Given what’s happening in the world right now, I really want to minimize my reliance on US-based services and Big Tech (“Les GAFAM” for French readers), even more so than a few months ago. Here’s a quick summary of what I use and do in an effort to become independent from those corporations. Almost everything mentioned is FOSS (Free and Open-Source Software).

This is mainly addressed to tech-savvy people, but it can give you some ideas to get started if you’re not one (yet) :). Each solution will be attributed a “pain level”, which rates how painful the setup was for me, with my knowledge at the time. It’s therefore entirely subjective and is mainly just for fun. Feeling interested but lost? Feel free to reach out! See about page.

And if you’re asking why do all this:

• I want to have control over my data, I do not want my information sold by data brokers
• I think privacy is a fundamental right and that more people should care
• I want to own things instead of subscribing to services, which are enshitiffied update after update, quarterly result after quarterly result - there are paid services with ads now, are we for real?[insert many more?] But I guess line must go up because shareholder angry if line go down
• I do not want my daily activities to support evil companies a.k.a. Big Tech (ad revenue, “““AI””” training on my data, etc.)
• It’s part of my hobbies - no I’m not a masochist I promise
• Other reasons I’ve forgotten at the time of writing or that I’m too lazy to write down

Self-hosting

It doesn’t get better than that, if you have the means and technical ability. I have a dedicated server at home that hosts most of the services I’m going to list. It’s a repurposed mini PC, but a Raspberry Pi or an old desktop or laptop is more than enough to get started. You could also rent a VPS if you have the money and don’t want to trouble yourself with the hardware (but in that case you would be using someone else’s computer, that’s what “cloud” really is…).

First and foremost - a domain name

I recommend getting a domain name. It makes self-hosting much easier and prettier: no need to deal with a potentially changing IP all the time (take advantage of DynDNS if your ISP does not provide static IPs and if your router supports it). I purchased mine at OVHcloud, formerly OVH, a French “cloud” company. I find the price fair, and the new online dashboard is alright.

Nextcloud - replaces most of the Google suite

Pain level: 2/5 - installation instructions are rather clear, and I had little experience with self-hosting at the time.

The features I use are:

• Cloud storage
  • Files
  • Notes
  • Tasks and reminders
• CalDAV and CardDAV server for calendar and contacts
• Bookmarks (mobile and browser synchronization thanks to Floccus)
• Nextcloud Office to replace Google Docs, Sheets, etc.
• Push notifications from scripts to my phone

The mobile app is great for file management. You need a separate app for notes, Nextcloud Notes, and it really sucks. Notes very often appear blank when I open them. I much prefer Quillpad, which you can connect to your Nextcloud instance. For contacts and calendar sync, you’ll need a separate app like DAVx⁵ as Android does not natively support CalDAV/CardDAV, which is frankly absurd in 2026. DAVx⁵ is basically set and forget. My calendar app of choice is Etar. For tasks and reminders, I use Tasks.org.

Get started

Nextcloud web interface

Nextcloud office

Immich - replaces Google Photos

Pain level: 1/5 - docker setup, quite straightforward.

Besides basic photo/video storage and viewing, the highlight feature for me is the locally-running face, object and text recognition. Immich can leverage a dedicated GPU for super fast processing if you have one. Otherwise, the CPU will do just fine, albeit a lot slower and less efficiently. It’s also super handy to share pictures with friends and family, with the ability to create custom links with a password and an expiry date. Both the web and Android clients are great.

Get started

Immich web client

Immich Android app, contextual search

Navidrome - replaces Spotify

Pain level: 2/5 - docker setup, struggled a bit to find suitable clients for desktop and mobile.

Navidrome is a Subsonic-API piece of software that you can install on a server to stream music from a desktop or a mobile. The unfortunate reality is that self-hosting music is not free as in free or charge, since you need to buy it (Bandcamp, Beatport, CDs…), but at least it’s free as in freedom: no subscription required, no geo-restriction because of copyright and whatnot, you listen on your own terms. You could also sail the high seas, but I’m not getting into that. Side note, if you buy music on Bandcamp Fridays, 100% of the revenue goes to the artist!

