Solar Bear

Something you might want to look into is using mTLS, or client certificate authentication, on any external facing services that aren’t intended for anybody but yourself or close friends/family. Basically, it means nobody can even connect to your server without having a certificate that was pre-generated by you. On the server end, you just create the certificate, and on the client end, you install it to the device and select it when asked.

The viability of this depends on what applications you use, as support for it must be implemented by its developers. For anything only accessed via web browser, it’s perfect. All web browsers (except Firefox on mobile…) can handle mTLS certs. Lots of Android apps also support it. I use it for Nextcloud on Android (so Files, Tasks, Notes, Photos, RSS, and DAVx5 apps all work) and support works across the board there. It also works for Home Assistant and Gotify apps. It looks like Immich does indeed support it too. In my configuration, I only require it on external connections by having 443 on the router be forwarded to 444 on the server, so I can apply different settings easily without having to do any filtering.

As far as security and privacy goes, mTLS is virtually impenetrable so long as you protect the certificate and configure the proxy correctly, and similar in concept to using Wireguard. Nearly everything I publicly expose is protected via mTLS, with very rare exceptions like Navidrome due to lack of support in subsonic clients, and a couple other things that I actually want to be universally reachable.

Use lemmy.ml how you want to use it, and if you want to participate in other political leanings, go to a different instance. No one is really stopping you, and that’s the whole idea of the fediverse. And there really isn’t any value lost, because this isn’t a “choose one and only one” situation. You’ve got all of the fediverse at your fingertips.

Until you make the mistake of replying with the wrong kind of comment to the wrong sub, and get banned from the entire instance and lose the ability to post on many of the largest subs on this side of the fediverse. Or maybe they just see you out and about and decide to ban you on sight because they don’t like what you said. There’s nothing stopping that.

Admin overreach and abuse is a major issue for the fediverse because it affects more than just the user in question. Admins of large instances get to decide who has access to the users and communities on their instances, and very often the users of the instance aren’t even aware of the actions taken on their behalf. Mastodon recently implemented a notification for when blocks and defederation remove your follows or followers, and this is a great first step. Users deserve to know when they are impacted by decisions such as these.

I love the fediverse and want to see it thrive, so we need to stop putting our heads in the sand on this issue. It’s always discussed as if it’s an issue with a few problematic instances rather than the systemic issue in need of a solution that is is. Admins need the tools to protect their instances from real abuse, but we need to balance that with the right of the users to know what’s going on and not be unfairly deprived of the social aspect of this social media experiment, especially without knowing.

Incredibly funny story, incredibly awful website.

Whatever you get for your NAS, make sure it’s CMR and not SMR. SMR drives do not perform well in NAS arrays.

I just want to follow this up and stress how important it is. This isn’t “oh, it kinda sucks but you can tolerate it” territory. It’s actually unusable after a certain point. I inherited a Synology NAS at my current job which is used for backup storage, and my job was to figure out why it wasn’t working anymore. After investigation, I found out the guy before me populated it with cheapo SMR drives, and after a certain point they just become literally unusable due to the ripple effect of rewrites inherent to shingled drives. I tried to format the array of five 6TB drives and start fresh, and it told me it would take 30 days to run whatever “optimization” process it performs after a format. After leaving it running for several days, I realized it wasn’t joking. During this period, I was getting around 1MB/s throughput to the system.

Do not buy SMR drives for any parity RAID usage, ever. It is fundamentally incompatible with how parity RAID (RAID5/6, ZFS RAID-Z, etc) writes across multiple disks. SMR should only be used for write-once situations, and ideally only for cold storage.

Refurbished drives get their SMART data reset during the process, they absolutely had more than that originally.

There’s 102 people mentioned in that commit and two of them happen to meet in the comments of a meme thread on Lemmy of all places. I love the Internet.

“Because I feel like it.”

So in other words, because she wants to? As in, “because it’s her body and she can do whatever she wants with it”?

If you’re waiting for Jellyfin to run some kind of relay like Plex, you’ll be waiting a long time. That takes a lot of money to upkeep, and the demand for people who self-host FOSS and then want to depend on an external service is very minimal, certainly not enough to sustain such a service. I’d recommend just spending a weekend afternoon learning how to set up Nginx Proxy Manager and being done with it, the GUI makes it very easy.

