Lots of good answers here but I’ll toss in my own “figure out what you need” experience from my first firewall funtime. (Disclaimer: I used nftables – it should be similar to ufw in terms of defaults though).

• Right off the bat, everything unneeded was blocked. I “needed” no configuration, except for maybe…
• Whatever CUPS runs on (when I use it)
• Sometimes I ran python -m http.server – I unblocked port 8000 for personal use.
• I chose to unblock port 53 (DNS). I wanted to connect to another computer via hostname IIRC (e.g. connecting to raspberry-pi.local. I might be misremembering this though).
• At one point I played with NGINX – that’s port 80 (HTTP) and port 443 (HTTPS).
• SSH was already permitted (port 22 – you need root access to enable traffic through ports below 1024 anyway so this wasn’t an issue for running typical apps)

I didn’t use WireShark back then, really. I think I just ran something like

sudo lsof -nP -iTCP -sTCP:LISTEN

which showed me a bunch of port traffic (mostly just harmless language servers).

You don’t have to dive to deep into all the “egress” and “ingress” and whatnot unless you’re doing something special. Or your software uses a weird port. (LocalSend lol)

Oh I love the “walk me through what I’m about to do” concept. Dry runs should be more common – especially in shell scripts…

The world would be a better place if every install.sh had a --help, some nice printf’s saying “Moving this here” / “Overwrite? [Y/N]”, and perhaps even a shoehorned-in set -x.

Hope your r/w wasn’t eaten up by the subfolder incident (that I presume happened) :P

The depth of a dive is always delightful! Does K8s have a solid use-case for the project or did you just sK8 for fun?

Round two, hell yeah.

The aesthetica of a stack of notes, born from a “dead end”, is secretly an odd motivator. You look back and see

Here is the breadth of what we did wrong.

and then beyond you, the effort lays itself out in a pretty trusswork.

__{or_maybe_i_just_think_well-used_notebooks_are_pretty}

Hah, stochastic parrots.

Makes me wonder. Every laziness I’ve had with the vector guessers, I’ve seen an exact counterweight.

One, you can invoke more often (throw ChatGPT configs against the wall until it doesn’t error); the other you can invoke more deeply. So I can’t help but wonder – when we cancel out all the terms – if the timesaving sum is positive or negative. ¯\_(ツ)_/¯

Yeah, it’s pretty funny how distros just passed each other by like that. Back then it was Debian that was regarded as the hyper-poweruser distro:

The reason I havn’t used Debian is because I can’t install it. “This guy is totally clueless” you might think. My only response is that I’m writing this on a Gentoo box that I have installed myself.

And then now there are plenty of people reading this thread who liked Windows 7. As time passed, their grade on the ease-of-use of A passed the don’t-get-in-my-way of B, and a load of Windows 10ers jumped ship to Linus & Friends, the last place their Windows 7 selves would have expected to go. Always a reminder that the end of history isn’t now.

Bending the question a little but my second “first impression” of Arch’s “simplicity” surprised me the most.

I was running Gentoo for a while before deciding to move back, and I was surprised that somehow I had

• saved space
• gotten faster at doing new things (…)
• didn’t lose any boot speed or anything like that

Granted, I had jumped on Gentoo because of misconceptions (speed, ricing, the idea that I needed USE flags), but going back, I saw things more clearly:

• the AUR being basically a shell script download + 300 MB of base-devel was simpler and more space-efficient than /var/db/repos (IIRC – since the portage and guru ebuilds were all held locally anyway after syncing, an on-demand AUR saved space).
  • the simple automatic build file audits on Arch felt more clean to me. I like checking my build files; had to make a script for the guru ebuild equivalent (but maybe there’s a portage arg i missed somewhere – wouldn’t be the first time)
• Arch repos separating parts of packages in case you don’t need some part (like splitting some font into its languages, or splitting a package into x and x-doc and x-perl) was almost a simple USE flag-ish thing already
• /etc/makepkg.conf was Gentoo’s make.conf. And its build flags looked similar to the CFLAGS I manually set up anyway.
• My boot time (btrfs inside LUKS with encrypted /boot) was the same with systemd vs. openrc
• I realized I liked systemd (because of the completeness of my systemctl muscle memory, like with systemctl status and journalctl, or managing systemd-logind instead of using seatd and friends).

Not bashing on Gentoo or anything, but it’s when I realized why Arch was “simple.” Even me sorely missing /etc/portage/patches was quelled by paru -S <pkg> --fm vim --savechanges.

And Arch traveling at the speed of simplicity even quantifiably helped: Had to download aur/teams the other day with nine-minute warning.

¯\_(ツ)_/¯

Successful GitHub pulls are rare; more often, patches live like this. You’re better off contacting the maintainer of the subsystem you’re editing. See the official submission guide.

Not to be dejecting!

Fun investigations (tac and factor), things I never bothered to check the existence of until now (install -s), and fundamentals I glossed over ([). Pretty fun read.

And of course,

And that’s why the ‘$cmd’ command is my favourite Linux command.

Stunningly simple, solely a shift. I love MVPs… we can possibly even remove the -P completion func switch :P