I’m on the alpha and it still won’t update any of my feeds. And going through the github issues it is basically summed up as “We will do another stable release once we have a frontend developer” which is basically never. So, at best, it will work until it doesn’t and then I have to fix it myself yet again and… yeah.
And if my choice is to run an older version of nextcloud to support one app? Hell no.
It’s almost like this behavior comes from the training data.
More drives is always better. But you need to understand how you are making it better.
https://en.wikipedia.org/wiki/Standard_RAID_levels is a good breakdown of the different RAID levels. Those are slightly different depending on if you are doing “real”/hardware RAID or software raid (e.g. ZFS) but the principle holds true and the rest is just googling the translation (for example, Unraid is effectively RAID4 with some extra magic to better support mismatched drive sizes)
That actually IS an important thing to understand early on. Because, depending on the RAID model you use, it might not be as easy as adding another drive. Have three 8 TB and want to add a 10? That last 2 TB won’t be used until EVERY drive has at least 10 TB. There are ways to set this up in ZFS and Ceph and the like but it can be a headache.
And the issue isn’t the cloudflare tunnel. The issue is that you would have a publicly accessible service running on your network. If you use the cloudflare access control thing (login page before you can access the site) you mitigate a lot of that (while making it obnoxious for anything that uses an app…) but are still at the mercy of cloudflare.
And understand that these are all very popular tools for a reason. So they are also things hackers REALLY care about getting access to. Just look up all the MANY MANY MANY ransomware attacks that QNAP had (and the hilarity of QNAP silently re-enabling online services with firmware updates…). Because using a botnet to just scan a list of domains and subdomains is pretty trivial and more than pays for itself after one person pays the ransom.
As for paying for that? I would NEVER pay for nextcloud. It is fairly shit software that is overkill for what people use it for (file syncing and document server) and dogshit for what it pretends to be (google docs+drive). If I am going that route, I’ll just use Google Docs or might even check out the Proton Docs I pay for alongside my email and VPN.
But for something self hosted where the only data that matters is backed up to a completely different storage setup? I still don’t like it being “exposed” but it is REALLY nice to have a working shopping list and the like when I head to the store.
A LOT of questions there.
Unraid vs Truenas vs Proxmox+Ceph vs Proxmox+ZFS for NAS: I am not sure if Unraid is ONLY a subscription these days (I think it was going that way?) but for a single machine NAS with a hodgepodge of drives, it is pretty much unbeatable.
That said, it sounds like you are buying dedicated drives. There are a lot of arguments for not having large spinning disk drives (I think general wisdom is 12 TB is the biggest you should go for speed reasons?), but at 3x18 you aren’t going to really be upgrading any time soon. So Truenas or just a ZFS pool in Proxmox seems reasonable. Although, with only three drives you are in a weird spot regarding “raid” options. Seeing as I am already going to antagonize enough people by having an opinion, I’ll let someone else wage the holy war of RAID levels.
I personally run Proxmox+Ceph across three machines (with one specifically set up to use Proxmox+ZFS+Ceph so I can take my essential data with me in an evacuation). It is overkill and Proxmox+ZFS is probably sufficient for your needs. The main difference is that your “NAS” is actually a mount that you expose via SMB and something like Cockpit. Apalrd did a REALLY good video on this that goes step by step and explains everything and it is well worth checking out https://www.youtube.com/watch?v=Hu3t8pcq8O0.
Ceph is always the wrong decision. It is too slow for enterprise and too finicky for home use. That said, I use ceph and love it. Proxmox abstracts away most of the chaos but you still need to understand enough to set up pools and cephfs (at which point it is exactly like the zfs examples above). And I love that I can set redundancy settings for different pools (folders) of data. So my blu ray rips are pretty much YOLO with minimal redundancy. My personal documents have multiple full backups (and then get backed up to a different storage setup entirely). Just understand that you really need at least three nodes (“servers”) for that to make sense. But also? If you are expanding it is very possible to set up the ceph in parallel to your initial ZFS pool (using separate drives/OSDs), copy stuff over, and then cannibalize the old OSDs. Just understand that makes that initial upgrade more expensive because you need to be able to duplicate all of the data you care about.
I know some people want really fancy NASes with twenty million access methods. I want an SMB share that I can see when I am on my local network. So… barebones cockpit exposing an SMB share is nice. And I have syncthing set up to access the same share for the purpose of saves for video games and so forth.
Unraid vs Truenas vs Proxmox for Services: Personally? I prefer to just use Proxmox to set up a crapton of containers/vms. I used Unraid for years but the vast majority of tutorials and wisdom out there are just setting things up via something closer to proxmox. And it is often a struggle to replicate that in the Unraid gui (although I think level1techs have good resources on how to access the real interface which is REALLY good?).
And my general experience is that truenas is mostly a worst of all worlds in every aspect and is really just there if you want something but are afraid of/smart enough not to use proxmox like a sicko.
