Currently using Bazzite. Wanted something rolling release but I didn’t want to do extensive tinkering, and Bazzite ticked both boxes. Other distros I tried (PopOS, LMDE) struggled with my monitor layout. Main monitor is high refresh rate and VRR capable, secondary monitor is 60hz, not VRR capable, and it’s in portrait orientation. That combination is very not ideal for some window managers, as I discovered the hard way. I’m sure I could have fought through that on other distros, but it all worked out of the box with Bazzite.

Debian Testing is unstable?

Naw, Debian Unstable is unstable. /s

Jokes aside, I don’t think I’d use Debian as a daily driver for desktop Linux, and I really like Debian. Now, for a server? Debian all day erry day. But as soon as a GUI is needed, I’m gonna look to another distro. For context though, that’s mainly because my daily driver needs to be gaming capable, and I have a very recent GPU. Debian 13 has Mesa 25.0, but 25.1 and 25.2 have fixes that keep some of the games I play from crapping out.

I switched to AirVPN about 6 months ago and I’ve been really happy with the service. Was previously using NordVPN, which was fine, but I was looking for a VPN provider that offered port forwarding and AirVPN does that. I don’t have hard stats on this, but I do feel that having access to port forwarding has improved my overall torrent speeds since switching.

Here’s the exact post that got the Proton CEO in trouble:

Maybe Gail Slater really is a great pick for Assistant Attorney General for the Antitrust Division. Frankly, I have no idea. But I won’t do business with any company that carries any water whatsoever for Trump.

I’d recommend AirVPN. Here’s why I’d recommend them, in their own words:

No traffic limit. No time limit.

No maximum speed limit, it depends only on the server load

Every protocol is welcome, including p2p. Forwarded ports and DDNS to optimize your software.

Not the person you replied to, but I’m in agreement with them. I did tech hiring for some years for junior roles, and it was quite common to see applicants with a complete alphabet soup of certifications. More often than not, these cert-heavy applicants would show a complete lack of ability to apply that knowledge. For example they might have a network cert of some kind, yet were unable to competently answer a basic hypothetical like “what steps would you take to diagnose a network connection issue?” I suspect a lot of these applicants crammed for their many certifications, memorized known answers to typical questions, but never actually made any effort to put the knowledge to work. There’s nothing inherently wrong with certifications, but from past experience I’m always wary when I see a CV that’s heavy on certs but light on experience (which could be work experience or school or personal projects).

However, it’s worth mentioning that WireGuard is UDP only.

That’s a very good point, which I completely overlooked.

If you want something that “just works” under all conditions, then you’re looking at OpenVPN. Bonus, if you want to marginally improve the chance that everything just works, even in the most restrictive places (like hotel wifi), have your VPN used port 443 for TCP and 53 for UDP. These are the most heavily used ports for web and DNS. Meaning you VPN traffic will just “blend in” with normal internet noise (disclaimer: yes, deep packet inspection exists, but rustic hotel wifi’s aren’t going to be using it ;)

Also good advice. In my case the VPN runs on my home server, there are no UDP restrictions of any kind on my home network and WireGuard is great in that scenario. For a mobile VPN solution where the network is not under your control and could be locked down in any number of ways, you’re definitely right that OpenVPN will be much more reliable when configured as you suggest.

I use WireGuard personally. OpenVPN has been around a long time, and is very configurable. That can be a benefit if you need some specific configuration, but it can also mean more opportunities to configure your connection in a less-secure way (e.g. selecting on older, less strong encryption algorithm). WireGuard is much newer and supports fewer options. For example it only does one encryption algorithm, but it’s one of the latest and most secure. WireGuard also tends to have faster transfer speeds, I believe because many of OpenVPN’s design choices were made long ago. Those design choices made sense for the processors available at the time, but simply aren’t as performant on modern multi core CPUs. WireGuard’s more recent design does a better job of taking advantage of modern processors so it tends to win speed benchmarks by a significant margin. That’s the primary reason I went with WireGuard.

In terms of vulnerabilities, it’s tough to say which is better. OpenVPN has the longer track record of course, but its code base is an order of magnitude larger than WireGuard’s. More eyes have been looking at OpenVPN’s code for more time, but there’s more than 10x more OpenVPN code to look at. My personal feeling is that a leaner codebase is generally better for security, simply because there’s fewer lines of code in which vulnerabilities can lurk.

