You should see the apps on MacOS. Almost every single app that is not installed from Appstore has that shitty update popup, it is driving me nuts.
I think Linux has the best solution for this - good package managers for bases system and Flatpak with Flathub repo for other apps. So you never get stupid popups, and update managers use signed packages and check those signatures before installation.
I don't think it is because they can't do it or that they want to be a base for other distros. They simply let the user choose what the user wants. And if you don't know what you want then you learn it.
I switched to arch 15 years ago to learn Linux. And it is by far the best way to understand it.
Having used Arch I can easily maintain almost any distro out there, but it doesn't work the other way around.
> Having used Arch I can easily maintain almost any distro out there, but it doesn't work the other way around.
I think this is an important thing to recognize. It's exactly why I tell people that want to learn Linux to do it (but not people who want to use Linux). The struggle is real, but the struggle is part of the learning process. The truth is that distros are not that different from one another. The main difference is in the package manager and the release schedule of their package databases.
I'd also like to tell any Linux newbies, the Arch Wiki is your best friend. It doesn't matter if you're using Ubuntu, Mint, or whatever. The Arch Wiki is still usually the second place I go to for when I need help. The first is the man pages (while there's some bad documentation out there it is quite surprising how well most man pages are written. Linux really has shown me the power and importance of writing good documentation)
I have claude code hooks that send local computer notifications when action is required or processing finished. And when I step away from computer, I get those notifications through pushover. Then I login on phone to ssh (mosh) with Termius and connect to the tmux session running claude. I use this approach when watching TV with the family and laptop is not appreciated on the sofa. :)
Every time I read these "I've managed to control Claude Code from my phone posts", they come with some variation of "so that I can continue being on my computer" during some other activity. It's a very personal decision, but feels like on of these points where people should re-evaluate. Just because we can, doesn't mean we should.
> it was so good that I caught myself coding from my phone while out with friends… and decided that this is something I should stop, more for mental health than anything.
I wouldn't want to code from phone. Ugly to type code on a tiny screen. But this feels different. Voice typing emails to an agent, from a space removed, taking a step back? It gives perspective. It's a good way to work, I find.
You can be in your day. You don't have to be 'head in the code'. Let the agent take care of it. That's what I made it for. To get you out of that!
I am not coding while out with friends. I am just checking status and giving new instructions between breaks. It lets me spend more time away from the computer screen without feeling unease.
It’s tragic that having a language as flexible and unopinionated as Perl is admittedly terrible for novice programmers because Learning Perl is easily one of the greatest introductory programming books.
I do exactly that in my container build pipelines and it is great. And then CI uploads those SBOMs to Dependency Track.
Depending on the language, scanning just the container is not enough, you for sure want to scan the lockfiles for full dependency list before it is compiled/packed/minified and becomes invisible to trivy/syft.
You are building everything in CI from scratch so theoretically, it should be completely possible to not need to scan lockfiles and get all the data from their respective sources (OS, runtime, dynamic libs, static deps, codegen tools, build time deps, etc)
At this point I just want them to die off completely so we could get something better. They have been unable to make real improvements that make using Matrix a nice experience. And their existence somehow inhibits other solutions from emerging in the OSS community chat space.
People new to the system think that Matrix can work. So FLOSS devs spend time trying to lipstick the pig. Takes time away from other areas.
Matrix is completely busted, for the article's aforementioned reasons, and others.
My complaints is that ive seen child sexual assault imagery on your primary servers, hours later (and thousands of CSAM images) finally the user banned. And still does it cause some federated server they are connected to still allows them to be half-joined to a room.
The only safer way to federate is to disable image caching and preloading, and ideally defed from matrix.org.
And combined are the laughable moderation tools. I'm sure for some gov deployment, they're not going to spread child sex images. But on the public internet, even basic tooling is a joke.
I recommend all Matrix admins to discontinue. Its frankly too legally dangerous to run it, given all the various failure modes and E2EE failures.
