What’s the benefit? You listed some minor things like ZFS and systemd, but is there a major benefit?

Also, can’t you do that with Linux? I use openRC on gentoo.

I’ve heard BSD people criticize Linux ecosystem as “fractured”, and this discourages me from BSD. I see Linux ecosystem as one that grants you choice, and I love that. This criticism gives me the impression that BSD takes that away, that where will be one standard way to do many things. Maybe I am wrong or misunderstood.

So the OS jellyfin runs on is Alpine?

Oh wow that’s awesome! With containers or on bare metal?

So many distributions impressed me, but I think gentoo, nixos, Guix and Alpine impressed me most. Maybe Zorin with its beautiful design for newcomers.

If I had to pick one, it may be Alpine. The idea of having a fully usable OS with so little is really impressive. It even has a fully functional build system similar to Arch’s ABS (on which the AUR is based)

Gentoo, nixos and Guix are really impressive and make computing a pleasant activity.

To each their own I guess, databases are ridiculously expensive when managed and I always self host.

A team? For what OP described, all you need is one person

Unfortunately it is still not enough. There have been many instances of people using these licenses and still corporations using their software without giving back, and developers being upset about it.

And unfortunately there are no popular licenses that limit that. I’ve seen a few here and there, but doesn’t seem to be a standard.

Why only “with sufficient revenue”? All commercial use should pay. Adding “with sufficient revenue” only makes it more difficult to enforce and introduces loopholes.

It’s criminal the propaganda that lead people like this developer to believe they should do the work for free, and not worry, because the corporate world always gives back :)

That is part of why you’re not a tech CEO. You’re not supposed to have compassion! No investor would want that.

P.S. This is an attack on CEOs and investors, not on you :)

AGPL doesn’t help. AGPL authors are explicitly pro-corporate use

What’s the reason?

This is extremely overkill…

I actually do all of that, thanks to Gentoo :')

Bubblewrap seemed much less user friendly than nsjail, I assume because it is intended to be a lower level application used by libraries like flatpak. It is also more tailored to desktop applications and GUIs, whereas nsjail is focused on server apps (though I did see the author mentioning adding better support for GUIs years ago, but I did not check if that happened).

I’m not an expert, but I’ll try my best to compare it to docker:

You can think of nsjail as a lightweight frontend for kernel isolation features like namespaces, sys call filtering, and the like.

Docker is also a frontend for some of those kernel features, but its original goal was not security isolation, but rather isolation for the sake of reproducibility. This isn’t to say that docker isn’t secure, they did add those features eventually, but they are less intuitive to change and mess with, and you have some added complexities. Whereas nsjail stays as close to the system as possible. As far as I’m aware, there’s no concept of an image, and its not necessary for every app to have an entire OS user land with it (although you can if you want to).

If your goal is security, docker’s defaults are reasonably good, but also made to not get in the way of most applications. This might be good enough for many. However, docker’s security is more difficult to customize and less straightforward if you need to change it.

If your goal is security, and more so than docker’s defaults, nsjail gets you there muchhh more easily. Whether nsjail has more security features than docker, I don’t know.

It does require some effort to manage, but I would argue it’s easier to keep all packages (including dependencies) up-to-date across the system, which is a huge security benefit imo.

The permission system, once you set it up, you never need to change it unless you’re changing something.

I’ve been curious about that. I use openRC, so I don’t have access to systemd. Not out of any systemd conspiracies, I just liked simplicity of openRC.

I am really interested in systemd-nspawn. Unfortunately I have openRC now (I liked it’s simplicity) so can’t try out systemd yet.

Is machinectl tied to systemd also?

A fellow gentoo user in the wild! Do you have any thoughts on using containers with gentoo? It pains me the idea of foregoing all the awesome features of portage by using containers.

What exactly does SE Linux provide over users / groups?