It supports on-the-fly reencoding, in case your network conditions do not allow lossless streaming. It offers a web client for desktop, but you can also find thin clients like Feishin, which I quite like. As for mobile, there’s also a variety of options. I use Synfonium, which you can purchase on the Play Store or from the developer directly according to a thread on the forums, although I’m not sure if anybody has had success with that recently. Symfonium is very complete and customizable. It really can replace Spotify, local caching of songs included! I especially like the recent addition of the parametric equalizer.

Get started

Feishin

Synfonium Android app

Jellyfin - replaces Netflix

Pain level: 4/5 - docker setup, had to reorganize my video library a bit to follow the Jellyfin naming conventions, hardware acceleration can be a bit tricky to setup, stylized subtitles (.ass) can be hit or miss without a bit of fiddling, especially on the native clients, ripping Blu-rays is not straightforward.

This one is harder to recommend, because sourcing the required hardware, software and media legally is expensive. You need a specific kind of Blu-Ray drives (LibreDrive compatible) if you’re going to go feed your library with physical media, and potentially a lot of storage space. Consider the abundant second-hand market for Blu-rays if you want keep costs down. If you live in the UK, I don’t envy you, I just wish we had CEX over here. A good friend of mine took me to a CEX store in Brighton a few years ago and I bought some great movies for just a few pounds (if you’re ever reading Lukas, thanks man, CEX is great - don’t read that out loud).

You also need decent hardware on the server side to take advantage of all features, especially hardware-accelerated transcoding. Other than that, Jellyfin is mature and works well. The native clients for desktop and mobile are fine. There are some great alternatives out there. I quite like Findroid (mobile, direct play only, no transcoding) and Fladder (desktop and mobile). Side note, Blu-Ray quality is so, so much better than the über compressed streams on Netflix and such, even after reencoding to save storage space.

Get started

Jellyfin Media Player on Linux

Resources:

• Jellyfin website
• Blu-Ray ripping:
  • MakeMKV
  • LibreDrive

Stalwart - replaces Gmail

Pain level: great and humbling learning opportinuty, a.k.a. maximum - I knew next to nothing about DMARC, DKIM AND SPF when I installed and setup Stalwart (and still do…). The documentation is clear, but you need solid fundamentals in all things domain management, certificates, reverse proxy and networking. Careful with your IP reputation!

Once you manage to set it up, Stalwart is great! You can import an export of your Gmail/other provider inbox, although my attempts were unsuccessful (100% a skill issue on my part). I use Thunderbird for my desktop and mobile client needs (Thunderbird for Android is basically K-9 Mail rebranded). Don’t forget to setup push notifications for incoming e-mails on mobile.

Operating systems

Linux - replaces Windows, even for gaming

Pain level: 2/5 - Linux distributions are quite easy to install nowadays, even in dual boot configurations. There are plenty of helpful resources online if you’re a newbie. Gaming can be hit or miss, but it’s a lot more hit than miss these days (thank you, Valve!)

I’ve been using Linux instead of Windows for almost three years now. Probably the best decision I’ve ever made. No more pop ups about OneDrive, Copilot, Office or whatever subscription service Microslop wants to shove into my face. No more crazy long update times, slow start menu, crashing Windows Explorer, spying…

I’ve switched to Fedora after more than a year with Debian (both running KDE Plasma for the desktop environment). Everything works great, I have found alternatives to almost all the programs I was used to on Windows when they didn’t have a Linux counterpart, and I even game on Linux. Gaming can be a bit tricky, and sometimes impossible with kernel-level anti-cheats - which are an abomination you should avoid like the plague if possible - but it’s quite straightforward most of the time, at least with the games I play. I’ll to share my experience and tips sometime this year.

Some great resources on YouTube to ease the pain:

• Veronica Explains
• Bread on Penguins
• The Linux Experiment - I found his gaming on Linux video very useful

GrapheneOS - replaces Android

Pain level: 2/5 - the installation instructions are very clear and easy, it’s just a bit of a pain to wipe everything if your phone is already setup.

