Fail2ban config can get fairly involved in my experience. I’m probably not doing it the right way, as I wrote a bunch of web server ban rules — anyone trying to access wpadmin gets banned, for instance (I don’t use WordPress, and if I did, it wouldn’t be accessible from my public facing reverse proxy).

I just skimmed my nginx logs and looked for anything funky and put that in a ban rule, basically.

Judging by the camera angle, OP may have been today years old when they learned this as well (I learned it well into my 30s, too).

I can only remember this because I initially didn’t learn about xargs — so any time I need to loop over something I tend to use for var in $(cmd) instead of cmd | xargs. It’s more verbose but somewhat more flexible IMHO.

So I run loops a lot on the command line, not just in shell scripts.

Newer macOS is not Unix certified.

It’s UNIX 03 compliant https://en.m.wikipedia.org/wiki/Single_UNIX_Specification

One or two Linux distros were (are?) UNIX certified, though.

I think mplayer has an ASCII output mode (VLC, too?), and I believe youtube-dl can output to stdout.

The rest is, as they say, left as an exercise to the reader.

Haha yeah that was the counter example I was thinking of. I agree completely — you could make a Gentoo from source beginner distro, and I think you could make it reasonably “idiot proof,” but it would still be a bad user experience most likely (too much time spent compiling).

If your distro can’t be forked into a “beginner distro” then it’s fundamentally flawed IMHO.

To be clear, I’ve used Arch as my daily drivers for a while, and while it’s not the best fit for my needs (I use Debian mostly), there’s nothing that I experienced that was incompatible with a “beginner” distro.

You can also drop cache for debugging by running something like echo 3 | sudo tee /proc/sys/vm/drop-caches

But remember that the kernel knows best — this RAM will automatically be freed up when needed and you should never run this except for debugging (or maybe benchmarking).

You can turn it off, at least for ext4: https://lwn.net/Articles/784041/

Although you can use case insensitive filesystems with Linux, and case sensitive filesystems with macOS. I believe the case sensitivity is a function of the specific filesystem — but yeah, practically, the root for Linux is always case sensitive, and APFS ain’t is only if you ask it to be ( https://support.apple.com/lv-lv/guide/disk-utility/dsku19ed921c/mac ).

Not sure why you’re saying Python forces everything to be object oriented…?

Pick your favorite tech company, pick a small team with a “nerdy” engineering mandate, and I’m confident you’ll find the academic, geeky science and engineering types you’re talking about.

They probably aren’t very vocal though, because 1) there’s a huge PR/marketing budget which is responsible for being the face of the company, and 2) well…these are nerdy STEM folks who probably like their job because they get very well compensated to be nerdy STEM types, and not because they’re fanboys/girls.

And environment — DISPLAY and PATH in particular.

Add to that photo editing (as much as GIMP is great…). I would guess DAW and video editing would fall under that category, too…and good luck finding many AAA open source games.

I’m guessing it’s because the developers either have a different speciality that they focus on, are employed to support specific hardware, or both.

It’s mostly so that I can have SSL handled by nginx (and not per-service), and also for ease of hosting multiple services accessible via subdomains. So every service is its own subdomain.

Additionally, my internal network (as in, my physical LAN) does not have any port forwarding enabled — everything is over WireGuard to my VPS.

My method:

VPS with reverse proxy to my public facing services. This holds SSL certs, and communicates with home network through WireGuard link configured on my router.

Local computer with reverse proxy for all services. This also has SSL certs, and handles the same services as the VPS, so I can have local/LAN speeds. Additionally, it serves as a reverse proxy for all my private services, such as my router/switches/access point config pages, Jellyfin, etc.

No complaints, it mostly just works. I also have my router override DNS entries for my FQDN to resolve locally, so I use the same URL for accessing public services on my LAN.

Getting TLS certs will be complicated

I just use Let’s Encrypt with a wildcard domain — same certs for public and private facing domains. I’m sure this isn’t best practice, but it’s mostly just for me so I’m not too worried :)

Yeah I don’t expose Jellyfin over the Internet, so it doesn’t matter for me, and wouldn’t work at all over WAN (unless VPN’d to home network).

Also, it’s all reverse proxied, and there’s nothing preventing having two Jellyfin hostnames, e.g., jf-local.mydomain.com and jf-public.mydomain.com.