Meanwhile on the mycology, houseplant, and gardening comms:

Not to detract from the article, but this has actually been a long time coming and known as a vector for decades.

E.g.: https://news.ycombinator.com/item?id=38419272

It’s extra work to maintain and test another release format — and the core developers want to focus on making software.

No one is stopping you from rolling your own flatpak.

tape drives seem to be the best

Tape drives are the keytars of the tech world. They seem cool and a pro can really jam with them… but they’re not the most practical and you should really get a guitar or a keyboard until you know what you’re doing.

Yeet your shit onto rsync.net or sth else simple and call it a day, unless you’re in it for the meme.

It’s absolutely not a given that an OS that’s been battle-tested in prod for five years is less secure than one receiving hot supply chain injections every week.

The only major RCE I can think of since EOL in May is the recursive git clone one.

I’ll happily spin up a public 20.04 box if you wanna prove me wrong.

I do the same with Debian XFCE for work.

There’s really not much else to say: shit just works and stays out of the way. Boring but extremely effective.

Absolutely not — the issue here is OP knowingly submitting false abuse reports.

Port scans of public hosts are not considered abuse per the CFAA or Amazon’s AUP without other accompanying signs of malicious intent.

https://aws.amazon.com/aup/

Amazon may take action against egregious mass-scanning offenders per the “…to violate the security, integrity, or availability of any user, network…” verbiage of the AUP, especially if they’re fingerprinting services or engaging in more sophisticated recon, but OP’s complaints are nowhere near meeting that threshold.

Are you self hosting the long context llm, of do what are you using?

I did a lot of my exploration back when GPT4 128K over API was the only long-context game in town.

I imagine the options are much better these days between Llama 3/4, Deepseek, and Qwen — but haven’t tried them locally myself.

You’ll get used to it eventually, but you can e.g. tweak your PS1 to an all-caps hostname, or use a custom tmux layout with dedicated panes for each box you connect to.

If you really want something upgradeable, used enterprise SFF is the way to go: https://discountelectronics.com/

However, the hardware market is in a weird spot right now; you’ll get far more bang for your buck with an Intel N150. You can find a 16GB DDR5 w/ 1 TB SSD around the $200 mark, and that’s what I’d roll with in your shoes, assuming you don’t mind living without a spinning disk. Your Jellyfin and Immich instances will run far smoother.

No notes — I’d do the exact same thing based on your description. You can always unwind if CPU usage is too high under load.

This is the way.

Depending on the nature of the sim, it could probably even be done with ~80 GB or less of existing SSD space using zram w/ zstd.

That is a setup guide for hardware key and passkey auth. It is not a hardening guide, and does nothing to mitigate these LPE vulns.

deleted by creator

Please tell me more, which firewall would you recommend that plays nice with Docker?

Firewalld

No NAT?

Another user in this thread suggested DMZing, so combine your advice with theirs and boom. It’s not uncommon, and it’s fine if you firewall the box yourself. Most people don’t knowingly choose to use a firewall that they don’t intend to work, like you would.

why would you copy paste a docker compose without reading it?

There’s more than one way to use docker. Spinning up an official mysql image using the official docker run OR docker compose calls suggested by the docs would start up a server wide open to the entire internet if DMZ’d.

Just to throw out an easy option: if the music is well-labeled on Youtube, you can get pretty close to that full suite with just yt-dlp by using --embed-thumbnail as a stand-in for album art, dumping your files with an “Artist - track - album” naming structure using the --output-template flag — then using an awk or python script as a second pass to add the artist/track/album names to each file as tags.

E: and in case it isn’t self-evident, you don’t have to give yt-dlp a URL for each track; it’ll work fine with a playlist URL.

Yt-dlp is the gold standard for that.

https://github.com/yt-dlp/yt-dlp

Tag cleanup and album art are their own beast that you’ll wanna tackle post-download, but beets is another gold standard tool that can help with that layer.

https://beets.io/

Gnome. The maintainers have a hard-earned rep for contemptuous attitudes towards community and end-user feedback.

You shouldn’t suggest UFW at all then. There are other firewall options that can be used just fine with docker.

It does have real potential to cause issues, e.g. if OP were to put their server in DMZ mode on their router and later copy some docker setup instructions that don’t explicitly bind to localhost.

This is dangerous advice because docker is well-known for undoing UFW’s iptable rules. It’s mitigated by binding to localhost, but still way too easy for people to shoot themselves in the foot by using the two together.