Not spesifically helpful with your cgnat-situation, but my jellyfin runs on a isolated network and it’s just directly exposed to the internet via named reverse proxy in order to share the library with family and friends. Should someone get access to that they can obviously use the VM for nefarious purposes, but it’s a known risk for me and the attacker would need to breach trough either my VLAN isolation or out of the virtual environment to my proxmox host if they wanted to access my actually valuable data.

Sure, there’s bots trying every imaginable password combination and such, but in my scenario even if they could breach either the jellyfin server or reverse proxy it’s not that big of a deal. Obviously I keep the setup updated and do my best to keep bad actors out. but as I mentioned, breach for that one server would not be the end of the world.

With cgnat there’s not much else to do than to run a VPN where server is somewhere publicly accessible and route traffic via that tunnel (obviously running a VPN-client on jellyfin-server or otherwise routing traffic to it via VPN). Any common VPN-server should do the trick.

European comission has their own mastodon server at ec.social-network.europa.eu. Why in the fuck they’re still advertising/doing anything on twitter?

It’s pretty simple to set up. Generate CA, keep key and other private stuff stored securely, distribute public part of CA to whoever you want and sign all the things you wish with your very own CA. There’s loads of howtos and tools around to accomplish that. The tricky part is that manual work is needed to add that CA to every device you want to trust your certificates.

Posting on Twitter on Sunday, the Tesla chief executive said: “If WFP can describe on this Twitter thread exactly how $6 billion will solve world hunger, I will sell Tesla stock right now and do it.”

“But it must be open source accounting, so the public sees precisely how the money is spent,” he added.

Beasley replied to Musk’s post on Twitter, saying he could assure the billionaire that the WFP had the systems in place for transparency and open source accounting.

“Your team can review and work with us to be totally confident of such,” he said.

“$6 billion will not solve world hunger, but it WILL prevent geopolitical instability, mass migration and save 42 million people on the brink of starvation. An unprecedented crisis and a perfect storm due to Covid/conflict/climate crises,” he added.

CNN.

He word-for-word demanded detailed explanation on a twitter thread, not linked document. Also, even if the proposal give might not have solved the world hunger crisis that amount of work would have made him the biggest benefactor on the planet by a pretty decent margin and there would be statues of him around and schools would teach about that single event. But no, the plan wasn’t immediately perfect so he just ditched it and left 42 million (and who knows how many more due to multiplier effects) people on their own fate.

But I guess ‘bluff’ was called and everyone clapped their hands.

There’s a line of people who would do that if someone could craft a fool-proof plan to end world hunger. That’s big enough ego boost for many, problem is just that there is no such solution which would need just a boatload of money to complete. World Food Program gave him a reasonable proposal which would’ve made an absolutely life changing difference for millions of people but that wasn’t good enough for him.

Musk responded on Twitter, writing, “If WFP can describe on this Twitter thread exactly how $6B will solve world hunger, I will sell Tesla stock right now and do it.”

As in “if you can provide a perfect solution to a very complex global problem in 140 characters or less then I’ll see what’ I can find in my couch”. I can make that promise too, difference being that no one will try to defend me for being pedantic and just think that I’m an idiot.

Didn’t he brag a while ago he’d do it if someone came up with a plan and then WHO (or UN or whoever) did and Elmo suprisingly didn’t do anything?

I didn’t know raspberry supports that. Searching for ‘atv remote’ just brings up androind apps, so maybe I misunderstood. Neat thing, but the hardware I have doesn’t support it and seems like usb-cec adapters are more expensive than usb-hid remotes.

I’d rather have a physical remote which acts as a keyboard so it’ll support waking the system up from suspend. Plus I prefer a dedicated device for that instead of a phone as I’m not a only user for the thing. There’s plenty of those around, only problem is to find one that works reliably and local stores don’t seem to have a lot of options so I might need to dig one up on ebay even if it’s a bit of a PITA to order from China to EU today with customs.

I installed Jellyfin on my server and threw kodi on a minipc I dug out of dumpster pile at work. Works pretty well, but my server needs more RAM and the minipc needs either a wireless keyboard or a USB-HID remote controller to finalize the setup. Also ran some wiring in the house and added two network sockets to a room where the whole kodi-tv-gamingpc-whatever-pile is going to live.

On the server RAM I found some on ebay, but if anyone is interested on 64G DDR4 ECC DIMMs I have a few. I thought they were supported on my server motherboard when I took them out from a old server at work but it supports only up to 32G ECC dimms.

How you imagine things send messages to reset your passwords, sending notifications and whatever is currently managed via email than some piece of code creating and sending messages, managing possible errors with them and potentially also monitoring/logging the message traffic for statistics or debugging?

User adoption matters if you want your thing to be actually useful for the actual users. And supporting any messaging system requires effort, so it makes sense to spend limited resources on a thing which has the biggest userspace. If you want to run matrix server which has you and your dog using it, go ahead, but don’t be surprised if you want to contact your neighbor and he’ll look like you have two heads when you start to explain how to reach you.

It’s a crapload more work to support XMPP/Matrix/whatever messaging on any platform than…SMTP

It’s absolutely not.

