I migrated from the US servers to the EU servers and while looking through my settings I noticed that my renewal was $19.80 instead of $12 last year. At first I thought that the EU servers are much more expensive and was upset that support didn’t tell me before migration, but it turns out that’s just the new price.

Thanks!

May I ask which Hetzner VPS did you choose? I wonder if the Cost-Optimized ones are sufficient. I would be using it with max 2 users, same as you.

If I go with the VPS option I’d like to host Immich instead. But it seems to be hungry for memory, especially with the ML features enabled.

I really don’t understand this “Nextcloud does too much” rhetoric, the standard bare metal installation is basically just Files, Photos, Calendar and Contacts

That’s just my impression based on their website, it looks like a business suite, but I’m probably looking at it wrong. Thank you, the part about the database is important.

A bonus question regarding the 3-2-1 backup strategy. If my VPS is in Germany, but I spin up a Storage Box in Finland, that falls within the boundaries of “off-site backup”, even if both are managed by Hetzner. What do you think? It’s just easiest to setup, I guess. Otherwise I need another cloud provider (perhaps some S3 object storage).

I was upgraded to GNOME 50 and had systemd-boot from Tumbleweed installer. I think those two are major ones, the rest were just regular package updates. Well, including the kernel, but I suppose it’s not an issue.

Ah, so all it does is point me to different endpoints for Zypper? The migration doesn’t change the configuration of the system otherwise?

One more thing that is not clear to me – I ran zypper dup yesterday, my packages may be now ahead of Slowroll by a few weeks, does migrating mean I am downgrading or do my current packages stay as is and will be in sync with Slowroll later?

I was looking at this self-hosting guide and scratching my head in confusion. They say $80 nets you a 4TB HDD. Meanwhile, in my country that costs more like $220+. Yes, for an HDD, not SSD (that would be more like way over $500). I see the guide has been updated this year, so either the US lives in another world or nobody has updated the pricing.

If you’re that paranoid you can host it yourself.

https://github.com/mozilla-services/syncstorage-rs?tab=readme-ov-file

https://mozilla-services.github.io/syncstorage-rs/

It’s open source.

If you feel comfortable with the idea, use YaST to remove PackageKit, it will make updating via command line so much easier. Just make sure to leave the Flatpak management alone, no, I am not at all speaking from experience ROFL.

YaST has many different components, which part are we talking about? Re removing PackageKit but leaving Flatpak support, can you provide more specific instructions for a noob? :)

I discovered Bazaar today and plan to install it to manage Flatpaks instead of GNOME Software. I’m not afraid of CLI either.

Voyager is free.

I know people are hating AI, but Opus again helped me. My system is fixed and updated. It diagnosed the root cause and told me how to fix it and I can attest that it worked. Below you can find a writeup on what was done.

When working with AI I check the commands I don’t understand, consult the tldr pages and man pages or ask it to further explain what it wants to do and why. I also have Snapper and Restic backup so I wasn’t too worried about screwing things up.

However, if system updates can fail like this and I’m not at fault (I wasn’t), then I think Tumbleweed or rolling distros in general are not for me. I cannot keep asking AI for help, SELinux, labeling something in the filesystem – I don’t even know what that means. It was rough today and it gave me a scare. I am not ready to troubleshoot such advanced concepts as a Linux newbie, so I think I’ll bail and switch to something else.

Fixing zypper dup failure on openSUSE Tumbleweed with SELinux

A debugging session covering an accountsservice RPM install failure during
zypper dup, caused by a stale compiled SELinux policy in the kernel.

The problem

zypper dup failed on a single package:

error: lsetfilecon: (11 /usr/share/accountsservice, system_u:object_r:accountsd_share_t:s0) Invalid argument  
error: Plugin selinux: hook fsm_file_prepare failed  
error: unpacking of archive failed on file /usr/share/accountsservice: cpio: (error 0x2)  
error: accountsservice-23.13.9-11.3.x86_64: install failed  
error: accountsservice-23.13.9-11.2.x86_64: erase skipped  
(  4/360) Installing: accountsservice-23.13.9-11.3.x86_64 ..................................................................................................[error]  
Installation of accountsservice-23.13.9-11.3.x86_64 failed:  
Error: Subprocess failed. Error: RPM failed: Command exited with status 1.  
Abort, retry, ignore? [a/r/i] (a): a  
Warning: %posttrans and %transfiletrigger scripts are not executed when aborting!  
Problem occurred during or after installation or removal of packages:  
Installation has been aborted as directed.  

