Get a mini-pc with 2x LAN ports + a mediatek Wifi 6/7 module. Install Proxmox. Make 3 VM's: OpenWrt (or router firmware of choice), unbound and adguard home. Plug your fibre into lan port, plug rest of network into other lan port. In proxmox, set pcie passthrough for one of the Lan ports and the wifi card. Setup openwrt to connect to your isp and points its dns to you adguard home server. Point your adguard home server to your unbound server as upstream. This is a good starting point if you want to get a feel for running your own router + dns. You don't need to use off the shelf garbage routers; x86/x64 routers are the best. On openwrt I configure a special traffic queue so that I don't have buffer overflows, so my connection is super stable and low latency. Combined with the adguard + unbound dns setup, my internet connection is amazingly fast compared to traditional routers.
Better yet, set up ssh to the proxmox server and ask claude code to set it up for you, works like a charm! claude can call ssh and dig and verify that your dns chains work, it can test your firewall and ports (basically running pen tests against yourself..), it can sort out almost any issue (I had intel wifi card and had firmware locks on broadcasting in 5GHZ spectrum in AP Mode - mediatek doesn't - claude helped try to override firmware in kernel but intel firmware won't budge). It can setup automatic nightly updates that are safe, it can help you setup recovery/backup plans (which runs before updates), it can automate certain proxmox tasks (periodic snapshotting of vm's) and best of all, it can document the entire infrastructure comprehensively each time I make changes to it.
Steam devs if you are reading this: add a checkbox on your checkout screen that will allow me to donate 10% or a flat amount with each purchase, that will go directly to your upstream opensource dependencies like Wine & friends. I would add money to each purchase without blinking to support these people and I think the correct place for this is at the steam checkout screen, in the case for gamers.
This is a nice idea, but how do you follow through in practice? Who decides what counts as an "upstream dependency", where do you draw the line? Is the Linux kernel included? Are desktop environments included? How do you decide how much of the pot goes to each project, does curl get an equal amount to Wine? Why/why not?
As I said, it's a nice idea but I have a feeling the complexity behind making this work well is what might have kept them from doing it.
So the steam devs can most likely produce a finite list of all their dependencies. They can then take a day or two to score each one with a weight. Then they use the weights to determine how to split the funds. Or they can have an open source champion person internally that takes care of relationships with opensource projects and can release funds to them as needed. Point is, lets say they accumulate $1M/year this way, it is that person's responsibility to distribute it fully back out to the community. Obviously try to keep it super simple & transparent. They can even ask game developers each quarter who they should think need money or which problems were solved well for them this round, as an extra layer of input.
This extends past linux. Open source projects get used broadly regardless of runtime environment. Steam is just one open nerve ending where this could be used for good and they have the power to do so (and from what we've seen, steam seems to be a low friction company, less corpo red tape - would you trust say Ubisoft with handling this or steam?). If a game gets deployed to windows, it doesn't matter, as each game/application probably use five or ten or more open source projects regardless of where they run. It can help open source devs keep pacing with steam and game developer needs. Remember a ton of these project have upstream effects outside of gaming - its just the most obvious open nerve we can use to help open source.
You can only show the checkbox on Linux. You can add OS detection to the checkbox and have it say "support our $OS dependencies" and put that into different pots of money. You can make the checkbox say "support our Linux dependencies" and then rely on Windows people not selecting it.
When it comes to Wine, aren't they already doing this? Steam develops Proton in cooperation with CodeWeavers, who are the main sponsors of Wine, and parts of that work is upstreamed to the Wine project. The NTSYNC patch from what I can tell was also submitted by a CodeWeavers employee, so it doesn't seem far-fetched to say that Steam probably contributed to making this happen in Wine.
There are many other open source projects that gets used that never sees the spotlight like Wine does, but they are crucial too. Think audio codecs & processing, compression libs, networking libs, even sqlite. Our society depends on these projects too but there are too much friction for normal people to contribute to them (if they are even aware). Steam checkout is a low friction surface where normal people spend time. A small optional checkbox at the bottom with a two sentence explanation or link to a blog post to explain where the money goes, will add minimal new friction while giving people the opportunity to contribute to something meaningful. I think many gamers (esp adult ones) knows what open source means and they will actually contribute now & then. Fund allocations must be transparent (crucial!) so people can see where the money went.
