Well you must have either set up a port redirect (ipv4) or opened the port for external traffic (ipv6) yourself. It is not reachable by default as home routers put a NAT between the internet and your devices, or in the case of ipv6 they block any requests. So (unless you have a very exotic and unsafe router) just uhhh don’t 😅 To serve websites it is enough to open 443 for https, and possibly 80 for http if you want to serve an automatic redirect to https.
A colleague of mine had a (non externally reachable) raspberry pi with default credentials being hijacked for a botnet by a infected windows computer in the home network. I guess you’ll always have people come over with their devices you do not know the security condition of. So I’ve started to consider the home network insecure too, and one of the things I want to set up is an internal ssh honeypot with notifications, so that I get informed about devices trying to hijack others. So for this purpose that tool seems a possibilty, hopefully it is possible to set up some monitoring and notification via uptime kuma.
You do not want Octoprint on a machine that is busy. Otherwise you have load spikes that cause Octoprint to not be able to send the move-commands (gcode) as fast as the printer executes the movements. This problem is pronounced with faster printers and slicers that break up arcs into small straight lines (which is practically all slicers). Otherwise your printer stutters because it has to take small breaks to wait for the next command from octoprint.
What privacy concerns do you have? I’m all for privacy, but I don’t really see where registrars are a delicate topic in that. The most that comes to mind is that some (most?) have a service where they do not give out your name and address for whois requests, but instead the details of the registrar (namecheap has that for example).
True words. The sustained effort to keep something in decent shape over years is not to be underestimated. Now when life changes and one is not able or willing anymore to invest that amount of time, ill-timed issues can become quite the burden. At one point I decided to cut down on that by doing a better founded setup, that does backup with easy rollback automatically, and updates semi-automatically. I rely on my server(s), and all from having this idea to having it decently implemented took me a number of months. Just because time for such activities is limited, and getting a complex and intertwined system like this reliably and fault tolerant automated and monitored is simply something else than spinning up a one off service
And they believe all employees actually remember so many wildly different and long passwords, and change them regularly to wildly different ones? All this leads to is a single password that barely makes it over the minimum requirements, and a suffix for the stage (like 1 for boot, 2 for bitlocker etc), and then another suffix for the month they changed it. All of that then on sticky notes on the screen.
Since you run everything in docker, I guess you have experienced the benefits of containerization. So why not leverage that for your host too?
Fedora IoT is a container-based host that runs on your hardware, with a focus on edge device deployment.
https://fedoraproject.org/iot/ I have it running on two servers as well, and it works great. The only thing I changed is that I layered docker on it instead of using podman, because at the time I had trouble getting my reverse proxy working properly over ipv6
Those are symptoms of sitting at that operation point permanently, and they are a of course a concern. What I’m after is that people think that energy gets put in to the battery, i.e. it gets charged, as long as a “charger” is connected to the device (hence terms like “overcharged”). But that is not true, because what is commonly referred to as “charger” is no charger. It is just a power supply and has literally zero say in if, how and when the battery gets charged. It only gets charged if the charge controller in the device decides to do that now, and if the protection circuit allows it. And that is designed to only happen if the battery is not full. When it is full, nothing more happens, no currents flow in+out of the battery anymore. There’s no damage due to being charged all the time, because no device keeps on pumping energy into the cell if it is full.
There is however damage from sitting (!) at 100% charge with medium to high heat. That happens indipendently from a power supply being connected to the device or not. You can just as well damage your cells by charging them to 100% and storing them in a warm place while topping them of once in a while. This is why you want to have them at lower room temperature and at ~60%, no matter if a device/“charger” is connected or not.
(Of course keeping a battery at 60% all the time defeats the purpose of the battery. So just try to keep it cool, charged to >20% and <80% most of the time, and you’re fine)
“overcharging” doesn’t exist. There are two circuits preventing the battery from being charged beyond 100%: the usual battery controller, and normally another protection circuit in the battery cell. Sitting at 100% and being warm all the time is enough for a significant hit on the cell’s longetivity though. An easy measure that is possible on many laptops (like thinkpads) is to set a threshold where to stop charging at. Ideal for longetivity is around 60%. Also ensure good cooling.
Sorry for being pedantic, but as an electricial engineer it annoys me that there’s more wrong information about li-po/-ion batteries, chargers and even usb wall warts and usb power delivery than there’s correct information.
Ja genau das ist es. Man muss es aber selbst betreiben, ich glaube es gibt noch niemanden der immich hosting als service anbietet.