Its 1 size doesnt fit at all. And it being gone would allow others to potentially succeed.
They're typically operating in private or semi-private federations, and so aren't so worried about spam/abuse issues like the one in question here. They may also not care as much about serverside metadata footprint (or indeed they may actually require serverside metadata in order for the server admins to enforce who can talk to who).
As a result, the popularity of Matrix in public sector has resulted in focus there - which is somewhat different to the expectations of folks looking for a Discord replacement or a privacy-at-any-cost solution.
> As a result, the popularity of Matrix in public sector has resulted in focus there - which is somewhat different to the expectations of folks looking for a Discord replacement or a privacy-at-any-cost solution.
Unfortunately, a Discord replacement is the sort of thing that the free software world actually needs, because in its absence people are just using Discord, even for free software projects.
I think you could get pretty close with OAuth2. You could also have the frontend be a centralized app, but allow people to host their own servers. If the entity controlling the frontend goes off the rails you still have a pretty simple exit strategy.
OAuth2 is a failed protocol - it's more of a set of guidelines for vendors to implement proprietary authentication systems, all incompatible with each other.
I looked into Zulip a couple years ago and they didn't support this. Have they implemented OAuth2 or something since then? Specifically being able to log in once and be able to jump between any number of self hosted servers.
This is an astute comment, despite "Arathorn" CEO of Matrix LLC's downvote ring pushing down the score. (Hey bud you know you can just read without commenting, right? Sit and listen for awhile)
ActivityPub has the same problem. Browse a Japanese MissKey server and it'll start loading yours up with questionable drawings. I turned off my server FAST
This is a big, big problem for federated software that I have not seen addressed or even frequently discussed. Arbitrary file upload by the public is not something small operators can reasonably allow on their servers.
Even large operators of non federated systems with controlled access like Facebook struggle with this. It's impossible to protect yourself as a server operator on Matrix or ActivityPub from malicious actors that want to use your server to distribute illegal material, and you'll be the one found liable!
Hosting any publicly uploaded content is a bad decision and a problem since e-mail. IRC and MQTT with QoS 0 do not have this problem. They have others though. At least criminals won't use them because of how easy is to snoop.
half baked solutions often "crowd out" potential better solutions. If something works enough, someone is less likely to make one that works well. Especially when there's a network effect involved.
My guess would be that Synology is an expensive but weak computer, bare minimum for NAS.
Immich does require some CPU and also GPU for video transcoding and vector search embedding generation.
I had Immich (and many other containers) running successfully on AMD Ryzen 2400G for years. And recently I upgraded to 5700G since it was a cheap upgrade.
OpenVPN is far from "no fuss", especially when compared to Tailscale.
I like to self host things so I also self host Headscale (private tailnet) and private derp proxy nodes (it is like TURN). Since derp uses https and can run on 443 using SNI I get access to my network also at hotels and other shady places where most of the UDP and TCP traffic is blocked.
Tailscale ACL is also great and requires more work to achieve the same result using OpenVPN.
And Tailscale creates a wireguard mesh which is great since not everything goes through the central server.
Wireguard is great, I have personally donated to it and have used Wireguard for years before it became stable. And I still use it on devices (routers) where Tailscale is not supported. But as Jason stated - it is quite basic and is supposed to be used in other tools and this is what we are seeing with solutions like Tailscale.
Tailscale makes it simple for the user - no need to set up and maintain complex configurations, just install it, sign in with your SSO and it does everything for you. Amazing!
That's pretty cool, thanks for the info! I've been looking into Tailscale the past few days since it actually seems pretty convenient.
I've seen they offer to use Mullvad as an exit node for devices which is very cool. Sadly it seems like for this to work, you have to have them manage your Mullvad keys, which to me kind of defeats the purpose of Mullvad in some ways. But I can see how it makes sense to them from a business-perspective.
I think Linux has the best solution for this - good package managers for bases system and Flatpak with Flathub repo for other apps. So you never get stupid popups, and update managers use signed packages and check those signatures before installation.
reply