Diagnosis

The key line is:

lsetfilecon: (11 /usr/share/accountsservice, system_u:object_r:accountsd_share_t:s0) Invalid argument  

RPM’s SELinux plugin is trying to apply the label accountsd_share_t to
/usr/share/accountsservice, and the kernel returns EINVAL. This typically
means one of:

1. The filesystem doesn’t support the xattrs SELinux needs, or
2. The SELinux policy loaded in the kernel doesn’t know the type being applied.

The %posttrans warning at the end is a consequence — it means other packages
queued in the transaction had their post-transaction scripts skipped, so the
system is in a partially-upgraded state.

Gathering facts

rpm -q selinux-policy  
# → selinux-policy-20260410-1.1.noarch  

zypper info selinux-policy  
# → Status: up-to-date, Version: 20260410-1.1  

sudo getenforce  
# → Enforcing  

sudo semanage module -l | grep accountsd  
# → accountsd                 100       pp  

sudo seinfo -t accountsd_share_t  
# → Types: 0          ← smoking gun  

df -T /usr/share/accountsservice  
# → /dev/mapper/cr_root btrfs ...  

getfattr -d -m - /usr/share/accountsservice  
# → security.selinux="system_u:object_r:usr_t:s0"  

sudo ausearch -ts recent -m AVC  
# → AVCs related to snapper_sdbootutil_plugin_t, all permissive=1  
# → unrelated to this failure  

What the results mean

• selinux-policy on disk is current (20260410-1.1).
• The accountsd module is installed at priority 100.
• But seinfo -t accountsd_share_t returns Types: 0 — the loaded kernel
  policy does not know this type.
• Filesystem is Btrfs with xattrs working; the existing label usr_t is set
  fine, so it’s not a filesystem support issue.
• The AVCs in the audit log are unrelated noise from the aborted dup — all
  permissive=1, from sdbootutil housekeeping.

Root cause

The selinux-policy RPM on disk defines accountsd_share_t, but the kernel
is running an older compiled policy that predates that type. When RPM’s
SELinux plugin tried to apply accountsd_share_t, the kernel said “I don’t
know what that is” → EINVAL.

This usually happens when selinux-policy was updated on disk in an earlier
transaction, but the policy store wasn’t recompiled and reloaded — likely
because a %posttrans script that would have called semodule -B was
skipped during a prior interrupted transaction.

Fix

1. Rebuild and reload the policy store

sudo semodule -B  

This forces the modular policy (including accountsd) to be recompiled from
the on-disk modules and loaded into the kernel. It can take 30–90 seconds.

2. Verify the type is now known

sudo seinfo -t accountsd_share_t  
# → Types: 1  

3. Retry the dup

sudo zypper dup  

The accountsservice install should now succeed. Because the first attempt
aborted with %posttrans scripts skipped, zypper dup may have extra
cleanup/reinstall work to do — that’s expected.

4. Regenerate TPM2 PCR predictions

During the dup, sdbootutil emitted warnings like:

NVIndex policy created  
WARNING: Volume key cannot be extracted. Dropping PCR 15  
WARNING: File measure-pcr-prediction should be updated  
WARNING: Call sdbootutil update-predictions --measure-pcr  
find: '/var/lib/pcrlock.d/': No such file or directory  

Breakdown:

• Volume key cannot be extracted. Dropping PCR 15 — expected and
  harmless. sdbootutil binds without PCR 15 when the volume key isn’t
  available; unlock still works via other PCRs.
• find: '/var/lib/pcrlock.d/': No such file or directory — ties back to
  one of the AVCs we saw: the snapper sdbootutil plugin removed pcrlock.d
  during cleanup. permissive=1 means SELinux didn’t block it; this is a
  plugin ordering issue, not an SELinux problem.
• WARNING: Call sdbootutil update-predictions --measure-pcr — the PCR
  prediction file needs regenerating before the next boot, or TPM2 may fail
  to release LUKS keys and you’ll fall back to the passphrase prompt.

