In THEORY they’re bad because the script could do malicious things and you shouldn’t blindly trust random people on the internet telling you what to execute.

In practice it’s mostly fearmongering because you’re likely trying to install a binary that could do malicious things anyways. “Mostly” because it is a bit less safe as one could MITM the script more easily or something, but not really by that much.

You shouldn’t run curl | sh scripts some random person sends you, but running an official script prom an official source is no more dangerous than running a .Deb file from that same source.

Everyone who said proxmox didn’t read your post to the end. Proxmox is great for people who want a machine to just self-host things and don’t care about how things work. You don’t seem like that sort of person, and you also mentioned Moonlight which will be annoying to do on proxmox as it’s not intended for that use case.

Every system capable of being used as a Moonlight client can run self-hosted services, but the other way around is not true. So it’s better to start with the Moonlight part.

So, with that in mind I imagine you want this machine to be plugged to a TV in the living room or something similar, so it needs to have a GUI, and the GUI probably needs to be something you can navigate with a controller (although the new Steam controller probably increases that definition dramatically).

You will already have one system with a GUI, so it’s easier to use the same thing. Really, don’t overthink this, if it’s good for general use it’s good for self-hosting, and you don’t want to have to learn how to solve the same problem in multiple ways because of different distros. In the future considering different distros makes sense, but when you’re just getting started nailing the basics is easier with consistency across systems. Think about it this way, if you were learning how to write mixing cursive and print at the same time would be harder than choosing one and then learning the other.

But why proxmox is great? It’s because it makes it easy and gives you a GUI to add services. How hard is it to do the same on Linux using docker? Ssh into the server, edit a small text file and run a single command, all of which should be easy for you since you’ve probably done this in the past, but for most people that is very hard and that is where proxmox shines.

Don’t believe me? You said Jellyfin, this is the whole Jellyfin file with comments:

# Services that this file creates
services:
  # Name of the service, it can be whatever you want
  jellyfin:
    # Image this server runs, this is what tells what the service is
    image: lscr.io/linuxserver/jellyfin:latest
    # Volumes to mount. In the format <local>:<inside the image>
    # So this will mount the ./jellyfin folder inside /config for the image
    # some services require specific folders inside of them, e.g. /config to store jellyfin's configs, otherwise the folder would get lost with every restart of the service 
    volumes:
      - ./jellyfin:/config
    # Rarely needed, but this gives hardware access to the image. Specifically access to the /dev/dri device
    # Jellyfin specifically benefits from this for transcoding 
    devices:
      - /dev/dri:/dev/dri
    # This shows what ports you want to expose, again in the format <local>:<inside the image>
    # So if you want Jellyfin on port 8080 on your machine you don't need to change settings, just do 8080:8096
    ports:
      - 8096:8096
      - 8920:8920
      - 7359:7359/udp
    # This tells docker to restart the service if it crashes, unless you've stopped it
    restart: unless-stopped

That’s it, and this is one of the most complicated ones out there, here’s a simple one:

services:
  radarr:
      image: lscr.io/linuxserver/radarr:latest
      volumes:
        - ./radarr:/config

Of course there’s more to those files, and lots of extra configurations to be used, but the core is very simple and the rest is just needed for special cases.

That’s a stupid argument, and it’s more of a thing Americans say to try to convince themselves that their system makes sense. Taxes are also different in different EU countries, some companies have different prices on different countries because of it, while others prefer to advertise to the whole community as a single market. Regardless, the price they advertise is the price you pay, otherwise it’s called false advertising.

I don’t get how that output showcases anything, unless he had run that against a known instance of forgejo so the owners of that instance could confirm that he actually executed code. But he’s only showing a text file, that’s like saying look I hacked super_secure_self_hosted_service:

python hack_it.py localhost:3000

Hacked!

For all we know chain_alpha.py is just a bunch of prints.

Also, even if it is real (which I don’t really doubt, but I have seen no proof) holding the information instead of properly disclosing it is just childish. It’s not a carrot methodology, it’s a stick one, and one without a carrot. This is the sort of thing you do to big companies with no morals, doing it to a small open source project is just wrong, they don’t have the manpower or money to redo the investigation you already did. Release a CVE, talk to the devs, and/or push a PR, but saying “I found a vulnerability but I won’t tell you about it” is just dumb.

Is this thing worth 5 third party controllers?

