This is… Pretty stupid. There are things to be careful about but it’s pretty straight forward to use iptables.

But absolutely none of the issues you listed are issues with iptables.

apt install nfs-utils

point is, firewalld and iptables is for amateur hour and hobbyists.

Which is weird for you to say since practically all of the issues you list are mistakes that amateurs and hobbyists make.

Containers run “on bare metal” just as much as non-containerized applications.

Turning the frogs gay?

Let’s encourage human interaction rather than sending people away to an llm.

I’m totally in favor of people asking other people for help with these things. But here’s what Claude gave.

Found the Issue!

The problem is a mismatch between your find output and what read expects:

• find with a regular pipe outputs newline-separated filenames
• read -r -d '' expects null-terminated input (the -d '' means “use null byte as delimiter”)

Solution 1: Use -print0 with find (Recommended)

Change your find command to use -print0:

find ./ -type f \( -iname "*.jpg" -o -iname "*.png" \) -print0 | while IFS= read -r -d '' file; do

Solution 2: Remove -d '' from read

find ./ -type f \( -iname "*.jpg" -o -iname "*.png" \) | while IFS= read -r file; do

Additional Issues to Fix:

1. Quote your wildcards: -iname \*.jpg should be -iname "*.jpg" to prevent shell expansion
2. File extension preservation: Your script generates UUIDs but loses the file extension (.jpg, .png). You probably want to keep those!

Improved Script:

#! /bin/bash
echo "This script will rename all files in this directory with unique names. Continue? (Y/N)"
read proceed
if [[ "$proceed" == "Y" ]]; then
    echo "Proceed"
    
    find ./ -type f \( -iname "*.jpg" -o -iname "*.png" \) -print0 | while IFS= read -r -d '' file; do
        echo "in loop"
        echo "$file"
        
        # Extract the directory and extension
        dir=$(dirname "$file")
        ext="${file##*.}"  # Get file extension
        
        # Generate new name with UUID but keep extension
        new_name="$dir/$(uuidgen -r).$ext"
        
        echo "Renaming ${file} to ${new_name}"
        # mv "$file" "$new_name"  # Uncomment to actually perform the rename
    done
    echo "After loop"
else
    echo "Cancelling"
fi

The key changes:

• Added -print0 to find
• Quoted the wildcard patterns
• Preserved file extensions using ${file##*.}

Try this and let me know if it works!

Printers are the only piece of hardware I own that I am legitimately surprised by when they work.

guess what, I know how these work.

Neat. I don’t care.

so please tell me “how to do things right”, or shut up if you can’t tell any useful info

WTF? I’m not trying to tell you how to do anything. I’m sick of selfhosted twerps bitching about “how hard it is to self host” when they think everything should be like an app on their phone. You need to learn how networks, dhcp, dns, ssl, certificates, etc. work.

They’re cheap. You can also generate your own certs and use your own ca. But otherwise yes - quit yer bitching and learn how to do things right.

You don’t need to if you’re just using things locally.

But also - domains are cheap.

That’s a lot easier said that done for hobbyists that need a certificate for their home server.

I’d you’re going to self host you need to learn. I have no time for kids who just want “Google but free” and don’t want to spend any time learning what it takes to make that happen.

It’s being deiven by the browsers. Shorter certs mean less time for a compromised certificate to be causing trouble.

https://cabforum.org/working-groups/server/baseline-requirements/requirements/

Will we need to log in every morning and expect to refresh every damn site cert we connect to soon?

Automate your certificate renewals. You should be automating updates for security anyway.

His biggest issue was Premiere Pro not working on Linux, and Davinci Resolve not supporting the AAC Audio codec which VLC recorded in which he then wasted a ton of time on to get it to work and eventually tried to vibe-code his own video editor which didn’t really work out so then he purchased Davinci Resolve premium to get AAC support.

Holy hell, why would he do that? Just “for the content”?

Runs kali linux. Blames Debian when it breaks.

“Bare metal” has traditionally meant without any os either. Your code executes directly on hardware and has direct control over everything. Like a micro controller.

Code in a container executes on the hardware in exactly my the same way as code not running in a container - with the os as an intermediary.

“not running in a container” is not “running on bare metal”. It’s just running outside a container.