainstream providers explicitly allow Tor exit relays.

From my background in the hosting industry, I already have a list of providers that always ignore my network abuse complaints. Now they’re unknowingly hosting my Tor exit relays. As for hardware requirements, most starter VPS packages will do, but preferably one with 2GB of RAM or more.

Another key factor to keep in mind is Tor’s bandwidth consumption. Few providers offer unmetered bandwidth. Ideally, you’d probably want more than 20TB of traffic per month. Getting charged for bandwidth overusage can be crazy expensive, depending on the provider, so it might prove useful to configure traffic limitations for the Tor relay.

Configuring a Tor exit relay

To be clear, these are my general fluffy observations and should not be mistaken for an install guide. The Tor Project should always be your source for up-to-date and regularly maintained technical information regarding Tor.

When hosting an exit relay, it’s advisable to harden the server as much as feasible. Do not host other services on the relay, and automate security updates. Additionally, I would suggest blocking outbound traffic completely in the firewall, and from there, only allowing outbound traffic to the ports made available for the exit relay.

You should also install a DNS server to resolve DNS queries so that this data is not passed on to the ISP’s nameservers. The sheer volume of DNS queries from your server would likely trigger some unwanted response from your service provider. Unbound is an excellent choice for a DNS server with good documentation that is simple to configure, both on BSD and GNU/Linux. Just make sure not to provide an open recursive DNS resolver. If possible, I am sure the Tor Project would appreciate a few more BSD-based relays. My recently deployed relays have been installed with FreeBSD. And speaking of DNS, I do not miss systemd-resolved one bit.

Checklist before deployment

The Tor Project provides an extensive and maintained collection of relay documentation that should always be the main source of information. The following are just my personal musings at this specific point in time.

Restrict bandwidth consumption

Tor relays are prone to consuming a lot of bandwidth. Getting billed extra by your hosting provider for several TBs of unexpected traffic usage may be, ehh, unpleasant. Tor lets you limit how much traffic you want to relay either by consistently throttling the amount of data or by specifying the maximum amount of traffic per day, week, or month. Refer to torrc for details.

Using vnstati to visualize bandwidth consumption (consensus weight 70 - 90,000).

vnStat is a lightweight network traffic monitor that I would recommend installing and configuring to receive daily traffic reports.

Reduced Exit Policy

If you’re not hosting your relay with a bulletproof hosting provider, then you should limit what ports are available on your relay. Otherwise, your provider will get drowned in abuse complaints, and your Tor operator adventures will come to an abrupt end. When you’re configuring your exit relay, you’ll find the mention of a “ReducedExitPolicy” directive in torrc.

Despite the policy name, it will open a substantial list of ports. Below is the complete list of ports for the reduced exit policy, lifted directly from Tor’s source code (\file policies.c):

#define REDUCED_EXIT_POLICY                                                   
  "accept *:20-23,accept *:43,accept *:53,accept *:79-81,accept *:88,"        
  "accept *:110,accept *:143,accept *:194,accept *:220,accept *:389,"         
  "accept *:443,accept *:464,accept *:465,accept *:531,accept *:543-544,"     
  "accept *:554,accept *:563,accept *:587,accept *:636,accept *:706,"         
  "accept *:749,accept *:873,accept *:902-904,accept *:981,accept *:989-995," 
  "accept *:1194,accept *:1220,accept *:1293,accept *:1500,accept *:1533,"    
  "accept *:1677,accept *:1723,accept *:1755,accept *:1863,"                  
  "accept *:2082-2083,accept *:2086-2087,accept *:2095-2096,"                 
  "accept *:2102-2104,accept *:3128,accept *:3389,accept *:3690,"             
  "accept *:4321,accept *:4643,accept *:5050,accept *:5190,"                  
  "accept *:5222-5223,accept *:5228,accept *:5900,accept *:6660-6669,"        
  "accept *:6679,accept *:6697,accept *:8000,accept *:8008,accept *:8074,"    
  "accept *:8080,accept *:8082,accept *:8087-8088,accept *:8232-8233,"        
  "accept *:8332-8333,accept *:8443,accept *:8888,accept *:9418,"             
  "accept *:9999,accept *:10000,accept *:11371,accept *:19294,"               
  "accept *:19638,accept *:50002,accept *:64738,reject *:*"

I would recommend stripping down this list of ports significantly before deploying an exit relay.

IPv6 exits

Tor could use a few more exit relays supporting IPv6. If your network provides you with an IPv6 address, invest some time in setting it up.

Exit Notice

Make it clear to anyone who connects to the IP address of the exit relay over HTTP that it’s part of the Tor network. That alone will significantly reduce the amount of inbound abuse reports.

Use BSD

We all like diversity, right ;) There is already an abundance of Linux-based relays. Let us get some more BSD relays into the mix. If you can configure a Linux relay, that knowledge can also be put to use for deploying FreeBSD / OpenBSD relays.

Get a new domain for reverse DNS

When you deploy a Tor exit relay, your server will be added to a substantial number of IP blocklists. Eventually, this reputation will spill over to your domain name as well, and Spamhaus will label it as malicious.

As seen on Spamhaus’ Domain Blocklist (DBL).

Unfortunately, this makes the domain name unusable for anything other than hosting Tor services.

Experiences

I’ll admit that I expected to receive way more complaints and other requests, especially in regard to the exit relays. However, it’s been pretty quiet out there. One explanation could be that law enforcement agencies have become more knowledgeable about the Tor network and thus don’t waste their time on dead ends. Or perhaps the amount of serious crime committed using the Tor network has been vastly over-exaggerated by mainstream media. It would not surprise me if the majority of Tor browser users are simply fed up with surveillance technology.

During the last year, I’ve deployed five relays, including three exit nodes. I have not experienced that hosting Tor relays requires significantly more work than other services I’m running.

A quick rundown of events

Here is a simple rundown of the events related to my five Tor relays during the last year.