If you’re gaming on $20 controllers no wonder you don’t see the appeal here, it’s like someone saying “is an Nvidia 5080 really worth 5 Nvidia 3050s?”, completely different audiences.

Good controllers don’t sell cheaper than half the price of a steam controller, so you wouldn’t even be able to buy 2 controllers for the price of this. And there are plenty of controllers a lot more expensive than this that offer no benefits. Even the ones that cost half are, IMO, less than half as feature-rich, so yeah, definitely worth 2 Sony/Xbox/8BitDo controllers.

Are three of these worth a steam deck?

No, because the Steam Deck doesn’t cost 300, only the model they were burning stock did for a little while (that’s like saying the OG steam controller used to cost $5), and that model is no longer being made, so the question is are 6 of this worth a steam deck? But that is also kinda moot since it’s out of stock and might increase in price because of the ram shortage.

Exactly this, the fact that Valve makes the controller is mostly irrelevant to me (the only difference is that I trust Valve to deliver on their promises, other manufacturers I might wait a few months for reviews, and especially to see it it’s compatible with Linux and SteamInput). But if Microsoft or Sony, or 8BitDo had released a controller with these features for €99 I would have brought it too.

I’m not getting paid by Valve, in fact I will be giving them money for this controller as soon as possible. If you only play controller games then yeah, €99 for a controller with just 2 extra buttons and capacitive gyro might be too much (although, the capacitive gyro and extra buttons alone justify the price for me). But no other controller can be used to play mouse games comfortably. The trackpads might not be for you, but to claim they’re not worth it is naive at best, as they’re the ONLY good solution for this problem and no one else is doing them to be able to say “this other controller does the same and is cheaper”.

Ok, so you need to understand how devices interact with your system, in short they send sequential messages via the USB, your OS interprets those messages depending on what type of device it is. The piece of software that tells your system how to interpret the messages is what we call a driver. The original steam controller sent messages as if it was a mouse and keyboard, so you could plug it on anything that didn’t even had Steam installed and it would work, but not as you would expect it to. The “driver” was nothing more than a thin layer that just did a remapping of “button 1 means controller A, button 2 means controller B, etc” which is the exact same thing SteamInput does.

And the new controller is the same, I can now say this for sure because Gamer Nexus mentioned in their video that the controller works as a mouse on a PC without Steam. So yeah, bullshit, the controller works as expected eleven without steam, you should be able to go into your game and change the mapping and press buttons, it will be weird as the game will show you keyboard icons instead of controller, but the steam controller is not a normal controller so it can’t send the same inputs as other controllers which is somewhat limited.

In short the steam controller works even without steam, but without SteamInput to map what each button/gesture means it’s picked as a generic keyboard/mouse which is a deliverate decision to allow it to be used to control windows machines and reopen steam even if it closes. If it was mapped as a controller it wouldn’t be able to move the mouse natively because Windows doesn’t move the mouse with a controller by default.

it doesn’t make sense to put only one price without tax

That’s done because that’s the norm in the USA, if you advertise a price without tax on Europe you will be legally bound to sell at that price.

americans have less purchasing power than before not than europeans

I didn’t meant to imply that Americans have less purchasing power than Europeans (although they might, I don’t know) but rather than it’s common for companies to price things differently according to purchasing power and while the dollar did lose power that also means it’s people lost purchasing power so it makes sense to keep it the same price instead of increasing it to compensate as otherwise they might loose sales.

They did, a couple of weeks after launch. It wasn’t hard, it was just a USB device with lots of inputs so the software made a fake controller and allowed you to map inputs, it’s very likely the exact same software would work for the new controller for the inputs that both had. This thread is filled with fearmongering by people who have never held the OG steam controller in their hands and don’t understand this device.

Yeah, if Sony sold you a controller that requires playstation everyone would be up in arms… Ah, no, bad example, their controllers do require playstation and it is an open source driver that makes them work… I know! If Microsoft sold you a controller that requires Windows everyone would be up in arms… Ah, no, bad example, they already do and it’s an open source driver that allows it to work outside of it… I guess this is just more of the same? Except (I still don’t have mine so can’t fully confirm but would be surprised if it didn’t) the steam controller probably works just like a regular controller outside of Steam, you just lose SteamInput which is very important for this controller.

Yes, except it only sells on steam so you need an account to buy one. Also I’m fairly confident that it will just work outside of steam, just not full functionality as that depends on SteamInput for remapping and gestures. Most games don’t handle gyro, trackpads or back buttons on controllers so if you use this outside of Steam you won’t take advantage of those features. But I would bet that it will work as a regular controller even without steam.

