chirping

Seems like the fn key is intercepted by the firmware then, that sucks. I'm repeating the same question differently just to ensure we're on the same page:

If I understood correctly, your fn key is constantly "active", making any key with an fn-modifier act as a different key, and that is why forexample the enter-button won't be... well, enter? but if it enter acts as a different key, i.e. pressing enter gives a totally different keycode, can't you rebind whatever keycode that turns into, into enter?

I did a super surface-level quick search, it seems like the older macbooks have had some firmware reverse engineering done. Might be some options there. Also, your issue may be a common case of a specific board trace needing new solder, which might not be too hard. Maybe that guy who does apple repairs/right to repair has something on this, or a community who may know. Louis Rossman something? can't recall.

Also, you may've mentioned in your original post, but are there other keys that could work? doesn't mac have that extra "option" key? i think i read that ctrl+fn key could be switched on a firmware level, if that means the ctrl key is then intercepted by the firmware I guess it won't add much, but if all else fails, could be worth checking if it acts differently.

good luck, I don't have any more ideas but I'm rooting for you, would be interesting to hear if you find a solution.

The firmware might be hijacking the fn key. If you use one of the keycode-reporting tools, does it report the fn key? and what is fn+enter or fn+backspace being reported as? if you're not seeing the fn key, or if say fn+enter is reported as a singular key instead of two keys, maybe you could bind that "key" to enter?

If the Mac settings panel has an option to lock the F-keys to either F1-F12 or the keybinds, that option may be stored in the firmware, so for those keys simply reversing it in firmware may be enough.

If you are on HDD then looking at what else is using the same disk, and reducing that usage, may yield some results. Forexample, if /var/log is on the same disk and can't be avoided, then reducing log volume or batching writes may reduce the "context switches" your HDD has to do. There should be options for I/O limits/throttling/priority in systemd. If you have only postgres on the HDD, I'd consider giving it 90% of the max bandwidth -- maybe that'd be more effective than going full throttle and hitting the wall. If you have postgres and some other service fighting for the HDD's time, these limits could help. Make sure access time tracking is off (or set to relatime).

Well it's both possible, and has been done. both with mp3s and FLAC, not too long ago. It's not the format itself, but rather the applications parsing the files that are the target.

CVE-2023-37327: A remote code execution vulnerability in GStreamer’s FLAC file parser caused by an integer overflow. Carefully crafted FLAC files could exploit this flaw to run arbitrary code on the target system

https://nvd.nist.gov/vuln/detail/CVE-2023-37327#%3A%7E%3Atext=GStreamer+FLAC%2Ccode+on

In general I agree with you, especially on the image part, but I found the opensuse page to be a decent variation of this.

[I am not an electrician, so this is not a recommendation and I would not be qualified to make one] With that out if the way, what I would do to test this theory is to measure the voltage between a ground pin in each house, using am extension cord or similar to bridge the distance. A decent multimeter should do the job. Note that the cord itself would cause a voltage drop, but the ethernet cable would too so I think that'd if you can't measure a difference with the extension cord (which should have less ressistance than the ethernet one) then it shouldn't matter(?)

Note that while ground is normally "the safe pin" (not really a thing I guess but..) in this case, where the suspicion is a differential, then it should be very much considered live. And that means all precautions should be taken, such as not following a random stranger's advice.

It might be worth looking into those plugin-sockets with ground fault protection in both ends (not sure if they'd do anything in this case), if the ethernet cable is shielded, maybe removing the shield in one end (such that the cable is grounded only to one house) could make things better (or maybe even worse?),

and while maybe not feasible: fiber wouldn't be affected by this as it's just light, and likewise WiFi or other wireless tech could be feasible. with clear line of sight, 5GHz can provide very good speed and latency.

Did you (or I?) miss something here? In the 3rd paragraph it's "revealed":

In a story of "what's old is new again", the solution dates back to ancient keyboards with physical keys for Copy and Paste.

Neo seems like a cool layout, reminds me of "unexpected keyboard" for android, but I fail to see the relevance since it doesn't have the copy/paste buttons (like the keyboard in the picture in the article) as far as I can see

Some of these you're already doing, but writing a complete* list. *almost garuanteed not to be complete, suggestions welcome

1. Have everything behind the same reverse proxy, so that you have only one endpoint to worry about. Run it through ssllabs or similar to check your config.
2. On your reverse proxy, add one or more layers of authentication if possible. Many possibilities here: If one app supports client certificates, while another has limited capabilities, you could probably tie together something where IPs are whitelisted to the ither services based on that certificate auth.
3. Geoblock all countries you won't be accessing from
4. crowdsec is pretty nice, this detects/blocks threats. kinda like fail2ban but on steroids.
5. if you use one of those 5$/month VPSes, with a VPN tunnel to your backend services, that adds one layer of "if it's compromised, they're not in your house".

lastly consider if these things need to be publically avilable at all. I'm happy with 95% of my services only being available through Tailscale (mesh VPN, paid service with good enough free tier, open source+free alternatives available), and I've got tailscale on all my devices

might be a rectifier iirc, if it's a large glass "octopus" filled with gas. source: vague memory of a photonicinduction-video I think

edit: https://youtu.be/2pDcv6g1FE0

I don't understand what you mean with the content disappearing when you mount the virtiofs on the guest - isn't the mount empty when bound, untill the guest populates it?

Can you share what sync client+guest os you are using? if the client does "advanced" features like files on demand, then it might clash with virtiofs - this is where the details of which client/OS could be relevant, does it require local storage or support remote?

If guest os is windows, samba share it to the host. if guest os is linux, nfs will probably do. In both cases I would host the share on the client, unless the client specifically supports remote storage.

podman/docker seems to be the proper tool for you here, but a VM with the samba/nfs approach could be less hassle and less complicated, but somewhat bloaty. containers require some more tailoring but in theory is the right way to go.

Keep in mind that a screwup could be interpreted by the sync client as mass-deletes, so backups are important (as a rule of thumb, it always is, but especially for cloud hosted storage)

nah I think your reading comprehension is off, it's a week of treatment, then several weeks off. As a non-native English speaker I get why the original phrasing of "weekly" wasn't the clearest way of putting it, but I think the guy you called schizo just didn't understand what you were confused by

Agreed! I think a part of the "problem" is that with Nix, there's now at least 3 sides: application specific knowledge, system knowledge, and you have to use the nix language, architecture and tools to interface with it. so for a seasoned linux user, there's maybe just a new programming language, but if you're new to Linux, it's quickly gonna overwhelm you. which in a way is a bit ironic because I'd argue that it's easier to manage a NixOS system, and getting help is so much easier when your problems can be replicated by just aharing your config.