ryokimball
@ryokimball@infosec.pub
- Comment on Getting worn out with all these docker images and CLI hosted apps 1 week ago:
I don’t consider an app deployable until I can run a single script and watch it run. For instance I do not run docker/podman containers raw, always with a compose and/or other orchestration. Not consciously but I probably kill and restart it several times just to be sure it’s reproducible.
- Comment on Tagging music in Jellyfin & Symphonium 2 weeks ago:
My entire music library must pass through beets first. If it’s not automatically tagged I will manually search, and finally (esp for locals’ or friends’ music) I will manually tag it using eyeD3 and import through beets as l-is.
- Comment on How do I avoid becoming one with the botnet? 2 weeks ago:
I think most home lab/shelf hosters start off because they want to learn something. I think (generally, philosophically) many people never start something new even if it interests them because they are afraid. To this point, it sounds like you can either let the fear prevent you from doing what you want, or you can use the fear as a learning tool.
Start simple. Build something very easy and isolated, air gap it if you need to. Figure out how logs and monitoring work, maybe even try attacking it yourself, so you have confidence that even if it’s compromised you will see how and why. Then you can connect it to the internet, isolated from the rest of your network, and then you will learn how well- or un-founded those fears are. Learn even more about monitoring and defending, then start looking for a job as a cybersecurity professional because you are already well underway.
- Comment on How do I avoid becoming one with the botnet? 2 weeks ago:
They don’t have to succeed once.
Use antivirus and other endpoint security measures. Rotate your passwords and keys. Use Everything as Code, and for goodness sake make backups.
If you find yourself compromised, rotate and burn the keys, wipe and redeploy.
- Comment on Help getting started with self hosting Jellyfin via NAS? 3 weeks ago:
I have a much older NAS with not a lot of compute power, but it’s only purpose is to share data. I have a a proxmox server that connects to the NAS through NFS and does the actual transcoding, etc.
- Comment on Selfhosted coding assistant? 3 weeks ago:
I have heard good things about LM Studio from several professional coders and tinkers alike. Not tried it myself yet though, but I might have to bite the bullet because I can’t seem to get ollama to perform how I want.
TabbyML is another thing to try.
- Submitted 4 weeks ago to selfhosted@lemmy.world | 2 comments
- Comment on [deleted] 4 weeks ago:
It is the leading cause of death for ages 1-19 though
- Comment on Humble Bundle have a nice collection of games for handhelds 5 weeks ago:
Got it just for Haste. Might also try Creatures of Ava.
- Comment on This Looks kinda cool, but does anyone have any experience at vetting a project like this? 5 weeks ago:
Looks like on Reddit, the creator is blocking people from reporting things like sending data to foreign servers.
- Comment on What are good option for self hosting home security camera? 5 weeks ago:
I tried using kerberos.io a while back, I did not have success but I think that’s because my setup was wonky. We’re looking into, at least.
Also, HandsOnKatie has done a couple videos on home surveillance, I know she likes ReoLink and Home Assistant But I don’t remember what her full software stack set up as like.
- Comment on Smarties are like the chocolate version of jellybeans 1 month ago:
Not outside the US, specifically I think in Canada they are basically M&Ms
- Comment on How do you healthcheck your containers? 1 month ago:
What happened to grafana and Prometheus?
I have been putting off rebuilding my home cluster since moving but that used to be the default for much of this and I’m not hearing that in these responses.
- Comment on Docker security 2 months ago:
I use podman instead, though I’m honestly not certain this “fixes” the problem you described. I assume it does purely on the no-root point.
- Comment on [deleted] 2 months ago:
You can configure Dropbear to allow SSH unlocking. I have also heard of some key management software over network that can perform this role for you as well.
- Comment on Local DNS on Pihole 2 months ago:
Can you just point the second to the first?
- Comment on [Proxmox] Jellyfin w/ NAS mount + iGPU passthrough 3 months ago:
I want to say iGPU makes things easier, not because of experience but only because I tried passing through an Nvidia card and the instructions all insinuated this was more difficult than any other option
- Comment on [Proxmox] Jellyfin w/ NAS mount + iGPU passthrough 3 months ago:
There is a helper script for jellyfin LXC. From memory I can’t help much, but I suggest searching for that. I think the default specs for disk space and RAM were weak, But setup was easy enough. After the initial helper script, you will need to learn how to mount the NAS into the LXC as well.
- Comment on Turning Grafana into a health tracking app 3 months ago:
Love this. Thanks for sharing.
- Comment on What's the real danger of opening ports? 4 months ago:
You’re correct, imma let voice-to-text take the blame there.
- Comment on What's the real danger of opening ports? 4 months ago:
If you are trying to access several different services through the internet to your home network, you are better off setting up a home VPN then trying to manage multiple public facing services. The more you publish directly to the public, the more difficult it is to keep up with everything; It is likely needlessly expanding your threat exposure. Plus you never know when a new exploit gets published against any of the services you have available.
- Comment on rootless backup or rootless podman volumes? 4 months ago:
Sounds legit to me. Padman could be seen as a separate Unix system or the programs to live in, and therefore would have its own set of user and group IDs. As long as the created files have permissions that are different from The host permissions and they will still be inaccessible without some permission manipulation.
- Comment on What is the easiest way to have a self hosted git server? 4 months ago:
This is not the simplest answer at all but FYI you can also self host gitlab
- Comment on Confirm passthrough understanding for proxmox 5 months ago:
It even sounds like this is handled on proxmox’s side, no need for iommu stuff
- Comment on Confirm passthrough understanding for proxmox 5 months ago:
I did just find this quote on reddit:
A GPU can only be passed through to the a single VM at time though Proxmox can pass it through to multiple containers (LXC) but they can only run Linux instances.
I’ll have to look more into this but sounds promising
- Submitted 5 months ago to selfhosted@lemmy.world | 7 comments
- Comment on so I'm thin skinned and cannot get over established coworkers lazying around massively while I toil. Kudos to all of you who can. I want out. 5 months ago:
This is always a management issue. If the so-called lazy persons are not your management then You should be having a discussion with management about them, though I would still make great effort to not make it trash talk. You should make sure your hard work is being recognized and compensated for.
Of course, if the lazy persons are management, then the job itself was doomed. Remember that most people quit managers, not jobs.
I am not saying you should stick around, just keep this in mind for the next round of employment.
- Comment on Managing proxmox, virtual machines, and others 5 months ago:
AWX is basically Ansible as a service.
Wait. That sounds dumb. Hosted and centralized Ansible?
Idk. Brain not braining. Just saying, it’s worth checking out.
- Submitted 5 months ago to selfhosted@lemmy.world | 12 comments
- Comment on Lowering power consumption on Opteron 5 months ago:
I doubt this would fit your use case but wake-on-lan could keep power draw stupid low when nothing’s being used, at the cost of boot time.
