And frankly, even if he’s not a facist himself, the CEO saying something that fucking stupid makes me think that you shouldn’t trust him to run the slurpee machine at a 7-11, let alone something sensitive like your email.

You say poor opsec, I say free advertising.

Would anyone in this thread have paid ANY attention to this movie otherwise?

To self-host, you do not need to know how to code.

I agree but also say that learning enough to be able to write simple bash scripts is maybe required.

There’s always going to be stuff you want to automate and knowing enough bash to bang out a script that does what you want that you can drop into cron or systemd timers is probably a useful time investment.

No.

I pirate everything, but am very very reluctant to do so with software or games.

I only pirate in cases where the company involved is just too gross to support (looking at you, Adobe), or if there’s absolutely no other option.

But I consider pirated software and games absolutely suspect 100% of the time, because I’m old enough to remember when every keygen was also a keylogger, and every crack was also a rootkit and touching any pirated software was going to give you computer herpes without fail.

So maybe it’s not that bad anymore, but I mean, do you fully trust in the morals of someone who would spend the time helping you steal someone else’s shit to not add just one more little thing to it for themselves?

I don’t disagree, but if it’s a case where the janky file problem ONLY appears in Jellyfin but not Plex, then, well, jank or not, that’s still Jellyfin doing something weird.

No reason why Jellyfin would decide the French audio track should be played every 3rd episode, or that it should just pick a random subtitle track when Plex isn’t doing it on exactly the same files.

As far as it matters for this, a hypervisor is a hypervisor.

I use qemu/kvm because it’s what I’m used to on the linux side, but I don’t think it has any particular feature that makes it more safe compared to like virtualbox or vmware or anything else.

It’s such the best meme, and a thing that so many people need to see at every opportunity so keep posting it.

Yeah, I don’t let anything that has to be cracked out of an isolated VM until it’s VERY clear that nothing untoward is going on.

QEMU has proven perfectly lovely for a base to use for testing questionable software, and I’ve got quite a lot of VMs sitting around for various things that ah, have been acquired.

If you share access with your media to anyone you’d consider even remotely non-technical, do not drop Jellyfin in their laps.

The clients aren’t nearly as good as plex, they’re not as universally supported as plex, and the whole thing just has the needs-another-year-or-two-of-polish vibes.

And before the pitchfork crowd shows up, I’m using Jellyfin exclusively, but I also don’t have people using it who can’t figure out why half the episodes in a tv season pick a different language, or why the subtitles are somtimes english, and sometimes german, or why some videos occasionally don’t have proper audio (l and r are swapped) and how to take care of all of those things.

I’d also agree your thought that docker is the right approach to go: you don’t need docker swarm, or kubernetes, or whatever other nonsense for your personal plex install, unless you want to learn those technologies.

Install a base debian via netinstall, install docker, install plex, done.

I’m not saying it is or is not a false positive, so please read the rest of my comment with that in mind.

But, that said, this is not new: AV has triggered on cracks and cheat software and similar stuff since forever.

The very simplified explanation is that the same things you do to install a rootkit, you do to cheat in a game with or crack software DRM.

Bigger but, though: cracks and game cheats have also been a major source of malicious software for just as long, so like, it’s also entirely likely that it’s a good catch, too.

Timely post.

I was about to make one because iDrive has decided to double their prices, probably because they could.

$30/tb/year to $50/tb/year is a pretty big jump, but they were also way under the market price so capitalism gonna capital and they’re “optimizing” or someshit.

I’ve love to be able to push my stuff to some other provider for closer to that $30, but uh, yeah, no freaking clue who since $60/tb/year seems to be the more average price.

Alternately, a storage option that’s not S3-based would also probably be acceptable. Backups are ~300gb, give or take, and the stuff that does need S3-style storage I can stuff in Cloudflare’s free tier.

+1 for Frigate, because it’s fantastic.

But don’t bother on an essentially depreciated google product, and skip the coral.

The devs have added the same functionality on the GPU side, and if you’ve got a gpu (and, well, you do, because OpenVino supports intel iGPUs) just use that instead and save the money on a coral for something more useful.

In my case, I’ve both used a coral AND openvino on a coffee lake igpu, and uh, if anything, the igpu was about 20% faster inference times.

A thing you may not be aware of, which is nifty, is the M.2 -> SATA adapters.

They work well enough for consumer use, and they’re a reasonably cheap way of adding another 4-6 SATA ports.

And, bonus, you don’t need to add the heat/power and complexity of some decade old HBA to the mix, which is a solution I’ve grown to really, really, dislike.

The chances of both failing is very rare.

If they’re sequential off the manufacturing line and there’s a fault, they’re more likely to fail around the same time and in the same manner, since you put the surviving drive under a LOT of stress when you start a rebuild after replacing the dead drive.

