Which Linux?

Yes there was a time when a novell administrator was a lucrative position for sure.
As for what flavor of OS you build your hobby / home automation on that always depends on what you are most comfortable/confident working in.
As for hating on MSFT well that is a long time past time.
Myself I have mostly every flavor of OS from nux to windows. I also manage an windows server 2019 hyper-v cluster in my lab as well as a VMware (esxi 6.5) cluster with multiple domains and various web sites.I have web servers ranging from Nginx flavor to the IIS flavor as well as a few Apache servers. (and of course jetty… )
I have System Center Configuration Manager (SCCM) to deal with deployments to winders world and ansible to deal with linux land.
I also run a Openshift cluster and also some stand alone docker instances. I run a stand alone bitbucket server and artifactory instance plus a couple of jenkins blue ocean instances…
And of course I also have a Rpi4B with 8gb of ram and a ssd that I run prod openhab on.
No prox mox or virtual box for the obvious reasons.
All of my usb sticks for zwave or zigbee are on a Silex ds510b USB device server so I can just repoint them to whatever OS build or instance I want to play with at the moment.
I have a USR-TCP-232 serial to lan that lets me moves any RS 485 or RS 232 anywhere as well. Between those two I overcome any virtual machine limitations. It works nice and gives lots of flexibility for butchering up any OS or app n demand
So for winders I run my own Wsus server and it is controlled via my SCCM instance.
I decide when I want patches and updates to hit the various winders OS builds plus I have in house certificate servers to address all of my various SSL needs.
For application deployments I run ansible tower as well to rapid deploy to anything linux based it works well.
Basic rule for me at least is simple I am the only administrator of my digital world.
I do not let any of my digital world manage me or my time period end of story.
when I want to change something or update a OS then I decide when I release the patches or updates. I control my world and do not allow any vendor (MSFT,RH or Oracle) dictate when I have to make changes. The changes they make can steal my time when I apply them but I am aware enough to take them in small bites.
Oh and @rlkoshak do not hate on me I still run PFSense I looked at opnsense and was just too lazy to cut it all over ! :upside_down_face:

Forgetting the bloat, my #1 HUGE frustration with M$ is – FORCED updates. It WILL download, it WILL install, and it WILL reboot no matter WHAT you may have left open and lose.

If I could figure out how to force that to stop (permanently until I say) I wouldn’t be so annoyed.

bloat is a very subjective topic at best starts lots of heated discussions for sure.
As for stopping updates again stand up a Wsus server optimize its configuration to minimalize its footprint then edit GPO to sync with your Wsus instance and do not approve any releases till you want it .
That is about the only real and clean way to stop the forced downloads/updates. That will not cause your OS to cry and bitch about things Other down and dirty way is you hack the etc file to force it to fail on DNS lookup on connecting to the updates URL.
hacking GPO and faking it to a look for a missing Wsus instance will not work because it will fallback to msft updates url .

Really?
The only Windoze box left at home is an older laptop and back then it was relatively easy to shut off the autoupdates. I use Windoze at work and it is version 12 or whatever the new one is but an IT firm maintains it and I could care less

Again it all comes back to what you are most comfortable and familiar with as your OS. Every OS has its benefits and drawbacks all depends on what job you are wanting the OS to do. Lots of folks puzzle the openhab out on a different OS and then when it is all how they like they port it over to a Rpi as final solution other folks just run things in a virtual environment For me it is what is easiest to make changes and bork around and and be able to quickly undo and recover from major aw craps.

3 Likes

Meh, if you are on pfsense and satisfied stay there unless you have good reason to move. It was a pretty big pain to move but largely because there were better options for some of the services I was using so had to start over in creating some of the configs (e.g. moved from the addblockng or what ever it was called to AdGuard, HAProxy version was way newer on opnsense and config was radically different, etc.). Even so it took about half a day to be back up and running.

I briefly looked into running OpenShift but couldn’t find a community edition and wasn’t willing to pay. I’d been meaning to move off of ESXi mainly because updates were always a pain and was going to move to OpenShift. When my UPS failed me and my VMs lost their access to their volumes, I spent about 30 minutes looking and failing to find a ce version (maybe my mistake as just going straight to Red Hat’s website) I opted for proxmox. I’m pretty happy with it so far.

I also looked into that for a bit but deploying it using Docker ended up being a little bit of a pain (maybe it’s better now?) and I gave up. I didn’t have a compelling need, it just looked like it could be nice. In the past couple weeks I’ve been playing with Semaphore https://www.ansible-semaphore.com/ and it does everything I need in a decent interface so I’m happy.

I’m ambivalent on this one. On-the-one-hand, the most effective thing you can do to protect yourself from malicious actors (beyond not exposing ports to the internet of course) is keeping your software and OS up to date. There are still active worms and hacking campaigns targeting vulnerabilities in service that have been patches for years but no one bothered to update their software with the fixes.