GrapheneOS is a privacy and security-focused alternative to Android, built on FOSS Android, available for Google Pixel devices only. Yes, you need Google hardware to avoid Google, although this might change soon. No more Google bloatware/spyware and consequently, quite a lot of storage space reclaimed.

GrapheneOS lets you use sandboxed Google Play Services and the Play Store if you so desire. There are only two caveats to me: some banking apps will refuse to launch because they consider the device insecure - it’s not, it’s in fact probably more secure than a stock Google Pixel, it’s just not “certified” by Google - and Google Wallet as well as most other NFC payment apps will refuse to work.

Other stuff

LLMs - or “““AI”””

Pain level: 0/5 - non US-based alternatives to LLMs exist, and they work great for my use cases.

I only sometimes use LLMs - mainly for translations in Japanse and Korean and to check for correctness in English - but I avoid OpenAI, Anthropic and the likes when I do. Those companies are literally evil (I’m not going to explain why, just watch interviews of their top people and read their tweets, you’ll understand).

You can definitely self-host an LLM, and there are plenty of ressources online to help you do that, but I found myself relying on online services as of late because my hardware is not capable enough for accurate responses. My picks are Lumo by Proton and Mistral.

The former is privacy respecting, the latter is French, both are plenty for my use cases and have mobile clients. The Lumo app is okay (probably a web wrapper/Chromium-based app), and I’ve never tried Mistral’s.

Update 2026-03-26: I’ve started using translategemma for translation tasks, and it’s been working great. The 12b model fits in my 11GB or VRAM, and the inference is super fast (once the model is loaded). The translations seem accurate after checking manually. I use Open WebUI as a web interface to interact with the LLM. The UI is responsive (adapts to displays of different sizes, desktop, mobile…).

FUTO Keyboard - replaces Gboard and co

Added on 2026-03-11: pain level: 1/5 - Requires a tiny bit for dictionaries and customization to your linking.

All the data you output, private or otherwise, goes through your keyboard app. For example Gboard, the default on Google Pixel devices, or Samsung Keyboard on Samsung devices. If you don’t trust themn, you can opt for an open-source and privacy friendly alternative, FUTO Keyboard. FUTO is fully offline, even for voice input, which is based on OpenAI Whisper. Note that the app will ask you for a financial contribution before you can use that feature. Even though it’s still an alpha at the time of writing, the app is very stable and featureful.

Get started

Things I haven’t been able to replace

Google Maps and YouTube

The crowd-sourced nature of the data present in Google Maps combined with the sheer amount of users makes the app very powerful and hard to compete with. I use it to discover things to visit, check out menus, reviews, photos of places… I don’t think any FOSS competitor exists as far as the data aspect is concerned. The only exceptions I know are Naver and Kakao Maps, which are widely used in South Korea. Google Maps is kind of useless there, as their laws prevent the app from providing navigation and accurate satellite imagery. I also found the data on the Korean apps more plentiful and up to date.

Update 2026-03-11: Google Maps will soon be fully functionnal according to Reuters.

As for YouTube, well, it’s virtually a monopoly. Most of the content creators I like upload their videos there. Although, I make my experience with the app and website less painful and ad-free thanks to Revanced, SponsorBlock and PipePipe.

Social media and messaging apps

I use WhatsApp, Instagram and Discord. I would love to delete my accounts on those platforms, but I also want to stay in touch with family and friends, the vast majority of whom are not willing to switch to more privacy respecting services like Bluesky, Matrix, Signal, etc., which I understand and respect.

I actually had deleted Instagram altogether in 2024, but decided to create another account to keep in touch with the people I spontaneously connect with. For instance I was fortunate enough to travel to South Korea last month and I made a friend there. We’re keeping in touch on Instagram! 서인, if you’re reading this, 안녕, you’re very cool and I’m glad we met :).

I may have lied, about this being a “quick summary”. My bad.

