We kind of selfhost almost everything - while we operate a small server ourselves, the main burden is on a dedicated server setup. Basically a FreeIPA+Authentik+OpenCloud Stack as a base,with Redmine, Kimai, Zammad, Matrix, Jitsi and a few more apps. (Moodle, Seed DMS, Netbox, Zabbix, OPNsense, Vaultwarden, Forgejo, Ansible). Additionally we use a fair share of software remotely via RDP.

Backups are done onsite and to three different offsites, including cold storage backups.

As we all work fully remote this setup is also fairly adaptable and the switch to a (almost fully) Linux shop went far better than expected - my staff is fairly content with their setup (afaik).

The only thing I refuse to selfhost are email and VoIP.

Still mediocre compared to OPN/pfsense, IPfire, VyOs,etc.

I must admit I can’t find the exact guide I used anymore. Especially not a English one.

But the official guide should help you: https://www.zabbix.com/de/integrations/proxmox

I think whatever I used was pretty close to it. If you have any issues send me a DM.

(And tbf, I use both the Agent2 and the API in a perverse mixture. And for some nodes IPMI on top of it. It’s really kinky,but it does the job)

Absolutely, but unlike Ubiquiti they did not keep them under the rug that long. (Nevertheless: Both are shit for firewalling. Put a OPNsense before it?)

Zabbix is extremly nice.

Why?

• API Monitoring for Proxmox and Docker/Podman. Aka "you don’t need to setup monitoring for every container/LxC/VM. Do it once for the host,then everything gets autodiscovered.

• Active and passive agents as well as SNMP, IPMI,etc. can be combined as you like. Also does Website/service/application/database monitoring, SSG/Telnet checks and nowadys can even do Prometheus and MQTT/Modbus

• The proxy is really really worth it. It collects data from nodes you do not want exposed and relays them to the server. This includes all kind of inputs and is really easy to setup.

• Due to it being around for two decades there are a shitton of templares for devices - and it’s fairly easy to do your own.

• Unlike other systems (cough checkmk cough Grafana) there are no features that are only available to paying customers.

The most major downsides are the fact that it’s moderately to fairly ressource intensive to run in a small setup(but does consume less than others in large Setups) and it’s far less flashy dashboards. (Which are still powerful,though)

Not a fan. Absolutely not.

They had multiple security incidents which they kept under the rugs for a long time, they have the tendency to EOL devices without warning (which then means you need to replace your sometimes 9month old device or your whole enviroment can’t be updated), their lock-in into their ecosystem is much more complete as they can’t be used properly without their enviroment.(e.g. Omada devices can work without the Omada stuff, with Unifi you will always need a controller for some functions).

So if you realy need SDN features like Unifi look at Omada,otherwise Mikrotik is a solid alternative. (And OPNsense for firewall)

My company is a part of critical infrastructure and we provide consulting in disasters (e.g. how to get a hospital back up and running). So we fall under European legislation to have certain precautions. And as I colocate in my companys rack…it’s easier. As the rack is in a room I rent to my company. (We are small and I am the founder,that makes it easier)

But yeah, we put a bit of thought in it. Waiting for Iris2 finally materialise so I can get rid of LTE finally.

I have a LTE Backhaul,but admittedly if the firewall itself craps out I would also be offline - but I can at least reboot it via a plain old GSM power plug. That thing does not directly reboot the firewall,though, but brings up a old raspberry (usb boot,I don’t trust sdcards) which then checks if outside connectivity is still available (so if the GSM power plug gets compromised it’s not an issue) and if not tries a shutdown or,if that is unsucessful, a powercut of the firewall. If that also doesn’t work it triggers a dry contact in the GSM plug which leads to the plug sending out a SMS so I know I am fucked and need to get someone with a key to the rack.

Paramedic here with specialised delivery training. Delivered around 30 babies probably. Saw a high three digit number of pregnant patients.

You can’t reliable say that. Until you see the kid.

And I don’t mean the cases were the mother is blocking out the pregnancy mentally until she is crowning. (But tbh, it’s one of the most cherised moment of everyone in my profession if you have the “I am not pregnant,you idiot!” “Ma’am, I literally can see the hair of your baby coming out…oh and here’s the rest of the bub”-discussion)

I literally had a aquaintance not recognise her pregnancy (and she had been pregnant before) until she went to hospital for stomach pain. I saw her the weekend before and did not recognise the pregnancy. And,yes, the baby was full term. Happens, especially if the uterus is not in its usual place.

In other people you see it after 8 weeks (and well,it is often not the belly that is the first indicator which grows suddenly).

Other people look like "13 months pregnant with triplets"at the beginning of their second trimester.

