My recommendation is to put all of the variables in an environment file, and use systemd’s EnvironmentFile (in [Service] to point to it.

One of my backup service files (I back up to disks and cloud) looks like this:

[Unit]
Description=Backup to MyUsbDrive
Requires=media-MyUsbDrive.mount
After=media-MyUsbDrive.mount

[Service]
EnvironmentFile=/etc/backup/environment
Type=simple
ExecStart=/usr/bin/restic backup --tag=prefailure-2 --files-from ${FILES} --exclude-file ${EXCLUDES} --one-file-system

[Install]
WantedBy=multi-user.timer

FILES is a file containing files and directories to be backed up, and is defined in the environment file; so is EXCLUDES, but you could simply point restic at the directory you want to back up instead.

My environment file looks essentially like

RESTIC_REPOSITORY=/mnt/MyUsbDrive/backup
RESTIC_PASSWORD=blahblahblah
KEEP_DAILY=7
KEEP_MONTHLY=3
KEEP_YEARLY=2
EXCLUDES=/etc/backup/excludes
FILES=/etc/backup/files

If you’re having trouble, start by looking at how you’re passing in the password, and whether it’s quoted properly. It’s been a couple of years since I had this issue, but at one point I know I had spaces in a passphrase and had quoted the variable, and the quotes were getting passed in verbatim.

My VPS backups are more complex and get their passwords from a keystore, but for my desktop I keep it simple.

I hope this isn’t a step towards replacing the native app with an SPA.

This seriously got an out-loud chuckle from me. It’s funny, because it’s true! Thanks!

I’m not talking about your application at all; I was responding to @chrash0’s comment that JSON may not be great, but it’s better than YAML, and TOML is better than both, for configuration.

I was agreeing with them and adding more reasons why YAML stinks.

Nothing at all directly to do with your project, just having a convo with @chrash0.

Sourcehut also supports Mercurial, so you also have an option to the herd mentality.

Sourcehut also has zero, or almost zero, JavaScript in the interface, so it doesn’t suck

Sourcehut is also componentized, so you can mix and match the pieces you want or need:

• VCS hosting
• masking list management
• issue management
• build server
• man server

Sourcehut is by far the best hosted VCS option at the moment. The Mercurial support alone puts it miles ahead of the others, which are all hobbled by tight coupling to git.

Are China Parties like Tupperware Parties, where friends get together and one shills a pyramid scheme? That’s what CP is, right?

You also don’t get runtime errors with TOML when an invisible tab turns out to be invisible spaces.

E2E usually suffers from the same thing HTTP does: the MITM might not be able to read what you’re saying, but they know who you’re saying it to, and they may know in what context. This is a lot of information that can be used in profiling.

So you end up with systems like SimpleX, where everyone has a different UID for every contact, but that has its own problems, as anyone who’s used systems like that are aware. We haven’t really solved making that a good user experience for messaging; I don’t see it translating to broader social media any time soon.

Nostr has some really good specs and tooling that neatly addresses these topics, including great cryptography support, signing, ad-hoc IDs, and an entirely voluntary simple naming lookup; it doesn’t exactly solve zooko’s triangle, but it provides a toolset sufficient to mix and match characteristics for whatever your threat model is. Sadly, Nostr is utterly dominated by the crypto crowd (and is associated with some controversial personalities), and even if you’re not cryptocurrency-hostile, it’s a really dull echo chamber with little other content that has prevented people who might otherwise build interesting platforms in it from doing so.

Mastodon was around for ages before (the in practice centralized) Bluesky; why did it take Bluesky to open a mass exodus from X?

This is a hard problem to solve. Throwing E2E at it doesn’t make it easier; it’s just tossing a buzzword in.

What do you mean by “all right?” What are your concerns?

restic backups are encrypted by default; it should be safe to store them almost anywhere in the cloud. The container needs the credentials, but you can improve security with something like OpenBAO (Hashicorp Vauly fork, github.com/openbao/openbao), SOPS (gitgub.com/getsops/sops), infisical (github.com/Infisical/infisical), or any number of other secrets management tool.

Why don’t you like LDAP? OpenLDAP is a PITA (necessarily, I guess, to be considered “enterprise”), but lldap has been pretty nice to me. I mean, it’s the identity protocol, it’s just that the server software has been complex until relatively recently.

What would you use instead? A SQL DB with some custom schema, that just re-invents LDAP?

I like the motivation behind this, but have a allergy to running critical infrastructure like authentication on node.

To each their own, though, and good luck with the project. Diversity is life.

When I lost my job, someone I knew at the C level in a different industry put me in touch with a guy closer to my field. After we introduced ourselves he said,

“After hearing X describe you, I was expecting a deep bass voice.”

The conversation faltered after that.

Yeah, yeah, you can write the guy off for being superficial, but I’m the guy who needed the favor, and all the help I could get.

First impressions matter. I’d absolutely have used a voice alteration tool to make my voice deeper on interviews; people respond differently to bass.

solder one destroy a PCB yourself

FTFY.

In my hands, a soldering iron is not a finely tuned instrument, it’s a hand grenade. The US government classifies me with a soldering iron as a WMD. Physicists are trying to determine commercial applications for my ability to instantly coat a PCB in a layer of solder with a single drop. The ATF added a special rule requiring a background check for me to purchase a soldering iron.

I can paint eyelashes on D&D miniatures, but I bear some ancient curse when it comes to solder. In all seriousness, I’ve literally destroyed hundreds of dollars of equipment attempting the most simple soldering task; it’s cheaper for me to find someone competent selling already soldered solutions than to ruin them myself. I no longer try.

I’ve never had to reboot the server; I had to restart Synapse because if Memory leaks.

Are you using any bridges?

Anyway, it got too expensive to run my own, so I went back to Matrix.org. Now I’m mostly back on IRC except for a couple of rooms. IRC stinks, but Matrix has been nothing but a decade of pain.

Yup! Someone else pointed that out to me; I thought you were talking about the puppets and missed that you were talking about Jabber.

My bad!

Oh. I did misread that. Thanks for pointing it out!

running your own server is super lightweight.

Not IME. Are you running Synapse? Gigabytes of disk usage and memory leaks requiring restarts.

I can use IRC

The fact that many Discord and IRC channels (servers?) block Matrix connections has drastically reduced its usefulness for me. When I was running my own Matrix server, I could have gotten around it by using a puppet, but Synapse is such a hog I had to shut it down, and most of the IRC rooms I want to use don’t allow Matrix proxies.

Do any of you know another solution to stream audio from my phone to my server

I use snapcast throughout my house and devices, but there’s no snap_server_ for Android.

I’ve been meaning to try roc, for which there is an Android client that will both play and serve.

Sonobus also claims to be many:many; I haven’t tried it either and it doesn’t look particularly active.

I don’t use UPnP or DLNA because of the security issues, so I can’t offer a suggestion about that. I thought DLNA was a pull oriented protocol - like, to send music from your phone you’d have to select and play on your computer with a DLNA client. Can you push media with DLNA?

Just to clarify for OP:

The format is always SVG, as it’s an open standard. Inkscape is the leading FOSS SVG vector editor. Boxy is a web-based SVG editor which is freemium.

SVG is the W3C standard for vector graphics that can be rendered by practically every browser. Gzip compressed SVG files (svgz) are much smaller but enjoy less support.

Illustrator can import, edit, and export SVG files.