Event	Occurrences	Responses sent	Outcome / notes
ISP complaints	3	0	No further action requested
Abuse complaints	2	2	Referred to exit policy
VPS takedowns	0	0	N/A
LEA requests	0	0	None received

See you next year for another report. Happy anonymous browsing!

Radix Chronicle: Gameplay, first impressions, and review

Thu, 04 Sep 2025 18:32:12 +0200

Hello again, let’s take a little detour from our regular programming.

Turn back time a decade and a half, or something, and I was spellbound by the game Dark Souls from FromSoftware. Like many others, I eventually stumbled upon the EpicNameBro YouTube channel. ENB was an American living and working in Japan who frequently posted interesting gameplay videos from the Japanese edition of Dark Souls.

It was my first (and last) experience with watching other people play games on YouTube. EpicNameBro had a special knack for analyzing and breaking down the gameplay. His opinions on game mechanics and storytelling resonated strongly with me. Fast forward to the present day, and ENB and friends just released their first game.

Radix Chronicle

Radix is a tactical skill-oriented RPG inspired by SNES and PlayStation classics. The genre is far from my wheelhouse, but I feel the least I can do is to give the game a go after consuming all those hours of ENB’s Dark Souls content.

First impressions

Radix Chronicle from Luna Flora is my first introduction to a tactical RPG game. That makes it hard to give a good assessment of how it stacks up to other titles in the genre. However, I gave it an honest shot, and I’ll share my uneducated opinion.

The story, gameplay, graphics, and sound

We meet up with our merry band of heroes in the unnamed Kingdom when they learn that a pack of awfully cute dogmen has started to wreak havoc in the nearby forest. Our heroes leave their bickering and infighting behind and travel out to face this unexpected foe.

Radix has a turn-based gameplay where you’re in control of a party where each character can wield brute force or dabble in magic. The player must work out which strategies to employ depending on the battle scene. We can modify the terrain to our advantage, identifying enemy weaknesses, and hopefully plan a few turns ahead. The skill part is based on your timing with weapons and magic. Perfect timing inflicts the most damage, but it’s also easy to miss completely, as different items require different timing.

Girl power! Celestora wins by fatality.

I had planned to play this game for an hour, but when I slowly got the hang of the gameplay, I was kind of hooked. I spent five hours replaying the first missions so I could complete all the challenges, and I had an enjoyable time mixing up strategies and perfecting my deadly set of skills.

The pixel art is beautiful and gives the game a polished look. The finished product looks way better than the early gameplay videos, and I would say their effort and attention to detail really have paid off.

The soundtrack is, in my opinion, even better than the graphical artwork. The game has some sweet tunes that sent me back to my childhood in a burst of nostalgia.

A short review

It’s an impressive first effort from Luna Flora. They got a lot of the important bits right, but there are also some parts that I thought didn’t work.

The good

The gameplay is fun, challenging, and surprisingly addictive. As with Dark Souls, it can be frustrating and difficult until you figure it out. I got plenty annoyed with my failing reaction time while replaying missions. Good stuff. And as previously mentioned, the soundtrack is a real surprise that showers the game in a cozy kind of atmosphere.

The bad

The storytelling and dialogue between party members never caught on with me. After the first few missions, I skipped the story scenes completely. The wall of text approach to storytelling didn’t capture my imagination. Though there was some mention of bondage in there, so I might be missing out. However, the white font in these story scenes is almost unreadable, and it’s accompanied by an awful repeating ’typewriting’ kind of sound.

And to my dismay, starting a new game will wipe out your existing save. Any progress you made in the game is gone, forever. Now, how’s that for old school?

The ugly

The aspect ratio.

I believe Radix Chronicle was initially going to be a mobile game, but for some reason, they stuck with the aspect ratio. Thus giving you the impression of playing a mobile game on your computer. That boils down to a lot of wasted screen estate.

Conclusion

Rating: Mixed

It’s not an epic game, bro, but it’s still better than 50% of the games in my Steam collection.

Radix Chronicle is available for 20$ on Steam as of writing. I bought the game as a token of support towards ENB, but I believe I got my money’s worth. It’s a fun little adventure with lots of charm. What more is there to say than praise the sun and consider picking up Radix if you’re into tactical RPGs?

Played on MacBook Pro M1 with macOS Sequoia
Available now on Linux/Windows and macOS
Get Radix Chronicle on Steam

Btw, I heard through the grapevine that Luna Flora’s next project will be a Metroidvania game, and that makes me excited.

All your content are belong to AI

Sat, 17 May 2025 11:42:18 +0200

Artificial Intelligence is everywhere these days. It’s even sucking the last drops of blod out of the wasteland that is this blog. How arrogant of me to believe I was writing content for humans, when in fact, a battalion of AI bots are my only constant readers.

Zero Wing - The epic game behind the meme “All your base are belong to us”.

Consuming your content in real-time

I was not aware to what extent OpenAI is changing how people access and consume information on the Internet. One of ChatGPT’s most impressive features is its ability to search the Internet in real-time to answer user queries.

It’s kind of like Google Gemini’s AI overview response to user queries, only actually useful. In my opinion, ChatGPT does such an impressive job with filtering, organizing, and summarizing the relevant parts from its sources that the user would hardly ever need to leave its service (eat your heart out, Google).

ChatGPT-User feeding on my organic content in real-time. Click the image for details.

The article referenced in the image above is requested by bots more than 90% of the time. Human traffic is going extinct. That is more or less the trend for all of my content.

ChatGPT-o3 is providing me with the information I asked for after searching the web.

ChatGPT does provide the user with source links, but seeing how it excels at identifying the information you need, there is hardly any reason to read the extra fluff provided with the source material. At least, my numbers seem to support this claim. During the last week, my web server log has received 2210 hits from the ChatGPT-User/1.0 user agent, while I’ve gotten 4 hits containing the utm_source=chatgpt.com referrer. The latter indicates that a human has clicked a source link provided by ChatGPT.

