non_burglar
@non_burglar@lemmy.world
- Comment on Tempus v4.0.7 android subsonic client release 4 hours ago:
Nice!! Setting up now.
- Comment on Why do I need a domain to access my Funkwhale library but not SyncThing? 1 day ago:
+1 for afraid.org.
12 years and counting, propagation is sufficiently fast.
- Comment on [deleted] 2 days ago:
Hmmm… Not strong on inference, either…
- Comment on [deleted] 2 days ago:
Really endearing yourself to your users, huh?
- Comment on Internal domain and reverse proxy 2 days ago:
If you’re on the same subnet, no amount of reverse proxy will help with dodgy apps. It’s more appropriate to put the dodgy iot in a DMZ to control what they can do.
Putting https on these is fine, but it’s not a solution to isolating bad clients.
- Comment on Mini pc for home server? 4 days ago:
For two years, yes.
- Comment on A Beginners Guide To Selfhosting Part 1 6 days ago:
Debian’s footguns are better documented and are generally there for good reason. Ubuntu’s footguns are there because “fuck the user”.
- Comment on A Beginners Guide To Selfhosting Part 1 6 days ago:
I love 11ty, I build my blog with it.
- Comment on You'll Own Nothing and It's Awful [Gamers Nexus x Level1Techs] 1 week ago:
worry about socialists
A uniquely American perspective, but I get what you’re saying.
- Comment on Find My Device has moved 1 week ago:
I use the fmd app, I had no idea I could self host the server!
- Comment on Selfhosting Sunday! What's up? 1 week ago:
+1 for CWA
- Comment on Selfhosting Sunday! What's up? 1 week ago:
Building out ansible.
Now it’s creating roles and groups, adding a few items to the hardening playbook, and I’ve been playing with tuning the output as playbooks run.
- Comment on Tempo (fork) v3.17.14 android subsonic client 1 week ago:
Whoah, good initiative!
If you’re looking for any help, I’m willing.
- Comment on Tempo (fork) v3.17.14 android subsonic client 1 week ago:
I’m a Tempo user, and I love it.
If I’m understanding correctly, you are simply carrying on the dev work from Antonio Cappiello?
- Comment on m2 to sata adaptor board suggestions? 1 week ago:
I’ve been through this, and they all suck.
I’ve been using an MT1064 - based one with an 8087 connector to save the wear and tear of multiple connectors. It’s definitely a better physical connection, but the performance is abysmal.
- Comment on Beyond Pi-Hole 2 weeks ago:
I can run app based routing and blocking on my router, but whether that would restrict DNS for those services I don’t know.
That’s the double-edged sword of DNS over https. It allows us to hide our DNS queries from local ISP and others, but it also allows applications to hide theirs also. It just looks like encrypted web traffic to your router.
- Comment on Beyond Pi-Hole 2 weeks ago:
Hard-coded DNS is in the application, you cannot change this from any dhcp option. Browsers do it, lots of versions of prime video apps do it. Google nest and home devices are famous for this.
You can write a NAT rewrite rule at your router to catch any UDP or TCP request on port 53 and send it to your ad-blocking DNS server/forwarder, but you won’t be able to stop DoH (DNS over https), which just leaves the subnet encrypted on 443.
- Comment on Beyond Pi-Hole 2 weeks ago:
Yeah. Real DNS zones that transfer are a thing of beauty.
- Comment on I am attempting to get into self hosting after a shockingly frightening experience. I am very lost though. 2 weeks ago:
What’s the advantage of radicale over NC?
Functionally, they work the same. I got kinda tired of fixing NC every other upgrade, though. It was always some “occ add missing indices” or some similar garbage. Like just solve this, already. Make that part of the upgrade.
- Comment on I am attempting to get into self hosting after a shockingly frightening experience. I am very lost though. 2 weeks ago:
Certain apps do not allow one to use freeotp et al (o365).
- Comment on I am attempting to get into self hosting after a shockingly frightening experience. I am very lost though. 2 weeks ago:
I moved my calendar to Nextcloud, then radicale. My contacts too. Gmail is just a wean away.
My problem is how I’ll be able to deal with work apps like ms authentication. Even if I set up a 2nd “normal” phone for work only, I need to sign in to the play store to get the app… Its a chicken-and-egg problem.
- Comment on I am attempting to get into self hosting after a shockingly frightening experience. I am very lost though. 2 weeks ago:
I’m about 90% decoupled from Google, it’s been a journey.
I’m at the difficult stage of contemplating how to decom my gmail email, and the Google account itself.
I’ll throw my hat in the ring and offer any help if you need it. Similar to others here, I suggest you start with something discrete like photos.
- Comment on Custom Firewall 2 weeks ago:
Well, it wouldn’t hurt anything to install fail2ban and enable the popular templates, but it sounds like you might need to explain your service layout and how it’s exposed to the web before anyone can suggest a security measure.
Generally in the self-hosted space there are two common approaches: set up a VPN into your network for your trusted devices, or set up a reverse-proxy with a trusted tunneling proxy like cloudflare.
That you are seeing “attack attempts” in your caddy logs should be elaborated as well. What exactly are you seeing?
- Comment on Custom Firewall 2 weeks ago:
Not exactly sure what you’re looking for here; neither fail2ban nor crowdsec are firewalls by their strict definitions.
Are you looking for an IDS/IPS or other security measures? If so, what are you trying to secure?
- Comment on Multi node media server 2 weeks ago:
That will unfortunately make any server-side improvements moot. You can scale up transcoding capabilities all you like, but the internet is made of Tubes.
Now if you could find some friends in telecom and have your server live at a peering point…
- Comment on Readarr alternative suggestions? 3 weeks ago:
There isn’t really an agreed-on metadata system for ebooks, which is surprising to me, considering the ISBN system is wells established as a credible source.
Uploading ebooks to my CWA instance is a guaranteed metadata edit on each one.
- Comment on Blocking releasegroups from Sonarr/Radarr 3 weeks ago:
Oh, I missed that. My bad.
- Comment on Blocking releasegroups from Sonarr/Radarr 3 weeks ago:
You can also approach this by blocking file types at the download client.
- Comment on [question] Help me access my local homeserver using a public domain name 3 weeks ago:
Glad you figured it out.
- Comment on [question] Help me access my local homeserver using a public domain name 3 weeks ago:
I know what you’re trying to do, and what those tutorials don’t tell you is that you are shortcutting normal DNS flow, which most apps are expecting.
DNS isn’t designed to work that way, so some apps (like Firefox) with internal hard-coded DNS functions are going to balk at private RFC ips in a DNS record. Or a lack of reverse record.
Again, slow down and think about what your trying to do here. You are complicating your stack for no reason other than you don’t want to set up a local DNS handler.