Cyber

joined 2 years ago
sorted by: new top controversial old
Do you have a plan for your self-hosted data if you die? in c/selfhosted@lemmy.world
[–] Cyber@feddit.uk 1 points 21 hours ago

πŸ‘†πŸ» This is the link everyone needs to look at.

It covers things like keeping your phone active for 2FA, subscriptions that need to be paid until data is saved, etc.

It's what my SO & I use.

Very thorough

You can now use Debian without Linux in c/linux@lemmy.ml
Where to start with backups? in c/selfhosted@lemmy.world
[–] Cyber@feddit.uk 2 points 1 week ago (1 children)

Ah, good old dd

When you have some spare time, take a look at partclone - clonezilla uses it because it only backs up used blocks, not free space, so more efficient.

Where to start with backups? in c/selfhosted@lemmy.world
[–] Cyber@feddit.uk 2 points 1 week ago (3 children)

Interesting.

Yep, I agree there's 2 types of backups:

  • data
  • OS image

Out of curiosity, how are you doing the drive imaging?

Reproducible alternatives to nextcloud? in c/selfhosted@lemmy.world
[–] Cyber@feddit.uk 2 points 1 week ago

Yep, this is what I did too.

I found no-one was using the NC interface and just syncing, so stripped right back.

Stable. Lightweight. Mostly no maintenance (just moving to syncthing-fork)

Why isn't using a key file the most common way to log into self-hosted servers? in c/selfhosted@lemmy.world
[–] Cyber@feddit.uk 2 points 1 week ago

I think the point here is that no-one uploads / enters a password/phrase/file.

Whatever you enter on the keyboard is hashed and the hash is sent. Depending on the protocol, sometimes it's time limited so no-one can record the network traffic and resend the data (replay attack)

Files (SSH keys, certificates, etc) are checked against a (usually) asymetric key exchange algorithm, so they can only compare what's sent if they have the corresponding key to decrypt the cipher.

The length of the password (or file) is basically meaningless. It's just how long it'll take someone to guess it (brute-force), but as the saying goes, you don't break into a house through the door, you go through Windows... ie the weakest link.

In your concept, the weakest link is the meatware: humans. We need ease of use, so, someone will store that file and it'll be compromised, so 64b, 128b or 512b doesn't matter, if they have the file, they're in.

Now... MFA... Now, that's more like it.

Jeff Bezos said the quiet part out loud β€” hopes that you'll give up your PC to rent one from the cloud in c/selfhosted@lemmy.world
[–] Cyber@feddit.uk 2 points 1 week ago (1 children)

At least there's no Windows...

Homelab hardware choices in c/selfhosted@lemmy.world
[–] Cyber@feddit.uk 2 points 2 weeks ago (1 children)

I have a 7530. (Is yours a typo?)

Yes, those instructions look about right.

My pfSense box has the username & password, so the router really is just being used as a dumb modem (I used to use Draytek modems)...

... but...

The router's diagnostics will show the DSL details, so you can check if your external connection is ok (ie OSI Layer1), but it will always think it's offline.

So once you get your OPNSense setup and working, have a look around the Fritz diagnostics and get comfy with what you can / can't see, because when there's a failure you won't know what is really failed.

Also... write down what you did and how to reverse it, as you (or others) might want to reset it to full router if your OPNSense is down.

Homelab hardware choices in c/selfhosted@lemmy.world
[–] Cyber@feddit.uk 2 points 2 weeks ago (3 children)

The advice above matches mine.

I have a home-built pfSense unit and when parts die (not if), then I just replace them with spares I have already waiting... as that box is now critical for you.

I also have a Fritz in bridge mode with the pfSense doing PPPoE through it, so effectively, the firewall is the first real device on the WAN. Makes things much simpler as the WAN interface has status like packet drops, etc, much easier to diagnose issues.

State of the Fin 2026-01-06 | Jellyfin in c/selfhosted@lemmy.world
[–] Cyber@feddit.uk 2 points 3 weeks ago (1 children)

Wow.

Ok, I don't have anywhere near that amount of media, but MythTV takes seconds to rescan ~2TB of videos and maybe a minute to get any missing details like fanart, etc.

Similar amount for music - but I feed it the files after I've run them through Picard.

I've not done a complete rescan of eveything for ages, but from memory it's like an hour absolute tops. More like ~30 mins.

And that's on an underclocked CPU (for quietness).

Reitti v3.1.0: A year of self-hosting my location history (1.1k stars and 46 releases later) in c/selfhosted@lemmy.world
[–] Cyber@feddit.uk 1 points 3 weeks ago (1 children)

This looks very interesting.

I track the family's location with GPS Logger (on Android) and the Home Assistant app on the iPhone user... it's all going to HA at the moment to turn lights on when people get home...

And I have a separate Immich server.

So, reading this, I can combine this all together from HA and Immich - or do I need to send the GPS coordinates to this server too?

I'm also not a container user... skimming the installation section, the instructions appear to be only support docker - are standalone instructions also covered? (I may have missed them...)

But, this looks really nice.

I liked thr piechart where you distinguish between walking, cycling, driving, etc, I presume that's done by velocity...? So, do you calculate that or need that data from the phone app?

Introducing Hypermind: A fully decentralized, P2P, high-availability solution to a problem that doesn't exist. in c/selfhosted@lemmy.world
[–] Cyber@feddit.uk 5 points 3 weeks ago

I don't run any containers and this made me consider trying to get the whole infrastructure setup 😁

71
Holiday Upgrade Disasters (feddit.uk)
 

So, just a light post, I upgraded my Pi4 last night and found the Linux firmware breaks a 32bit install.