It’s evolution, baby

All my own content is licensed under WTFPL, so I don’t personally have any issues with what OpenAI is doing. However, disregarding copyright and charging its users for other people’s work seems both unjust and unsustainable in the long term. Creators making a living off their content face a far bigger threat today than Google ever posed.

I should probably disclose that I am a paying user of OpenAI’s services. In that regard, I am aware that I am a part of the problem. But it’s a problem where I don’t see a solution. Search engines no longer provide relevant search results and have been gamed into a premature death by SEO. The web itself has become infested with ads and malware while any organic content seems to be written for search engines.

OpenAI currently provides me with a better experience, so unfortunately, that’s what I’ll use. That, and my extensive list of RSS feeds.

Migrating from WordPress to Hugo: 5 years, 9 months later

Sat, 03 May 2025 12:48:51 +0200

I’m already coming up on my sixth anniversary with Hugo. Wow, time really does fly. I feel like sharing some of my experiences with Hugo and how it compares to my previous long run with WordPress.

The way of the Hugo

Hugo is a fast-moving target and it does not care much for backward compatibility. You get a few deprecation warnings and then stuff just blows up :) On the flip side, you do get a constant stream of new features to play with. However, for a simple blog like mine, Hugo was feature-complete for my needs many years ago.

None of this was an issue before the maintainer of the Hugo theme I’m currently using stopped pushing updates to keep the theme compatible with current Hugo releases. I hope the theme author is doing well, and I’m not saying the author owes me anything. The Binario theme is offered as open source and anyone is free to fork or contribute.

Great in theory, but in practice, you’re left with the pieces when someone decides they don’t want to offer their time for free anymore. Unsurprisingly, it’s not the most sustainable business model in the world.

Code poking

I’ve managed to keep the theme working with minimal effort by doing some Google-fu and adding small fixes. However, with the release of Hugo v0.146.5, this came to a halt when I tried to load an old post and got the following result:

It does look like a templating error since the post is not rendered correctly. However, it does not trigger any error messages. Since the issue was only affecting old posts, I suspected it could be related to some of the extra front matter that got added during the migration from WordPress way back when.

The layout: post front matter as shown below was my prime suspect as the Binario theme doesn’t have a matching template:

id: 1336
title: How to install the Asus USB-N13 Wireless Adapter...
date: 2013-07-22T22:13:10+02:00
author: Roger Comply
excerpt: A while back I bought the USB-N13 wireless...
layout: post
guid: http://www.blog.paranoidpenguin.net/?p=1336
permalink: /2013/07/how-to-install-the-asus-usb-n13-wireless/
categories:
  - GNU/Linux
  - Slackware Linux
tags:
  - Asus USB-N13
  - Slackware

However, this didn’t use to be a problem and I have no idea what changed with Hugo to trigger it after all this time.

Say what you will about WordPress, but I recently restored a WordPress-based website that had been offline for ten years and I could simply update it to the latest WordPress release without any issues.

We can work it out

With a bit of forward-thinking I could have pinned an older version of Hugo and stuck with it “forever”, but hey, why make it easy on myself. Hugo is nerdy, and I don’t need an excuse to spend some time learning Hugo’s templating syntax and other features. After updating the theme and removing the obsolete front matter, I even discovered that a few of the features I have implemented “on the side” were now available in Hugo core.

Hugo v0.146.6

Since I started writing this post a couple of weeks ago, there have been several new Hugo releases. My issue seems to have been fixed as well:

Hugo v0.146.6 What’s Changed tpl: Fix when layout specified in front matter and no match is found 088cd2f @bep #13628

A return to WordPress?

Not in this lifetime, thank you. All software has flaws, but Hugo is still pretty darn great. Even though WordPress is impressive with regard to backward compatibility and features, there are serious performance issues to be expected when maintaining a codebase with that much legacy support.

Static site generators are great, but they are not great for everyone. Count me in the “Move fast and break things” camp :)

Contabo – Crashes, flash sales, price hikes, and switcharoos

Sat, 08 Mar 2025 12:38:23 +0100

At the end of last year, I decided to move my email server to Contabo. This came to be after being enticed by the “too good to be true” prices and specifications of its VPS offerings. I have great faith in German businesses, but in retrospect, I should have done a bit more research before hitting the deploy button.

Infrastructure issues

Our story starts after two months of smooth sailing when I experienced my first serious issue with my Contabo-hosted server. After logging in over SSH to check on what I believed to be an SMTP issue, I realized that the root partition had been re-mounted as read-only due to filesystem errors. I rebooted and connected to the server using VNC and was welcomed with the screen shown in the screenshot below.

File system check of the root filesystem failed. Filesystem requires a manual fsck.

Too bad I never got around to setting up that backup I had planned. Anyhow, happy did go lucky this time around and the filesystem could be repaired. The server booted back up and I did not lose any data. Concerningly, the VPS has also been rebooted a couple of times without prior notice from Contabo. I would assume this is related to hypervisor issues or unscheduled maintaincene. Safe to say, I now have an external backup in place.

Flash sales

Contabo is seemingly always advertising some special deal. I find this business practice to be a bit, well let’s say spammy, but not unique to Contabo. However, when I bite on one of its flash sales only to get noticed a few months later that the terms of the deal have been modified, well that’s another story.

Contabo running one of its "VPS 0" flash sales on the 18th of November 2024.

A VPS at their most affordable price? Yes please I’ll have one of those. Then again, three months later Contabo decided that its most affordable price was not sustainable and sent me the following notice:

We are reaching out to you today to inform you about an update in the prices of certain products you are using at Contabo. Below is a list of your active and affected subscriptions, indicating the new prices and the date when this comes into effect.

