Conduit is in no way compact either. I tuned its caches because two gigs of ram seemed ridiculous for a single-user instance but I only got the mobile client sync lag as a result.

XMPP used to be so much nicer…

I think the point here is moving away from long-lived ssh keys and using whatever IdP you have (enterprise cloud or local oidc) to provide short-term ssh keys. It generally improves the security posture as it’s similar to ssh with certs but less painful to set up.

This is the best answer. Your router protects you from the outside, but a local firewall can protect you from someone prodding your lan from a hacked camera or some other IoT device. By having a firewall locally you just minimize the attack surface further.

Unfortunately, matrix doesn’t have a viable plan for federation, meaning that you’d better onboard on matrix.org or else.

People saying self-hosting mastodon is hard never had to touch matrix. It’s not hard, the protocol is literally broken to the point where starting again is not an option.

I’m all in for ditching discord, but matrix is at most mediocre in almost every aspect. It’s wild how much easier it used to be with xmpp.

First party app, yes. Thanks for the recommendation, I’ll give swiftfin a try.

Jellyfin looks pretty bad on an iPad. Subtitles setting keep getting reset on their own, it doesn’t understand basic keyboard controls (spacebar to pause), the UI is overall tiny. Oftentimes it will forget to save the spot where I finished watching and on the next launch will happily play the movie from beginning.

Matrix is spectacularly cursed to the point of being unusable if you self-host it. The protocol is dumb enough to lock you out of rooms hosted on another server forever if anything goes wrong with the key rotation.

I just made a mirror out of two NVMes―they got cheap enough not to bother too much with the loss of capacity. Of course, that limits what I can put there, so I use a bit of a tiered storage between my NVMe and HDD pools.

Just think in terms of data loss: are you going to be ok if you lost the data between backups? If the answer is yes, one NVMe is enough.

Another alternative: https://pushover.net

the issues related to that macro still exist, but the author seemed to call it out and link to an article about it (which doesn’t seem disingenuous at all to me).

That’s fair, I stand corrected and I overreacted a bit.

I stumbled on the unintended cancellation a few times, but I’m used to select! paradigm from the other languages (and not used to how differently it behaves). I suppose I just expect the examples of its usage to be explicit and actually show what it takes to make select! behave in a way that doesn’t abruptly drop your async function after only going though half of it.

What I find slightly dishonest is bits like

This way of using select in a loop could potentially cause issues regarding cancellation of futures (although in this case it’s fine)

The select example is pretty straightforward and comparable to such in other languages, even to Go’s switching on channels. But rust hides an extra bit of complexity with the cancellation concerns that people don’t want to talk about unless absolutely necessary, and it is necessary in so many cases!

You don’t need -it because you don’t run an interactive session in docker. It might be failing because you ask for a pseudoterminal in an environment where it doesn’t make sense.

Seq is expecting structured logs which yours aren’t. So you want to either convert your app’s logs into a structured format (which is generally hard for a random third-party application) or use a log collector that’s fine with non-structured logs (e.g. Loki+grafana don’t care about the shape is your logs and you can format the output while querying).

How does it compare to archivebox in regards to specifically saving content that’s a mix of websites and YT videos?

I’ve been using FreshRSS and Reeder (now Reeder Classic) since google reader stopped being a thing. It’s pretty great.

There were quite a few games using the same formula (and improving on it), to the point where I feel Desperados would be my favorite in that genre, not Commandos itself.

I still remember having to reparation my drive and reinstall windows, upgrading from fat16, because commandos wouldn’t fit on either partition.

I have a dedicated vm for things that are crucial to the home network, either latency-critical or network related.

That’d be my dns resolver (I enforce it over VLANs by hijacking anyone trying to do DNS to other resolvers, like random IoT devices), homebridge for less important home automaton and my own matter controller for most important home automaton (controlling the lights).

My router of choice is RouterOS in another VM. I tried opnsense, pfsense, vyatta, and a bunch of others (even a containerized Cisco route), and I settled on ROS, because it was the only one who could do IPv6 properly (apart from Cisco, but that has other issues).

For the less important things I run them on k8s and really, there are only two bits worth mentioning as essential: ArgoCD and nixhelm. Together, they provide effortless and mostly automated software updates with very easy rollbacks. I don’t have to go and manually update every single bit of software and that saves huge amounts of time.

I wonder if NixOS is a vacuum coffee maker for how confusing nix looks when you see it for the first time or instant coffee for how reproducible it is…

That’s just Slackware.

That’s a good point. Mind that in most production environments you’d be firewalled rather hard (especailly when it comes to logs processing which oftentimes ends up having PII). I wouldn’t trust any service that tries to use DoT or DoH in there that I couldn’t snoop on. Many deployments nowadays allow you to “punch” firewall holes based on the outgoing dns requests to an allowlisted domain, so chances are you actually want to use the glibc resolver and not try to be fancy.

That said, smaller images are always good in my book!