I am a Meat-Popsicle
Yeah, a company got toasted because one of their admins was running Plex and had tautulli installed and opened to the outside figuring it was read-only and safe.
Zero day bug in tat exposed his Plex token. They then used another vulnerability in Plex to remote code execute. He was self-hosting a GitHub copy of all the company’s code.
The crypto is decent, it’s electron so it’s source available. If you want to ignore their hosting solution, you can disable the syncing and just take the vault from its config directory and sync it yourself
The real downsides are that it’s not actual open source, so if they decided to screw around with the security or turn the crypto off somebody can’t just fork it.
I’d vote for anytype or obsidian
Anytype has a learning curve, But it has built-in encryption and IPFS syncing provided by the company. The templating system is really slick and the relational aspect is pretty solid.
Obsidian + syncthing fork is a really solid contender. It’s much easier to work with out of the box but the features are a little more generic.
Neither of these are really self-hosted, so much as they are contained in their own ecosystem. You get some measure of higher availability that you have to really work for if you’re really self-hosting a product.
I use Jellyfin for all my video but I use Plex for my audio. Plex app is just so much better than finamp.
Lol, That’s why I self-host so much crap. The only way I can give it to everybody is to make it a web app, or maintain three separate sets of clients.
I’m kind of apprehensive to open up a really small projects on my home network to the outside world. Kudos for maintaining unraid as a platform though.
I might consider running it at my house but my wife is Mac I’m Linux it would only help my kids.
Could It handle mod packages for Java Minecraft or something?
I mean, you get a lot of advantages from fluffy pretty systems. But extracting data from df and systemctl and curling it into telegram is going to be like a 10 line bash script called from a one-line cron job.
I pump a lot of complicated metrics through Prometheus / grafana to get graphs and history.
Most of my critical stuff is still in Nagios and instead of using nagios standardized plugins I just query the operating system directly in bash.
Epson movario has been the closest thing for the longest time, it’s just too expensive for what I want it for.
I just want the price to come down on a decent comfortable not absolutely ugly AR display. I don’t want AI, I don’t want processing power, I just want to be able to display an app or two off my phone in my field of vision, without occluding the rest of what’s there. But even the nicest of the shittiest solutions are over $800.
Not normal. Check Firefox plugins. Maybe disable that safe browsing check option I doubt that’s it but it can’t hurt.
I mean, it’s an ad but it’s also thought-provoking and interesting. Before now we all knew what was happening we just didn’t know the details also kind of interesting to see proof it’s a conversation starter. I think I would have preferred it if the author would have redacted the URL though.
Yeah between the forced binding arbitration and their claims to wanting to start pre-roll ads, Roku is dead to me, I will never buy another device from them nor recommend them to anyone.
It sucked when Crashplan’s home client went under. If you installed the client on two computers with internet access, it would let you set the remote computer as a target. Encryption was done at the source, it had dedupe, versioning. It ate a little ram but it was really nice.
Yep, I tried Tailscale at home… 3 weeks later I started using it at work, so insanely easy.
Test out that Nix, Mine refused to let me install from it when I just shoved their iso in Ventoy.
Someone got a hackintosh running from ventoy on specific hardware
I’m running something surprisingly close to most of what you’re asking for sans the immich which I’m waiting on stability from them first. That warning at the time of their site that says it’s under constant development and not to use it as your primary picture store is a bit worrisome.
Unraid with 2 video cards
Plex gets accessed remotely via its own remote capabilities
Jellyfin gets accessed remotely via tailscale
SearXNG is access remotely via cloudflare
I have a secondary Plex server sitting on a raspberry pi with the backup pi hole
I am preparing to set up a peertube. Haven’t had a lot of luck with the container on unraid. I run a fair amount of proxmox at work so I’ll probably just use proxmox for it.
I run a separate dedicated system completely for my cameras. Not running frigate yet but I’ll get around to it eventually using blue iris at the moment.
My unraid gets as much uptime as updates allow. I love being able to just jbod my media discs together and still have some protection with parity.
I find the containerized version of Plex to be more stable than my VM version but that’s probably my own fault as I’m oversubscribing the vm.
Yeah, it’s about barrier to entry. Any question will bypass dumb automation, even hard captcha is defeated by a Task Rabbit or Fiverr job to make 10 accounts and post some s#!t
Probably at some point in the future, the automation tools they’re using will support throwing in a GPT API token. But AI calls aren’t free so maybe we’ll squeak by.
There’s also the real possibility that if somebody is actually using AI the bot text will be good enough that nobody will know for certain it’s a bot.
Not OP, but my ISP blocks those :)
hell it’s almost worth it just for the Suricata IDS/Blocking :)
Minimum open services is indeed best practice but be careful about making statements that the attack surface is relegated to open inbound ports.
Even Enterprise gear gets hit every now and then with a vulnerability that’s able to bypass closed port blocking from the outside. Cisco had some nasty ones where you could DDOS a firewall to the point the rules engine would let things through. It’s rare but things like that do happen.
You can also have vulnerabilities with clients/services inside your network. Somebody gets someone in your family to click on something or someone slips a mickey inside one of your container updates, all of a sudden you have a rat on the inside. Hell even baby monitors are a liability these days.
I wish all the home hardware was better at zero trust. Keeping crap in isolation networks and setting up firewalls between your garden and your clients can either be prudent or overkill depending on your situation. Personally I think it’s best for stuff that touches the web to only be allowed a minimum amount of network access to internal devices. Keep that Plex server isolated from your document store if you can.