@mcfate Entirely not the same thing I'm saying. In fact almost the opposite. You can sort of accomplish the same thing with Carbon Copy Cloner, of course of the Users folder only. ZFS snapshots are instantaneous and have minimal impact on disk performance, as they only track changes to the file system at the block level rather than duplicating files. This approach is highly efficient, particularly for large or frequently changing datasets.

@mcfate I'm not knocking MacOS, for my laptops I do use Time Machine...

@mcfate But when the datasets start at the 100 Terabytes level, then snapshots is your only best friend.

@matuzalem

Ah.

Yeah, that's the thing: I don't have problems that FreeBSD solves, and between Mac OS and Linux, I've got enough operating sysms to deal with, and everything WORKS.

And everything that ought to work fairly seamlessly does. I can move files from device to device with a couple of taps, control the Apple TV box from my iPhone or iPad, and so on.

I use Linux for stuff like NextCloud. I can put epubs on there and open them on my iPad.

I try never to tamper with success.

@mcfate I run NextCloud on kubernetes but I am in the process of migrating it to a Jail for simplicity.

@mcfate Imagine you want to test a potentially malicious program on your Mac. Start by creating a snapshot with the following command:

doas bectl create MacOS-Californication16.6-202401102

This operation takes mere milliseconds to complete. Next, reboot your system into the newly created boot environment. Once you’re booted into the new environment, install and run that dubious program.

@mcfate At the end of the day, if you decide that it’s not worth keeping, simply reboot your Mac back into your original boot environment, effectively reverting your system to its previous state without any traces of the program.

@mcfate Meanwhile all the work on your /Users/macfate stays the same, your don't lose changes.

@matuzalem

Yeah, but that happens anyway.

The system I DO the work on is rarely the system I TEST the work on, if it's that sort of thing.

I wouldn't test a "potentially malicious program" on "my Mac". I have PREVIOUS Macs I can test stuff like that on.

@mcfate I never do either, I was giving you a non realistic scenario, but for servers and stuff like virtual machines this is it.

@matuzalem

Well, everything I do is on MY network, I'm the developer AND the client.

@mcfate Same and other clients as well.

@mcfate I run my WiFi on a read-only virtual machine that has no knowledge of the host's network, with the WiFi card passed through. Its a pretty solid defense against intruders in public wifi spaces. No need of a separate portable AP.

@matuzalem

All I can say is that to the extent that we have similar problems to solve, we've taken different approaches to them.

The way I see it, any gain in simplicity would be offset by an operating system that's different AND similar enough to the Linices I already run, unproblematically, to be a source of potential confusion.

I have to ALLOW devices onto the WiFi here.

@matuzalem

See, I would do stuff like that in a virtualized system on a "burn box".

If it does horrific things, start over.

"How clean do you want it?"
"Down to the NAP."
— Point of No Return

@mcfate So I make snapshots of my VM's in Bhyve and my jails and also send them to an encrypted drive in a secure location. automatically every day.