Subscription	IP	Old price (gross)	New price (gross)	Date of price change
VPS 0 NVMe	157.173.xxx.xx	€4.19	€5.10	Apr 18, 2025

The price hike for Contabo’s “VPS 0” brought it close to what I was already paying for the far more powerful “Cloud VPS 1” and thus I decided to visit its website to have a closer look at its current VPS offerings.

Product switcharoos

Thanks to the Internet Archive, I could compare the current product listing as of 2025-03-01 with the previous month. Contabo seems to have rebranded its VPS product line to be able to slice off a significant bit of resources (RAM and HDD) while keeping the price intact.

Rebranded products with the same affordable price. Now with fewer resources.

For unknown reasons, this significant change seems to have gone unmentioned in their newsletter and other marketing channels.

Conclusion

Based on my experience, I would not recommend Contabo as a VPS hosting provider for projects that require it to be online and available 24/7. If your use case is testing and development or personal projects then I believe it’s a good fit.

Companies need to find a sustainable business model. If that’s the reason behind the changes at Contabo then so be it. After all, you get what you pay for. I’ll follow up on this story later this year. Granted Contabo doesn’t kick me off its platform.

The year of the Linux desktop has arrived

Fri, 07 Feb 2025 15:19:18 +0100

After spending the majority of my personal computing adventures on my MacBook Pro last year, I received my final deprogramming session with the latest batch of macOS updates. Surveillance tech has now festered deep inside macOS Sequoia itself with the rollout of Apple Intelligence. Apple’s promises of groundbreaking privacy protections aside, I employ a strict zero-trust policy when it comes to accessing my personal data.

macOS Sequoia 15.3 with Apple Intelligence on my MacBook Pro (13-inch, M1, 2020).

You can disable Apple Intelligence and trust that no personal data will ever leave the device without your knowledge and acceptance. However, I don’t see how I could reasonably secure my data and communication on an operating system with embedded AI. In fact, I believe that’s technically impossible. Be it macOS or Microsoft Windows.

Use GNU/Linux or BSD

OS-level AI integration is not the future of personal computing, or at least, it’s not in my future. Proprietary operating systems are currently descending into madness, let them go down alone.

Alpine Linux 3.21 running KDE Plasma on my XPS 13 7390.

2025 is going to be terrible. Put your tin foil hat on. Happy New Year!

Rclone with OneDrive on MacOS – unauthenticated: Unauthenticated

Sat, 07 Dec 2024 19:26:03 +0100

The rclone mount command worked without throwing any errors, and I could browse all my files from the local directory. However, when loading up my music collection with VLC, I got that little annoying spinning beachball of death. The reason appeared obvious going by rclone’s error log:

2024/12/07 15:22:18 ERROR : 1914 - Eschatology of War/1914 - Eschatology of War - 01 War In.flac: vfs cache: failed to download: vfs reader: failed to write to cache file: unauthenticated: Unauthenticated
2024/12/07 15:22:18 ERROR : 1914 - Eschatology of War/1914 - Eschatology of War - 01 War In.flac: vfs cache: failed to download: vfs reader: failed to write to cache file: unauthenticated: Unauthenticated
2024/12/07 15:22:19 ERROR : 1914 - Eschatology of War/1914 - Eschatology of War - 01 War In.flac: vfs cache: failed to download: vfs reader: failed to write to cache file: unauthenticated: Unauthenticate

unauthenticated: Unauthenticated

I felt confident that something must have gotten wiped or corrupted after upgrading to macOS Sequoia. I concluded that a simple fix would be to delete the misbehaving remote and configure it from scratch.

Authenticating with OneDrive while setting up the remote anew should solve whatever the “unauthenticated” error was referring to. I was none too pleased to discover that my effort had resolved exactly nothing.

I just logged into that account. What do you mean unauthenticated:Unauthenticated?

Did you try updating that thang?

After searching for an answer to my issue, I came across the following list of OneDrive fixes from the Rclone v1.67.0 changelog:

Onedrive
    Add --onedrive-hard-delete to permanently delete files (Nick Craig-Wood)
    Make server-side copy work in more scenarios (YukiUnHappy)
    Fix "unauthenticated: Unauthenticated" errors when downloading (Nick Craig-Wood)

Interestingly, the latest version of Rclone at the time of writing is Rclone v1.68.2. Issuing rclone version on my Macbook prints out v1.66.0. Why am I running an old version? I was convinced I had installed rclone using brew and should have the latest version.

Alas no, I had installed the Rclone binary from Github as a one-and-done job. Oh well, at least I got intimately familiar with my Little Snitch configuration trying to figure out if the error was related to firewall rules.

An update later and happy tunes were once more filling my earholes.

Streaming my lossless Bandcamp music collection from OneDrive with VLC.

Moving my email server off DigitalOcean

Sat, 23 Nov 2024 16:46:27 +0100

When I deployed my email server with DigitalOcean five years back, it delivered at a competitive price and performance. A few years later, the same server has gotten a price hike but no upgrades or resource increases. Even so, hosting your email server is not for the faint of heart, and IP reputation is a big part of the game. Therefore, I stayed with DigitalOcean until the depletion of resources finally forced my hand.

After five years of service, it’s time to retire my DigitalOcean hosted email server.

Server cost and resources

I enjoy squeezing out the maximum value from a minimum of dollars so I ran the email server on a basic droplet. It’s a far cry from any recommended server specification for email hosting, but it was reliable.

Memory	vCPU	SSD	Transfer	$/mo
1 GB	1 vCPU	25 GB	1 TB	$6.00

I looked into resizing my droplet to add more RAM and disk space, but doubling memory and storage on this droplet would also double the price. I don’t want to spend 12$ per month on what I still consider a minimal configuration.

Getting the most bang for your bucks

I wanted to host my server with a serious and reliable provider that could offer the same stability I enjoyed with DigitalOcean. After doing some research I ended up with a company where I was an existing customer.

Contabo is a German hosting provider with great deals on virtual private servers. My new email server is hosted by its entry-level Cloud VPS 1.