Oh absolutely, I would welcome some way of sponsoring such projects in general. I just meant to highlight that for this particular feature and project, there is already a form of sponsorship happening.
Now if only Steam would add a checkbox on their checkout page to add 10% donation/tip that goes directly to their upstream opensource dependencies (like the Wine team), that would be amazing! I would add extra money on every purchase to support these people!
I'm in Africa, when I go to the steam deck page, it says it is not available in my country. Not interested in buying from a third party importer. So until then..
Requires PayPal or credit card. The suggestion was to pay with your Steam Wallet or whatever payment method already used when you buy a Proton-based game on Steam.
IMHO this supports the original point that payment via Steam would be an upgrade:
Sending cash to a postal address isn't low-effort nor low-risk.
Payment by cheque is something I have never done, nor would I know how to do it. I'd have to ask at my bank -- not low effort. I don't know if I'm an outlier here but I have never heard from any of my peers who ever did such a thing.
The same or even worse is true for international money orders. The whole concept of making a money transfer to a postal address is something I have never heard of. Where's the IBAN?
The Wine team is right to put even PayPal before all of these.
Yes, I do. It just means that you have to manually "recharge" your Steam wallet when it runs low. That's some effort, but it limits the possible damage if something goes wrong.
You always give 30% to Valve and their interests so far are aligned. Everything that's possible within the Steam ecosystem is available outside of it. Maybe things will change in the future, but I doubt we could be getting a better deal.
> if only Steam would add a checkbox on their checkout page to add 10% donation/tip that goes directly to their upstream opensource dependencies
Or how about instead of passing the cost off to users, Steam actually supports them from their own profits? After all, they are profiting from free work.
As far as I can tell, Valve makes significant contributions back to Wine via Proton development. Isn't that essentially them supporting their upstream dependencies with their own profits, by using some of those profits to pay people to contribute work to their open source dependencies?
Valve pays over a hundred open source developers to work on the various open source projects that they rely on so heavily, so yeah Valve's 30% of your Steam purchases is already contributing to these open-source projects (like Mesa, the Linux kernel, Wayland, etc.)
Forwarded donations are not tax-deductible (in the US); That's a lie that's been spread around the internet. If you give a company money with the express purpose of them forwarding it to someone else (the company acts as a "collection agent"), it's not their income or donation.
So it would be actually financially _better_ for Valve to donate a portion of their revenue and state "we will donate x% of the price to yy", as THEN it would be tax-deductible for them
It's not better, because being revenue and donated away and tax-deductible all cancels out. It's as if they never saw the money, just like forwarding it.
And even if it was, all "tax deductible" would mean is that they wouldn't have to pay taxes on that money. Which, you know, they don't get to spend. So it's kind of defacto tax deductible in the same sense that my friend's income is "tax deductible" for me, I guess.
A lot of people online have convinced themselves that "tax deductible" means that the government would refund you that dollar amount. That's a "tax credit"... If forwarded donations were a tax credit, then yes, rounding up is giving the company "free" money! But you're not.
I'm not familiar with video hosting but have played with html5 video player but I have this question: on the servers side, do I have to host a specific endpoint that serves chunks of video? Lets say I take 720p video @ 800mb and I chunk it into 2mb pieces with ffmpeg. So I have a folder somewhere (webserver, cdn, blob storage) with the original 4K video, then generate downscaled versions for 1440p, 1080p, 720p, so I end up with 4 large files, and then for each of those, I chunk them into reasonable sizes that aligns with bitrates / key frames. And then some thumbnail generation. Any advise on what the "best" way would be to chunk/host video files so that videojs runs the best and smoothest? I feel that I should build a very lean/fast chunk & thumbnail server, just one or two endpoints. Or is it best to let the webserver do the lifting? Or off-the-shelf media servers (like in the self-hosting community)?
Just convert it to HLS, which is naturally chunked at 1-2 second intervals, and serve all the pieces from nginix. No dynamic content needed. I do this with videojs and it works great. Added bonus of HLS is that my LG TV supports it natively from <video> tags.
If you don't need to switch versions at runtime (ABR), you don't even need to chunk it manully. Your server has to support range requests and then the browser does the reasonable thing automatically.
The simplest option is to use some basic object storage service and it'll usually work well out of the box (I use DO Spaces with built-in CDN, that's basically it).
