Cool, I recommend it!

I have my public facing reverse proxy point to my public services, and I also have it set up as a “roadwarrior” VPN to my home. So, I can connect my phone via WireGuard to my VPS, and a local DNS resolves my private services to the private IP addresses in my home network (so, I also run a reverse proxy on my server, for internal services).

I also have an off-site backup using this — just a raspberry pi and an HDD at family’s, that rsyncs+snapshots over the WireGuard network.

I’m sure I’m not following all the best practices here, but so far so good.

This is the element Ru (not some whacky AI backed cryptocurrency).

Google blog post has technical details: https://cloud.google.com/blog/topics/threat-intelligence/darksword-ios-exploit-chain

VPS with a public ip (which just takes all the fun out of selfhosting)

Why do you say this? My VPS only runs a reverse proxy and WireGuard, with all services hosted on my computers at home.

Remember that RAID and redundancy is not backup.

Try to 3-2-1, or something similar/better, if you can.

I am fairly sloppy here, and I am also very cheap. I have multiple copies in my home for important stuff (mainly Immich), the in use copy being on SSD and a few backups on spinning rust. I have a raspberry pi with an external HDD at family’s place, with a daily rsync+snapshot, for off site backups.

Of course, I’ve never had a catastrophic failure, so who knows how smooth that would be…

I switched to Technitium and I’ve been pretty happy. Seems very robust, and as a bonus was easy to use it to stop DNS leaks (each upstream has a static route through a different Mullvad VPN, and since they’re queried in parallel, a VPN connection can go down without losing any DNS…maybe this is how pihole would have handled it too though).

And of course, wildcards supported no problem.

Maybe take a look at Outline. (Not affiliated, but I host it for myself.)

I also host KitchenOwl, but mostly just as a grocery list.

I would love to see some enterprising politicians try to pass massive funding for solar/renewable and just call it some stupid nationalistic thing to make it popular with the grey matter-challenged demographic.

Go renewable to save the planet? Fuck off hippie! Go renewable because then we can bomb with impunity? I’m listening…

At this point, they no longer obey the laws of classical physics, and the resulting quantum phenomena — known as relativistic effects…

This is…not how I would word things. Atomic physics is usually not in a classical (Newtonian) regime, and a quantum treatment is standard.

Adding relativistic effects to the quantum treatment is also standard, but many aspects of e.g. the hydrogen atom are reasonably well described without relativistic effects, though of course relativistic effects do matter.

Nitpicking aside, neat stuff!

I’ve been pleased with it. Family is very relaxed about projects like this, but yeah it’s low power draw. I don’t think I have anything special set up but the right thing to do for power would be to spin down drive when not in use, as power is dominated by the spinning rust.

Uptime is great. Only hiccups are that it can choke when compiling the ZFS kernel modules, triggered on kernel updates. It’s an rpi 3/1GB RAM (I keep failing at forcing dkms to use only 1 thread, which would probably fix these hiccups 🤷).

That said, it is managed by me, so sometimes errors go unnoticed. I had recent issues where I missed a week of rsync because I switched from pihole to technitium on my home server and forgot to point the remote rpi there. This would all have been fixed with proper cron email setup…I’m clearly not a professional :)

Not the same, but for my Immich backup I have a raspberry pi and an HDD with family (remote).

Backup is rsync, and a simple script to make ZFS snapshots (retaining X daily, Y weekly). Connected via “raw” WireGuard.

Setup works well, although it’s never been needed.

Well f2k me, T1L, t4s!

VNC? You have your choice of servers, and clients are ubiquitous.

A big gotcha is that you need to be careful with encryption/security, as in classic UNIX style VNC does one thing (remote desktops). It’s easy to forward over ssh though.

You can also use VNC to share, which is not what you want; this depends on the type of server/settings. But you can definitely create a new virtual X11 session and access it remotely.

Mac at work. Yabai+sketchybar is no i3wm replacement, but it works ok.

My .zshrc is basically the same as I use on my personal computers, and aside from a few coreutils differences it…kinda just works. I have apt aliased to brew so I can feel more at home.

Stock terminal works fine—I use xterm on Linux, so I’m used to relying on tmux for nice features anyway.

Basically, I miss the window manager, but practically speaking that’s a about it. (I obviously have xscreensaver installed!)

nc is useful. For example: if you have a disk image downloaded on computer A but want to write it to an SD card on computer B, you can run something like

user@B: nc -l 1234 | pv > /dev/$sdcard

And

user@A: nc B.local 1234 < /path/to/image.img

(I may have syntax messed up–also don’t transfer sensitive information this way!)

Similarly, no need to store a compressed file if you’re going to uncompress it as soon as you download it—just pipe wget or curl to tar or xz or whatever.

I once burnt a CD of a Linux ISO by wgeting directly to cdrecord. It was actually kinda useful because it was on a laptop that was running out of HD space. Luckily the University Internet was fast and the CD was successfully burnt :)

4*8 = 24

TIL ;)

Each /8 is 1/256th of all IPv4 addresses, not counting reserved/illegal addresses. Not sure where 1/1000 is coming from…

I’m a ~/tmp man myself.

Maybe not a service in the typical sense, but setting up your router+server to route your home network traffic through a VPN is a fun project.

My router (MikroTik) supports WireGuard, so I can use it with Mullvad for the whole house—but wg is demanding and it’s a slow router, so while it can NAT at ~1Gbps, it can’t do WireGuard at more than ~90Mbps. So, I set up WireGuard/Mullvad on a little SBC with a fast processor, and have my router use that instead. Using policy based routing and/or mangling, I can have different VLANs/subnets/individual hosts selectively routed through the VPN.

It’s a fun exercise, not sure I implemented it in a smart way, but it works :)

640k 780k ought to be enough for anybody…

I used Photoprism years ago, so my knowledge is probably pretty outdated.

My experience of Photoprism was that mobile was not tightly integrated. At the time I used Syncthing to sync photos — it worked ok for me, but I wasn’t going to set it up on my partner’s phone, for example.

Immich Just Works on both mobile and desktop. Multi user is great, sharing is great, and the local ML and face detection work remarkably well.

Whatever works for you is the best of course! Immich fits the bill for me, and it was very much worth it for me to “buy” it.