I chose Bookstack for the same situation. It’s dead simple in usage and maintenance. No issues yet!

I will have an OG Xiaomi Mi Box and it’s absurd how over the years it went from a purely functional media device to a complete shit show covered ads. Genuinely disgusted me every time I turned the TV on. I couldn’t stand it anymore, I had to tear out the launcher with ADB and replace it with FLauncher.

I wish Kodi wasn’t such a pain in the ass to deal with, especially for YouTube. We really need a new FOSS media center application. Until then, at least FLauncher works for now as a simple app switcher for a handful of Android apps.

Recently started using Tempo with Navidrome. Haven’t had more than a few days of use yet, but everything has worked exactly as expected! Can’t ask for much more than that.

I very recently started using borgbackup. I’m extremely impressed with how much it compressed the data before sending, and how well it detects changes and only sends the difference. I have not yet attempted a proper restore from backup, though.

I have much less data I’m currently securing (~50gb) and much more uplink bandwidth (~115mbps) so my situation isn’t nearly as dire. But it was able to compress that down to less than 25gb before sending, and after the initial upload, the next week’s backup only required about 100mb of data transfer.

If you can find a way to seed your data from a faster location, reduce the amount you need to back up, and/or break it up into multiple smaller transfers, this might be an effective solution for you.

Borgbase’s highest plan has an upper limit of 8TB, which you would be brushing right up against, but Hetzner storage boxes go up to 20TB and officially support Borg.

Outside of that, if you don’t expect the data to change often, you might be looking for some sort of cheap S3 storage from AWS or other similar large datacenter company. But you’ll still need to find a way to actually get them the data safely, and I’m not sure if they support differential uploads like Borg does.

The goal here is to make it difficult to link to things uploaded to discord from outside of discord. The malware reason is BS. If they wanted to curb malware it would be as easy as making it a nitro feature. What that doesn’t fix is all the people piggybacking on discord as a free CDN.

Discord isn’t even wrong for doing this. I just resent their dishonesty.

Convincing argument, but unfortunately a cursory Google search will reveal he was right. There is very little CPU overhead. The only real consideration is a bite extra storage and RAM to store and load the redundant dependencies of the container.

While that isn’t false, defaults carry immense weight. Also, very few have the means to host at scale like Docker Hub; if the goal is to not just repeat the same mistake later, each project would have to host their own, or perhaps band together into smaller groups. And unfortunately, being a good programmer does not make you good at devops or sysadmin work, so now we need to involve more people with those skillsets.

To be clear, I’m totally in favor of this kind of fragmentation. I’m just also realistic about what it means.

Never trust corporations. If you’re not profitable, they will abandon you. Only trust community-driven projects with a true open source commitment.

Proxmox is completely different from Docker. Proxmox is focused on VMs, and to a lesser extent LXC containers. If you think you will have a need to run VMs (for example, a Windows VM for a game server that doesn’t support Linux) Proxmox is great for that.

I run Docker on a dedicated VM inside Proxmox, and then I spin up other specialized VMs on the same system when needed. The Docker VM only does Docker and nothing else at all.

Never ask ChatGPT to write code that you plan to actually use, and never take it as a source of truth. I use it to put me on a possible right path when I’m totally lost and lack the vocabulary to accurately describe what I need. Sometimes I’ll ask it for an example of how sometimes works so that I can learn it myself. It’s an incredibly useful tool, but you’re out of your damn mind if you’re just regularly copying code it spits out. You need to error check everything it does, and if you don’t know the syntax well enough to write it yourself, how the hell do you plan to reliably error check it?

These are scripts that manage stuff on a few hundred user endpoints and a few servers. They were doing basically everything manually until I got here, and the only way I could get them on board with my slow introduction of automation is to let them see it. I have to ensure things don’t get too long, complex, or hard to explain, or they start getting nervous.

I write a lot of fairly simple scripts in Bash and PowerShell that should be easily understood by anybody else with moderate experience in the language, but I leave a lot of obvious comments because my coworkers don’t write any code and are extremely skittish about my automations. I add them basically to quell their fears.