Processor and Graphics: it really depends on what you are doing. For what you listed? Only frigate will really take advantage and I just bought a Coral accelerator which is a lot cheaper than a GPU and tends to outperform them for the kind of inference that Frigate does. There is an argument for having a proper GPU for transcoding in Plex but… I’ve never seen a point in that.
That said: A buddy of mine does the whole vlogger thing and some day soon we are going to set up a contract for me to sit down and set her up an exporting box (with likely use as a streaming box). But I need to do more research on what she actually needs and how best to handle that and she needs to figure out her budget for both materials and my time (the latter likely just being another case where she pays for my vacation and I am her camera guy for like half of it). But we probably will grab a cheap intel gpu for that.
External access: Don’t do it, that is a great way to get hacked.
That out of the way. My nextcloud is exposed to the outside world via a cloudflare tunnel. It fills me with anxiety but as long as you regularly update everything it is “fine”.
My plex? I have a lifetime plex pass so I just use their services to access it remotely. And I think I pay an annual fee for homeassistant because I genuinely want to support that project.
Everything else? I used to use wireguard (and openvpn before it) but actually switched to tailscale. I like the control that the former provided but much prefer the model where I expose individual services (well, VMs). Because it is nice to have access to my cockpit share when I want to grab a file in a hotel room. There is zero reason that anything needs access to my qbitorrent or calibre or opnsense setup. Let alone even seeing my desktop that I totally forgot to turn off.
But the general idea I use for all my selfhosted services is: The vast majority of interactions should happen when I am at home on my home network. It is a special case if I ever need to access anything remotely and that is where tailscale comes in.
Theoretically you can also do the same via wireguard and subnetting and vlans but I always found that to be a mess to provide access both locally and remotely and the end result is I get lazy. Also, Tailscale is just an app on basically any machine whereas wireguard tends to involve some commands or weird phone interactions.
Not sure if google is particularly different but the way this works for the other services is basically low energy bluetooth scanning coupled with the phones providing their location*. So basically all the devices on that scanning/spy network periodically ping/listen for nearby devices/trackers. When it finds one, it sends a quick message to the servers with that phone’s location and the ID of the tracker. Get enough of those pings and you can triangulate the position of the tracker pretty precisely.
Which… is why this fundamentally does not work with “hacker” solutions that allegedly emphasize privacy. Because you just don’t have enough devices listening. This was painfully obvious with tile back in the day and is still an issue with Samsung in some countries.
*: Via a combination of gps, cell tower, and wifi network scanning. The less obvious part of that being wifi networks which is the majority of how interior positioning works.
I mean… bluetooth is literally broadcasting your position (sort of/it depends on the implementation). It is not at all a stretch that you should turn that off if you care about privacy. Same with not scanning for what wifi networks are available or even pinging GPS satellites (because that leaves a log). Hell… cell tower logs are a treat for cops/TLAs for a reason.
Aside from that? Good for you. If you actually follow through on that I can respect it. My point is more that this particular solution seems like the worst of all worlds.
Either you are demolishing your battery with regular phone homes to a server you hopefully control or you are relying on a push via SMS and the hope that you lose your phone somewhere you havea reception. And you still only have YOUR phone and YOUR network to track it which has significant drawbacks if you travel.
If people truly change their lives and focus on it, you can do a lot. But it does not take much, at all, to become compromised to one degree or another and people vastly underestimate the amount of redundancy. Or even the impact of a sibling or partner or even friend.
Instead, the common case is people will tweak one small aspect and think that does anything other than inconvenience them. Or, worse, they’ll watch a youtube and decide to put EVERYTHING through their vpn which… defeats the purpose because they are still one easily collated set of profiles/cookies that can trivially reveal that “Fred Smith in Afghanistan” is really “Fred Smith in North Carolina”
Which is why my approach is that there is data I very much want to protect and data I know I can’t. So I focus on understanding the former while doing what I can with the latter.
And something like this? There are probably specific niche use cases for this. But it is a product/service that fundamentally requires aggregated data. And, depending on the implementation, it is going to fuck with your battery hard.
I guess. But it is really going to depend on where you live and just how frequently it does dial home.
My personal use for these networks is luggage tags. But a friend lost her phone on a hike a few years back and the find my phone stuff was more or less useless due to poor reception and ever dwindling battery.
The real benefit is the low energy bluetooth magic and OTHER devices to do the phoning home. Because maybe I have shit reception but someone hiking a hundred feet away has good reception and updates the ping.
Took a bit to figure out what it was even claiming to do
When enabled your phone constantly sends e2e encrypted your location to the server where you can than access it from a webbrowser.
God no. Just take a hatchet to my battery and be done with it.