Memory	vCPU	SSD	Transfer	$/mo
6 GB	4 vCPU	400 GB	32 TB	$5.50

Contabo allows inbound and outbound traffic on email ports, over both IPv4 and IPv6.

A new email server with zero reputation

After remote syncing the data from my old email server, I was ready to figure out how much of an issue mail deliverability would be when starting with a fresh IP address. To my great surprise, the Axis of Evil (Microsoft, Google, and Apple) all accepted my messages, even without slapping a spam label on them.

Maybe the tech giants feel they killed off decentralized email and no longer need to bother with the outliers.

A note on Contabo

Contabo might have the best price-to-performance ratio, but they do not have the most feature-rich and user-friendly control panel. If you know what you’re doing that’s not an issue. If not, then maybe it’s not the best fit for your needs.

Contabo’s VPS control panel shows a list of my currently deployed servers.

Future migrations

The only US-based hosting provider I still have servers with is Vultr. Vultr is slightly more affordable when compared to DigitalOcean, but I believe it’s time to relocate to Germany.

Disney+ has turned me into a hardboiled criminal

Sat, 16 Nov 2024 15:17:30 +0100

A couple of years ago Disney released a new series based on the classic Willow movie. The show had everything you’d come to expect from Disney: Strong independent women kicking ass. A beautiful young prince in distress. And a band of silly bickering men for comic relief.

It continued none of the magic from the movie, except from Warwick Davis himself. Regardless, I was planning on finishing the show, one day, eventually.

Aaaand it’s gone

Disney removed the Willow series from its streaming catalog. You can still watch the original movie, but the series is no longer available.

Disney’s new Willow series is no longer available on Disney+ for streaming.

I find it abhorrent that a show produced by Lucasfilm (Disney-owned) and distributed by Disney has been pulled from its streaming catalog shortly after release. As a paying Disney+ subscriber, I was never permitted to watch the series in its entirety.

Granted the show was not great, and I probably spent a year getting through the first five episodes. I still find it offensive that Disney took it down to avoid paying the show’s rights holders. What a way to give customers the middle finger.

Aaaand it’s not available anywhere

To add injustice to insult, the Willow series is not available to stream anywhere. It’s locked down in Disney’s vault, likely never to be seen again. How can I find peace never knowing if Prince Airk was saved? Did the warrior princess and that other woman confess their feelings for each other? And there was also a plot involving Willow that I’m forgetting.

Did the warrior princesses get to live happily ever after, with each other?

Honestly, the show was not any worse than 90% of what Disney is already flooding their streaming platform with. I kind of enjoyed it and nostalgia still runs strong in my veins. I will contribute to help preserve and make the Willow series available for future generations. No more streaming today, gone forever-after tomorrow.

You wouldn’t download a car

With all other “legal” options exhausted, I’m going down a familiar path. A path that was once my preferred way of consuming digital content. And I won’t have a bad conscience for doing it, and neither should you.

They can take our shows, but they’ll never take our *arr arr* freedom.

Well look at that. It’s like someone made a free library for digital content, for the good of mankind. This is how the legend of Willow Ufgood survives.

Why did Disney remove Willow?

Let’s end with a quote from the folklore-stealing copyright-abusing Walt Disney Company:

Disney is reviewing its content to align with its strategic approach to content curation.

- The Walt Disney Company

F*ck you Mickey Mouse. F*ck you very much.

Is StackSocial legit? I bought Windows 11 Pro for less than $20

Sat, 09 Nov 2024 19:58:16 +0100

StackSocial, an online marketplace owned by StackCommerce is seemingly always running the deal of a lifetime on Windows 11 Pro. StackSocial is offering the software with a retail value of $199 with 89% off. Reputable technology websites like ZDNET, CNET, Android Police, Cult of Mac, and PCMag are running commission-based promotions on Microsoft Software from StackSocial.

ZDNET’s expert staff finds the best discounts and price drops from reputable sellers.

The screen capture above shows StackSocial’s ad running on ZDNET’s website and is attributed to a ZDNET associate editor. Obviously, for people unfamiliar with Microsoft licensing and product pricing, this must seem like a legitimate and amazing deal. Reading the entire promotion reinforces the impression that ZDNET is signing off on it. However, there is one section that makes little sense if it’s promoting a genuine Microsoft Windows license from this deal:

It’s important to note, however, that while StackSocial offers “lifetime” access to Windows 11 Pro, Microsoft could end the license. But that’s not to say that it will.
Source: zdnet.com available on archive.org

Now why would Microsoft revoke a valid product key? I’ve not heard of this practice before. It’s almost like ZDNET suspects something’s amiss. It reads like a huge red flag so I decided to contact ZDNET to ask if they could confirm that they’re promoting a genuine deal. I got a reply informing me that my inquiry had been forwarded to an editor but no further clarity on the subject was ever provided.

Buying Windows 11 Pro from StackSocial

Following the advice from ZDNET’s expert staff, I decided to treat myself to the best of what Microsoft has to offer by purchasing Windows 11 Pro from StackSocial for 20 dollars.

Before buying the product, I carefully read the product description and browsed the review section on StackSocial’s product page for Windows 11 Pro. The verified customers gave great product reviews so there should be no unexpected issues, right?

The buying and checkout process was kind of annoying with having to opt out of an endless stream of upsell offers, but in the end, the payment went through and the deal was completed.

Redeeming my Windows 11 Pro license

Unfortunately, another red flag appeared immediately as I wanted to redeem my product key. This time in the shape of the following ominous message from StackSocial’s purchase page:

Heads up! A small number of customers run into a ‘used key’ error message.

None of the verified customer reviews mention this issue as far as I remember. Maybe it’s just a strange fringe case. On a more serious note though, you should never receive an error message about a “used key” when purchasing a license from an authorized Microsoft partner, or from Microsoft.

