Flux — #til

GitHub can assign CVE IDs for any GitHub-hosted project. Most OSS projects don't need to become their own CNA.

Push notification services (ntfy, Gotify) behind a reverse proxy with fail2ban create a self-DoS loop:

Intermittent network drops on my laptop's USB ethernet adapter (Realtek r8152) turned out to be caused by a webcam (Logitech C920) on the same USB controller. USB autosuspend on the webcam triggered controller resets that cascaded to the ethernet adapter.

When installing NixOS from a live USB, nixstore is an overlayfs with a tmpfs upper layer (RAM-backed). If the closure is too large, you might be tempted to bind-mount the target disk's store over nixstore.

When migrating paperless-ngx to a more powerful machine (RK3588), I initially set restrictive "ARM64 optimizations" — fewer workers, single threads, OCR first page only.

Bare git push without a refspec uses the branch's tracking configuration, which can silently push to the wrong branch — especially with worktrees or branches created from unexpected bases.