Joe

I was recently reading about Talon Voice, which sounded quite interesting with lots of usability hacks. Unfortunately, not an option anymore if you are a Linux user: https://www.osnews.com/story/145162/accessibility-input-tool-removes-x11-support-doesnt-want-to-support-wayland-users-caught-in-the-middle/

spits on ground, squints reeeeaaal slow

Now listen here sonny… we don’t take kindly to none of that AI business around these parts.

We is simple, God fearin’ folk, raised on sweat, dirt, and good honest labor, not all of that fancy machine learnin’ contraption nonsense.

Ain’t no place for thinkin’ machines where a man’s meant to use his own two hands. So I reckon I’ll mosey on over and downvote this here post myself, nice and proper.

Why do you hate freeloading virus-loving mouth-breathers so much? screams into the air: Why won’t anyone think of the freeloading virus-loving mouth-breathers?! /s

You sir, need an AI agent to maintain your self-hosting addiction and free you from the shackles of homelab responsibility. Automate the automations that maintain the automations. That’s the real endgame. /s

Why? Because DOS and Windows 3.11 kind of sucked and I wanted to learn and experiment.

Even though I started out working mostly with the console, it was amazingly refreshing. X came a year or two later, when the web made it worth it. OS/2 Warp 3 also slipped in there for a while. Great times.

There are so many time-saving things that can be done with a little bit of scripting. It’s one reason why excel is so abused. Now that the bar to real scripting is dropping significantly, and we’ll see more and more people solving their own small problems rather than relying on others or suffering through repetitive work. Good stuff.

It doesn’t mean that they are ready to design, build and maintain reliable software or services…

We’ll see more APIs and libraries being used directly by end users, though.

AI agents are a counter-force to this, letting LLMs interact directly with APIs, meaning users don’t have to even touch code.

What do you have against the project and the people behind it? It sounds personal.

There are plenty of non-commercial Linux distributions. Some managed better than others. Some generic, some with niches. OpenWRT is a favourite of mine.

With apparmor, you could enable and disable profiles that could restrict access to files and paths by name.

For network traffic, it’s possible to use dnsmasq to blacklist or whitelist some domains.

I use labwc … it’s basically OpenBox as a Wayland Compositor. Some things/programs work better than Hyprland, other things worse. No animations - just get out of your way functionality.

I found a patch that allows manual tiling and focus (eg. alt-tabbing just for windows in the left half of the screen), which is cool.

Scriptability isn’t there, but the code looks pretty clean.

The config file is similar to OpenBox. I miss multi-layer keybindings though.

Another technique that helps is to limit the amount of information shared with clients to need to know info. This can be computationally intensive server-side and hard to get right … but it can help in many cases. There are evolving techniques to do this.

In FPS games, there can also be streaming input validation. eg. Accurate fire requires the right sequence of events and/or is used for cheat detection. At the point where cheats have to emulate human behaviour, with human-like reaction times, the value of cheating drops.

That’s the advanced stuff. Many games don’t even check whether people are running around out of bounds, flying through the air etc. Known bugs and map exploits don’t get fixed for years.

ALSA is lowest level, and is the kernel interface to audio hardware. Pipewire provides a userspace service to share limited hardware.

Try setting “export PIPEWIRE_LATENCY=2048/48000” before running an audio producing application (from the same shell).

Distortion can sometimes be related to the audio buffers not getting filled in time, so increasing the buffering as above gives it more time to even out. You can try 1024 instead of 2048 too.

There is no doubt a way to set it globally, if it helps.

Good luck!

But not Fire tablets (kids profile) or Samsung TV or many others that Plex currently supports.

JellyFin android phone app’s UI is a little weird at times, but does work pretty well for me.

…

What I would adore from any app would be an easy way to upload specific content and metadata via SFTP or to blob storage and accessible with auth (basic, token, or cloud) to more easily share it with friends/family/myself without having to host the whole damn library on the Internet or share my home Internet at inconvenient times.

Client-side encryption would be a great addition to that (eg. password required, that adds a key to the key ring). And of course native support in the JellyFin/other apps for this. It could even be made to work with a JS & WASM player.

Yeah, at that point I wouldn’t worry. If someone has docker access on the server, it’s pretty much game over.

Encryption will typically be CPU bound, while many servers will be I/O bound (eg. File hosting, rather than computing stuff). So it will probably be fine.

Encryption can help with the case that someone gets physical access to the machine or hard disk. If they can login to the running system (or dump RAM, which is possible with VMs & containers), it won’t bring much value.

You will of course need to login and mount the encrypted volume after a restart.

At my work, we want to make sure that secrets are adequately protected at rest, and we follow good hygiene practices like regularly rotating credentials, time limited certificates, etc. We tend to trust AWS KMS to encrypt our data, except for a few special use cases.

Do you have a particular risk that you are worried about?

Normally you wouldn’t need a secrets store on the same server as you need the secrets, as they are often stored unencrypted by the service/app that needs it. An encrypted disk might be better in that case.

That said, Vault has some useful features like issuing temporary credentials (eg. for access to AWS, DBs, servers) or certificate management. If you have these use-cases, it could be useful, even on the same server.

At my work, we tend to store deployment-time secrets either in protected Gitlab variables or in Vault. Sometimes we use AWS KMS to encrypt values in config files, which we checkin to git repositories.

wg-quick takes a different approach, using an ip rule to send all traffic (except its own) to a different routing table with only the wireguard interface. I topped it up with iptables rules to block everything except DNS and the wireguard udp port on the main interface. I also disabled ipv6 on the main interface, to avoid any non-RFC1918 addresses appearing in the (in my case) container at all.

edit: you can also do ip rule matching based on uid, such that you could force all non-root users to use your custom route table.

https://github.com/FreeTubeApp/FreeTube/issues/2786#issuecomment-1303117112 for a real world example of needing an exception.

My pranks were less destructive … /ctcp nick +++ath0+++ … it was amazing how often that worked. 🤣

Did you find a solution?

What is the typing experience that you want, and for which language(s). It’s not clear to me, sorry.

It is possible to map keyboard input in various ways. For more complex use-cases, many programs support character substitution as you type (eg. gx could become ĝ automatically).