But ChatGPT doesn’t have a way of “knowing” that there is no such Flatpak - it’s unlikely that its training data includes someone explicitly saying that. But it’s fair to “assume” that a Linux file manager is available as a Flatpak.

(…), so it’s definitely making up stuff.

Yes, it’s an LLM

Honestly, this is not really technobabble. If you imagine a user with a poor grasp of namespaces following a few different poorly written guides, then this question seems plausible and makes sense.

The situation would be something like this: the user wants to look at the container’s “root” filesystem (maybe they even want to change files in the container by mounting the image and navigating there with a file manager, not realizing that this won’t work). So they follow a guide to mount a container image into the current namespace, and successfully mount the image.

For the file explorer, they use pcmanfm, and for some reason decided to install it through Flatpak - maybe they use an immutable distro (containers on Steam Deck?). They gave it full filesystem access (with user privileges, of course), because that makes sense for a file explorer. But they started it before mounting the container image, so it won’t see new mounts created after it was started.

So now they have the container image mounted, have successfully navigated to the directory into which they mounted it, and pcmanfm shows an empty folder. Add a slight confusion about the purpose of xdg-open (it does sound like something that opens files, right?), and you get the question you made up.

Maybe a good option for projects that you don’t want anyone else to contribute to, but then why make them open source in the first place?

Because, at least to some people, open source is more about user freedom (to modify the software and share the modifications with anyone they wish) and less about collaboration.

For example every time I publish some simple utility that I wrote for myself and decided could be useful for other people, I release it under a reasonable open source license and pretty much forget about it - I’m not going to be accepting merge requests, I don’t have time to maintain random tiny projects. If I ever need to use the utility for something it doesn’t quite do, I’ll check if any of the forks seem to have implemented it. If not, I’ll just implement it in my repo.

The reason I’m publishing the code is because I know how much it sucks when you find some proprietary freeware utility that almost does what you need, but you can’t fix it for your usecase on account of it being proprietary for no reason (well, author’s choice is the reason, and I respect it, but it’s still annoying)

Virtual memory isn’t swap, it is a mechanism that allows the operating system to give processes a view of memory that is almost completely decoupled from real physical memory and other processes. For example some programs require their code and data to be placed at exact memory locations in order to work - virtual memory allows you to run as many of these programs as you wish, because one process’s address 0x1000 has nothing to do with another one’s 0x1000, unless they set it up as shared memory (but even the same chunk of shared memory might be mapped to different addresses in the processes that share it).

Swapping is a cool trick that you can do with virtual memory, though. Basically you store a piece of memory somewhere outside the physical memory, and then make the address invalid in virtual memory. When the process tries to access it, it will crash. The OS will be notified of the crash, see that it was due to the process trying to access swapped out memory, load the chunk back from disk (maybe to a different physical location), update the virtual memory to correctly point to this chunk, and restart the crashed process from the instruction that caused the crash. So from the point of view of the process, nothing went wrong at all, except that one instruction took a very long time to execute.

Also, isn’t it harmful to SSDs?

Swapping doesn’t do enough writes to matter, unless your system is running really low on RAM.

All right, I had some spare time today, so I went and installed this thing.

My setup is a bit more complex than the minimum necessary, but that’s because I’m using an already existing Postgres database instead of installing a new one on my computer. It is as follows: Postgres running on a mini PC on my local network (192.168.2.199:5432), a browser running on my main computer, and a Debian VM for DBgate with two NICs - one is the default NAT interface (I’m too lazy to configure proper bridging / routing) and the second is a virtual bridge, testbr. On testbr, the host OS is 192.168.123.1/24, and the guest is 192.168.123.2/24.

I installed DBgate on the VM using NPM - npm install -g dbgate-serve, as specified in the documentation. Then I ran it using simply dbgate-serve, then connected to it from a browser running on my host OS as http://192.168.123.2:3000/. That works fine.