Like, that’s the most likely scenario to lose multiple drives and thus the whole array.

I’ve seen far too many arrays that were built out of a box of drives lose one or two, and during rebuild lose another few and nuke the whole array, so uh, the thought they probably won’t both fail is maybe true, but I wouldn’t wager my data on that assumption.

(If you care about your data, backups, test the backups, and then even more backups.)

You can find reasonably stable and easy to manage software for everything you listed.

I know this is horribly unpopular around here, but you should, if you want to go this route, look at Nextcloud. It 's a monolithic mess of PHP, but it’s also stable, tested, used and trusted in production, and doesn’t have a history of lighting user data on fire.

It also doesn’t really change dramatically, because again, it’s used by actual businesses in actual production, so changes are slow (maybe too slow) and methodical.

The common complaints around performance and the mobile clients are all valid, but if neither of those really cause you issues then it’s a really easy way to handle cloud document storage, organization, photos, notes, calendars, contacts, etc. It’s essentially (with a little tweaking) the entire gSuite, but self-hosted.

That said, you still need to babysit it, and babysit your data. Backups are a must, and you’re responsible for doing them and testing them. That last part is actually important: a backup that doesn’t have regular tests to make sure they can be restored from aren’t backups they’re just thoughts and prayers sitting somewhere.

I don’t have a specific place; just some of the private general-purpose trackers I’m on will occasionally have someone come by and dump a pile of STLs from various places on them.

(The private part, unfortunately, means I can’t actually share more, sorry - fight club rules and whatnot.)

There’s some cryptobro projects about sticking distributed file sharing on top of ~ THE BLOCKCHAIN ~.

I’m skeptical, but it might actually be a valid use of such a thing.

There’s a ton of commercial/locked-behind-patreon stuff, usually around things like RPG scenery or figures and such.

Like, an immense library of shit that’s not free.

What, you mean you don’t play games and go “Well that looked great! Well worth my time!” like an awful lot of the AAA game industry appears to think gamers do?

Huh.

Seriously though, I’m curious how we ended up in the make-shit-prettier race and not a make-the-writing-good, or make-the-game-actually-fun, or even things like make-more-than-two-dungeons (looking at you, Starfield) race.

Especially given the cost to me, personally, to keep upgrading my GPU has reached an untenable level: I’m sure as crap not paying $2000 for a new GPU just so we get a few extra frames of hair jiggle or slightly better lighting or whatever.

What platform would you perhaps be interested in?

ArchiveBox is great.

I’m big into retro computing and general old electronics shit, and I archive everything I come across that’s useful.

I just assume anything and everything on some old dude’s blog about a 30 year old whatever is subject to vanishing at any moment, and if it was useful once, it’ll be useful again later probably so fuck it, make a copy of everything.

Not like storage is expensive, anyway.

It’s viable, but when you’re buying a DAS for the drives, figure out what the USB chipset is and make sure it’s not a flaky piece of crap.

Things have gotten better, but some random manufacturers are still using trash bridge chips and you’ll be in for a bad time. (By which I mean your drives will vanish in the middle of a write, and corrupt themselves.)

Am I missing something, or is this just the argo tunnel thing Cloudflare has offered for quite a while?

10000% this.

Tell me what it does, and SHOW me what it does.

Because guessing what the hell your thing looks like and behaves like is going to get me to bounce pretty much immediately because you’ve now made it where I have to figure out how to deploy your shit if I want to know. And, uh, generally, if you have no screenshots, you have no good documentation and thus it’s going to suuuuck.

It’s because of updates and who owns the support.

The postgres project makes the postgres container, the pict-rs project makes the pict-rs container, and so on.

When you make a monolithic container you’re now responsible for keeping your shit and everyone else’s updated, patched, and secured.

I don’t blame any dev for not wanting to own all that mess, and thus, you end up with seperate containers for each service.

Time to rename the blue shell to The Shell of Equity, I guess?

I’d probably go with getting the ISP equipment into the dumbest mode possible, and putting your own router in it’s place, so option #2?

I know nothing about eero stuff, but can you maybe also put it into a mode that has it doing wifi-only, and no routing/bridging/whatever?

Then you can just leave the ISP router in place, and just use them for wifi (and probably turn off the wifi on the ISP router, while you’re in there).

Then the correct answer is ‘the one you won’t screw up’, honestly.

I’m a KISS proponent with security for most things, and uh, the more complicated it gets the more likely you are to either screw up unintentionally, or get annoyed at it, and do something dumb on purpose, even though you totally were going to fix it later.

Pick the one that makes sense, is easy for you to deploy and maintain, and won’t end up being so much of a hinderance you start making edge-case exceptions because those are the things that will 100% bite you in the ass later.