Also: Until a month or two ago, sure. But google finally got their shit together-ish and set up a tracking network the same as apple and samsung. And that is what you are sacrificing your privacy for. Yes, you give Big Tech tracking information… that they already have. In exchange you can actually have peace of mind of knowing your luggage is in the same airport or even where you parked. And you can’t really self-host a crowd-sourced network.
Not sure if they had a third party manage it for them (there has been a LONG history of super vague “secret” dealings) but it was for their kickstarter rewards through backerkit or whatever. So the same survey you get asking how many extra books you want to buy or whatever.
King under the Mountain always rubbed me wrong. They hit right at the tail end of “wow. kickstarter is awesome” and right before people realized how many DF-like colony sims there actually were. And then their kickstarter survey, for a key with no add-ons, required an insane amount of personal information. I think they claimed it was for VAT but saw a few “ask a lawyer” threads that pointed out that was nonsense and could have been done with a checkbox.
And the super duper secret publisher right around the time interest was spiking because of DF-GUI was more than a bit sketchy
I dunno. I know that it is hell out there for indie devs (not so much in 2021/2022 but…) but all that combined with the game never feeling like more than a “unity school project” REALLY raises a massive number of red flags. Probably just a single kid in over their head and trying to act like a “real” studio but… yeah.
Still, good to see it was released as open source and here is hoping the fanbase that glommed onto this can carry it forward.
Ventoy is a tool I want to use and that would regularly fix issues when I am simultaneously provisioning and diagnosing a system.
But it feels like it breaks if you even look at it in an unexpected manner or if any distro updates at all.
So end result is it works once or twice and then I need to reformat the stick to pop on mint or debian server or whatever anyway.
Yeah… anyone who believes that meme has never interacted with a customer.
People who get angry about an emulator not having the right capitalization on a menu twelve layers deep is shitty. So are people who have a single site license but insist you need to add twelve features or they will take their business elsewhere. And they usually interact with Sales who give less than a single fecal particle and just make tickets and start blaming you for all the problems in their life.
I just use a pretty generic z-wave plug and home assistant. In the past I did more complex setups that actually determine what process is spiking and so forth. But eventually realized that “this is doing a lot of compute…” is a catch all for a LOT of potential issues.
And I guess I don’t understand what you mean by “shouldn’t be wireless”. It is inherently going to be wireless because you will be on your phone on the other side of the planet. If you genuinely suspect you will be vulnerable to attacks of this scale then you… probably have other things to worry about.
But as a safety blanket?
With my firewall disabled a lot of my internal network (including home assistant) will fall over sooner than later.
But that is also a recipe for mass stress. Because I know “something happened”. And now I know “in six hours, I need to check in and make sure that ‘something’ is still not happening”. Which is extra shitty if I got the notification late evening local time.
I have friends/neighbors that I trust to swing by and push a button in the event I need to bring it back up before I get home. But if I have reached the point of “it is possible my wireguard credentials were compromised?” then I really don’t need to be able to download the next episode of ATLA NOW.
Never used it “in anger” but:
I have my firewall plugged into a metered outlet (plugged into a UPS). I have it set up to send me alerts if power draw increases beyond a certain threshold. I’ve tested it and wireguard is measurable (yay) but so are DDOS attacks. If I get that alert, I can choose to turn off that plug and take my whole network offline until I get home and can sort that out.
Gotten a few false positives over the years but mostly that is just texting my partner to ask what they are doing.
Oooooooh.
Thanks. Will take a look to try and figure out their terminology for this.
I think that is the seat based one I see recommended all the time.
I understand that hub and spoke models are inherently questionable security wise and switching to a mesh based approach is probably the answer. But it tends to make for a mess of needing to make sure my various “homelab” servers are aware and so forth.
Yeah. I expect basically any publicly available instances to get C&Ds REAL fast.
And a p2p archive.org will basically never work. For the same reasons that the various NSFW lemmy instances get defederated from almost instantly. Because there is room for discussion on sites that highlight nudity in movies. There isn’t much room to discuss when it is nothing but revenge porn, “fappening links”, ripped OF content, and (inevitably) child porn.
Stuff like this… I am sure there are niches but I am not seeing a lot of benefit over either a folder or a notes app that lets me upload PDFs (or even just google drive). But once you try to build a “community” you are going to have the same moderation issues amplified a hundred fold.
Yeah. This isn’t the first time the news app and the core nextcloud updates have fought each other in weird and mysterious ways (for me or others). I forget how I solved it last time (I think it was a similar case of needing to manually update to bleeding edge and then tweak things) but… I just don’t care anymore.
I don’t know who is right or wrong in how nextcloud is maintained (my instinct is the nextcloud devs because… have you seen nextcloud? but also, most apps don’t have this recurring problem). But at this point, the benefits I get out of it are largely gone. And when so many issues boil down to “We need more people and resources to maintain this”, it kind of feels like getting off the train BEFORE it crashes rather than after.