On-the-other-hand, MS OS patches as of late have been buggy as heck and they’ve taken away some control from end users on when and how to receive them. But given the above, MS kind of has a point. One of the reason they have (perhaps undeserved these days) for being particularly vulnerable to hacking is because users were not updating to get the security fixes.

And maybe this is only available on Win11 or maybe only on the Pro version but I have options to define active hours and prevent an auto reboot outside those hours. And the notification after an update was pushed lets me delay the reboot for quite some time (days). I mainly use this machine to drive my 3D modeling and printing stuff and the occasional Civ VI session.

Yep. One person’s bloat is another person’s favourite app/feature.

The monthly security releases are mandatory nowadays, but feature updates don’t install until you intentionally do so. I’m okay with that.

I think we need to remember that these updates aren’t meant to annoy power users. They’re meant to protect average users…and that approach sometimes often usually almost always has the side effect of upsetting power users. If MS made it easy to turn off the mandatory security updates, average users would do that, compromise their security, and still blame/sue MS if and when they get hacked.

@justaoldman’s solution is really the logical way to exert control over Windows updates. It follows the model that MS has set up for administrators/organizations, who are expected to understand and accept the risks of withholding security updates from users.

In the openHAB world, we’d really like everyone who’s still running OH2 to upgrade to OH3, due to the log4j2 exploit. But most of those OH2 users are content to leave their systems as they are, because they work just fine, upgrading is a hassle, and they haven’t been compromised as far as they know. That’s exactly what MS is trying to avoid. The difference is that no one’s going to sue us.

You can also pause updates for a period of time, but you’d have to keep doing that on a regular basis. I’d rather just install the updates. :wink:

1 Like

Win 10 forces features still. Just happened to me with Win10 pro both at home and at work.

Anyways, what they do for my use is unacceptable for me. Hence the whole Linux question.

Since @Andrew_Rowe and @Max_G have such good things to say about Mint, I’ve installed it on an old ThinkPad I had sitting around (i3-6100, 16GB). Looks pretty slick and seems to run well. There’s an insane amount of customization available in the UI…which I think I’ll mostly leave alone.

I can’t figure out how to stop it from asking for my password every time I do something, though.

Russ
When I first ported OH to dedicated hardware (about 3 days after I tried it out on an old laptop) I tried to pick out an openHAB friendly distro. Since openhabian and such is Debian based I went for vanilla Debian. I had experience with Redhat/CentOS but had never Debian… ed… Anyhow, after having fits not being able to get the (onboard the motherboard) sound card to work on what was at the time a brand new Dell (budget) desktop ($300 usd 2019ish) I3 8GB, I googled user friendly Debian based Distro. The reviews said Mint was the most friendly to noobs and MS users, prettiest UI, everything works Debian variant.
Load it up… desktop pops up… speakers almost scare the p out of me, yup… sound works out of the box and wow… it’s pretty and everything just works. Follow OH installation docs for apt install and been nothing but pleased ever since.
If people don’t want to do openhabian I express my opinion that Mint is slick

It is light weight enough (Linux in general) that you can re-purpose outdated hardware

1 Like

For the screensaver, Preferences/Scrensaver on the menu, you can disable the lock.
And for logging in, Administration/Login Window on the menu to enable automatic login.

1 Like

I’m sticking with openHABian for now, but I’m actually really liking DietPi on my RPi3.

It’s more that seemingly every time I install something or change a setting, I have to authenticate. Maybe that’s just because I’m in the process of setting it up, but it seems a little much.

Use sudo, it will cache credentials for some time. Installation of packages often touches system owned directories thus you conduct these with elevated privileges.

Use sudo -i and be the root user for as long as it takes.

It depends on whether you are talking about doing stuff from the UI or from the command line. If from the command line, as @splatch and @ubeaut indicate, sudo will cache the credentials. You can change how long it asks or even make it not require a password by editing sudoers using visudo (never edit this file without that command) and adding timestamp_timeout=30 to the permissions for a given user or group (that sets the timeout to 30 minutes). Of course when set to passwordless it never asks for your password when using sudo.

If from the UI, I’m sure there is a setting somewhere. There’s a setting for everything in these distros.

It’s from the UI and I was surprised I couldn’t find a setting to change. I’ll dig into it a little more on the Mint forum if it proves to be an ongoing concern.

Mint does prompt me for admin password if I install software or something, never tried to shut it off, guess it never bothered me ???

Turns out that someone asked this on the Mint forum a couple of years ago.

Too much authentication

I suspect it only seemed like a lot because I was going through the startup guide and typing my password every 30 seconds to change settings and install programs. I get the Linux perspective on security, but a five-minute timeout would seem like a reasonable balance.

I’m not gonna say that in the Mint forum, though. :wink:

A “Don’t ask again for 15 minutes” prompt WOULD be nice?

Maybe like this:

1 Like