Activating Windows 11 Pro

Finally, after using my newly redeemed product key and upgrading to Windows 11 Pro, it was time to kick back and relax while enjoying my new Windows 11 Pro installation.

Unable to activate Windows - The product key was already used on another device.

The error message “We can’t activate Windows on this device because the product key was already used on another device” means exactly what it states. When connecting to Microsoft activation servers, they perform a check to see if the product key has been used on other devices. In my case, this check came back positive for my product key and thus it’s illegible for use on my computer.

Before contacting StackSocial about this issue, I verified that the product key I redeemed was a retail key and not a volume key. The product key was indeed a retail key so that part checked out. The only issue was that too many people were using the same key.

Hello, StackSocial support

Curious to hear how StackSocial would explain this unfortunate situation I contacted their support and raised a few concerns regarding the product key. I got a reply where they apologized for my issues and attached step-by-step instructions on how to activate Windows 11 Pro by phone using “my” redeemed product key. None of my concerns were addressed, but they pointed out that StackSocial is a marketplace, and not the actual provider of the license.

Windows activation by phone

I have not performed this highly annoying exercise in decades. The phone validation process allows a workaround if the product key has been used on multiple devices. Without going into details, this works by resetting the activation count for the product key and reassociating the license with your hardware. Again, this is not something you should have to do after buying a genuine license and it’s prone to abuse.

Microsoft Windows phone activation. Were you using this product key? Very, very sorry!

Performing this exercise, I might end up deactivating the Windows installation of other people using the same product key. This might tie back to ZDNET’s note about Microsoft deactivating the license at any time, but it would be unfair to speculate on this. Once more I contacted StackSocial with my concerns, but they only repeated that they’re just a marketplace and that the licenses were provided by an authorized Microsoft partner.

Does StackSocial scam their customers?

StackSocial has a dedicated page addressing customers’ concerns. In short, they state the following: “StackSocial is a trustworthy online marketplace with reliable partners and deals you can count on”. Their deals are also promoted heavily by reputable partners as I mentioned earlier in this article. Many companies work with them to sell their products and services. However, that’s not to say every deal sold on their marketplace is legit.

I would be cautious of their deals on software from Microsoft. The following points should be taken into consideration before making a purchase.

Microsoft partners do not get an 89% discount on Windows retail licenses
A genuine Windows license does not fail product activation
Phone activation is not required for a genuine Windows license

Warning other potential customers

Discouraged by my experience and 20 bucks short after purchasing a non-genuine Windows Pro license, I decided to leave an honest review on StackSocial highlighting my issues. The review alas was never published. Seemingly, only positive reviews are welcome on their product deal pages.

Is Windows Pro for 20$ a good deal?

Definitively not. The right price for a non-genuine Windows 11 Pro license should be 0.00$. Jack Wallen is the man, but even so, you can’t trust ZDNET.

Dell XPS 13 9345 Snapdragon X Elite Review

Wed, 02 Oct 2024 18:29:13 +0200

After my improbable love story with the MacBook Pro M1 I have descended further into madness. Awed by the ARM architecture of the MacBook Pro, I decided that I needed to get my paws on one of those new Windows ARM-based Copilot+ PCs. Being a longtime fan of Dell’s XPS product series, I bought the XPS 13 9345 Snapdragon® X Elite X1E-80-100.

The XPS 13 9345 Copilot+ PC sits on top of my MacBook Pro 13-inch 2020 model.

Hardware

If you’ve seen YouTube reviews of the XPS 13 9345, you have probably heard complaints about the keyboard, the capacitive touch function row, and the borderless haptic trackpad. I agree on two out of three. I love the feeling of the keyboard on the XPS, and I even prefer it to the MacBook Pro.

However, the function keys are a mess. Simply adjusting the volume becomes a challenge for me without a haptic response. I find the invisible trackpad less of an issue, even if it’s a case of form over functionality.

Of available ports, you get two USB-C ports, one on each side, and that’s it. Not even an audio jack. Apart from that nonsense, the build quality is as expected from a Dell XPS.

Model specification:

Processor: Qualcomm® Snapdragon® X Elite X1E-80-100
Memory: 32GB, LPDDR5X, 8448MT/s
Storage: 1TB M.2 PCIe NVMe
Graphics Card: Qualcomm® Adreno™ Graphics 
Display: 13.4", FHD+ 1920 x 1200, 30-120Hz
Operating System: Microsoft Windows 11 Pro
Cost: $1,499.99'ish

Nothing too extravagant, but I did upgrade to Windows Pro with 32GB of RAM and 1TB of storage. I intended to use Hyper-V and run some virtual machines. Predictably for most, this did not turn out as I had envisioned.

AI features

I’ve been using the computer for a couple of months and have not found a need for the included AI features. At this point, I can’t even remember what kind of AI features the Copilot+ PC includes. But hey, I got this integrated NPU (AI chip) if something exciting comes along. There is one notable exception though, the live caption feature (live translations) may prove useful. That is if it can work as advertised and produce a coherent translation.

Top left: Live captioning from Japanese in real-time. Top right: NPU (AI chip) utilization.

With all the AI product offerings from OpenAI and friends, I don’t believe anyone will be amazed by what Microsoft has baked into Windows 11. Of course, it’s a clever move by Microsoft to try to offload the cost of AI processing from the cloud to the end user’s computer.

ARM architecture

I’ve been so blown away by the performance, stability, battery life, and complete lack of fan noise on my MacBook Pro that I had to see if this experience could be replicated on a PC running Windows on ARM. Pop the champagne! The Qualcomm ARM-based Snapdragon® X Elite delivers the optimal Windows experience.

Battery life, performance, and for the most part, no loud fans. I am genuinely impressed, and I don’t even like Microsoft Windows.

However, there is one big caveat here. All these aforementioned gains depend on software being built for the ARM architecture. If you install x86/x64 based software on Windows on ARM it will be emulated. That means performance will be degraded if the application can even run on a Copilot+ PC.