Anyway: What is the reason for your question? (And: If you or anyone needs support in that case write me a messge. More than happy to guide you in the right direction if you are in a tight spot.)

Excellent points,just a few things added:

• Sueddeutsche has a english section as well that also includes some articles from the Atlantic

• TAZ.de is also an option,it’s free but mostly German (but also has a small English section). It’s bit like the Guardian but more left leaning.

• heise.de is a reasonably good news source for tech news both in German and English

• France24.com is a good english speaking choice for world news,especially as they often cover topic not heavily covered by other news outlets,e.g. things in Africa,Asia,etc.

• Sadly only German speaking but ver good: Der Falter (falter.at) from Austria.

There is a directory of European newspapers at newspapers-europe.eu.

Another protip: You can get registered in a library and a lot of them provide free access to a LOT of magazines to read for free online. And you often don’t even have to live close to said library to register and can register online.

Technically they are not illegal here - they are just not protected under the (very strong) strike protection laws.

So workers in Germany could go into general strikes but they would not be covered by strike law and therefore just absent from work. Which of course is an issue - but in case of a proper general strike, what are they gonna do, fire everyone? Especially in times when there are countless positions open?

So one would only get into trouble work wise,but not otherwise - one would not get arrested, cannot get sued (besides a very limited scope worklaw wise),etc. Only certain kind of civil servants (similar but not as common as the Pubblico Impiego in Italy) will get in trouble if they go on strike. E.g. cops, fireman, teachers, municpial clerks (but not muncipial workers and not all kind of clerks),etc.

Which I find somewhat fair as our strike protection laws are far reaching (afaik even a bit further than in Italy) and the employer is often as fucked by politics as the staff. So it’s a somewhat tradeoff I personally can live with. (Seen from my time as an employee. These days I am a small employer,but as left as ever,and from a employers point of view wouldn’t care to much - but the nature of my business supports it.)

And tbf, her ovaries worked fine for quite some time it seems - she had two daughters who both were exceptional people in their fields as well - one got a nobel prize in chemistry, the other was a Pulitzer prize nominee, fought the nazis, was a war correspondent, had role in the establishment of NATO and UNICEF and -as a representative of UNICEF and together with her husband received a nobel peace price for the organisation. The later one died in 2007,btw.

(The whole family is totally crazy,btw. Both on her sisters and cousins side, but also her daughters and grandchildren and now grandgrandchildren. Everyone excelled in their scientific field)

Have a look at open cloud.

You’re so right. I mean…I used to work with people who were K9 handlers and anyone who even brought his dog in a situation that would allow direct contact would be scrutinised. Repeatly? You are no longer a K9 handler and probably no longer a officer.K9 training is expensive and a handler who let’s that happen would not be in control obviously. But training here is done on a state level (we have no local law enforcement in my neck of the woods), regulated on a national/federal level and passive signaling is preferred these days anyway.

So… As you said… Even a dog getting an OD would be so crazy here it would probably make national news if the media got wind of it.

Crazy.

Have a look at Agent DVR. Works locally and the “pro” features that one would need to pay for are basically just Plugins. Everything else works nice without it. Additionally it accepts basically everything you throw at it camera wise and is far easier to configure than frigate, also has a (good) HA integration and is extremly mighty if your system grows over the years.

The mobile app is nice, but it also works fairly well in a browser on mobile.

Did you just seriously recommend port forwarding to a NVR login? Even worse with a consumer grade router? With HTTPS,non Standard Port and a strong password as the only security tips?

Please,people,for the love of god: Don’t do that. Really. Don’t. This is really bad advice,sorry.

Unless you are very very sure that your NVR solution is impecable in terms of security (none are), you are 100% sure you stay up-to-date all the time (including reviewing updates for issues) and have additional measures like fail2ban, IDM/IDS,etc. in place this is a very bad idea. HTTPS is only helping in terms of password transmission/spoofing,which is an unlikely vector here, a non standard port doesn’t help one bit here(have a bit of fun with shodan and see yourself) and while a strong password helps it only helps if the auth of the system and the OS below itself is watertight - a hard task.

It is always a bad idea to port forward unless you really really cannot avoid it.

Use a VPN - as you said, wireguard.

Good,selfmade and freshly made ones, are heavenly.

Wtf? I know multiple french people (I live right at the border) who make them themselves and taught me how to. (And freshly made is a huge difference. But the fact that you think one makes them in the toaster…ugh…)

Each patient had either a double (2 patients per room) or single (one patient per room). Each room is a regular psych ward room if you do not account the doors and windows. (We still had iron bars but these are phased out in favour of high security glas). The doors are similar to prison doors, the windows are shatter proves high security glas.

