For sparkling, it’s commonly referred to as “homeopathic lager” among colleagues - i.e. without any active ingredients.

Interesting, that’s definitely not what I’m seeing from regular use. Are you running any added applications? LDAP? SSO? External mounts?

Are you looking at data rates or IO operations? Because this is almost exclusively stat queries, i.e. inode queries.

Oh yeah, CPU usage is basically zero, and memory usage of the PHP code itself is also basically nil compared to other software I run. It’s just the sudden storms of IO requests that causes issues, and since those come over a network pipe it causes issues for other pieces of software as well.

Again, it works until it requires reloading, i.e. the next update of any component or the next restart of the server.

I’m also running an inode cache on the client side, on top of the persistent opcache, but due to the sheer number of files that Nextcloud consists of it still generates a frankly ridiculous amount of calls when it needs to invalidate the cache. If you’re running on local drives then that’s likely much less of an issue, regardless of what kind of drive it is, but this is hosted on machines that do not have any local storage.

Yep, those values are actually somewhat tame compared to my own cache tuning, the issue remains that the code requires reloading PHP files from disk during runtime in order to support applications and updates, which - even if it doesn’t happen often - causes IO storms that temporarily break both Nextcloud as well as other software.

Currently working to move away from Nextcloud myself, it’s PHP nature causes IO storms when it tries to check if it needs to reload any code for incoming requests.

All OpenWRT-based routers have the option of built-in DNS-based adblock, can thoroughly recommend the Turris routers for such things.

One has super cow powers, the other one doesn’t.

Default block for incoming traffic is always a good starting point.
I’m personally using crowdsec to good results, but still need to add some more to it as I keep seeing failed attacks that should be blocked much quicker.

Honestly, the two reasons I’ve been sticking with Plex is the federated/shared libraries and watch together.

If they’re starting to axe those then I see no reason to continue using it.

Eurofighter Typhoon

Eurofighter Typhoon

Apparently posting it caused enough load to take down my pict-rs server, sorry about that.

Well, there’s the ALFIS project

MS Outlook is the joke.

Well, Flatpak always builds the aliases, so as long as the <installation>/exports/bin folder is in $PATH there’s no need to symlink.

If you’re talking specifically about having symlinks with some arbitrary name that you prefer, then that’s something you’ll have to do yourself, the Flatpak applications only provide their canonical name after all.
You could probably do something like that with inotify and a simple script though, just point it at the exports/bin folders for the installations that you care about, and set up your own mapping between canonical names and whatever names you prefer.

In regards to sandboxing, it only gets as far in the way as you ask it to. For applications that you’re not planning on putting on FlatHub anyway you can be just as open as you want to be, i.e. just adding / - or host as it’s called - as read-write to the app. (OpenMW still does that as we had some issues with the data extraction for original Morrowind install media)

If you do want to sandbox though, users are able to poke just as many holes as they want - or add their own restrictions atop whatever sandboxing you set up for the application. Flatpak itself has the flatpak override tool for this, or there’s graphical UIs like flatseal and the KDE control center module…

Well, if you have any form of build script, makefile, or CI, then you can easily shove that into a flatpak-builder manifest and push the build repo anywhere you want. The default OSTree repository format can be served from any old webserver or S3 bucket after all.

I’ve done this for personal projects many times, since it’s a ridiculously easy way to get scalable distribution and automatic updates in place.

The majority of AppImages I’ve seen have been dynamically linked, yes. But it’s also used for packaging assets.