Roku tries to monitor HDMI activity on Roku TVs so they know exactly what’s being watched at all times. They also insert ads into the menu on a regular basis and sometimes force install apps. Adguard Home has blocked the vast majority of the ads on screen, but from what I’ve found the menu ads can’t be blocked.

If I had Fire TV and it’s as bad as you say it would have been binned long ago.

You didn’t mention it can also recognize and identify wildlife, trash cans, lawnmowers, license plates, delivery truck companies, and even faces.

Avoid Roku devices. Roku had an OK remote and decent UI, but the company has thoroughly enshittified it and turned it into an “advertising everywhere all the time” platform. There is a Jellyfin app that works well though.

I’ve been using Frigate for years. The built in object detection (without subscription) is excellent and very near 100% accurate. Initial setup was somewhat of challenge though. It’s free (donations encouraged) or a low cost subscription for more advanced detection.

As interesting as this is, users are still subject to the whims of a corporation that can completely change their policies each time a new executive is hired.

There’s a graveyard somewhere for apps and services that were free or low cost (and without ads) until the company decided to change their model to restrict or eliminate free usage. Teamviewer, Dropbox, RealVNC, Google Drive, Amazon Prime (ad free) Videos, Duolingo, Youtube, Zoom and Evernote are examples that lots of individuals use.

I’ve personally been bitten by this often enough to avoid any corporation’s “free” service whenever possible.

If you’re not dealing with CGNAT, Dynamic DNS (DDNS) is relatively easy to set up, doesn’t require a VPS and is designed specifically for dealing with changing IP address endpoints.

Instead of connecting using your (sometimes changing) IP address, you use a URL that dynamically updates when your IP changes. For instance, with DDNS you would access your home network using mynetwork.ddnsservice.com. The DDNS service returns your current IP and your connection can complete. Most routers have built DDNS clients that update the DDNS service when your home IP changes.

There are various DDNS services out there, but I like DuckDNS. It’s free (or you can choose to donate), easy to set up and has worked flawlessly for me for years.

Battery charge limit will allow you to set it to stop charging at partial charge. Doing so greatly increases the battery lifespan and can reduce possible fire risk even further while still leaving far more backup time than a UPS would provide.

See if that laptop model allows you to limit the battery charge. If the battery’s still holding a charge, isn’t swollen, and is kept at room temperature you have about a 1 in a million chance of a battery fire.

Parking your car in your garage has hundreds of times more fire risk.

Try testing TLP in battery mode even if you’re not using a laptop. You can configure all kinds of things to your liking with it.

I tried it out a few years ago and none of my server apps showed any noticeable decrease in performance with it running, but my power monitoring plug did show a reduction in power consumption. I ended up leaving it enabled all the time.

I set up KeepassKC with Syncthing temporarily years ago while looking for other options. To my surprise it’s worked so well there’s been no reason to change to anything else.

The database file is always backed up to multiple devices. With Syncthing file versioning turned on older backups are available if that file gets corrupted, but in 8+ years I’ve never had to use one of those older backups.

Initially I was using Syncthing discovery servers which allowed syncing from anywhere, but I’ve since moved away from that. Now everything is run locally and I use Wireguard to connect to my home network when I’m away.

I’d get that old Pi running with a cheap SSD, set up Wireguard (or just use the Syncthing discovery servers), put it on a shelf and forget about it. It’ll probably run for years with minimal attention.

Many of the prominent https VPN protocols are for evading the great firewall of China. OP had that as a requirement

OP said exactly the opposite. Where the fuck do you get this stuff?

Thanks for the link. Will take a look.

Who said anything about China?

OP: “I don’t need strong censorship resistance; it just has to work in offices and hotel WiFis.”

I’ve run Wireguard on 443 (on my router) for exactly that purpose and never had a problem, even when my standard WG port was blocked by some businesses. I’ve since had to move to port 587 due to router conflicts and it’s worked fine so far too.

The battery drain on Android is negligible (at least for my uses) and WG is activated by Tasker whenever my home wifi is out of range. From what I can see WG is configurable via Docker compose.

I’ve been using Linux for years, but on my hardware I’ve never been able to get Ubuntu to work reliably. I now only use it when booting from a USB for backups, but even on a relatively recent Dell laptop with Intel graphics the GUI crashes constantly. IMO it isn’t worth the trouble, but of course someone here will be oh-so offended by that.

After trying dozens of distros I went back to Mint because it just works.

They’re not the only ones. Foscam demanded I fill out and sign an extensive multi-page developer’s agreement before providing 2 HTTP commands to control the siren and light.

There are ~50,000-60,000+ available IP ports. If you had Wireguard configured correctly and running on every single one of them a port scanner would get exactly the same result as if every port was closed. Wireguard is completely silent unless the correct key is provided.

The “script kiddies” could scan every port for months and they’d get the same result. There is no known way to even know there’s an open port much less know that Wireguard is running on it AND have the correct key for access.

I understand being gun shy after your experience (I would be too), but that experience has nothing to do with what happens when you open a port for Wireguard.

deleted by creator

When I looked into this configuration a few years ago the security improvements seemed minimal. Adding yet another provider to the mix plus the additional risk of a server misconfiguration didn’t seem to be worth the trouble unless I was dealing with CGNAT.

Besides hiding endpoints from your ISP and exposing them to the VPS, how much security does this really add?

DDNS (Dynamic DNS), one 3rd party service I do use.

My network is reached by URL, not IP (although IP still works). When my IP changes the router updates the DDNS service in minutes. Lots of providers out there and it’s easy to switch if needed. I like DuckDNS. It’s free or you can choose to donate a bit to cover their expenses.