This is a good representation: https://www.wz.de/imgs/scaled/39/3/3/1/7/7/8/3/9/w709_h483_x354_y241_bed737e9084c58b2.jpg

Additionally there are multiple “special isolation rooms” per ward. These contain nothing but a ground integrated toilet (which can only be flushed from the outside) and a matress - and a lot of cameras. Patient who are in crisis can be seperated in there as an alternative to bed bound fixation.

In terms of activities: Patients have some form of therapy almost every day - either group, individual, work, ergo, etc. - as the main goal is healing/making people so healthy again that they are either no longer a danger and can step by step be released or can be transfered back into the prison system. (Tbh, both goals do not happen that often) Besides that: They can go into the yard, we also had a little veggie garden (which technically was illegal as the veggie were not allowed to be used for human consumption), meet with other patients in communal spaces, we had a open kitchen so they could cook. (Similar to prison they could order things every other week from a store) and well, if they have a TV (must be rented by the patient) can watch TV or borrow a book from a library(more on that below). The lower security wards also had a small gym and “communal activities” room with a billiard and so on, we didn’t.

Sounds nice? It isn’t. It js far worse than prison for most people and besides a few long termers who simply did not want anything to change after so many years absolutely every patient I have seen would have preferred prison

Why? While superficially the regime in forensic psychiatry sounds much more relaxed it isn’t under the surface. Almost half of all patients face measures under direct force (e.g. isolation, forced medication, fixation) within the first 4 months upon being admitted. That is MUCH more than regular prison (afaik their percentage in max sec is 5%).

Unlike prison it’s it’s much harder to get drugs in, as patients and visitors are screened much more and, even if you do, you get drug tested regularily (daily on drug rehab wards, weekly as a new entry on others) and due to staff being medical professionals (and there is much more staff per patient) the chance of getting high without anyone noticing is slim. And if you get caught ones liberties are gone, therapy will change,etc.

For medication it’s the other way around: We would monitor very very closely if patient take their medication (up to checking patients mouth with a dental mirror, regular blood tests,etc.) or switch to i.v./i.m. medication. A small percentage (afaik around 2-5%) are also medicated against their will.

The lack of activities is also an issue: Unlike prison where most people will try to get a job this is not an option in forensic psych. So if you don’t have therapy, you don’t have much to do and that is something that bothers a lot of people. This is especially valid as the access to media is also much more restricted compared to prison and that is much more individually regulated. In prison everything that is not seen as security risk must be allowed by law in terms of books. That is not the case here - it’s the opposite. Everything is forbidden unless it’s deemed that it is not impending the therapy goal - makes a big difference and is also a common source of trouble because some people are allowed things others aren’t. Another issue is the lack of education options. While I hear that has improved recently back in my day there was not much to do in that regard - while in prison you can regularily get apprenticeship, GED or even distant education uni degree. Overall basically everyone described the boredom as much worse than prison (but to a certain degree this is required for therapy to work). Adding to this is the lack of perspective - in prison you know how long you will be there. Life sentence here is 15 years and then they decide how dangerous you are. Only very few people get preventive custody or “special gravity” which means they get indefinite sentences/prolonged sentences. This is different in forensic psych. You will only get out once you are considered “healed”/sane. That can be in 15 months. Or 15 years. I had an arsonist on my ward who in prison would have had a max sentence of 5 years. He was there for 15 years and I am not sure he will be out by now.

Last but not least therapy itself is something on its own. People there first and foremost are patients. Any chance of liberties are directly connected to that (unlike prison where “behaving” is enough). So if you don’t play along you won’t get that TV. Less physical contact upon visitation (e.g. no hug allowed), you won’t get in a lower sec. ward or even have supervised trips to the outside. There are ocassional patients who try to trick the staff and manage to play along even though they really are still as sick as ever - but that has become incredibly rare. Generally speaking,though, the average patient will have less liberties than a average prison inmate. And of course therapy itself, even if you play along, is taxing. Very much so for these cases. I had a grown man cry in the fetal position on the floor for hours, another shift had a man trying to cut of his genitals with kids paper scissors (afaik he had a realisation what he has done and why and his sexual desire was a big part of it) or a man who plainly told me “my dad beat and raped me daily. They say the brain damage brought me here. I hate him for not doing it properly so I would be dead”.

So overall: It’s not a happy place and it is surely not a easy way out, not “easier” than prison.

(And as people always think they are clever and claim “yeah I will do this and that and play like I am insane and then get out after 15 months.” It doesn’t work like that - People working in forensic psych. are highly trained to find these cases and each possible inmate is screened while still in the entry ward or prison. I have yet to see someone who has sucess with that. Additionally: If you do this and get caught your sentence starts back on day 0 under some circumstances)

While it’s might not be what you might be looking for,but I used to work in a forensic psychiatry (including high security ward) in a central European country.

What do you want to know?