Seen so many people turn off a firewall or enable port forwarding or set a weak password or change permissions to something too permissive and just end up getting owned that have otherwise sane, if maybe over-complicated, security designs and do actually know what they’re doing, but just getting burned by wandering off from standards because what they implemented originally ends up being a pain to deal with in day-to-day use.

So yeah, figure out your concerns, figure out what you’re willing to tolerate in terms of inconvenience and maintenance, and then make sure you don’t ever deviate from there without stopping and taking a good look at what you’re doing, what could happen if you do it, and coming up with a worst-case scenario first.

What’s your concern here?

Like who are you envisioning trying to hack you, and why?

Because frankly, properly configured and permissioned (that is, stop using root for everything you run) container isolation is probably good enough for anything that’s not a nation state (barring some sort of issue with your container platform and it having an escape), and if it is a nation state you’re fucked anyways.

But more to your direct question: I actually use dns scopes and nginx acls to seperate public from private. I have a *.public and a *.private cname which points to either my external or internal IP, and ACLs in the nginx site configuration to scope where access is allowed.

You can’t access a *.private host outside the network, but can access either from inside it, and so (again, barring nginx having an oopsie somewhere) it’s reasonably secure and not accessible, and leaves a very clear set of logs (and I’m pulling those logs in and parsing them for anything suspicious and doing automated alerting if I find anything I would not otherwise expect) so I’m happy enough with the level of security that this is, when paired with the services built-in authentication options.

When you say you ‘can’t access local devices’ is it just via the browser, or can you also not ping/telnet/ssh/whatever?

I’ve done it twice!

I’ve always debated between it needing to be on my resume as an ‘Achievement’ or not.

Couple of weeks ago. NSI decided to push some of their domains into CLIENT HOLD status, and that will cause DNS resolution to stop working for the domain.

Took down uh, well, everything: https://status.digitalocean.com/incidents/jm44h02t22ck

[Edit] I’ll have to see if I can find the video.

I can save you the time there, at least: https://youtu.be/hiwaxlttWow

Honestly, I’d contact their support and ask what their processes are and what timelines they give customers for a response/remediation before they take action.

Especially ask how they notify you, and how long they allow for a response before escalation to make sure that’s something you can actually get, read, and do something about within.

It might not be a great policy, but if you at least know what might happen, it gives you the ability to make sure you can do whatever you need to do to keep it from becoming a larger issue.

Everyone loves to hate on Cloudflare, but uh, duh, of course a US company will comply with a request under US law that they have to comply with?

If you don’t want your shit DMCAed, don’t use anything based in the US to provide it.

Go host somewhere that doesn’t have smiliar laws and won’t comply with foreign requests.

There was a recent video from everyone’s favorite youtube Canadians that tested how many USB devices you can jam onto a single controller.

The takeaway they had was that modern AMD doesn’t seem to give a shit and will actually let you exceed the spec until it all crashes and dies, and Intel restricts it to where it’s guaranteed to work.

Different design philosophies, but as long as ‘might explode and die for no clear reason at some point once you have enough stuff connected’ is an acceptable outcome, AMD is the way to go.

This new uh, tactic? of going after a registrar instead of a hosting provider with reports is a little concerning.

There’s an awful lot of little registrars that don’t have any real abuse department and nobody is going to do shit other than exactly this: take it down and worry about it next week when they have time.

It really feels like your choice of registrar is becoming as much or more important than your choice of hosting provider, and the little indie guys are probably the wrong choice if you’re running a legitimate business as you’re gonna need one that has enough funding and a proper team to vet reports before clobbering your site.

On the OTHER hand, Network Solutions is just took down DigitalOcean for no reason, so maybe they all suck?

I mean not the first time they’ve sued over cheats, and they very much took a sweeping victory last time.

I’d expect the same DMCA circumvention provision along with the always fun “Well, literally everything you did is also a CFAA violation so maybe you want to settle now before we try to get you extradited to the US on federal felony charges” threat would result in pretty much the same outcome here.

Looks like others have provided MOST of the answers.

Radarr/sonarr do the heavy lifting making symlinks where symlinks are required, but there’s still the occasional bit of manual downloading.

I also have a script that’ll check for broken symlinks like once a week and notify me of them and I’ll go through and clean them up occasionally, but that’s not super common and only happens if I’m manually removing content I made manual symlinks for, since I’ll just let radarr/sonarr deal with it otherwise.

(The full stack is jellyseerr -> radarr/sonarr -> qbittorrent/sabnzb -> links for jellyfin)

I just select the files I want from the bigger torrents, and then proceed to not touch it ever again, unless I want to add more stuff to the downloaded files.

I also don’t move things around - I’m on Linux so all the torrents live in one place with symlinks pointing to where I need/want the data to be as I figured out yeeeears ago that trying to manage a couple thousand active torrents while having the data spread everywhere is a quick trip to migrane town.