I've been meaning to change to 64bit for months, but as it's my DMZ box for torrents, radicale, etc, then it's just finding the right time to convert an adhoc setup into my ansible scripts.

Luckily I had a SD backup from September to get it running again

So, what have you broken over the holidays?

570
Open Source Developers Are Exhausted, Unpaid, and Ready to Walk Away (itsfoss.com)
 

cross-posted from: https://discuss.tchncs.de/post/49194514

17
Any experience of Diode? (feddit.uk)
 

I stumbled across Diode whilst looking for ways to do secure off-site backups (to my own equipment at another house) and it feels like a paid-for TOR (Ok, there is a free option)

I'm looking for any real experience as the site has too much marketing lingo in it:

Every Client is secured with a public/private key self-custody identity

And this doesn't seem very dynamic if I want to change something:

Diode’s Blockchain Name System can be used for Client friendly names

And somewhere on the site it infers unlimited storage...!

So, is the free option worth me looking into, or is it a waste of time?

58
Ansible Playbook - How do I reverse engineer a running system? (feddit.uk)
 

I have a few VMs and PMs around the house that I'd setup over time and I'd now like to rebuild some, not to mention just simplify the whole lot.

How the hell do I get from a working system to an equivalent ansible playbook without many (MANY) iterations of trial & error - and potentially destroying the running system??

Ducking around didn't really show much so I'm either missing a concept / keyword, or, no-one does this.

Pointers?

TIA

1
Vivaldi, now with added VPN (vivaldi.com)
 

Just found my Vivaldi update contained a little more than just bugfixes... it now has Proton VPN built in.

It's actually part of the browser, not an extension, so I'm in two minds whether I like that... or not.

You need either a Vivaldi account or a Proton account, so it's not completely anonymous, but it's a start.

The free-tier of Proton VPN also appears to be bandwidth limited and your exit point is randomised, so... yeah, it's ok...

24
Options for "iPlayer will stop working on this device" (feddit.uk)
 

"On 11th November BBC iPlayer will no longer be available directly on this device."

OK, so, I didn't purchase this particular (Blaupunkt) TV, but as it's my mother's then, well, I'm the one that has to "fix" this.

Personally, I use TVs as a simple screen and watch everything through other devices (Roku, or a Linux PC running MythTV).

I see the BBC website has some links to review sites, but I thought this might be another place to ask for - preferably open source - devices that could be used.

Comments?

45
Any MythTV Users Here? (feddit.uk)
submitted 2 years ago* (last edited 2 years ago) by Cyber@feddit.uk to c/selfhosted@lemmy.world
46 comments fedilink
 

As a long-term MythTV user, I read all the discussion about Plex vs Jellyfin, but I'm still here... recording Live TV, watching films, listening to "me choonz" all on free, open-source software. What am I missing? Any other MythTV users out there?

39
NAS vulnerabilities (www.theregister.com)
submitted 2 years ago* (last edited 2 years ago) by Cyber@feddit.uk to c/selfhosted@lemmy.world
11 comments fedilink
 

Just stumbled across this (overly dramatic?) article and thought I'd just post it here...

It's more to act as a reminder that if you've got a NAS that is serving content to the interwebs, then make sure it's behind a proxy of some kind to prevent weaknesses (ie in the management Web UI) being exposed.

Obvz, this article is pointing to Zyxel, but it could be your DIY home-built NAS with Cockpit: CVE-2024-2947 - just an example, not bashing that project at all.

I've used Squid and HAProxy over the years (mostly on my pfSense box) - but I'd be interested to know if there's other options that I've not heard of

17
pfSense DHCP (& DNS) Performance (feddit.uk)
 

pfSense... Anyone have much experience with the new Kea DHCP server?

I'm using 2.7.2 (Community Edition) on a fairly good Celeron based system that's not heavily loaded, but I have 7 network segments (VLANs and physical interfaces), so I have 7 DHCP pools / configs.

Just adding 1 more static reservation can cause a significant delay when reloading the service and because I register static reservations in DNS, the network loses DNS so I "break the internet" for a short while.

Would Kea fix this?

23
Pause alerts during the night (feddit.uk)
 

Well, as the title says, I've had a few notifications that alerted over night and I'm wanting to sleep instead

These are ntfy alerts, but driven by Uptime Kuma... and I can't find a programmatic / config option that says "don't notify between 11pm and 7am" (but willing to admit I've just not found it... yet...)

I need my (Android, ofc) phone to be on in case of family calls / messages, so I can't use "Do Not Disturb", and remembering to manually mute the ntfy app each night just doesn't make sense to me - computers are quite capable of automating my requirements for me.

So... any pointers? I'm sure you're not all getting alerts at 2am because your ISP dropped a few packets...

17
Desktop Security (feddit.uk)
 

I secure systems for my day job. That means installing AV software, ensuring Windows Firewall is ON, etc. (Plus many other things...)

I've seen discussions around disk encryption here, but I don't recall much about a malware protection. Maybe a little about personal (desktop) firewalls.

I'm aware of Clam, etc, but is anyone actually using these tools much?

Or are we just presuming we're all immune from the bad guys targeting Windows?

23
XMPP... on a Pi? (feddit.uk)
 

So, I've had it up to here (^^^) with the family using WhatsApp, etc and I'm heading off into the land of XMPP to find a better solution.

I've got a Pi3 hanging off my pfSense firewall acting as a kinda DMZ box, so thought I could setup an XMPP server on it (Prosody?)

Any advice? Will the Pi crumble (see what I did there) under the pressure of 4 people using it?

Issues with proxying outside with a Lets Encrypt cert on the pfSense box, but maybe not inside the network?

"Better" server software?

Thanks

view more: next β€Ί