I think what you’re favorably describing stops being “vibe-coding” and starts simply being “coding with LLM assistance”. And I suspect most people in this thread railing against vibe-coding are much less hostile to LLM assistance. In any case, I don’t think saying that people “should start accepting this fact” will convince anyone that wasn’t already, especially if you call it all “vibe coding”.

It’s been a while since I set up my runner, and I have it on my personal desktop (which is wayyyyyy beefier than the VPS I host my forgejo instance on), but I’m pretty sure I was able to specify that only my user account can trigger actions to be run on this runner. What I’m getting at is that there is a decent amount of granularity for forgejo action permissions; you should be able to find a balance that suits you between “no actions at all” and “anyone can run any code they desire on your server”.

BoringCactus wrote a tentative post-mortem to “open source”/free software (five-and-a-half years ago already?!) that I find/found interesting and somewhat relevant to your question.

Hi, not OP, but: that’s known as frontmatter, it’s somewhat widespread, and thus I suspect that it’s much more difficult to have it live at the end of your markdown files than in a separate file or db altogether - unless OP is already rolling their own markdown parser.

I think this part references it, though it’s kinda solely in passing:

Production evaluations can elicit entirely new forms of misalignment before deployment. More importantly, despite being entirely derived from GPT-5 traffic, our evaluation shows the rise of a novel form of model misalignment in GPT-5.1 – dubbed “Calculator Hacking” internally. This behavior arose from a training-time bug that inadvertently rewarded superficial web-tool use, leading the model to use the browser tool as a calculator while behaving as if it had searched. This ultimately constituted the majority of GPT-5.1’s deceptive behaviors at deployment.

In case you omitted the following out of ignorance and not by deliberate choice:

podman unshare can be used to (mostly) painlessly access the files created by rootless podman.

For those curious about how this fork came to be, KnowYourMeme had a decent rundown: https://knowyourmeme.com/memes/events/godot-engine-user-blocking-controversy-wokot

I hesitate to bring this up because you’ve clearly already done most of the hard work, but I’m planning on attending the following conference talk this weekend that might be of interest to you: https://fosdem.org/2026/schedule/event/VEQTLH-infrastructure-as-python/

I recently went from 0 to 1. Reinstalled my VPS under debian, and decided to run my forgejo instance with their rootless container. Mostly as a learning experience, but also to easily decouple the forgejo version from whichever version my distro packages.

Also, no federation on the NodeBB/piefed unless/until the users overwhelmingly ask for it.

NodeBB or maybe piefed to host announcements and provide a place for questions and feedback.

Consider creating an account for each household with a “correct horse battery staple” style password that’s easy to input on mobile, print out a little slip of paper with an explanation blurb and account name & password, and deposit in their mailbox.

Do not expect any users until you’ve hosted several game nights that had multiple attendees. From what you say you are the events committee, not the online life committee. I would thus recommend to stay focused on events until people bring up, unprompted, a desire for more casual day-to-day interactions. You want to be integrating into their existing habits, not trying to replace them. Let the “switching” happen on their own initiative lest they feel like they’re being co-opted for your own personal agenda.

I dislike yaml as much as the next person, but you can always “just” write Jason JSON (lol autocorrect). Unless I’m misunderstanding your criticism?

Forgejo has their own runner: https://forgejo.org/docs/latest/admin/actions/runner-installation/

I’ve used it on my personal machine, was very easy to setup and mostly compatible with GitHub actions out-of-the-box (including things like actions/checkout@v4).

I just searched on GitHub for "Sha1-Hulud: The Second Coming.": 692 repositories. On the first page of results I was able to find a repo clearly made by the malware, and in that repo I was able to find someone’s github token with a few applications of “decode from base64”.

This is pretty bad. I don’t know what exactly comes next, an awareness campaign to get people to clean their infected machines and packages?

A side-effect of the li/unix ecosystem overall moving to wayland is that conky is no longer really an option for spicing up your desktop.

Without conky, it’s much less trivial to do “interesting” things beyond window tiling, window decorations, and/or color theming.

Thanks for sharing that link, I thought the watchy had been more-or-less abandoned by the community.

For what it’s worth, GitHub says that chronos firmware had it’s 1.0 release just 5 days ago, so I’m not surprised the other commenter didn’t know about it.

What exactly is meant by “smart features” ? The watch is an esp32 microcontroller driving an ePaper screen and a gyroscope (I forget if there are any other peripherals). It’s already much smarter than a “regular” wristwatch, and being open source you can make it as smart as you want (in theory and within the performance allowed by it’s specs, of course). The stock “os” will fetch the weather and adjust to daylight savings via internet.

Do you mean stuff like there’s no smartphone app available for it? It doesn’t pair with a smartphone out-of-the-box to do things like show SMS, email, calendar events, etc?

Syntax highlighting for code blocks is the reason I prefer discord over slack for collaborating and just chatting with friends who know how to code. I imagine some irc clients exist that so the same, but at least with discord I know my recipient is guaranteed to see what I see.

Sounds like either federation working as intended, or some client app trying to cache info about your instance. Might be https://fedidb.com/ or https://fediverse.observer/ or some other service.

From my understanding of word embeddings (as used by LLMs), you could skip the LLM and directly compare the similarity of what the STT outputs to each task or phrase in a list you have prepared. You’d need to test it out a few times to see what threshold works, but even testing against dozens of phrases should be much faster than spinning up an LLM - and it should be fully deterministic.