Then I added my Postgres DB through the web interface (to be verbose, I entered 192.168.2.199 as the IP address), created a table and inserted some dummy data. Then I wanted to do the next step, which is to block outgoing connections to port 5432 from the VM, but I noticed something very strange, given that DBgate obviously doesn’t use the server as a backend to do the actual DB connection: this was in the server log

{"pid":7012,"caller":"databaseConnections","conid":"24d95082-ca6a-4dac-aa28-f3121bfc508d","database":"dbgate","sql":"INSERT INTO \"public\".\"dbgate_test\" (\"text\") VALUES ('haha');\nINSERT INTO \"public\".\"dbgate_test\" (\"text\") VALUES ('hehe');\n","level":30,"msg":"Processing script","time":1744395411096}

But it would be ridiculous to even suggest that the connection is relayed through the server, so it is probably some kind of telemetry. Makes sense.

Anyway, I went ahead and added the rules on the VM nft add table ip filter, nft 'add chain ip filter output { type filter hook output priority 0; tcp dport 5432 drop; }', and you wouldn’t believe what happened next… The DBgate tab can no longer load data from the database. I can reload DBgate itself without any issues, and I can connect to the database from the same computer using psql and DataGrip just fine, but for some reason it seems to be affected by the fact that its server (which is only serving the HTML/JS files and doing nothing else, as you said) cannot connect to Postgres.

Weird how that works, huh?

Node.js is a web server. It doesn’t run in a browser, therefore doesn’t deal with the browser sandbox. That should answer your first dig.

For the second part, WebRTC is a standard that allows two WebRTC peers to communicate. You can’t use WebRTC to open an arbitrary TCP or UDP stream to for example a database, unless said database decides to implement a WebRTC peer support.

If you’re unfamiliar with all of this, that’s your job to get educated. This is how browser-based JS software works.

The browser version cannot connect to Postgres without a server-side part, for rather obvious reasons - you can’t just make arbitrary network connections from the browser. Electron build is of course different, as that doesn’t have to deal with the browser sandbox.

By the way, here’s a similar issue documented in Outerbase’s repo:

Outerbase Studio Desktop is a lightweight Electron wrapper for the Outerbase Studio web version. It enables support for drivers that aren’t feasible in a browser environment, such as MySQL and PostgreSQL.

Not gonna lie, telling people how they need to get educated on stuff you don’t understand ticks me off.

xfwm is XFCE’s window manager, and it’s eating almost 30% of the total system memory, so that’s the prime suspect (I’m not exactly sure how much it interacts with other apps, so it’s possible something else is forcing xfwm to use all that memory, but that is IMHO unlikely).

An ugly “fix” is to log out and log back in (yes, not much better than just rebooting), or you could try to somehow restart xfwm - running xfvm --replace in terminal might work.

Edit: there’s an issue on the Manjaro forums that might be related: https://forum.manjaro.org/t/xfwm4-memory-leak-since-4-20/173910/7

That was my deleted comment, but then I realized the article specifies they are Rome CPUs (Zen 2), while the 4000 series of EPYCs is based on Zen 4

deleted by creator

Potentially the same thing, assuming PCIe 2 x1 provides enough bandwidth.

The thing that’s going to be locked behind the subscription is your ability to watch those files on your NAS through Plex when you’re not in the same network as the Plex server. That’s streaming.

If you only use Plex while at home, you will indeed be unaffected

I don’t think overheating would cause random corruptions (it should throttle down when overheating, and then shut down if the temperature gets too high even when throttled, but there should never be an incorrect result of any computation), and surely the RAM will run at the standard 2133 speed on default settings - OP says they reset the BIOS settings to default between CPU swaps.

A simple rm -rf says hello

Google Maps is US-based whether you use it in the US or anywhere else

Obviously you need some redundancy in case the script gets corrupted. 5000 repetitions seems reasonable for such a high quality work

Only true if you don’t know what you’re doing. The only reason any network is safe at all is NAT and Firewalls that come with it.