Windows task manager showing Steam running emulated under Windows on ARM.

Microsoft does of course ship most of its software readily available for Windows on ARM. Windows, WSL, Microsoft 365, and Visual Studio are offered as native ARM software, but even here there are notable exceptions.

Why you should get a Copilot+ PC

The answer to this question heavily depends on what kind of usage you want out of your computer. Keep in mind that the first generation of a new product line will always have issues and incompatibilities that might not be fixed until subsequent generations.

Based on my own experience I’ve found the following usage to be ideal for a Copilot+ PC:

Web browsing and consuming media content online or locally
Office work where your workflow predominantly consists of Microsoft applications
.NET development work with Visual Studio

Why you should not get a Copilot+ PC

This is not a gaming computer. Gaming on a Copilot+ PC with a Qualcomm® Adreno graphics card is an abysmal experience. I’ve not found a single game from my Steam collection that runs with a decent performance. If the game is even able to load, I’m usually left with 20 – 30 FPS and screen tearing issues.

Stray is hardly playable on Windows on ARM but look at those cute kitties.

Software emulation issues are not limited to games. Anyone who needs to run proprietary software from a third-party vendor better do some research before picking up a Copilot+ PC. And if you plan (like I did) to run a Hypervisor, remember that you’ll be virtualizing ARM-based operating systems.

Final thoughts

The XPS 13 9345 Snapdragon will not replace the MacBook on my desk, but I might keep it within reach. I’m curious to see where Windows on ARM is heading. It does look like Microsoft will make it work this time around. As for the AI features, count me unimpressed. I don’t see much use for it, and it comes off as a half-baked tech preview. Granted, Microsoft had to pull out the now infamous Recall application, so maybe that will change.

Anyhow, I must admit I bought this laptop with a hidden agenda. I do expect to be able to install an ARM-based Linux distribution down the road. We’re not there yet, but it’s being worked on.

iSwitched: From GNU/Linux to macOS

Wed, 24 Jul 2024 00:10:46 +0200

For reasons that currently escape me, I bought a 13-inch M1 MacBook Pro during a black Friday sale back in 2021. After feeling somewhat discouraged with the latest offerings in the Enterprise Linux world, I decided it was time to unwrap the MacBook and have a closer look at macOS. Now, six months later, I thought it would be fun to look back on this journey and maybe get an answer to the dreaded question: Is macOS better than Linux?

A short backstory

Around the time I bought the MacBook Pro, I also replaced my Android phone with an iPhone. That turned out to be my gateway drug into the Apple ecosystem. Since then, I’ve kept adding Apple products to my inventory.

I’ve used Linux-based systems for 20 years and never contemplated looking elsewhere. However, why not embrace some change and find out if the grass is greener on the other side?

Desktop environments and workflows

I’m comfortable with most desktop environments, and my workflow is simply using the mouse and keyboard. For the last couple of years, I’ve been using GNOME, and I’m content with the experience. As for my workflow, there are only four applications I require: Firefox, Thunderbird, KeePassXC, and Wireguard. Anything else is replaceable.

First impressions of macOS

My impressions were initially mixed. The operating system looks nice and shiny, but I had to spend an exaggerated amount of time getting used to the keyboard layout. I also felt like the biggest fool when I had to search for: “how to install an Apple disk image”. Say what, I have to drag that thing to where now? After that humbling experience, I will never roll my eyes at regular users again.

What a beauty! Running macOS Sonoma with Stage Manager and widgets.

Another significant difference from the land of open-source is that most native macOS applications require a purchase. I encountered this while browsing the App Store for replacement feedreaders, code editors, music players, and so forth. I don’t have an issue with paying for software, but rarely do I find better proprietary and commercial applications when compared to their open-source counterparts.

Additionally, discovering the good from the bad apples in the App Store is not something a new user would be able to do without spending considerable time researching. However, macOS is a certified Unix platform and as it would turn out, I could bring over my favorite open-source applications by adding a little brew to the mix.

The missing package manager for macOS

Homebrew lets you install and maintain (most of) your favorite open-source applications from the command line as Ken Thompson and Dennis Ritchie intended. It was a game-changer and enabled me to move over and replicate the workflows from my GNU/Linux environments.

Using brew to install Vorta on macOS by issuing brew install Vorta.

Fast forward a couple of days, and I had a macOS setup that looked and behaved like any GNOME-centric Linux distribution (hot corners and all). It does appear very obvious as to where GNOME’s design philosophies originate from. Both the good and the bad.

Everyday usage

Arriving from a GNOME-centric Linux distribution (Fedora in my case) lets you keep most of your already incorporated workflows. There are minor differences as expected, but the only annoyance I find noteworthy is the horrid application tiling feature. I have a 43-inch widescreen monitor so I frequently require a split view, and macOS’s “tile windows to left or right of the screen” is the worst implementation I’ve seen across any platform.

On second thought, the System Settings app has a terrible design. It seems to have been lifted directly from iOS and won’t even resize. What a complete waste of screen real estate.

Why would anyone want to maximize the System Settings window?

Still, it’s a small sacrifice for having an operating system that in my experience works 99% of the time without any issues. Compared to the open-source world, I’ve only experienced that level of stability while running Slackware Linux.

The good

Hardware / build quality
The sound of silence (I only notice the fan while playing games)
The Apple ecosystem. It’s a walled garden, but hey, it’s a nice one
zsh (Z shell) as the default shell
Stage Manager is neat when used for work
Privacy controls
Touch ID

Unlocking my KeePassXC database by approving the request on my Apple watch.

The bad

Nothing is perfect and neither is macOS.

It’s still a walled garden. Plug in an external storage unit and find out
Lack of a usable tiling feature
Lackluster default apps like Apple Mail and those “office apps”
Lack of customization options
Gaming, only 15% of my Steam collection has a macOS port
Siri, the worst assistant

The ugly

The price strategy for Apple products. Greed is still good
The technical specifications of Macbook Pro entry-level models

8GB on a MacBook Pro is probably (NOT) analogous to 16GB on other systems.

