Not to detract from the article, but this has actually been a long time coming and known as a vector for decades.

E.g.: https://news.ycombinator.com/item?id=38419272

It’s extra work to maintain and test another release format — and the core developers want to focus on making software.

No one is stopping you from rolling your own flatpak.

tape drives seem to be the best

Tape drives are the keytars of the tech world. They seem cool and a pro can really jam with them… but they’re not the most practical and you should really get a guitar or a keyboard until you know what you’re doing.

Yeet your shit onto rsync.net or sth else simple and call it a day, unless you’re in it for the meme.

I respect the spirit you’re going for, but FYI, Libby/Overdrive are private-equity owned and just as exploitative (if not more so) than the major publishers were.

Libby does not give libraries an unlimited license for digital books, but rather makes them pay what they would for a physical book, and allows them to loan out the digital copy a relatively small number of times (usually around ~4-5 IIRC) under the guise that a physical book would have been irreparably degraded after that amount of use. There’s a stream of billions of dollars being moved from non-consenting taxpayers going right to a monopolistic gatekeeper.

If we’re talking physical books, libraries are definitely still great for that, but I find that the vast majority of the time I look to check if they have a specific book I’m after, there are zero physical copies anywhere in the system, and all the digital “copies” are already “checked out”. E.g., I went looking for a copy of PKD’s Valis last week, and my options were: library audiobook (vomit), wait two weeks for a “checked out” digital copy from the library (vomit), buy from Amazon (vomit), or sail the seas.

So no, that’s a shitty substitute — libraries have been co-opted into an extractive, for-profit system and utterly perverted into a shell of what they were in the 20th century.

Absolutely not — the issue here is OP knowingly submitting false abuse reports.

Port scans of public hosts are not considered abuse per the CFAA or Amazon’s AUP without other accompanying signs of malicious intent.

https://aws.amazon.com/aup/

Amazon may take action against egregious mass-scanning offenders per the “…to violate the security, integrity, or availability of any user, network…” verbiage of the AUP, especially if they’re fingerprinting services or engaging in more sophisticated recon, but OP’s complaints are nowhere near meeting that threshold.

You should be able to get decent results if you pipe your tracks through demucs first to isolate the vocals.

https://github.com/adefossez/demucs

Vanilla whisper will probably be better than whisperX for that use case though.

Depending on how esoteric your music library is, you can also build a lyrics DB with beets: https://beets.readthedocs.io/en/stable/plugins/lyrics.html

Are you self hosting the long context llm, of do what are you using?

I did a lot of my exploration back when GPT4 128K over API was the only long-context game in town.

I imagine the options are much better these days between Llama 3/4, Deepseek, and Qwen — but haven’t tried them locally myself.

You’ll get used to it eventually, but you can e.g. tweak your PS1 to an all-caps hostname, or use a custom tmux layout with dedicated panes for each box you connect to.

If you really want something upgradeable, used enterprise SFF is the way to go: https://discountelectronics.com/

However, the hardware market is in a weird spot right now; you’ll get far more bang for your buck with an Intel N150. You can find a 16GB DDR5 w/ 1 TB SSD around the $200 mark, and that’s what I’d roll with in your shoes, assuming you don’t mind living without a spinning disk. Your Jellyfin and Immich instances will run far smoother.

This is the way.

Depending on the nature of the sim, it could probably even be done with ~80 GB or less of existing SSD space using zram w/ zstd.

deleted by creator

Please tell me more, which firewall would you recommend that plays nice with Docker?

Firewalld

No NAT?

Another user in this thread suggested DMZing, so combine your advice with theirs and boom. It’s not uncommon, and it’s fine if you firewall the box yourself. Most people don’t knowingly choose to use a firewall that they don’t intend to work, like you would.

why would you copy paste a docker compose without reading it?

There’s more than one way to use docker. Spinning up an official mysql image using the official docker run OR docker compose calls suggested by the docs would start up a server wide open to the entire internet if DMZ’d.

Just to throw out an easy option: if the music is well-labeled on Youtube, you can get pretty close to that full suite with just yt-dlp by using --embed-thumbnail as a stand-in for album art, dumping your files with an “Artist - track - album” naming structure using the --output-template flag — then using an awk or python script as a second pass to add the artist/track/album names to each file as tags.

E: and in case it isn’t self-evident, you don’t have to give yt-dlp a URL for each track; it’ll work fine with a playlist URL.

Yt-dlp is the gold standard for that.

https://github.com/yt-dlp/yt-dlp

Tag cleanup and album art are their own beast that you’ll wanna tackle post-download, but beets is another gold standard tool that can help with that layer.

https://beets.io/

You shouldn’t suggest UFW at all then. There are other firewall options that can be used just fine with docker.

It does have real potential to cause issues, e.g. if OP were to put their server in DMZ mode on their router and later copy some docker setup instructions that don’t explicitly bind to localhost.

This is dangerous advice because docker is well-known for undoing UFW’s iptable rules. It’s mitigated by binding to localhost, but still way too easy for people to shoot themselves in the foot by using the two together.

No need to cargo-cult security practices here, chief. You’re not gonna get pwned by publishing your hardware specs. If you’re planning to build some kinda webapp for yourself, that’s a different story - but you have to fuck up hard to get hacked while hosting raw HTML.

Use an SSH key, disable password auth, make sure you’re firewalled (i.e. test with nmap), and call it a day.

Is there a buried lede here? What’s noteworthy about an RC of a minor version release?

While I’m sure there’s a pre-canned tool out there for you, if you have basic software experience (which you seem to), this is one of those times where it’s usually most efficient to hack together a dumb CGI script and call it a day.

This prompt should get you most of the way there, using your llm of choice:

Write a minimalist cgi script to help upload files to a server. Upon a GET request, serve a light page with a centered form that takes in a file and a submission code. Submission codes will be stored on individual lines of a plaintext file. Adding new codes to this file is out of scope - but the codes will be 8-char hex strings (do validate that submission strings are not empty!). The script should accept the submission as a POST, and save the file to an upload dir if the submission code is valid.

Vet the output, harden as needed, setup a systemd service to serve with busybox httpd, and optionally reverse-proxy. If you’ve done this sorta thing before, you can probably knock it out in a half hour.

This is @Shimitar@downonthestreet.eu‘s work, not mine - but it’s pretty similar to how I’d set things up:

https://wiki.gardiol.org/doku.php?id=networking%3Assh_tunnel