I don’t have to worry about devices on a local network in as far as firewalls go, I can expose anything I want, in fact I delete iptables at first sight on any new distro install or VM, so long as none of it is port forwarded and everything is behind NAT it’s all okay. My network is my castle. Thanks technology! Thanks smart people for figuring this out!

NAT is not a security mechanism. If you set up a NAT with an otherwise permissive firewall, your router will happily forward any incoming packets destined for RFC 1918 addresses inside, no questions asked. I use this for a “lab” network that I sometimes want accessible from the bigger LAN - the lab router doesn’t have any rules for dropping incoming packets (only blocks some outgoing traffic), and all I have to do on the main router to get this working is to set a static route to the internal lab network through the lab router’s “external” IP.

And yes, practically it’s a security nightmare to have any IP of any computer accessible from the internet. If you go around configuring firewalls forever you might get it right but oh boy one mistake and you’re done for. Instead, consider NAT, the solution to all problems. I’m writing this behind quadruple NAT rn and it’s honestly fairly easy to manage, I’ve been too lazy to change it, not that I’d advise anything more than 1 necessarily.

accept established, related; drop incoming. That’s all you need to get the same security as a NAT with a proper firewall. Outgoing connections will get marked and have return traffic allowed, everything incoming without related outgoing traffic gets dropped. Want to “port forward”? Add a rule that allows incoming traffic to a specific IP/port/protocol triplet. Done. Don’t know how to make sure a client stays reachable on a specific address? Give it that specific IP address in addition to the one it autogenerates. This was always possible with IPv4, too, it’s just that the tiny address space made it impractical to use.

How do you get the equivalent of NAT punchthrough (which is unreliable with many NAT implementations) when you want to do a VoIP call without having to bounce all the data through a central server? Simple, you can just tell both clients the other one’s IP and port, have them spam each other for a tiny while with messages and eventually a message gets through both firewalls. It is very similar to NAT punchthrough, except you don’t have to guess how the NATs work and it’ll reliably connect.

Yikes! That’s a lot to type to hammer in a nail that sticks out (Android). Thanks but no thanks. I’ll find some way to cripple mDNS on the non-compliant device instead.

Not sure why you’d regularly need to type out the whole thing. Also not sure why you picked .local when .lan is also incorrectly used for this purpose and is shorter (and isn’t yet assigned to any conflicting technology)

So are you saying you run some sort of mDNS server(not sure what the word would be there)/provider? Why? How?

The point of mDNS is that devices auto discover each other on a network without a central authority. The word multicast in multicast DNS is the key. And the reason I use it is because… it just works. There’s no need to configure it, it works like this by default on pretty much every OS. Set the hostname and you’re done, .local now works. You can even bridge it across networks with a mDNS repeater available on many routers.

Given the ambiguity of certificates everywhere, malicious devices on the local network posing as a different server are not an issue (and it’s not like they couldn’t hijack the IP address in any flat network anyway).

Well don’t build your network around unassigned TLDs.

Also NAT does literally nothing other than being a massive PITA, so… yeah, I don’t think there’s much I can agree with in your rant.

Like, oh no, fully functional point to point connectivity across the internet, how terrible

Edit: .home.arpa is actually designated as local TLD, and is what I use for a crappy old tablet that doesn’t support mDNS

Yeah, stock Google voice recognition also works offline if you download the language model beforehand.

Indeed, try switching your smartphone to airplane mode and see how far your voice commands get you.

Did that (or rather disabled mobile data and WiFi, because airplane mode would still keep the WiFi on), and then I dictated this sentence after the parentheses. So Google’s voice input works offline just fine.

Or do they mean something like a smart assistant? In that case fair, but it’s not like it will work with text input either.

It is true, however, that Google Translate doesn’t do offline voice translation even if the language you’re trying to translate from is downloaded for system-wide voice recognition.