If you do opt for OpenVPN, I believe UDP is generally better for performance. TCP support is mainly there for scenarios where UDP is blocked, or on dodgy connections where TCP’s more proactive handling of dropped packets can reduce the time before a lost packet gets retransmitted.

Tl;Dr the protocol requires there to be trusted token providers that issue the tokens. Who do you suppose are the trusted providers in the Google and Apple implementations? Google and Apple respectively, of course. Maybe eventually there would be some other large incumbents that these implementers choose to bless with token granting right. By its nature the protocol centralizes power on the web, which would disadvantage startups and smaller players.

Private State Tokens are Google’s implementation of the IETF Privacy Pass protocol. Apple has another implementation of the same protocol named Private Access Tokens. Mozilla has taken a negative position against this protocol in its current form, and its existing implementations in their current forms. See here for their blog post on the subject, and here for their more in-depth analysis.

I think you’re referring to FlareSolverr. If so, I’m not aware of a direct replacement.

Main issue is it’s heavy on resources (I have an rpi4b)

FlareSolverr does add some memory overhead, but otherwise it’s fairly lightweight. On my system FlareSolverr has been up for 8 days and is using ~300MB:

NAME           CPU %     MEM USAGE
flaresolverr   0.01%     310.3MiB

Note that any CPU usage introduced by FlareSolverr is unavoidable because that’s how CloudFlare protection works. CloudFlare creates a workload in the client browser that should be trivial if you’re making a single request, but brings your system to a crawl if you’re trying to send many requests, e.g. DDOSing or scraping. You need to execute that browser-based work somewhere to get past those CloudFlare checks.

If hosting the FlareSolverr container on your rpi4b would put it under memory or CPU pressure, you could run the docker container on a different system. When setting up Flaresolverr in Prowlarr you create an indexer proxy with a tag. Any indexer with that tag sends their requests through the proxy instead of sending them directly to the tracker site. When Flaresolverr is running in a local Docker container the address for the proxy is localhost, e.g.:

If you run Flaresolverr’s Docker container on another system that’s accessible to your rpi4b, you could create an indexer proxy whose Host is “http://<other_system_IP>:8191”. Keep security in mind when doing this, if you’ve got a VPN connection on your rpi4b with split tunneling enabled (i.e. connections to local network resources are allowed when the tunnel is up) then this setup would allow requests to these indexers to escape the VPN tunnel.

On a side note, I’d strongly recommend trying out a Docker-based setup. Aside from Flaresolverr, I ran my servarr setup without containers for years and that was fine, but moving over to Docker made the configuration a lot easier. Before Docker I had a complex set of firewall rules to allow traffic to my local network and my VPN server, but drop any other traffic that wasn’t using the VPN tunnel. All the firewall complexity has now been replaced with a gluetun container, which is much easier to manage and probably more secure. You don’t have to switch to Docker-based all in go, you can run hybrid if need be.

If you really don’t want to use Docker then you could attempt to install from source on the rpi4b. Be advised that you’re absolutely going offroad if you do this as it’s not officially supported by the FlareSolverr devs. It requires install an ARM-based Chromium browser, then setting some environment variables so that FlareSolverr uses that browser instead of trying to download its own. Exact steps are documented in this GitHub comment. I haven’t tested these steps, so YMMV. Honestly, I think this is a bad idea because the full browser will almost certainly require more memory. The browser included in the FlareSolverr container is stripped down to the bare minimum required to pass the CloudFlare checks.

If you’re just strongly opposed to Docker for whatever reason then I think your best bet would be to combine the two approaches above. Host the FlareSolverr proxy on an x86-based system so you can install from source using the officially supported steps.

It’s likely CentOS 7.9, which was released in Nov. 2020 and shipped with kernel version 3.10.0-1160. It’s not completely ridiculous for a one year old POS systems to have a four year old OS. Design for those systems probably started a few years ago, when CentOS 7.9 was relatively recent. For an embedded system the bias would have been toward an established and mature OS, and CentOS 8.x was likely considered “too new” at the time they were speccing these systems. Remotely upgrading between major releases would not be advisable in an embedded system. The RHEL/CentOS in-place upgrade story is… not great. There was zero support for in-place upgrade until RHEL/CentOS 7, and it’s still considered “at your own risk” (source).

