TedZanzibar

joined 1 year ago
[–] TedZanzibar 0 points 3 days ago (1 children)
  1. Sure but there's no reason to openly advertise that yours has open services behind it.
  2. Absolutely. There are countries that I'm never going to travel there so why would I need to allow access to my stuff from there? If you think it's nonsense then don't use it, but you do you and I'll do me.
  3. See point 3.

We all need to decide for ourselves what we're comfortable with and what we're not and then implement appropriate measures to suit. I'm not sure why you're arguing with me over how I setup my own services for my own use.

[–] TedZanzibar 2 points 4 days ago (1 children)

Yes and no? It's not quite as black and white as that though. Yes, they can technically decrypt anything that's been encrypted with a cert that they've issued. But they can't see through any additional encryption layers applied to that traffic (eg. encrypted password vault blobs) or see any traffic on your LAN that's not specifically passing through the tunnel to or from the outside.

Cloudflare is a massive CDN provider, trusted to do exactly this sort of thing with the private data of equally massive companies, and they're compliant with GDPR and other such regulations. Ultimately, the likelihood that they give the slightest jot about what passes through your tunnel as an individual user is minute, but whether you're comfortable with them handling your data is something only you can decide.

There's a decent question and answer about the same thing here: https://community.cloudflare.com/t/what-data-does-cloudflare-actually-see/28660

[–] TedZanzibar 14 points 4 days ago (7 children)

Admittedly I'm paranoid, but I'd be looking to:

  1. Isolate your personal data from any web facing servers as much as possible. I break my own rule here with Immich, but I also...
  2. Use a Cloudflare tunnel instead of opening ports on your router directly. This gets your IP address out of public record.
  3. Use Cloudflare's WAF features to limit ingress to trusted countries at a minimum.
  4. If you can get your head around it, lock things down more with features like Cloudflare device authentication.
  5. Especially if you don't do step 4: Integrate Crowdsec into your Nginx setup to block probes, known bot IPs, and common attack vectors.

All of the above is free, but past step 2 can be difficult to setup. The peace of mind once it is, however, is worth it to me.

[–] TedZanzibar 1 points 1 week ago

Check out Grip: Combat Racing for a modern take on Rollcage. I haven't played it since early access, though, so I've no idea if it's any good.

[–] TedZanzibar 3 points 2 weeks ago

Dolby Atmos at no extra cost, except the headset is 10 bucks more than the old version. Seems to me like Dolby Atmos support actually costs 10 bucks.

[–] TedZanzibar 6 points 2 weeks ago (1 children)

I do that a lot on my phone but keep forgetting it's a thing on desktop for some reason.

[–] TedZanzibar 3 points 2 weeks ago

Better than using what? All I see is a bunch of stars.

[–] TedZanzibar 2 points 3 weeks ago

It's quite normal as chip manufacturing improves and die sizes shrink. Smaller dies need less power and therefore run cooler, it's a win-win. It's also how the various slim models of consoles suddenly appear a few years after the regular version came out.

[–] TedZanzibar 8 points 4 weeks ago

Presumably streamed via xcloud, which previously needed a separate app.

[–] TedZanzibar 10 points 1 month ago
[–] TedZanzibar 1 points 1 month ago

Nah that one attaches to the twisty rod thing that you get on normal blinds. I need something more like this but I can't find a non-Aliexpress version. Not that it matters cos I'd need 5 of them and that puts the idea out of my price range for the foreseeable future.

[–] TedZanzibar 3 points 1 month ago

Normal to get a 50% discount for paying quickly and without appeal. Last I checked you couldn't pay with Nectar points, though.

4
submitted 1 month ago* (last edited 1 month ago) by TedZanzibar to c/smarthomes
 

We have a bunch of shutters in our living room that don't have any kind of remote control, nor a rod to operate them - you just move any of the individual slats and the rest follow suit.

Is there anything out there that could make these smart? I'm really struggling to find the right terms to search for.

Update: Turns out they are plantation blinds which has helped me to find the sort of thing I'm after. Cheers, Emperor!

27
submitted 1 month ago* (last edited 1 month ago) by TedZanzibar to c/selfhosted@lemmy.world
 

Quick overview of my setup: Synology NAS running a whole bunch of Docker containers and a couple of full blown VMs, and an N100 based mini PC running Ubuntu Server for those containers that benefit from hardware acceleration.

