A second offsite NAS with your friend? That’s what I did when I grew out of my old synology. My new NAS capacity is noticeably impacted by things like frequent local snapshots but I don’t need to back those up remotely and it saves space.

Next step is discovering atuin! https://atuin.sh/

OP should have vibecoded the title, chatbots know how to use apostrophes.

Isn’t kagi’s point that they store very little about you to the point there no search history and you have to pay for the service provided?

What’s going to pay for the search part, then?

I think the point here is moving away from long-lived ssh keys and using whatever IdP you have (enterprise cloud or local oidc) to provide short-term ssh keys. It generally improves the security posture as it’s similar to ssh with certs but less painful to set up.

Unfortunately, matrix doesn’t have a viable plan for federation, meaning that you’d better onboard on matrix.org or else.

People saying self-hosting mastodon is hard never had to touch matrix. It’s not hard, the protocol is literally broken to the point where starting again is not an option.

I’m all in for ditching discord, but matrix is at most mediocre in almost every aspect. It’s wild how much easier it used to be with xmpp.

First party app, yes. Thanks for the recommendation, I’ll give swiftfin a try.

Jellyfin looks pretty bad on an iPad. Subtitles setting keep getting reset on their own, it doesn’t understand basic keyboard controls (spacebar to pause), the UI is overall tiny. Oftentimes it will forget to save the spot where I finished watching and on the next launch will happily play the movie from beginning.

I wonder if NixOS is a vacuum coffee maker for how confusing nix looks when you see it for the first time or instant coffee for how reproducible it is…

That’s just Slackware.

Local models are really good at tokenizing the text and figuring the intent in the user input. Not perfect, but much better than any possible regexps you can think of. And it’s a trivial operation you can run even on a CPU model.

The windows client does, yes. But I’ve found that to be fragile on occasions.

Technically, it does have a windows client. It’s just in various states of being broken.

Updates to DNS, yes. Not necessarily to your primary zone. In other words, you don’t need access to the name servers for your highly privileged example.com zone, only the nameservers for inconsequential.example.com. With the challenge delegation you can easily narrow the scope by CNAMEing the relevant _acme-challenge enries in your primary domain once. This not only removes the need for the validator to modify your primary zone, but also scopes what subdomains it can validate, too. So the blast radius decreases.

I, too, maintain several devices that insist on having the certificates (and keys, yuck) being fed to them by hand. I automated it all, because I don’t see why a human should be in a loop of copying the secret material. Automaton is good.

How complicated is it to have a CNAME? /s

You can delegate to isolated nameservers with DNS-01, there’s no need to have control over the primary zone: https://www.eff.org/deeplinks/2018/02/technical-deep-dive-securing-automation-acme-dns-challenge-validation

Between homebrew and nix, the amount of foss macs can run out of the box is pretty close to some generic Ubuntu (nixpkgs is technically the largest repo out there, but not all of the nixpkgs are available on mac).

There’s a whole bunch of “it loses all your data” bugs in OpenZFS too, ironically, although it’s way way less fragile than btrfs in general.

That said, the latter is pretty much solid too, unless you do raid5-like things.

FWIW that java app isn’t much memory hungry and it’s not cpu-intensive at all. There are no issues with running java apps at all if you spend 5 minutes figuring the basix flags on how to set the memory limits or run it in a memory-limited cgroup via some containers runtime.