I could use Nextcloud notes as a medium, but that requires me to login, and it would be a pain to log out and login every time I need to just share some text on a shared/untrusted target devices. So it’s important that this hypothetical webpage does not require authentication.

That’s where flatnotes comes in. It can easily be installed with Docker compose, and authentication can be disabled by setting the FLATNOTES_AUTH_TYPE environment variable to none.

Last but not least, I want to restrict the service to LAN only. If you use Caddy, that can be done quite easily thanks to snippets. I covered this exact use case here.

And that’s it! Easily accessible text content from and to any device on LAN with a web browser. Here’s what it looks like:

Note that the images are quite cropped in, hence the strange looking proportions.

This is the home page where recent notes are displayed.

And this is what the inside of a note looks like from a handheld.

The way it works is simple: when using the share menu with a picture in Android, select Scrambled Exif instead of the destination app where you want the picture shared. Scrambled Exif removes the metadata and displays another share menu, where you choose where the EXIF-less picture should go. And yes, it works for multiple images too!

This might not be necessary, since popular messaging apps such as WhatsApp and Discord seem to use tools like oxipng and jpegoptim (covered in this post!) to compress images and remove metadata before they are sent. But you never know, maybe the EXIF data is actually read and stored somewhere before compression… That wouldn’t even surprise me to be honest.

You can use the “LYRICS” ID3 tag to store chapters as if they were lyrics:

[00:00.0]Overture x The Bat Overture
[01:57.0]Ember x Emperor Waltz
[05:22.0]All Night x Éljen a Magyar
...
[71:19.0]Other Side
[77:33.0]No Tomorrow x The Baron
[97:13.0]Sientelo

I usually get chapter timestamps from YouTube comments, and I and use Mp3tag to edit ID3 tags (through Wine).

You must enable the “LYRICS” field in the settings first.

You unfortunately must stick to minutes and seconds to format the timestamps. For example: Poweramp will not recognize [01:11:19.0] as a timestamp. [71:19.0] will work, though. I’m not sure if this is a ID3 specification thing, or a Poweramp quirk. Here’s what it looks like in the app:

Each “chapter” is clickable!

Poweramp is IMHO the best music player for Android out there. There is a trial version on the PlayStore. The full version is available on there as well, but you can support the dev directly by purchasing it on the official website (no Google tax, and will run on degooggled devices).

https://git.ampho.fr/anhminhpho/disable-acpi-wakeup

The systemd unit calls this bit of code, which disables all wakeup triggers associated with currently connected peripherals:

for d in $(cat /proc/acpi/wakeup | grep enabled | awk '{print $1}')
do
	echo $d > /proc/acpi/wakeup
done

Instructions to install are available in the Git repo. Tested on Debian 12 and 13, but it probably works on most distros.

References

https://wiki.archlinux.org/title/Power_management/Wakeup_triggers#/proc/acpi/wakeup

Install python-kasa

pip install python-kasa

Join device to your home network

Some devices might require authentication, mine does not.

Scan for Wi-Fi access points:

$ kasa --host 192.168.0.1 wifi scan

Discovering device 192.168.0.1 for 10 seconds
Scanning for wifi networks, wait a second..
Found 5 wifi networks!
         WifiNetwork(ssid='<SSID>', key_type='wpa2_psk', cipher_type=2, bssid='1E4D73E63290', channel=8, rssi=None, signal_level=2)
         ...

Scanning might fail. I got the following error after a reset of my Kasa HS100 (can’t rememeber if scaning worked the first time):

Raised error: Error on smartlife.iot.common.softaponboarding.get_scaninfo: {'err_code': -1, 'err_msg': 'module not support'}

In that case, join your network directly:

kasa --host 192.168.0.1 wifi join "<SSID>"

The keytypes are as follows:

0 - Open
1 - WEP
2 - WPA
3 - WPA2
4 - WPA3

Your device is now joined, you can add it in your Home Assistant instance to manage it.

