That is a setup guide for hardware key and passkey auth. It is not a hardening guide, and does nothing to mitigate these LPE vulns.

Yt-dlp is the gold standard for that.

https://github.com/yt-dlp/yt-dlp

Tag cleanup and album art are their own beast that you’ll wanna tackle post-download, but beets is another gold standard tool that can help with that layer.

https://beets.io/

Gnome. The maintainers have a hard-earned rep for contemptuous attitudes towards community and end-user feedback.

Ah - I totally missed the Nvidia-related bit! Thanks for flagging that.

That being said, based on the maintainers’ past stances, I’m pretty pessimistic on them actually implementing a fix like that. They’re very much against the general practice of poking holes in their sandbox security perimeter.

Flatpak is quite fucking far from perfect, and will always remain so due to its flawed design and UX approach.

Pretty sure the culprit here is Fedora’s packaging which adds an opaque systemd timer to run auto-updates, but the thread immediately next to this one on my homepage just happened to be a nice case-study in Flatpak fuckery: https://lemmy.world/post/30654407

Of course, the proposed changes in the article do nothing to fix this sorta problem, which happens to be the variety that end users actually care about. Flatpak is an epic noob trap since it pretends to be a plug-n-play beginner friendly tool, but causes all sorts of subtle headaches that newcomers inevitably don’t have diagnostic experience to address.

If you’re looking for sympathy, you got it. Fuck the state.

If you’re looking for solutions, use a cheap $5/mo VPS that exists purely as your gateway host. Run everything you want on your home machines, then tunnel the traffic to your gateway and reverse-proxy it there. Your data stays in your hands, you can spin up and expose new services publicly in a matter of minutes, AND your home IP isn’t vulnerable to doxxing or DoS.

Speaking as a data engineer, you’re having trouble because git is the wrong tool for the job. You can make it work if you use git-lfs + custom hooks — but if you choose to go that route, be aware you’re making things unnecessarily hard for yourself.

If you want to make this easy, separate out your concerns:

1. Versioning: take periodic snapshots of your unconverted files with a binary-friendly diffing tool like restic or borg. Alternatively, ZFS/btrfs snapshots are an excellent way to handle this.
2. Conversion: keep your original files in their own directory. Set up a small script that searches your directory of original files recursively, passes the files to lame to encode to V0 or V2, and outputs them to a separate directory of lossy mp3 files.
3. Syncing: use rsync with the --delete flag to copy your lossy files to the server + clear out files you’ve removed locally.

Object storage is indeed a specialized filesystem in a trenchcoat.

Object storage is typically (but not always) associated with non-hierarchical key-value lookups, as opposed to the directory tree pattern most file systems use. Object storage systems are also typically (but not always) designed with sharding and distribution in mind.

This is a Jellyfin problem; not a beets problem. You can easily solve it with beets config if you’d like to, though.

The distinction between what you want vs. what you’re getting is that Jellyfin is grouping by the “Artist” tag instead of the “Album Artist” tag. I haven’t touched Jellyfin in years, but look for a builtin setting or alternative view to group by album artist - you’ll almost certainly find it.

If you want to solve it in beets, you can do that through a custom script, the FtInTitle plugin, or a combo of the inline + advancedrewrite plugins. Remember to run a re-import on the Jellyfin side after making your tweaks to the beets pipeline to make your changes show up without duplication.

This is brilliant! You can even let the front truck pull all the others tied behind it so you need fewer working engines.

What if you added guide rails to the lane so the trucks didn’t have to steer?

Power plants that do not change their power output quickly, such as some large coal or nuclear plants, are generally called baseload power plants.

https://en.wikipedia.org/wiki/Base_load

One of my cats, despite being an extreme clinger, absolutely will not tolerate being picked up under any circumstance.

Lone exception? If there’s a bug she wants but can’t reach, she will meow until I come lift her up to catch it. One hand under her hind legs, one under her stomach - so she has both front paws free to pin the bug with. Fortunately, she’ll let me summon her too, so whenever there’s a moth or something hanging out on the ceiling, I yell “bug” and the cat comes running to catch it for me.

Right ol’ on-demand vacuum cleaner, that one.