What Apple charges for storage, RAM, and accessories is nothing short of ridiculous. And there’s nothing pro about the MacBook Pro’s entry-level specification of 8GB RAM and 250GB HD.

Is macOS better than Linux?

In many regards, it’s a bit like comparing apples to oranges. I can say that using macOS has given me an even deeper appreciation for open-source software and open-source developers. It’s amazing that you can get comparable or in many cases superior software without licensing costs and restrictions.

Considering the appreciation for macOS, and Apple’s design, I am still a bit curious as to why Linux on the desktop never became a thing. I don’t see how people enjoying macOS would not be productive on desktop Linux. I guess people stick with what came pre-installed on their computers, and why wouldn’t they?

In my case, it’s been a good journey, but I’m starting to feel a familiar itch to check the latest iterations of my favorite GNU/Linux distributions. After all, macOS does not tickle my pickle in the same sense that Linux does.

But before that, I will journey further down the path to the dark side and explore Windows on ARM, Copilot+, and everything the Empire has to offer.

Hetzner deprecated my CX11 server plan

Sat, 22 Jun 2024 12:40:56 +0200

After logging into my Hetzner account, I was met with a message informing me that my current cloud server plan was being deprecated. I could either choose to keep my existing server plan or rescale it. In my experience, this approach is usually a disguised upsell attempt, but thankfully not so with Hetzner.

CX11 is deprecated. It’s possible to migrate this server to another server plan.

I’ve been on Hetzner’s CX11 cloud server plan for almost two years, and it has more than enough juice to run this little blog. However, I do not like running anything with the label deprecated attached to it so I will look to migrate to another server plan.

Same price, twice the resources

Let me see if I get this right. By rescaling the server to the new CX22 plan the price remains the same, but I get 2 VPCU, 4GB RAM, and 40GB storage. Seems like one of those too-good-to-be-true offers, but was unable to find any small print suggesting otherwise.

Using the rescale feature to migrate from CX11 to the new CX22 cloud server plan.

Migrating to the CX22 cloud server plan

The rescale process ran for a couple of minutes and afterward, the server booted right back up. Everything seems to be running as expected and journalctl doesn’t list any errors. Viewing the server from Hetzner’s control panel confirmed that the migration had been completed successfully:

Post-migration to the CX22 server plan. Same monthly price, but more resources.

Is this a sponsored post?

Heh, maybe this post reads like a cheesy advert, but there will never be any sponsored posts on this blog. Either way, I always recommend that people do their research instead of taking advice from some random person on the Internet.

I’m just very pleased with the amount of bang for the buck I’m getting with Hetzner. Their features and stability are also on par (or better) with comparable cloud providers. In my two years with Hetnzer, I’ve not had a single service interruption. Additionally, German privacy laws are really strict so that’s also a plus in my book.

I’ll go out on a limb and add my affiliate Hetzner link as a personal recommendation. If you sign up using the link, you’ll get €⁠20 in cloud credits. If you spend at least €⁠10 with Hetzner, I’ll receive €⁠10 in cloud credits.

Nench.sh benchmark results

I performed a benchmark check before and after the rescaling to verify that there was not an obvious degradation in performance after the migration to the new server plan. Here are the results:

CX11

-------------------------------------------------
 nench.sh v2019.07.20 -- https://git.io/nench.sh
 benchmark timestamp:    2024-06-22 08:49:02 UTC
-------------------------------------------------

Processor:    Intel Xeon Processor (Skylake, IBRS)
CPU cores:    1
Frequency:    2100.000 MHz
RAM:          1.9Gi
Swap:         -
Kernel:       Linux 6.9.5-arch1-1 x86_64

Disks:
sda   19.1G  SSD

CPU: SHA256-hashing 500 MB
    1.831 seconds
CPU: bzip2-compressing 500 MB
    6.317 seconds
CPU: AES-encrypting 500 MB
    1.327 seconds

ioping: seek rate
    min/avg/max/mdev = 111.2 us / 260.8 us / 7.87 ms / 105.1 us
ioping: sequential read speed
    generated 7.67 k requests in 5.00 s, 1.87 GiB, 1.53 k iops, 383.4 MiB/s

dd: sequential write speed
    1st run:    892.64 MiB/s
    2nd run:    839.23 MiB/s
    3rd run:    908.85 MiB/s
    average:    880.24 MiB/s

-------------------------------------------------

CX22

-------------------------------------------------
 nench.sh v2019.07.20 -- https://git.io/nench.sh
 benchmark timestamp:    2024-06-22 09:16:52 UTC
-------------------------------------------------

Processor:    Intel Xeon Processor (Skylake, IBRS, no TSX)
CPU cores:    2
Frequency:    2294.614 MHz
RAM:          3.7Gi
Swap:         -
Kernel:       Linux 6.9.5-arch1-1 x86_64

Disks:
sda   38.1G  SSD

CPU: SHA256-hashing 500 MB
    1.780 seconds
CPU: bzip2-compressing 500 MB
    6.501 seconds
CPU: AES-encrypting 500 MB
    1.532 seconds

ioping: seek rate
    min/avg/max/mdev = 80.9 us / 201.4 us / 2.98 ms / 77.2 us
ioping: sequential read speed
    generated 10.5 k requests in 5.00 s, 2.57 GiB, 2.10 k iops, 525.4 MiB/s

dd: sequential write speed
    1st run:    1049.04 MiB/s
    2nd run:    1144.41 MiB/s
    3rd run:    1144.41 MiB/s
    average:    1112.62 MiB/s

-------------------------------------------------

The new server plan is an improvement in most contexts, except for CPU-intensive tasks.

If you feel there is any reason why I should not recommend Hetzner as a cloud service provider then please get in touch.