If you ever change your Wi-Fi SSID and/or password: reset your Tapo/Kasa smart devices, join them to your network, and Home Assistant will recognize them automatically. They will be usable again right after joining.

Tapo cameras (Nov. 2025 update)

I got my hands on Tapo C210 indoor cameras, and they unfortunately must be setup in the Tapo app with a TP-Link account before they can be used in Home Assistant. You must enable “Third-Party Compatibility” under “Services” in the “Me” menu, as well as create a “Camera Account” under “Advanced Settings” for each of your cameras. Only then will you be able to add them into the TP-Link integration in Home Assistant.

While you have the app installed, make sure to update the firmwares and reboot the cameras after making the abovementioned changes (I couldn’t login in the integration at first, maybe the reboot helped, not sure).

The TP-Link integration unfortunately lacks a lot of features. Instead, you can take a look at Juraj Nyíri’s integration, which is specific to Tapo cameras and offers much more control. Your TP-Link password is required during setup, but the integration remains fully local according to the Readme. This means you can probably delete your account after adding your Tapo devices to HA. That’s probably true for the native integration as well, but I didn’t test it.

The app is however still useful to configure some settings not available in HA like framerate. If you no longer need it, you can archive it in recent versions of Android instead of uninstalling it completely, so that your account data remains on the device (no need to login again). And for good measure, I blocked any traffic from my cameras to WAN and vice-versa in my router.

References

https://python-kasa.readthedocs.io/

https://github.com/python-kasa/python-kasa/issues/1325

https://www.home-assistant.io/integrations/tplink#troubleshooting

There are a number of GUIs that make use of those utilites. I personally like OptiImage:

72% decrease in size from a digital camera. Not bad!

Keep in mind that you might mess up the orientation of your pictures by stripping metadata. You can either rotate them “for real” based on the EXIF rotation data before minimizing them, or use a tool to restore the correct orientation after the fact. I prefer the second option because I’m lazy: I use XnView🇫🇷, mainly because it supports JPEG lossless rotation and batch processing.

I also chose to display thumbnails on the page instead of the full pictures to make loading even faster. Clicking on the image reveals the full-size image. I made the thumbnails manually by downsizing the pictures and passing them through jpegoptim as well.

The result is quite nice: a lot of thumbnails for only 1.79 MB of total data transferred (no cache), and faster loading of full-size images.

I tried to reduce the footprint of pictures stored by WhatsApp on my phone, but it appears the app already uses jpegoptim as OptiImage was not able to reduce their size further.

The artworks are a creation of GAAAT, a Tokyo-based art gallery. The event is hosted by the DANAE gallery, from October 2nd to October 9th, and is the result of a partnership with La Méduse Violette. It was supposed to end on the 5th, but was extended thanks to its popularity.

Every piece has depth thanks to a layered printing process on metal canvas, with up to 32 layers. Most are extremely detailed and impressive. The effect is especially striking when you move around a little bit to see how the light catches on differently depending on your position.

Thank you very much to the GAAAT staff, as well as Olivia from La Méduse Violette, for your kindness. I hope to see you again at another GAAAT event!

Here are a few (amateur) pictures of my favorite pieces and angles. Click on an image to see it full-size. Please ignore the lens distorsion and poor framing, I barely ever take pictures with an actual camera lol. Feel free to zoom-in to appreciate the small details and texture revealed by the reflections.

Re:compile

Threshold

Steel Hearts

Mimesis - MOTOKO, BATOU, TACHIKOMA

Hurry Up!

Jungle/DnB

• The “Yeah! Whoo!” heard in many Jungle and Drum & Bass songs come from the “Think Break”, sampled from “Think (About It)” by Lyn Collins (1972).

Ghost in the Shell: Stand Alone Complex

• “take a little end” plays towards the end of the flashback section in episode 11 of 2nd GIG, according to tvtropes.

• “Dew” plays in episode 17 of 2nd GIG according to a comment thread in this YouTube upload. It starts around the 2:40 minutes mark, although it’s an instrumental version.

