randombullet @ randombullet @programming.dev

Posts

5

Comments

303

Joined

2 yr. ago

I drink a cup of water per drink and I'll never get a hangover.

I use immich with a public proxy as my forward facing solution.

The public proxy helps when I share photos behind a password.

I have a 3 2 1 backup policy with roughly 200tb of total storage. Then I backup in a remote location (6 timezones away) that I also own. The only time I'll lose access to my photos is if the entire world blows up.

Everything is secured using VPN tunnels. Data isn't encrypted at rest for me though, I'd rather assume the risk of someone getting my photos (physical and technical access) than having my encryption mess up. Both are equally low risk, but ones more disastrous.

Or you learn proxmox and running everything as a VM

I just use google OAuth since everyone I know has a google account. It just can't use OAuth on private IP addresses, just FQDNs.

I want to be able to upload/download/share my photos from anywhere in the world without using a VPN. Additionally, this satisfies the wife requirement. It works in the background without her needing her to turn on the VPN. I don't want her to keep asking me how do I turn on the VPN? If it's just me, then no issue, I'll use a VPN.

It's hard to explain from scratch.

Caddy is a reverse proxy software that essentially redirects traffic from a certain port to another port. For example external:port => internal:port. It also enables SSL encryption meaning everything will be encrypted en route between the external and the user.

VPS is a virtual private server. Just someone else's computer you can expose to the Internet.

Tailscale is a mesh VPN that uses wire guard as its transport. I use this to tunnel between my VPS and my Immich server to hide my home IP and to allow encrypted traffic between my Immich server and my VPS.

A zero-day (also known as a 0-day) is a vulnerability in software or hardware that is typically unknown to the vendor and for which no patch or other fix is available. The vendor thus has zero days to prepare a patch, as the vulnerability has already been described or exploited.

There's no fix other than security through layers.

Pretty much I have caddy on a VPS that's pointing to my internal IP using a tailscale tunnel. You are still exposing the web gui to the Internet so I just changed authentication to OAuth to mitigate since risk. There is still a possibility of attacks via zero days, but my immich is on a VM and I'm creating firewall rules to just allow certain ports out.

You will need a VPS as your other endpoint

I can actually game one the AMD one pretty okay. Couldn't with Intel. Battery life also increased by 30 minutes.

I understand what you mean. The way I did it was a full disk encryption as an "external drive" so the whole disk was encrypted

No, that's absolutely true. Dynamic loads will need to be accounted for in real world examples.

How are you accessing the fediverse?

Consider a dam that is 10m tall

Then consider the height of water behind that dam is 5m tall.

Does the dam need to be built stronger if the water behind it is 1 km long?

How about only 500m?

How about 1m?

The answer is, it doesn't matter. Water exerts pressure equally regardless of how much water is behind it.

Therefore a graduated cylinder that is 10m tall needs to resist the same amount of force as a dam 10m tall regardless of how much water is behind the dam. Even a thin sliver of water 1mm thick and 5m tall has the same force as a 5m lake behind the dam.

Incompressible fluids are pretty insane

Can you elaborate?

When I sold my drives, I used veracrypt with a 128 character password and PIM of 800+.

Isn't that the same thing as shredding?

IP address and Domain Names

PiHole and AdGuard are both easy to setup servers for network wide DNS blocking. (Homenetworking)

NextDNS is an external entity that allows you to setup DNS blocking on devices that support DoT, DoH, and occasionally plaintext DNS. (For your phone and other mobile devices)

iPhones and Androids both support DoT while Firefox (and likely most modern browsers) supports DoH.

If you don't want to rely on an external entity, you could use a wire guard split tunnel to block your ads away from your home network. Additionally you can set up a VPS and self host your DNS server there.

Just run OM3 and you'll be set for 100gbe!

Helped my dad through the process and he got like 41 dollars from an old business tax over charge. Not much but that's dinner money!

I have maybe a few dozen USB C devices all from dumb 5V/2A chargers to 20V/5A chargers. From USB 5GB to USB 40GB. Never once have I ever had issue with the cables and connectors. Only time I've had an issue was when I dropped my phone into the charging cable where it physically broke off.

Meanwhile I've had an iPhone for 4 years and the lightning connector broke in such a way I had to use hot glue to pull it out of the port.