On the NAS I have a Linux Mint VM that I use for various desktoppy things, but performance via RDP or NoMachine and so on is just bad. I think it's ultimately due to the lack of acceleration, so I'd like to try running it from the mini PC instead but I'm struggling to find hypervisor options.

VirtualBox can be done headless, apparently, but the package installed via Apt wants to install X/Wayland and the entire desktop experience. LXC looks like it might be a viable option with its web frontend but it appears to be conflicting with Docker atm and won't run the setup.

Another option is to redo the machine with UnRaid or TrueNAS Scale but as they're designed to be full fledged NAS OSes I don't love that idea.

So what would you do? Does anyone have a similar setup with advice?

Thanks all!

Edit: Thanks for everyone's comments. I still can't get LXC to work, which is a shame because it has a nice web frontend, so I'll give KVM a go as my next option. Failing that I might well backup my Docker volumes, blat the whole thing and see what Proxmox can do.

Edit 2: Webtop looks to be exactly what I was looking for. Thanks again for everyone's help and suggestions.

 

Hey all,

I have a DS1821+ at home and have just bought a DS723+ with suitably sized disks and an equivalent amount of RAM to store at my parents' house as a complete off-site backup. What I'd really like (and the reason for buying the extra RAM) is a drop-in replacement in case of full failure of the 1821. Ie. Drive to my parents', grab the 723, take it home, plug it in and away we go.

I'm thinking the best way to achieve this would be through a combination of HyperBackup for backing up just the apps (most importantly Docker), and Snapshot Replication for everything else. Does that sound accurate or is there something I'm missing?

Cheers everyone!

61
submitted 5 months ago* (last edited 5 months ago) by TedZanzibar to c/selfhosted@lemmy.world
 

Specifically from the standpoint of protecting against common and not-so-common exploits.

I understand the concept of a reverse proxy and how works on the surface level, but do any of the common recommendations (npm, caddy, traefik) actually do anything worthwhile to protect against exploit probes and/or active attacks?

Npm has a "block common exploits" option but I can't find anything about what that actually does, caddy has a module to add crowdsec support which looks like it could be promising but I haven't wrapped my head around it yet, and traefik looks like a massive pain to get going in the first place!

Meanwhile Bunkerweb actually looks like it's been built with robust protections out of the box, but seems like it's just as complicated as traefik to setup, and DNS based Let's Encrypt requires a pro subscription so that's a no-go for me anyway.

Would love to hear people's thoughts on the matter and what you're doing to adequately secure your setup.

Edit: Thanks for all of your informative replies, everyone. I read them all and replied to as many as I could! In the end I've managed to get npm working with crowdsec, and once I get cloudflare to include the source IP with the requests I think I'll be happy enough with that solution.

 

Some sort of goals against streak, no more than 2 or possibly 3?Also unclear as to whether that's a franchise or NHL record?

 

... Due to past performance post mid-season, but look at those standings! Even if Boston or New York catch up in points we'll still be on top.

Anyway, just sending some hockey love from a UK Jets fan.

111
submitted 10 months ago* (last edited 10 months ago) by TedZanzibar to c/selfhosted@lemmy.world
 

I work in tech and am constantly finding solutions to problems, often on other people's tech blogs, that I think "I should write that down somewhere" and, well, I want to actually start doing that, but I don't want to pay someone else to host it.

I have a Synology NAS, a sweet domain name, and familiarity with both Docker and Cloudflare tunnels. Would I be opening myself up to a world of hurt if I hosted a publicly available website on my NAS using [insert simple blogging platform], in a Docker container and behind some sort of Cloudflare protection?

In theory that's enough levels of protection and isolation but I don't know enough about it to not be paranoid about everything getting popped and providing access to the wider NAS as a whole.

Update: Thanks for the replies, everyone, they've been really helpful and somewhat reassuring. I think I'm going to have a look at Github and Cloudflare's pages as my first port of call for my needs.

 

Hey there, my local instance has had two admin posts pinned for the last 6 months-ish and they show right at the top of my Subscribed, Local, and All views. I can't imagine they're going to get un-pinned any time soon, so it would be great to get a feature where we can hide them.

Thanks for the consideration!

 
view more: next ›