Run the suggested command once dup completes cleanly:

sudo sdbootutil update-predictions --measure-pcr  

5. Schedule a filesystem relabel and reboot

The on-disk label on /usr/share/accountsservice was still the generic
usr_t, so after a policy jump it’s worth reconciling all labels:

sudo fixfiles onboot  
sudo reboot  

fixfiles onboot schedules a full relabel at next boot — takes a few minutes
during boot but is the cleanest way to get labels in sync with the updated
policy.

Full sequence

sudo semodule -B                                    # rebuild policy  
sudo seinfo -t accountsd_share_t                    # verify: Types: 1  
sudo zypper dup                                     # finish the dup  
sudo sdbootutil update-predictions --measure-pcr    # regen TPM predictions  
sudo fixfiles onboot                                # schedule relabel  
sudo reboot  

Safety notes

• Before rebooting, confirm the LUKS passphrase is accessible (in a password
  manager). TPM2 auto-unlock is a convenience layer on top of the passphrase
  — if predictions are wrong, the system falls back to the passphrase rather
  than locking you out.
• openSUSE’s Btrfs + snapper setup means a pre-dup snapshot exists. Confirm
  with sudo snapper list. If anything goes sideways, an older snapshot can
  be booted from systemd-boot.
• If the TPM2 unlock fails at first boot after dup, enter the passphrase and
  re-run sudo sdbootutil update-predictions --measure-pcr once booted —
  predictions sometimes need recalculating against the actual booted
  measurements.

Key takeaways

• lsetfilecon ... Invalid argument during an RPM install = the kernel
  policy doesn’t know a type the package is trying to apply. Fix with
  semodule -B to recompile and reload.
• seinfo -t <type> returning Types: 0 for a type you expect to exist is
  the definitive signal that the loaded policy is stale relative to what’s on
  disk.
• When a zypper dup aborts mid-transaction, %posttrans scripts are
  skipped — which can leave SELinux policy out of sync and cause cascading
  failures on the next dup. Finishing the transaction cleanly and relabeling
  afterwards is the safe recovery path.
• The sdbootutil PCR warnings are separate from the SELinux issue but worth
  addressing in the same session, since the next reboot will exercise both.

At the moment I’m thinking of hopping to Debian 😅 I ran Fedora Workstation for a few weeks out of an external drive and then openSUSE Tumblewed for a couple weeks (this time on my main system drive) and thought I was good, never had any problems with updating the system. And today is my first distro update since I moved to openSUSE full-time and I get this :( Perhaps I am not ready for a rolling distro.

btw did Slowroll get systemd-boot already?

I meant that I can buy one of those Radeons dedicated to AI work, like the ASRock Radeon AI PRO R9700 Creator 32GB GDDR6. If I need to.

Currently my Ryzen iGPU is all I need, because all I need is to see the graphical desktop environment on my screen ;) It does the job well.

I use Claude Code as well and I am slightly concerned with that ID verification news, even more so because of the technology partner that they chose.

Say I have a GPU with 32GB VRAM and I am on Linux, what local LLM would be good for coding?

Currently I just have an iGPU ;) but that’s always an option, albeit a very expensive one.

That’s fair, but I want it, just not for the public. I want to remove Exif rarely, by default I like to have that metadata.

That is fine to me. I want to remove the geolocation data when sharing photos on public websites like the Fediverse. Thanks.

It technically started as an MMO. That was their initial idea, but after they started development, they changed direction. That shows in the game to some extent, because the quests are kinda scattered and there is not always linearity, sometimes you get quests out of nowhere which doesn’t make sense. There are some short fedex type quests or tasks, too, but at the same time playing Crimson Desert does not feel like a single player MMO. Exploration is fantastic, but you should know that this game doesn’t hold your hand. You are free to do whatever and to discover the mechanics on your own. There are puzzles with no explanation whatsoever. Sometimes you’ll stumble on some hidden area with an environmental puzzle and no idea what to do. The last game like that was last year’s Hell is Us (a highly recommended hidden gem). Crimson Desert is just fun.

Why are you talking about player retention in context of a single player game? Perhaps you mixed it with their previous game — Black Desert – which is an MMO.