• 1 Post
  • 14 Comments
Joined 1 year ago
cake
Cake day: July 12th, 2023

help-circle

  • It’s funny to me that people have such a problem with YouTube Premium. There are a LOT of reasons to criticize YouTube/Google, but YouTube Premium is about as close as it gets to the platonic ideal of a video subscription service. It completely banishes any ads you’d get without paying, and it provides the creators you watch with more value than someone watching without premium. If showing ads is unacceptable, and paying to not see ads is unacceptable, then what’s the alternative? People have to make a living, and servers don’t run on magic.




  • I’ve used nextcloud for a while now, but it does suffer from jack of all trades syndrome. I’ve started offloading the things I use it for to other services that do a particular thing better. Syncthing for general file syncing across my devices, Immich for managing photos, Radicale for contacts and calendar sync…

    If you’re just looking for an all in one Google Drive like experience for your files though, Nextcloud is as good as it gets.


  • I use Portainer and it’s a good UI, but I find the way they market business edition pretty scummy. Like having a banner ad constantly visible on the page, and having half the features visible but disabled with a big bright “upgrade to Business Edition” message next to them, and directly refusing to add any mechanism to opt out. I respect that they need funding for development, but they need to realize that a lot of their users simply don’t need a business license and aren’t going to buy one no matter how much advertisement you throw at them. The fact that they don’t realize that and refuse to budge indicates to me that they’ve stopped caring about the user experience of their product.

    Sorry for the rant, I’ve been annoyed by this for a long time. Some day I’ll set up my own gitops pipeline, but that pesky day job keeps getting in the way.





  • I’m not super paranoid about security, but I do try to have a few good practices to make sure that it takes more than a bot scanning for /admin.php to find a way in.

    • Anything with SSH access uses key-based auth with password auth disabled. First thing I do when spinning up a new machine
    • Almost nothing is exposed directly to the Internet. I have wireguard set up on all my devices for remote access and also for extra security on public networks
    • Anyone who comes to visit gets put on the “guest” network, which is a separate subnet that can’t see or talk to anything on the main network
    • For any service that supports creating multiple logins, I make sure I have a separate admin user with elevated permissions, and then create a non-privileged user that I sign in on other devices with
    • Every web-based service is only accessible with a FQDN which auto-redirects to HTTPS and has an actual certificate signed by a trusted CA. This is probably the most “paranoid” thing I do, because of the aforementioned not being accessible on the Internet, but it makes me happy to see the little lock symbol on my browser without having to fiddle around with trusting a self-signed cert.

  • Spotify is the only service I actively use. I’m not big on music fidelity, so for my purposes, it provides value.

    The Hulu and Disney+ bundle because my mom and girlfriend use it, and it’s not worth convincing them to use my Jellyfin server.

    Prime Video, just because I have Amazon prime, but I don’t think I even have the app installed on any of my devices.

    These days, if I’m watching something on my own, I don’t even bother looking for it on streaming apps. I just legally acquire a Blu-ray copy and add it to Jellyfin.


  • One of the things I like about containers is how central the IaC methodology is. There are certainly tools to codify VMs, but with Docker, right out of the gate, you’ll be defining your containers through a Dockerfile, or docker-compose.yml, or whatever other orchestration platform. With a VM, I’m always tempted to just make on the fly config changes directly on the box, since it’s so heavy to rebuild them, but with containers, I’m more driven to properly update the container definition and then rebuild the container. Because of that, you have an inherent backup that you can easily push to a remote git server or something similar. Maybe that’s not as much of a benefit if you have a good system already, but containers make it easier imo.


  • I’ve always been hesitant to host any services on a device with a non-removable battery. Having a battery constantly charging and discharging isn’t great for it and could potentially be a fire hazard. I know modern devices have gotten much smarter about how they charge, so maybe it’s not as much of an issue anymore, but still something to be aware of depending on how old your phone is or how you modify the firmware.

    Personally, with how cheap you can find a mini PC or SBC, I would just save up a bit (maybe even sell the device you’re planning to host on) and keep an eye out for deals. You’re going to get a lot more freedom and power with those devices, and not have to try to hack around the limitations of a mobile OS.


  • My advice for security is don’t expose anything to the Internet unless you’re sure you know how to secure it. If you want to be able to access self-hosted services remotely, setting up a VPN is the way to go. OpenVPN is gonna be the most widely supported way of doing that. In fact, based on a quick Google search, it looks like your router has an OpenVPN server built in. If you’re willing to put in some effort for something more modern and performant, look into WireGuard.

    Another benefit of having a VPN is that if you set it up to allow access back out to the Internet, you can use it to mask your internet traffic while you’re connected to an untrusted network.