I call bullshit on that. The OG controller also “doesn’t work outside of steam” and “requires steam for full functionality”, but two weeks after lunch we already had open source projects that handled it, the same thing will happen here.

Indeed, and to expand a bit on this, it’s very likely that the drivers have been in the kernel for a while, after all the Steam Deck has the exact same inputs so it’s very likely that it uses the same driver.

Yeah, but because the price in the US is pre-tax the real price is around $108 which is still less than €99 but not by that much. Also, yeah USD is weakened but that also means people there are making less money so they have less purchasing power, it’s common for companies to price the same thing lower on low-income countries and higher on high-income ones to compensate.

That article has lots of issues:

17% of the most popular Rust packages contain code that virtually nobody knows what it does

That’s not true at all, the article where he got that information from says:

Only 8 crate versions straight up don’t match their upstream repositories. None of these were malicious: seven were updates from vendored upstreams (such as wrapped C libraries) that weren’t represented in their repository at the point the crate version was published, and the last was the inadvertent inclusion of .github files that hadn’t yet been pushed to the GitHub repository.

So, of the 999 most popular crates analyzed 0% contains code nobody knows what it does.

He then lists some ways packages can be maliciously compromised:

1. Steal credentials and impersonate a dev
2. Misleading package names
3. Malicious macros (this one is interesting, had never considered it before)
4. Malicious build script

And his solutions are:

1. Bigger std library (solves none of the above)
2. Source dependencies (solves none of the issues he showed, only the issue that happens in 0% of packages where binary doesn’t match the source and is detectable)
3. Decentralized packages (which worsens every security concern)
4. Centralized Checksum database (so a centralized package manager is bad, but a centralized Checksum index is good? How does that work?)

Honestly I can’t take that article seriously, it grossly misinterpreted another study, presents problems that exist on every single package manager ever, doesn’t propose ANY valid solution, and the only thing he points to as a solution suffers from ALL of the same issues and then some.

Alexander is a common name, but it depends on context, if you say “at the time Alexander conquered X” most people would understand, but if you say “Alexander was here” you might be talking about a work college.

There’s not only one Caesar, while you probably beat Julius Caesar, Augustus, Tiberius and others were also “Caesar”, and you might referring to any of them. For example, “give to Caesar what is Caesar’s” does not refer to the same Caesar you probably meant.

Slim shady is a made up name and it’s way more specific than <common name> the <common adjective>.

Charlemagne is short for Charles Magnus, or in English Charles the great, so that’s exactly the same.

Attila is a very unique name, I’ve never met nor heard about any other Attila so the name is disambiguation enough, but it’s likely that if that is a common name in some country they have an extra qualifier to it, I’ve heard Attila the Hun, but there might be others.

There’s nothing special, if a name is common you need disambiguation, if a name is overly specific you don’t, same reason why we have last names, “I met with John the other day”, “which John?”, “The Smith”, “Ah yeah, John Smith, not John the son of Richard”, “No, I haven’t seen John Richardson in a few weeks”.

I don’t think it’s going to be 50-60, it has a lot more features and hardware than other controllers.

I love my steam controller, but to me it wasn’t a good replacement for controller games. Don’t get me wrong, it’s great and the ONLY alternative to play non-controller games (and I put FPS games in this category), but trying to play most games that waere actually designed for a controller always felt off. The lack of a proper d-pad made it worse for pixel perfect games like Dead Cells, and while the track pad is great for aiming by emulating a mouse and adding gyro, most games also use the thumb stick for mini-games or something that feels weird with the track pad. And yes, I know I could setup layers to solve that, but it’s just easier to grab another controller.

On the other hand, since I held my Steam Deck I’ve been wanting a controller that was the exact same thing. It works 100% like a normal controller, plus has 2 trackpads and 4 back buttons. They fixed every single issue I had with the OG controller, kept everything I loved about it, and even added some things I didn’t knew I needed (extra back buttons, capacitive gyro, etc).

2.5 years life spam for a controller is a rip-off, that being said I have PlayStation 4 controllers that are waaaay older than that and still work (battery is not great, anymore, but I’m sure I could find a replacement). I don’t know what people do with their controllers, mine last for years and years, the only controller I have that actually developed an issue is one that I lent to a friend for a month.