I am a Meat-Popsicle
Yeah, a company got toasted because one of their admins was running Plex and had tautulli installed and opened to the outside figuring it was read-only and safe.
Zero day bug in tat exposed his Plex token. They then used another vulnerability in Plex to remote code execute. He was self-hosting a GitHub copy of all the company’s code.
The crypto is decent, it’s electron so it’s source available. If you want to ignore their hosting solution, you can disable the syncing and just take the vault from its config directory and sync it yourself
The real downsides are that it’s not actual open source, so if they decided to screw around with the security or turn the crypto off somebody can’t just fork it.
I’d vote for anytype or obsidian
Anytype has a learning curve, But it has built-in encryption and IPFS syncing provided by the company. The templating system is really slick and the relational aspect is pretty solid.
Obsidian + syncthing fork is a really solid contender. It’s much easier to work with out of the box but the features are a little more generic.
Neither of these are really self-hosted, so much as they are contained in their own ecosystem. You get some measure of higher availability that you have to really work for if you’re really self-hosting a product.
I use Jellyfin for all my video but I use Plex for my audio. Plex app is just so much better than finamp.
Lol, That’s why I self-host so much crap. The only way I can give it to everybody is to make it a web app, or maintain three separate sets of clients.
I’m kind of apprehensive to open up a really small projects on my home network to the outside world. Kudos for maintaining unraid as a platform though.
I might consider running it at my house but my wife is Mac I’m Linux it would only help my kids.
Could It handle mod packages for Java Minecraft or something?
Their tech debt for the most part isn’t going to be because of the engine. Certainly some of it is. But starting back over and reimagining most of the code base affords them the time and ability to fix problems that make features problematic. As the spiffing Brit likes to point out every one of their titles is absolutely riddled with game breaking bugs. Doing an engine change has the kind of depth required to let them head those kind of problems off before they happen.
Of course with an entire staff of short timers they’ll quickly just a mess new tech debt as they misgauge things.
I mean, you get a lot of advantages from fluffy pretty systems. But extracting data from df and systemctl and curling it into telegram is going to be like a 10 line bash script called from a one-line cron job.
I pump a lot of complicated metrics through Prometheus / grafana to get graphs and history.
Most of my critical stuff is still in Nagios and instead of using nagios standardized plugins I just query the operating system directly in bash.
Not normal. Check Firefox plugins. Maybe disable that safe browsing check option I doubt that’s it but it can’t hurt.
Either they’ll sort it out or end up going under / getting bought by someone else who will revive it and make more money on it. Nothing really good but nothing’s changed.
Android loves mice and keyboards. A lot of games now support gamepad pretty well too.
I’ve been gaming on my phone using parsec to remote steam and bring the controls back to my gamepad.
Yeah between the forced binding arbitration and their claims to wanting to start pre-roll ads, Roku is dead to me, I will never buy another device from them nor recommend them to anyone.
It sucked when Crashplan’s home client went under. If you installed the client on two computers with internet access, it would let you set the remote computer as a target. Encryption was done at the source, it had dedupe, versioning. It ate a little ram but it was really nice.
Yep, I tried Tailscale at home… 3 weeks later I started using it at work, so insanely easy.
Test out that Nix, Mine refused to let me install from it when I just shoved their iso in Ventoy.
Someone got a hackintosh running from ventoy on specific hardware
I’m running something surprisingly close to most of what you’re asking for sans the immich which I’m waiting on stability from them first. That warning at the time of their site that says it’s under constant development and not to use it as your primary picture store is a bit worrisome.
Unraid with 2 video cards
Plex gets accessed remotely via its own remote capabilities
Jellyfin gets accessed remotely via tailscale
SearXNG is access remotely via cloudflare
I have a secondary Plex server sitting on a raspberry pi with the backup pi hole
I am preparing to set up a peertube. Haven’t had a lot of luck with the container on unraid. I run a fair amount of proxmox at work so I’ll probably just use proxmox for it.
I run a separate dedicated system completely for my cameras. Not running frigate yet but I’ll get around to it eventually using blue iris at the moment.
My unraid gets as much uptime as updates allow. I love being able to just jbod my media discs together and still have some protection with parity.
I find the containerized version of Plex to be more stable than my VM version but that’s probably my own fault as I’m oversubscribing the vm.
Not OP, but my ISP blocks those :)
hell it’s almost worth it just for the Suricata IDS/Blocking :)
Unifi gear is super great value-wise. Their support is lacking, but their equipment is pretty easy to deal with.
UCG is great and cheap.
UDM Pro is more flexible / future proof but also more expensive. (you get POE, and access to the rest of their suite, but that access also comes with some hardware lockin)
They don’t do custom DNS, so a couple of PIE holes or a DNS service are prudent.
Minimum open services is indeed best practice but be careful about making statements that the attack surface is relegated to open inbound ports.
Even Enterprise gear gets hit every now and then with a vulnerability that’s able to bypass closed port blocking from the outside. Cisco had some nasty ones where you could DDOS a firewall to the point the rules engine would let things through. It’s rare but things like that do happen.
You can also have vulnerabilities with clients/services inside your network. Somebody gets someone in your family to click on something or someone slips a mickey inside one of your container updates, all of a sudden you have a rat on the inside. Hell even baby monitors are a liability these days.
I wish all the home hardware was better at zero trust. Keeping crap in isolation networks and setting up firewalls between your garden and your clients can either be prudent or overkill depending on your situation. Personally I think it’s best for stuff that touches the web to only be allowed a minimum amount of network access to internal devices. Keep that Plex server isolated from your document store if you can.