Fail2ban config can get fairly involved in my experience. I’m probably not doing it the right way, as I wrote a bunch of web server ban rules — anyone trying to access wpadmin gets banned, for instance (I don’t use WordPress, and if I did, it wouldn’t be accessible from my public facing reverse proxy).

I just skimmed my nginx logs and looked for anything funky and put that in a ban rule, basically.

I can only remember this because I initially didn’t learn about xargs — so any time I need to loop over something I tend to use for var in $(cmd) instead of cmd | xargs. It’s more verbose but somewhat more flexible IMHO.

So I run loops a lot on the command line, not just in shell scripts.

Some bulk food stores let you bring your own. You put a sticker on them with the bulk item # and also the dry weight, so it’s a little more work, but then you can put your jars to use!

Newer macOS is not Unix certified.

It’s UNIX 03 compliant https://en.m.wikipedia.org/wiki/Single_UNIX_Specification

One or two Linux distros were (are?) UNIX certified, though.

I think mplayer has an ASCII output mode (VLC, too?), and I believe youtube-dl can output to stdout.

The rest is, as they say, left as an exercise to the reader.

Haha yeah that was the counter example I was thinking of. I agree completely — you could make a Gentoo from source beginner distro, and I think you could make it reasonably “idiot proof,” but it would still be a bad user experience most likely (too much time spent compiling).

If your distro can’t be forked into a “beginner distro” then it’s fundamentally flawed IMHO.

To be clear, I’ve used Arch as my daily drivers for a while, and while it’s not the best fit for my needs (I use Debian mostly), there’s nothing that I experienced that was incompatible with a “beginner” distro.

You can also drop cache for debugging by running something like echo 3 | sudo tee /proc/sys/vm/drop-caches

But remember that the kernel knows best — this RAM will automatically be freed up when needed and you should never run this except for debugging (or maybe benchmarking).

man rot13 ;)

I’ve been super happy with it. Knock on wood it’s been super reliable. I have a single ZFS drive, take snapshots with various retention policies, nothing fancy.

Another fun thing is to set up a reverse proxy on it as an endpoint for services on your local (home) network which can only be accessed by VPN. For example, my Jellyfin service isn’t public facing, but I didn’t want e.g. my parents to need to set up WireGuard. So instead they can point their TV to a raspberry pi on their network to access the service — even a first gen RPI can handle Jellyfin reverse proxy over WireGuard for moderate bitrates!

WireGuard, and an external HDD. Run at a remote location for off-site backup.

I do this with a raspberry pi 3 at the in-laws. I copied the data over locally before setting it up, and after that it’s just nightly incremental rsync, which is fine even over my slow (35Mbps) upload.

You can turn it off, at least for ext4: https://lwn.net/Articles/784041/

Although you can use case insensitive filesystems with Linux, and case sensitive filesystems with macOS. I believe the case sensitivity is a function of the specific filesystem — but yeah, practically, the root for Linux is always case sensitive, and APFS ain’t is only if you ask it to be ( https://support.apple.com/lv-lv/guide/disk-utility/dsku19ed921c/mac ).

I would bet that if you remux BBB to an mkv and play that through JF, it won’t transcode — I think it will just remux it back to mp4. Just a guess…

Interesting — I wonder if it only displays the first reason for having to mess with the stream, e.g., if it’s really that it’s an unsupported container, video, and audio codec.

Possible to try playing an h264 mkv (maybe Big Buck Bunny)? Since your screenshot is h265 I wonder if it indeed needs to transcode because that’s unsupported (in addition to mkv).

unless everyone is using hardware acceleration

I think that’s what (almost) everyone does. My little N100 works just fine with QSV.

Is it definitely transcoding? JF can remix without transcoding iirc.

IIRC chvt is a privileged command, which makes sense (if an unprivileged user could execute this command they could effectively brick the computer for a local user).

That said, my understanding is that modern DE’s are given a lot of access, so presumably chvt is allowed (and in this case, is required because as others mentioned, password is required). So the only other option is to fail unlocked, which is all kinds of Bad.

proxmox nudes

No judgement here, you just keep doing what makes you happy.