Either way, just remember to support artists when you can. Bandcamp Friday is one of the best ways I know of to fund artists in exchange for FLACs that you can legally listen to however you want to.

But I was a broke student in the heydays of torrenting, so I’m not judging using any means necessary to listen to music.

Lol I don’t know what you want man, i didn’t realize this was one of those “digging my heels in because I don’t know how to be wrong” threads. I’ll let you do your thing, peace.

Who is “we”? I’m responding to your top level comment. You just asked the creator of an exclusively client-side app whether they support encryption. Not only is it reasonable for me to assume you mean client side encryption, it’s unreasonable for you to ask for server side encryption, because there is no server. It’s a BYOBackend situation.

Now if you’re asking for client-side encryption, something like Keepass where the file itself is encrypted, you have to use some form of auth to decrypt it on use, and you can store this file using whatever backend you want, that’s perfectly reasonable. I would still consider that encrypted at rest, but at least you could maybe separate encrypted reads from writes and limit the attack surface in the event of a breach.

All phones are already disk encrypted these days. If you want disk encryption on your PC, you should enable it. Otherwise, it’s the responsibility of whatever backend you choose to handle encryption over the network.

You might be surprised how little power it’s sipping when sitting idle. Unnecessary disk accesses might be the biggest power use in those hours, but that’s more likely to cost you due to wear and tear and eventual replacement of the drive.

I recommend buying a Kill-a-watt and monitoring your power consumption on the server for a week or two. Then do some math to see how much it’s actually costing your energy bill. If it’s actually considerable, then try using tools like powertop to see if you can determine what’s generating all the activity.

Ok, I misread what you were linking to. Yeah, that’s pretty bad to allow actual streaming of content to unauthed users. I agree they should not be encouraging anyone to set this up to be publicly accessible until those are fixed. Or at least add a warning.

If I say I custom rolled my own crypto and it’s designed to be deployed to the open web, and you inspect it and don’t see anything wrong, should you do it?

Jellyfin is young and still in heavy development. As time goes on, more eyes have seen it, and it’s been battle hardened, the security naturally gets stronger and the risk lower. I don’t agree that no one should ever host a public jellyfin server for all time, but for right now, it should be clear that you’re assuming obvious risk.

Technically there’s no real problem here. Just like with any vulnerability in any service that’s exposed in some way, as long as you update right now you’re (probably) fine. I just don’t want staying on top of it to be a full time job, so I limit my attack surface by using a VPN.

If it’s just for you, then you don’t need to tackle the hardest problem of content moderation.

The second hardest problem is bandwidth. If you post something to a forum that suddenly gets a lot of traffic, without some kind of CDN intermediary, you’ll get a hug of death and/or a huge bill for all the bandwidth.

The third hardest problem is uptime. My assumption is that you want the content to remain valid forever. No one likes seeing dead links in old forum threads. So as you use it over time, anything you’ve posted over the years could get a sudden unexpected viral hug, or you have to let it die (which may not necessarily stop the hug, since everyone would still be trying to ask your server for the content).

Just making sure you appreciate how difficult solving this problem inevitably becomes. Note that discord and Lemmy Posts let you upload images, so you shouldn’t need such a service in those cases. But for random forums, it quickly becomes hard.

I was also intrigued by the introduction of the matter standard, but the reality is there are already a ton of low power, cheap ZigBee devices out there that can operate for years on a battery.

I think I’ve run into one thread/matter compatible device that I was considering, but found a HA forum thread saying their experience with that protocol+device+HA wasn’t as stable. So I didn’t do it. I’m not even sure how cheap and low power thread/matter devices can get.

It’s already solved: FOSS means I can always fork/build my own package that does what I want. That’s why I mean it’s immune.

What concerns me is the implicit association people will make between him and FOSS, and anything they believe about one will carry to the other.

I have to assume there are already people who hear “Linux” and think “ugh, I wouldn’t touch that with a 10ft pole because I don’t want anything to do with Pewdiepie”. Similarly, if he says something dumb next week, and half his audience abandons him, they’ll likely have a negative outlook on FOSS going forward.

Either way, I don’t believe FOSS’ staying power comes from meteoric rises following a fad, it comes from a natural immunity to enshittification over time. On the scale of a few of decades, FOSS seems like it’s struggling against proprietary solutions. But just like the general concept of political democracy, I think on the scale of centuries it will become the clear, time-tested, least-bad option. But I digress.

I’ve run into this issue with obsidian, but for whatever reason I haven’t had any issues with keepassdx.

When opening an existing keepass vault, on the left there’s an “Open From” pullout menu. You should be able to select your nextcloud from there. Then find your keepass file and it’ll just work.

I don’t know why, but obsidian doesn’t have the same file picker. There’s no “open from” menu. So you just have to drill into the filesystem, find the folder nextcloud is using, and choose your notes vault you’ve sync’ed in there. And for whatever reason, that seems to be the method that breaks Two-Way Sync.

I use Nextcloud + KeepassDX on android and KeepassXC on PC. Have never had an issue. Changes on desktop/phone are propagated virtually immediately across devices.

Alright, windows users, do you run the same version of windows on all your devices? Yes? Oh how surprising.

A bunch of people who couldn’t tell their left shift from their right shoelace think you don’t know what you’re talking about lol.

I agree, to a person who knows the machine, an AI is like a compiler: you know the output you’re going for, the tool helps you get there faster. Expecting you to do something the slow way because someone else doesn’t know how to code is nonsense. There is a massive difference between using it as a tool, and blindly taking generated code.

If the internet existed in the 70s, I bet people would have asked for a disclaimer on compiled assembly.

I’ve not heard of those, but to me this is a competitor to the much more ubiquitous Obsidian. Which works great, and has a whole community of support, but is not open source.

Personally, I don’t need my notes app not be responsible for syncing across devices either. I already have that for other file types (photos, media, etc).

I’m not against these features being added, but this app is young, afaik it’s one person writing it, so I’d rather see their time be spent making the note taking experience as good as it can be.

I also generally wouldn’t trust one person to properly audit the security of the networking and encryption features. If I wanted those features, I’d still give the community time to peruse the codebase.

I think it makes sense to handle this at a lower level. After using other notes apps, the thing I want is for it to not have some arbitrary opaque file hierarchy that locks me into it. I want a plain dir of .md files, some resources they link to, and that’s it. If I want disk encryption, there are solutions for that. I can use something like LUKs to encrypt my whole drive, or even just the notes directory.

For android, afaik everything uses disk encryption by default.

The unix philosophy is do one thing really well. We don’t need a note taking app that also handles encryption.

I don’t know what is typical, but when I use AI locally I’ve been running llama-cpp with models grabbed from HF (ex. QwenCoder). Then in my VS code plugin (RooCode) I use the “OpenAI compatible” option to point it at my local server.

Not sure how hard that is to get working, but my hope is that “OpenAI Compatible” helps.

Are there plans for mobile apps? In particular, obsidian and nextcloud don’t seem to work well together on android. Changes made to files via obsidian don’t get picked up by nextcloud unless I manually go sync the file. This might just be nextcloud’s app dropping the ball.

I see on the page it says you can bring an anthropic or openai key. Can I also point it at my own locally hosted model?