Andres

@K3can So you’re running the systemd services as root, and letting systemd change them to their relevant users? Or are you running the systemd services as a non-privileged user, and using container subuid/subgids?

@K3can @silver How do you handle running as other users? I like to run services as their own user, so currently I create a new user and (as them) run podman compose.

@irmadlad Also, I would think that companies offering long warranties on refurbished drives are playing the odds in a way that makes them money. It probably wouldn’t be profitable if they sold drives w/ bad/reallocated sectors and the majority of them died within the warranty period.

My assumption is that all drives will die (or suffer corruption) at the worst possible time, so do proper backup/scrubbing. Then look for deals where I can.

@irmadlad I can’t tell you averages (I’m not running massive storage servers with hundreds of drives here), but I ordered this particular one in Oct 2025. It’s still going strong. There’s another one that I bought back in 2019 or 2020 that I used for a few years before replacing it due to needing more space. Meanwhile, I’ve used plenty of consumer drives over the years that were a lot less reliable, so I have different rules for consumer drives (toss 'em at the first error) vs enterprise drives.

@irmadlad @moonpiedumplings Enterprise drives w/ bad sectors and a 5yr warranty? Me (raises hand)!

With snapraid and backups and the warranty, I’m perfectly happy to use enterprise drives _where the drive errors aren’t increasing_. Worst case, I lose some of those linux distributions and have to re-download them. I wouldn’t use one without a warranty though (and I certainly wouldn’t waste my time on a 500gb drive, the last hdd I bought w/ sector errors was 14TB for $140).

@KneeTitts @Jason2357 Recently there are a lot of zero-day kernel exploits (local privilege escalation), so I would make sure “up to date” includes regular reboots into new kernels. As opposed to just relying on something like unattended-upgrades.

For the past few weeks we’ve been averaging one LPE per week, and it’s probably going to continue like that for a bit.

@yestalgia I will say that the configuration is not the most intuitive. Part of it is just that the web UI is, imo, not that good. There’s a lot of confusing stuff exposed to users that isn’t really important for like 99% of use cases.

(who cares whether compression is metadata only or all data or none? wtf is “introducer” vs “auto-accept”? why do I need to see a random hash for device or folder id in addition to a device or folder name?)

@yestalgia So I set up syncthing between a server and one client. Share folders between them. Figure out how you want the folder data replicated; for my phone pics, for example, the sync is one way from (phone) -> (syncthing server). For kids’ health stuff, it’s a two-way sync; because the sync might be (my laptop) <- (syncthing server) <- (my wife’s laptop), or vice-versa. Then add another client to the syncthing server, following the same process. Never sync client-to-client; always via server

@pixeldaemon I used to use Seafile, but it is clunky and annoying, and it will also never ever be in debian due to upstream copyright sketchiness.

@pixeldaemon Syncthing. We have one “authoritative” fileserver running syncthing, and then a bunch of “clients” (laptops, phones) that sync up to the fileserver. This doesn’t work for, say, terabytes of movies/music, but for important stuff like photos/tax records/whatever, it means we can make changes on any “client” and it gets synced to the “server” and all the other “clients”

For more traditional cloud, I recently installed copyparty (https://github.com/9001/copyparty) w/ https://github.com/romaan7/white-gold-theme-for-copyparty

@Bazoogle @1hitsong First of all - when it comes to creating programs, you want the output to be deterministic. Stochastic program output is a serious problem, as you _will_ get unreproducible bugs. Second, plain language is _not_ easy except for the simplest of tasks. Actual programs need to handle all kinds of corner cases and hardware weirdness and human weirdness. Your “plain language” goes from “do a thing” very quickly to “do a thing. but not that thing. or that other thing. and and and…”

@GreenKnight23 I don’t see that behavior. Rebooting into a new kernel and then running dist-upgrade, it always _always_ keeps one older kernel around. Bookworm and trixie.

@GreenKnight23 @oong3Eepa1ae1tahJozoosuu I’ve never seen that behavior in Debian. Is that some different type of configuration?

@djdarren @frongt That’s not how SyncThing is designed. It’s intended to be a full mirror.

I kind of emulate what you’re talking about with restic’s mount command. It’s a lot less intuitive than what you’d get from a cloud storage platform, but it’s Good Enough For Me. If you want to match cloud storage, you probably want nextcloud or seafile or something.

@IratePirate @eightys3v3n Snapraid offers scrub/bitrot protection - check out ‘snapraid scrub’.

@IratePirate Combine this with restic (or borgbackup, if that’s how you swing) for a bombproof selfhosting solution.

@Vejeta I can’t promise to package/include it, but looking at it is still on my todo list. The other work stuff has taken longer than expected, but once it wraps up I’m planning to look at your CEF stuff.

@PancakesCantKillMe @gedaliyah Okay, you’ve piqued my curiosity. What does your playlist for pets look like?

deleted by creator

@meldrik They’re impossible to block based on IP ranges alone. It’s why all the FOSS git forges and bug trackers have started using stuff like anubis. But yes, I initially tried to block them (this was before anubis existed).

It was a few things that I had to take down; a gitweb instance with some of my own repos, for example. And a personal photo gallery. The scrapers would do pathological things like running repeated search queries for random email addresses or strings.