Massgrave provides this PowerShell one-liner that runs the script after performing some checks. Make sure you are up to date, it might fail otherwise.

irm https://get.activated.win | iex

https://get.activated.win contains the PowerShell code that performs those check. irm is short for Invoke-RestMethod, which downloads the script. iex is short for Invoke-Expression, which runs the script.

The actual Batch script is available at multiple location stored in the URLs array. The preliminary PowerShell script randomly selects a location to download it from and run it.

$URLs = @(
        'https://raw.githubusercontent.com/massgravel/Microsoft-Activation-Scripts/ab6b572af940fa0ea4255b327eb6f69a274d6725/MAS/All-In-One-Version-KL/MAS_AIO.cmd',
        'https://dev.azure.com/massgrave/Microsoft-Activation-Scripts/_apis/git/repositories/Microsoft-Activation-Scripts/items?path=/MAS/All-In-One-Version-KL/MAS_AIO.cmd&versionType=Commit&version=ab6b572af940fa0ea4255b327eb6f69a274d6725',
        'https://git.activated.win/massgrave/Microsoft-Activation-Scripts/raw/commit/ab6b572af940fa0ea4255b327eb6f69a274d6725/MAS/All-In-One-Version-KL/MAS_AIO.cmd'
    )

The long string ab6b572af940fa0ea4255b327eb6f69a274d6725 is the commit hash where it originates from.

The script is very big. Massgrave provides a breakdown on GitHub. I frankly didn’t dive deeper into the code. I just know it’s trusted by countless people, and my locally-running LLM as well as Mistral AI didn’t find anything suspicious (except for the fact that it bypasses official activation channels…).

To enable ESU, choose option 3, TSforge:

The process can take a few minutes. You’ll know it’s done when it tells you to press a key to return to the main menu. It’s that easy! No e-waste and money saved.

Note: According to Next, formerly Next INpact, European users can benefit from ESU by logging in with a Microsoft account. But that “solution” is obviously a privacy nightmare. Maybe it’s a good time to switch to…

 █████        ███                                   
░░███        ░░░                                    
 ░███        ████  ████████   █████ ████ █████ █████
 ░███       ░░███ ░░███░░███ ░░███ ░███ ░░███ ░░███ 
 ░███        ░███  ░███ ░███  ░███ ░███  ░░░█████░  
 ░███      █ ░███  ░███ ░███  ░███ ░███   ███░░░███ 
 ███████████ █████ ████ █████ ░░████████ █████ █████
░░░░░░░░░░░ ░░░░░ ░░░░ ░░░░░   ░░░░░░░░ ░░░░░ ░░░░░  (?)

Here’s where Caddy snippets are convenient to block all WAN traffic for select subdomains. The following snippet in my Caddyfile blocks all traffic coming from outside the subnets after remote_ip, in the blocks where it’s used.

# Snippet
(lan_only) {
        # Allow traffic from my local network, including wg-easy
        @external not remote_ip 10.0.0.0/24 10.42.42.0/24
        abort @external
}

# Protected subdomain
        @subdomain host subdomain.ampho.fr
        handle @subdomain {
                import lan_only # Import the snippet
                reverse_proxy localhost:1234
        }

Don’t forget to reload the Caddy service after modifying the Caddyfile.

In my case, name resolution is done thanks to entries in the hosts file in my OpenWrt router from GL.iNet. GL.iNet offers a convenient interface to modify that file without having to SSH into the router. Example entry:

10.0.0.3 notes.ampho.fr

The thing is, port 80 is not forwarded on my router, which is required for the ACME HTTP-01 challenge. I also don’t want a DNS record for my private subdomains to appear publicly (I use the hosts file in my router to provide DNS resolution locally). EDIT: Certificate Transparency is a thing… Thank you Laurent!

A convenient solution is to use the ACME DNS challenge to get a wildcard certificate. Here’s how to do it with OVH.

Install Caddy with the OVH plugin

Install a custom build of Caddy with the OVH plugin. I went with the update-alternatives from source route after installing vanilla Caddy through my package manager, but there are several other ways to do it, more info on that page.