And you know this since you’ve written code to manage both on different environments, right?

Also, whatsapp supports all kinds of “bots” and it has absolutely massive userspace compared to pretty much any other instant message application. It doesn’t matter if you create the perfect protocol and platform for this kind of thing if there’s 7 people globally using it.

It’s a whole lot less work than configuring email.

It’s a crapload more work to support XMPP/Matrix/whatever messaging on any platform than just using a robust, reliable, resilient, widely supported good old SMTP. For you it might be easier to input your account (which at least on XMPP resemble quite a bit of email address) but for the developer it’s totally different thing. Also practically everyone accessing a website has an email address and if they’d decide to support some mesaging platform it’d make more sense to use whatsapp than XMPP since it’s vastly more popular.

Self hosting is not just one thing. You are system adminstrator, network engineer, security specialist, service architect and many other things, specially if you expose anything to anyone outside your very private network. And to get anything even running on that complex mess requires some knowledge on a lot of things. Making them run securely with proper backups requires even more knowledge on things.

Sure, you can just throw some docker images on your old desktop and be happy, even forward ports from the public internet to your things if you like. But that exposes your stuff to quite a lot of dangers and if you just click buttons without any understanding you’ll soon be a part of a botnet or lose your data or lose money if someone decides to mess around with your home automation or something else.

I get what you’re saying, not all of us are very polite and answers can be pretty harsh, but more often than not the generic idea behind those answers is not trying to be an asshole or gatekeep anything. It’s just that there’s a skillset you need to build things safely and if it’s clear from the start that someone looking for answers is way over their head it’s better for everyone to get them take a step back and learn instead of trying to create a meaningful answer since there’s too many variables or it’d just take immense effort to write down comprehensive guide on what to do, why and how for everything from the ground up.

I know for a fact that in my area there’s a bunch of surveillance cameras, home automation stuff and even some farm equipment directly open to the public network just because someone just plugged things in without any idea on the whole picture. Sometimes the correct answer is ‘stop shooting yourself on the foot and learn the basics first, then come back’.

Just for the sake of conversation, I recently did some crude math on this. I have few friends around who are well capable of running a backup server for me (hardware maintenance and stuff is always needed anyways) and at first it seemed like a good plan. Just get a 4TB SSD/NVME and throw that on a Raspberry Pi (or something small to keep electricity consumption low and setup silent), set up encryption, connect that to my network with wireguard or some other VPN and let it do it’s thing.

But I’d need to purchase everything as setting up a remote location with old hardware is just asking for trouble. The drive alone is 300€ (give or take) and the rest is easily another 100€. Currently my storagebox costs ~10€/month for 5TB. Even if I scored a fantastic black week offer and got everything for -50% discount that hardware with multiple single point of failures would cost nearly 2 years worth of cloud backups. And I’d still owe at least few beers to the friend for the trouble.

Your mileage may obviously vary, there’s a million different scenarios, but for me with my current setup it just makes sense to pick couple cloud providers and let them store my bits instead of getting more hardware to maintain and upgrade.

With backups two is one and one is none, so you are very much in a right track. Personally I have my stuff running on proxmox VMs with a proxmox backup server (VM as well) storing backups to Hetzner Storagebox. I’m planning to set up a another host in garage to have “local” backups too, as mine is detached as well the risk of both going up in flames in event of fire is pretty low. However, a voltage spike due to lightning on the grid or something else might blow up both hosts so that’s a threat model to be aware of. Also if your connection to garage is over copper it can cause other problems, fibre or wireless is highly recommended.

With backups it’s largely about the bandwidth available. I personally have enough so uploading to cloud is not an issue, but backing up a terabyte of data over 10Mbps connection might not work out at all.

For more info search for 3-2-1 strategy, that should give you plenty of ideas what you need to think about and what are industry best practises about making sure backups are in order.

I’ve done quite a bit of freelance work and visited various office spaces with multiple companies in a single building. It was pretty common just to call to the building reception and tell them that I’m working for this-and-that-company upcoming weekend for their network stuff and I’d need access to network cabinets and whatnot and they’d have keys ready for me with very little (if any) verification if I’m actually doing what I’m supposed to or if I am who I claim to be. Some of the locations just handed me keys with access to practically everything, including shared server rooms hosting their CCTV setup, key managing servers and all.

So, just get a name tag with a local operator logo and clothes to match and ask nicely. You’ll get access to a lot more than you think.

So it is always DNS

Based on the title alone I thought that she was a barista who poured hundreds of liters of coffee down the drain or something which might make sense. But no, just the last sip on her cup in order to prevent it from spilling in the bus or causing problems in the trash bin. Do they fine people if they accidentally drop their full cup too?

I actually did something for quite a while. Finished long overdue wiring for outdoor access point and one more camera, replaced a main switch since the old one started to behave unreliably, installed frigate (which still needs some work), cleaned up some wiring while messing around, updated a bunch of firmwares, replaced switch in garage to managed one and made some changes on my workstation and some other minor stuff.

Next would be to move cameras into their own VLAN and harden that setup a bit. And I really should get around on better backups for my VPS. But it’s a new week coming up, if the work isn’t too busy I might get something more done.