Linux MATE desktop is pretty established and I think has a similar audience. Pretty confusing name choice… “want to install mate on linux? Try linuxmate (no relation)”

BTW are those actually your reasonings on the blog as you say? It reads very LLMy.

What makes you suspect the Nginx config instead of Lemmy? Do you have any failing requests (timeout or statuscode >= 400) in nginx log? What are the failing endpoints?

Both can be true.

I think such character assessment and calling names is unnecessary and off-topic here though. Better engage with substance than judging by vibes and doing ad-hominem.

Called it.

https://feddit.online/post/1372107/comment/6758185

No one listen grug til chicken come to roost

I guess they now have large enough number of users that it would be wise to shift some focus to supply-chain security from growth-hacking.

This is growing pains.

Cool! Keeping up with platform changes is a challenge for projects like this. I think to be successful beyond initial popularity you need an active community that can do this together. It’s draining for just one person - especially once you get big enough that they might actively break things just to mess with your integration. Following maintenance of alternative YouTube clients as well as searx-ng is illustrative.

Not to discourage but be prepared. Best of luck!

https://cadence.moe/blog/2022-09-01-discontinuing-bibliogram

deleted by creator

Just to rule it out (wouldn’t be the case on default debian):

Is SELinux enabled? sudo getenforce (if command missing or false, it’s not your problem here)

You are not running with podman as compose backend? sudo systemctl status podman shouldn’t show an active service unless you use it.

It was certainly not intended as a character assessment and it’s unfortunate you took it that way. I’m talking about how the release notes (and in passing your post) were written and not about you as a person or maintainer, or even the project itself.

I do hold release notes of a public project with thousands of users to a different standard than anon lemmy.world comments in a feedback thread. Is that interesting or surprising?

I believe there was actionable feedback given. You are of course free to dismiss it.

Maybe I don’t understand the use case for bentopdf, and considering how popular it is, that is likely true

Especially in this day and age, be careful with believing something is right (or even popular) just becuse it looks popular. Talking about generalities of gameable metrics and the cognitive pattern, not to dunk on the project apart from their communications doing the same mistake.

It’s not as much the general style as the particular contents of this release. Your previous release notes did not give the bad impression this one does. Since you did ask for any feedback I let you know why I am now less likely to use or recommend the tool compared to before. The amount of text and emojis spent begging for TrustPilot reviews also contributes.

FWIW, netstat is considered legacy and deprecated. The in-vogue way to do the same thing is ss -lpn | grep 8080.

netstat like ifconfig still works and is shipped in the net-tools package if you like it but if you’re learning it’s better to build a habit with ss and ip right away.

https://arturogl.com/2023/10/18/linux-new-tools-replacing-netstat/

Try to ignore the GH stars and other engagement numbers. Or at least try not to put focus on them in your communications. It’s a distraction for you and you are making it a distraction for your audience. GH stars are not a useful signal as they are easily gamed and bought. Maybe yours are all organic, legitimate, and a legitimate cause for personal celebration. But you are just giving false credence to them (and thereby those illegitimately gaming the system) and removing focus from your own app. I don’t think it belongs in release notes or a great way to lead your pitch here.

Most of the first half of the release notes rubs me a bit the wrong way and feels like it’s not the place for those messages. Your “Very Important Note” feels less relevant than the “Dad Joke” section (which does have potential entertainment value) and probably has the exact opposite effect than the one you intend.

Phone. And Location 🙃

One example of how permissions UI on Android is too coarse. Arguably mocking location is a questionable use but this pattern crops up everywhere. I think users must have more fine-grained control over what apps can access regardless of what devs put in their mainfests. It’s reasonable that a user wants an app to have access to GPS coordinates and network access but not cell or wifi info.

In general GrapheneOS gives more flexibility and power to the user than stock but I’m not sure if they go far enough to support what you want to do.

https://github.com/tonarino/innernet

This is still crypto, yo

Possibly oversimplifying: If you trust the hardware security of Intel but not the operational security of Cloudflare or AWS, this would allow you to exchange messages with the LLM without TLS-encryption-stripping infrastructure operators being able to read the messages in cleartext.

And yes it does look like it has significant overhead.

This seems impossible from a scalability perspective, as even small LLMs require huge quantities of RAM and compute. Did I miss something fundamental here?

Well isn’t it the other way around? If the per-user resources are high, the additional sublinear overhead of isolating gets relatively smaller. It costs more to run 1000 VMs with 32MB RAM each vs 2 VMs with 16GB RAM each.

However I guess this might get in the way of batching and sharing resources between users? Is this mentioned?

A CA can be an encrypted volume on a live USB stick. It’s mostly for the CRLs you might want something online. A static HTTP server where you manually dump revocations is enough for that.

Unless you do TOFU (which some do and btw how often do you actually verify the github.com ssh fingerprint when connecting from a new host?), you need to add the trust root in some way, just as with any other method discussed. But that’s no more work than doing the same with individual host keys.

And what’s the alternative? Are you saying it’s less painful to log in and manually change passwords for every single server/service when you need to rotate?

If this is inside the threat model, you put a passphrase on that key and load it in an external process like ssh-agent or gpg-agent. Maybe even move it to a separate physical device like HSMs or crypto hardware wallets (many of which can be used for this purpose btw).

This is also neat: https://doc.qubes-os.org/en/latest/user/security-in-qubes/split-gpg-2.html#notes-about-split-gpg-2

Not if you use certificates signed by your own internal CA and trust the CA instead of straight up trusting the public keys explicitly.

This way you can generate new SSH or TLS keys trusted across a bunch of machines without having to touch those machines directly for every key, since they are signed by your trusted authority. If you configure CRLs properly you can also revoke them centrally.