OVH API credentials

You now have to create OVH API keys from the dedicated admin page with the correct API permissions. According to the libdns GitHub repo, they are as follows for a single domain:

GET /domain/zone/ampho.fr/record
POST /domain/zone/ampho.fr/record

GET /domain/zone/ampho.fr/record/*
PUT /domain/zone/ampho.fr/record/*
DELETE /domain/zone/ampho.fr/record/*

GET /domain/zone/ampho.fr/soa
POST /domain/zone/ampho.fr/refresh

Once you have your API credentials, store them in a location where Caddy will be able to read them. I use a .env file in /etc/caddy/ and a service override as described in the Caddy documentation.

Here is what my .env file looks like. Change the endpoint according to your region.

OVH_ENDPOINT=ovh-eu
OVH_APPLICATION_KEY=xxxxxxxxxxxxxxxxx
OVH_APPLICATION_SECRET=xxxxxxxxxxxxxxxxx
OVH_CONSUMER_KEY=xxxxxxxxxxxxxxxxx

Don’t forget about the service override!

Caddyfile

You can now modify your Caddyfile to use the DNS challenge and serve all your subdomains with a wildcard certificate:

*.ampho.fr {
        tls {
                dns ovh {
                        endpoint {$OVH_ENDPOINT} # Variables from the .env file
                        application_key {$OVH_APPLICATION_KEY}
                        application_secret {$OVH_APPLICATION_SECRET}
                        consumer_key {$OVH_CONSUMER_KEY}
                }
        }

        #My service
        @subdomain host subdomain.ampho.fr
        handle @subdomain {
                reverse_proxy localhost:1234
        }
	...

Make sure to restart/reload Caddy to apply the changes. Check the service health with journalctl -xeu caddy.service. If it’s healthy, you’re done!

The command recursively checks FLAC files in the current directory. You can adjust the file extension, or remove it entirely to check all files. Add -maxdepth 1 after find ./ to disable recursion. You might want to run it in Screen since the process will read through your entire library, which could take some time.

IFS=$'\n'
set -f
for f in $(find ./ -name '*.flac')
do ffmpeg -v error -i "$f" -f null - |& sed -e "1i $f" -e '$a\---' | tee -a error.log
done
unset IFS
set +f

One-liner:

IFS=$'\n'; set -f; for f in $(find ./ -name '*.flac'); do ffmpeg -v error -i "$f" -f null - |& sed -e "1i $f" -e '$a\---' | tee -a error.log; done; unset IFS; set +f

Changing the IFS and disabling filename expansion with set -f allows the command to handle special characters like spaces or question marks in filenames. It will print out errors in the terminal and also write them in error.log.

FFmpeg might find problems that do not affect the actual stream in your files:

   ./OST/Jujutsu Kaisen/01. LOST IN PARADISE (feat. AKLO).flac
=> [flac @ 0x5579ca9e51c0] Could not read mimetype from an attached picture.
   ---
   ./Tut Tut Child - You Hide (feat. Augustus Ghost).flac
   [mjpeg @ 0x5a6c0c161e40] No JPEG data found in image
   [mjpeg @ 0x5a6c0c1650c0] No JPEG data found in image
=> Error while decoding stream #0:1: Invalid data found when processing input.

stream #0:1 is the cover file, while stream #0:0 would be the audio stream. Up to you if you want to deal with them. I personally don’t, since they doesn’t affect playback.

You can guestimate the time the check will take by taking a look at the read throughput on your drive by using iotop or iostat for example.

In case you’re curious, here’s what I use to run my home server:

• Minisforum B550
  • AMD Ryzen 7 5700G
  • 32 GB or RAM
  • GTX 1080 (slowly dying) RTX 2080 Ti
• GL.iNet Flint2 (2.5G links to my ISP and server)

Want to reach out? Feel free to send me a DM on Discord at Miminepho or an email, contact at ampho.fr.

Disclaimer: I might get things wrong. Please take everything I write with a grain of salt.