People here seem partial to Jellyfin

I recently switched to Jellyfin and I’ve been pretty impressed with it. Previously I was using some DLNA server software (not Plex) with my TV’s built-in DLNA client. That worked well for several years but I started having problems with new media items not appearing on the TV, so I decided to try some alternatives. Jellyfin was the first one I tried, and it’s working so well that I haven’t felt compelled to search any further.

the internet seems to feel it doesn’t work smoothly with xbox (buggy app/integration).

Why not try it and see how it works for you? Jellyfin is free and open source, so all it would cost you is a little time.

I have a TCL tv with (with google smart TV software)

Can you install apps from Google Play on this TV? If so, there’s a Jellyfin app for Google TVs. I can’t say how well the Google TV Jellyfin app works as I have an LG TV myself, so currently I’m using the Jellyfin LG TV app.

If you can’t install apps on that TV, does it have a DLNA client built in? Many TVs do, and that’s how I streamed media to my TV for years. On my LG TV the DLNA server shows up as another source when I press the button to bring up the list of inputs. The custom app is definitely a lot more feature-rich, but a DLNA client can be quite functional and Jellyfin can be configured to work as a DLNA server.

Containourboros!

You can do this with custom formats. You’d want to create a custom format that gives a score if the file is below a certain size threshold (say 1.5GB per hour), then add minimum custom scores to the release profiles you use (e.g. Bluray 1080p). You can also add custom filters for release groups that prioritise file size. YTS for example keeps their releases as small as possible.

I’m not convinced that Valve will go down the tubes when Gabe shuffles off this moral coil (praise gaben may he live a thousand years). It would require a strong company culture that believes as he does that piracy is a service issue and is thus willing to adhere to his vision in his absence, but that can happen in a privately held company if there’s a strong succession plan in place.

Now, if Gabe dies and Valve goes public, then it’s pretty much over. Platform monetization, proft-taking and short-term thinking would enshittify Steam in short order.

Commerce conducted in a capitalist economy is inherently capitalist. Being publicly traded is not strictly required, though it might be the most common form of corporate structure under capitalism. Individuals, partnerships, privately-held and publicly-traded companies can all own capital. Valve’s assets are not owned by a government, its business decisions are made privately and it operates in a free market. Those three factors are pretty much the definition of capitalism.

I don’t think it’s inevitable with large groups. Take charities for example. There are very large charities that do very good work, and don’t exhibit the kind of fuckery we see in the corporate world. There are certainly bad charities too, but I’d argue those are fraudulent charities run by unethical people.

So what’s the difference between a large reputable charity, and a corporation at a similar scale in terms of number of people involved, and amount of money involved? One is nonprofit, the other is for profit. So it’s large group plus profit motive that causes the drift toward amorality.

Remember there are actual people who are making these decisions.

Sure, but what I want to know is why they feel comfortable making immoral decisions. Are they all psychopaths? Psychopathy is known to be more common in the C-suite, by some estimates 3.5% of executives are psychopaths. Businesses reward those who deliver good business outcomes, and psychopaths might tend do better at that with no pesky moral compass to get in the way. But the rest are just average people, probably no different than the general populace when it comes to measures of morality. So if 95%+ of oil company executives are not inherently less moral than the rest of us, why the hell would they be willing to make decisions that literally destroy the fucking planet?? I mean, the oil companies knew climate change was a big fucking problem decades ago, and they still did what they did. How the fuck does that even happen??

My thesis here is that the corporate structure itself is sufficient to compel otherwise moral people to make choices that are absolutely heinous when viewed objectively. When you’re faced with an option that makes your corporate targets and nets you a bonus but irreparably harms some distant other, the average person will tend to make the immoral choice. They’ll rationalize it, they’ll minimize it, but ultimately they will happily fuck over someone in another country, another generation, or hell, just in another office, so they can make a buck.

Corporations are always happy to pander to morality when it’s to their benefit, but I believe corporations are inherently amoral. They might make decisions that are moral, but that’s just a happy coincidence that occurs when the decision that’s in their interest also happens to be the moral choice. Corporations are equally happy to make choices that most would consider immoral, if it meets their goals.

I have no source for this, but my theory is that when the workforce of a corporation grow past Dunbar’s number it will inherently bend toward amorality. Making moral choices requires knowing the people affected by your choices, and having empathy for them. Once it becomes impossible for one worker at a company to have a personal relationship with every other member of the staff, it’s all too easy for groups to form within the company that will make choices that drive the company’s goals (growth, revenue, profit) at the expense of anything and everything else (the environment, the community, their customers, even their own workers).