Yes, serving an MP4 file directly into a <video> tag is the simplest possible thing you can do that works. With one important caveat: you need to move the "MOOV" metadata to the front of the file. There are various utilities for doing that.
It's not quite as simple as that because the chunks should be self-contained; they need to start with an IDR keyframe, which fully resets the decoder. That allows the player to seek to the start of any chunk.
That means when you're encoding the downscaled variants, the encoder wants to know the size of the file segments so it can insert those IDR frames. Therefore it's common to do the encoding and segmentation in a single step (e.g. with ffmpeg's "dash" formatter).
You can have variable-duration or fixed-duration segments. Supposedly some decoders are happier with fixed-duration segments, but it can be fiddly to get the ffmpeg settings just right, especially if you want the audio and video to have exactly the same segment size (here's a useful little calculator for that: https://anton.lindstrom.io/gop-size-calculator/)
For hosting, a typical setup would be to start with a single high-quality video file, have an encoder/segmenter pipeline that generates a bunch of video and audio chunks and DASH (.mpd) and/or HLS (.m3u8) manifests, and put all the chunks and manifests on S3 or similar. As long as all the internal links are relative they can be placed anywhere. The video player will start with the top-level manifest URL and locate everything else it needs from there.
Just want to say, thanks for the comprehensive blog post and not treating the reader like children. You did a great job explaining the differences & changes. I wish more product/project releases were done this well.
Another take: People are not getting scammed because of side-loading (or not knowing your demographics/biometrics). People are getting scammed because of ignorance & stupidity & lack of common sense. In a way, its just nature running its course. If I'm able to scam you successfully, don't you deserve it at that point? Doesn't matter what we do, if you are scammable, you will get scammed.
Have these companies sent out their people to old age homes to teach old people how to use their tech and how avoid scams? If you lock the system down at max level, scams will just move offline again or find another way. Same if they build backdoors into encryption or make chats data available to gov agents: all illicit comms will just move off the network or find another smarter way. Its just how nature works, we are seeing tech-evolution in realtime.
Same here! I've traded some privacy for freedom, but if they take away freedom, I'm still paying the privacy price. In this scenario, there is nothing left for me here. So Apple beckons.
So the solution being proposed by multiple companies, is that the restaurant is now responsible to check your age and gender before they bring you something from the kitchen. Also, now you cannot tell the kitchen to use your toaster as some toasters are built to burn the restaurant down or poison the food.
It still doesn't make sense, we need a better plan.
Why can't a bank put a lock on large transfers or have an extra verification step? Or a cooldown period, so that if they see a large transfer from people above 60, let them go to a branch to verify/ack the transaction. Why is this the internet or operating systems problem to solve?
It's crazy. There have been news articles here where people have lost their whole account balance in one go and bank says they can't even do anything after the transfer is made. How is that different from Bitcoin then? People that have never done such huge transfer and the banks supposedly are monitoring transfers.
And since the customer was supposedly being careless, they won't get anything from the bank.
> Why is this the internet or operating systems problem to solve?
Exactly! I don't understand how account-draining transactions make it through, yet I get the third degree when I withdrawal a few thousand in cash to buy used equipment off craigslist.
But it's an interesting thing to raise, because so often when they do enforce those controls - the outcry is 'bank won't let me do what I want with my money!'.
Not such a stones throw from - 'tech company won't let me do what I want with my device!'
Im not making any specific point. But perhaps thats indicative that the solution needs to be holistic, or just that security is hard XD.
LLM's also do well with writing parables, so try something like: "write a parable about a software engineer battle against the compiler and discovering that letting go of control and letting the compiler help him build better applications. The style can be where the developer is a toad, but also a monk, and the compiler is a snake.". You can do it with any profession ("doctor vs management", "nurse working overtime") and it can write very insightful parables.
Better yet, set up ssh to the proxmox server and ask claude code to set it up for you, works like a charm! claude can call ssh and dig and verify that your dns chains work, it can test your firewall and ports (basically running pen tests against yourself..), it can sort out almost any issue (I had intel wifi card and had firmware locks on broadcasting in 5GHZ spectrum in AP Mode - mediatek doesn't - claude helped try to override firmware in kernel but intel firmware won't budge). It can setup automatic nightly updates that are safe, it can help you setup recovery/backup plans (which runs before updates), it can automate certain proxmox tasks (periodic snapshotting of vm's) and best of all, it can document the entire infrastructure comprehensively each time I make changes to it.
reply