non_burglar

Why? Nothing about self-hosted is FOSS-only. There’s a big overlap, to be sure, but this knee-jerk reaction to paid and closed-source apps doesn’t help anyone.

That makes sense. I use NFS, so there are other controls for security because “offsite” is another building on my property, but still in the same pool of subnets…

What’s the rationale for this? Genuinely curious.

They are set-and-forget, and no network engineers like tuning WiFi. I think the value is in not having to touch it.

Way back, i used to have a Linux TV with an app called Clementine on it for music. The magic was being able to just hit play on a song and the playlist used the scrobbles for LastFM to keep the thing going. Great for evenings with friends, it was like having Spotify before Spotify existed.

Feishin does this! It tries to keep the same style going, although I now used ListenBrainz instead.

Feishin has turned put to be pretty great.

Yeah, this is what led me to convert my APs to openwrt

Clamav is woefully behind on definitions, just be aware of that.

Your overuse of terms you don’t quite understand suggests your deep-dive isn’t that technical.

None of what your blurb says is new, and DPI has been around for longer than ten years.

You’d just take longer with more effort to get there

That may be. But I’ll retain what I learned.

I’ll repeat myself: GO LEARN IT YOURSELF.

Yeah. Let’s not learn what the logs means ourselves or anything.

Jfc, no one wants to think for themselves anymore. Your brain is shrinking. Read a book.

DDOS attacks do not always happen on https, though. You can overwhelm a system with DNS, NTP, or even just malformed packets. Anubis would do nothing for this.

You cannot stop a DDOS, you can only mitigate one with more capacity. That’s why there are only a few big players who can do it.

Canonical itself was unable to stop a DDOS attack and they’re distributed. You won’t stop a DDOS if that DDOS is meant for you.

No, Anubis creates a throttle to stop ai scrapers from taking down https web resources.

Well, this is a question about your family’s and your stance on piracy, the self-hosting part is immaterial to your decision.

Personally I would have used TIFF

Damn, unlimited storage? In this economy?

This is all true.

However, I’ve had my subdomains since 2008 and never had any kind of issue, so I can vouch for freedns.

They’re an emblem of the spirit of what the internet should be.

Just live with a terrible name and it will keep being free. I’ve had my mooo.com subdomains for years.

Can’t sort your files by file name with that, though.

ISO 8601. For your health.

As others have mentioned here, there is a lot of natural overlap with vps renting, hardware re-use, gerenal approaches to managing infrastructure, docker, and Linux on general. I don’t even mind networking questions here.

When questions stray in that aren’t really that relevant, like beginner Linux questions, someone is generally nice enough to point to a more appropriate community.

What I think wastes time in this community are the gatekeeping topics like “your vps isnt self-hosting”.

Awesome.

Reminds me of the pain setting up mythtv, but thr rewards were worth it.

Well, seems like it was time well spent in any case.

If you have classic upstream buffer bloat, there are a couple of traffic shaping algorithms (cake and fq_codel) that work really well with the majority of competent routers, including opnsense/pfsense.

Traffic shaping is definitely a can of worms, but fun to learn.

Wow, you diagnosed buffer bloat and applied the fix to your LAN side? Sooo much work…

The problem is unlikely to have been on the proxmox side. Multiqueue only allows virtio to multithread TCP connections via the host CPU using more than one virtual cpu, but this is essentially like aggregating a network link; it will increase bandwidth, but not throughput. Besides, the actual limit for the proxmox internal bridge and virtio NICs is “whatever the cpu can manage”, which is sometimes over 10Gb. It’s unlikely to be slowing down traffic coming from your vms.

You are trying to de-jargon topics, and that’s fine, but the two following categories do not help, they are localized habits and don’t have any value to non-english or nontechnical people, or both:

• shortenings: a11y for accessibility is not a common contraction, it’s not helpful for anyone to understand the term itself
• names of services: CF for cloudflare is not something worth defining. Names change, and you wouldn’t see this in a professional document. It’s like defining “lol”, the acronym is shorthand in typed communication, not technical jargon.

Side note, DNS stands for domain name system, it has never meant domain name service.

Ia it the best probably not but its still good well functioning equipment, for what it offers.

Sure, for “power users”, maybe a small business, it’s fine. It’s just not very sophisticated under the hood. The point of Ubiquiti is the “easy” part.

but also good gear mostly

I used to believe this. Then I flashed openwrt on my two ubiquiti access points and they are actually more stable and faster.

Ubiquiti is great at marketing.

It’s fine for me

once gadgetbridge finishes support

You do realize gadgetbridge is entirely volunteer-driven, right?

Idle power is determined some by the system controlling its own load, but also by the PSU itself. HP and dell units lock down which PSU you can use with them, but lots don’t, meaning you can get a 19v 90W power supply or a 19v 175W power supply, but it won’t mean anything if the PSU doesn’t have the ability to scale down with load.

That’s what those bronze/silver/fold/platinum ratings are about on atx PSUs.

Anyway, good list. This was just a comment about that. Power is weird.

Oh, yeah, absolutely. Suricata was created not long after snort, in the days when an ids did the gathering and the correlation.

You’re totally right, the way most people and orgs do it today is to ship ids logs to a siem for the correlation, overall easier to manage. ELK is the go-to for most, not sure about wazuh, I’ve only seen it in the homelab space, but it might work.

There is a distro (not totally open source) called SELKS, which sets up suricata, elastic and some other tooling (kibana) in a commonly-used setup. I deploy it a lot because it saves time with the non-security setup with dB’s and such. Pretty easy to point syslog to it and you can see alerts right away and start tuning.

I’m envious of your position, I learned a lot setting this stuff up.