You sound like you want to go all in on federated services but there are plenty of other things to do.

I love Nextcloud, works well when set up through the Nextcloud All In One docker setup, but it is a little different to other things so it might not be a starting point depending on your experience. Lots of apps to add for extra functionality. But don’t replace your cloud storage with it until you’re confident of your backups (and ability). I ran it for years to use for the apps and minor things before I finally went all in.

I think a wiki is a great thing to have. Use it to document what you’ve done so you can remember.

Then there’s media. With the storage I guess TV/movies might be out, but there’s Audiobookshelf for Audiobooks, Kavita or Calibre Web for eBooks. I like Jellyfin for music (but using the Finamp app not the Jellyfin one), but others like dedicated music setups like Navidrone.

I buy my music from Bandcamp where available and Qobuz where it’s mainstream labels, then I can have my own little Spotify. Finamp even lets you download playlists or your whole library to your device for offline listening. I use Findroid for watching things, which also allows downloading. Last I checked the Jellyfin app didn’t have Netflix-like downloading, just downloading the files to your downloads folder.

I guess you might not fit a whole lot with 300GB storage though, especially after you fit the databases of half a dozen federated services.

If you have space, perhaps a photo service like Immich or Photoprosm.

If you have friends maybe a private sharing forum like Zusam.

If you have family then maybe family tree software like webtrees.

I run so many things, they all get used, and I’m always happy to talk about them!

Depends if you count OEM licences that came with their device as purchases, which would be the vast majority of people.

I agree this makes the most sense.

That’s an interesting proof of concept, but I don’t think it shows it’s different. That’s a server side attack, whoever has control of the server could just have the script download a malicious binary instead and you wouldn’t be able to tell from the script.

Firstly, it is much, much easier to compromise the website hosting than the binary itself, usually. Distributed binaries are usually signed by multiple keys from multiple servers, resulting in them being highly resistant to tampering. Reproducible builds (two users compiling a program get the same output) make it trivial to detect tampering as well.

Yeah this is a fair call.

But at the same time, I have little confidence in my ability to spot these bugs.

This is the key thing for me. I am not likely to spot any issues even if they were there! I’d only be scanning for external connections or obviously malicious code, which I do when I don’t have as much trust in the source.

As a sidenote, docker doesn’t recommend their install script anymore.

Yeah I used it as an example because there are very few times I ever remember piping to bash, but that’s probably the most common one I have done in the past.

You can, but to me it seems weird to say it’s crazy to pipe to bash when people happily run binaries. If anything, the convenience script is lower risk than the binary since people have probably checked it before you.

I wouldn’t pipe a random script to bash though, nothing where I wouldn’t trust the people behind it.

Yeah I get that, but I would install docker, cloudflared, etc by piping a convenience script to bash without hesitation. I’ve already decided to install their binary, I don’t see why the install script is any higher risk.

I know it’s a controversial thing for everyone to make their own call on, I just don’t think the risk for a bash script is any higher than a binary.

Ok but not everyone has that skill. And anyway, how is this different to running a binary where you can’t check the code?

Is it different from running a bash script you downloaded without checking it? E.g. the installer that you get with GOG games?

Genuine question, I’m no expert.

He probably just wishes he put it in the contract signed with the mothers.

I guess the most plausible explanation is incompetence, there wouldn’t be a reason to do this on purpose (a backdoor), right? Since the company could have easily used different credentials per device that they store anyway?

GrapeneOS have a specific goal related to security. You can install one of the others, like LineageOS, if you are happy with the tradeoff.

Is there anything that prevents a tech bro buying the hardware and accessing the network to post with their LLM the way they do with the internet today?

I feel like I should up my game in vim. It’s my preferred CLI text editor, I hate when things default to nano as I have trouble working out how to use it. But I very much use the OOTB vim and only basic commands at that.

When you say you have it set up as an IDE, are you talking something that looks like the first picture here (with the red boxes)? I have so much to learn 😅

Hmm, I guess I have Joplin and I use it a lot, but it doesn’t really feel the same as a text editor. I’m not really sure how to explain it haha

Maybe I should be looking for a note taking app, but I want it for storing everything from to do list items to quick edits of code snippets so I kind of want the text editor features.

I haven’t! But the main advantage of the Notepad++ way is the files aren’t actually saved anywhere, it saves them temporarily until you choose where to properly save them. You can just keep opening new tabs and putting stuff in them and it remembers even if closed, but you don’t have to actually save them.

One thing I miss from Notepad++ that I’ve never found in a Linux text editor is the ability to just open it and type stuff and it stays there even if you close it and open it again.

Ah yes, I guess it was Flattr! I read the top of the above linked wikipedia page and it talked about visiting pages with a browser extension, which didn’t sound right. But I see now in the history section it has:

Its first version required users to click on a “flattr” button on websites to “flattr” content.

So I guess I was in early!

To my knowledge Lemmy doesn’t have user tags. So any tagging will be client specific.