Das BS ist ja egal, das kann man einfach kostenlos wieder runterladen und installieren. Die ganzen persönlichen Daten wie Passwörter, Geburtsdatum/Ort usw. was man alles so im Dokumente-Ordner und den E-Mails findet ist doch viel interessanter! Für Identitätsdiebstahl zum Beispiel, oder Bestellung von Zeugs mit dem Konto von jemandem anders.
Also Dinge die mir spontan einfallen wären z.B. private kostenlose Wlans wie Freifunk, staatliche kostenlose Wlans die oft an öffentlichen Plätzen und Gebäuden zu finden sind wie BayernWlan und sowas, kostenlose Wlans in Geschäften (z.B. viele Supermärkte), Bahnhöfen und Zügen. In jedem Supermarkt kann man einfach eine Prepaid Karte mitnehmen. Abseits des Mobilfunks gibt es auch öffentlich zugängliche Computer, z.B. in Bibliotheken. Also du kannst es auf jeden Fall unbequemer machen ein online Casino zu erreichen, ob das reicht hängt dann wahrscheinlich davon ab wie groß das Verlangen der Person ist trotzdem zu spielen.
Es sei an dieser Stelle angemerkt, dass DNS Blacklists keine Sperre darstellen. Sie führen lediglich dazu, dass das Netzwerk selbst keine Auskunft darüber gibt mit welcher IP-Adresse diese Inhalte zu erreichen sind. Das hat allerdings keinerlei Auswirkungen darauf, dass sich jedes Gerät im Netzwerk diese Information wo anders besorgen kann, oder das möglicherweise eh schon macht, und der entsprechende Benutzer deine “Sperre” nicht einmal bemerkt. Je nachdem auf wen du mit deiner Aktion abziehlst, und welche Kenntnisse und Hoheit derjenige über das Gerät hat, ist deine Maßnahme also wirkungslos. Schlussendlich ist es aber praktisch auch immer möglich sich ziemlich einfach einen anderen Internetzugang zu besorgen, sollte es sich z.B. um einen spielsüchtigen Erwachsenen handeln.
that doesn’t require I keep a full local copy of all the data
If you don’t do that, the place that you call “backup” is the only place where it is stored - that is not a Backup. A backup is an additional place where it is stored, for the case when your primary storage gets destroyed.
Sowas wie ne minimale Wattzahl gibt es nicht. Alles was nen USB-Stecker hat verträgt grundsätzlich 5V, hohe Ströme und höhere Spannungen werden dann zwischen dem Gerät und den Ladestecker ausgehandelt. Das schlimmste was passieren kann ist, dass das Gerät nicht laden kann. Das ist z.B. bei vielen Laptops so, wenn man sie an ein altes Handyladegerät (ohne Powerdelivery) ansteckt.
Das einzige was passiert ist, dass das Gerät natürlich langsamer lädt. Das hat für den Akku allerdings nur Vorteile, weil das die Lebensdauer weniger stark verkürzt als Schnellladen. Also wenn man sein Handy z.B. immer über Nacht lädt, kann man es getrost an einem alten langsamen Netzteil laden, und richtet damit alles andere als einen Schaden an.
Use a systemd-service + systemd-timer. You can then run “systemctl start myjob.service” to check that it runs as you expect. If it works “systemctl enable --now myjob.timer” to kick it off as scheduled
I built a small tool that does that for me now and published it: https://feddit.de/post/2909288 maybe you’ll find it useful, no guarantee that it doesn’t break something though :D
I only keep track of the sha256, compose happily uses those. I published the tool https://feddit.de/post/2909288 :)
Do you do some sort of versioning/snapshotting of your services? I’m on the compose route as well, and have one btrfs subvolume per service that holds the compose.yml and all bind-mounted folders for perstistent data. That again gets regularly snapshotted by snapper.
What leaves me a bit astounded is, that nobody seems to version the containers they are running. But without that, rolling back if something breaks might become a game of guessing the correct container version. I started building a tool that snapshots a service, then rewrites the image: in compose.yml to reflect what ever the current :latest tag resolves to. Surprisingly, there doesn’t seem to be an off-the-shelf solution for that…
With something like this, how do you handle the period of time while copying? I mean you can’t really leave it running as it wouldn’t be in a consistent state. A “under maintenance” page instead? Copy to a fresh folder and when done tell the webserver to serve the new location?