The battery technology is solid, LiFePO4 cells should be good for 10-15 years if they’re not abused, but my experience with these things is that the electronics are cheap and will fail long before the battery does.

Agreed.

If you can do your work on a 13" laptop with no mouse or external monitor without your productivity dropping off a cliff, you were never productive to begin with.

Decades ago I ran an “rm -fr *” as root, I thought that I was ~/bin, but I was in /bin. That was a fun lesson.

While true, it still means you’re locked into only being able to log in from a browser that has the password manager extension installed and logged in. Sometimes I want to log in from another machine, or another OS, or another browser, or even an incognito window that doesn’t have access to my extensions.

Who cares if it’s exposed to the internet?

1. Encrypting your local traffic is still valuable to protect your systems from any bad actors on your local network (neighbor kid cracks your wifi password, some device on your network decides to start snooping on your local traffic, etc)

2. Many services require HTTPS with a valid cert to function correctly, eg: Bitwarden. Having a real cert for a real domain is much simpler and easier to maintain than setting up your own CA

Why are you having to update your DNS records when you add a new service? Just set up a wildcard A record to send *.myserver.com to the reverse proxy and you never have to touch it again. If your DNS doesn’t let you set wildcard A records, then switch to a better DNS.

40s

Reddit’s API BS was part of it, but the bigger issue is the increasing number of suspensions and bans for completely innocent stuff, just because it pisses off Nazis. Recently I got a 3 day account ban because I said that ICE is racist. Before that I got my post deleted and an official warning because I said something about the Trump admin firing missiles at fishing boats being a bad thing (I don’t remember what I said exactly, and they deleted the post so I can’t check).

I didn’t use to, but I do now. Debian on everything (except the Proxmox servers, but Proxmox is basically Debian too)

I want to like yaml, I really do, but why are there so many different ways of specifying the same thing?

I guess it depends on the containers that are being run. I have 175 containers on my systems, and between them I get somewhere around 20 updates a day. It’s simply not possible for me to read through all of those release notes and fully understand the implications of every update before implementing them.

So instead I’ve streamlined my update process to the point that any container with an available update gets a button on an OliveTin page, and clicking that button pulls the update and restarts the container. With that in place I don’t need fully autonomous updates, I can still kick them off manually without much effort, which lets me avoid updating certain “problematic” containers until after I’ve read the release notes while still blindly updating the rest of them. Versions all get logged as well, so if something does go wrong with an update (which does happen from time to time, though it’s fairly rare) I can easily roll back to the previous image and then wait for a fix before updating again.

Unfortunately that approach is simply not feasible unless you have very few containers or you make it your full time job.

self-signed won’t get rid of any warnings, it will just replace “warning this site is insecure” with “warning this site uses a certificate that can’t be validated”, no real improvement. What you need is a cert signed by an actual certificate authority. Two routes for that:

1. Create your own CA. This is free, but a PITA since it means you have to add this CA to every single device you want to be able to access your services. Phones, laptops, desktops, etc.

2. Buy a real domain, and then use it to generate real certs. You have to pay for this option ($10-20/year, so not a lot), but it gets you proper certs that will work on any device. Then you need to set up a reverse proxy (nginx proxy manager was mentioned in another post, that will work), configure it to generate a wildcard cert for your domain using DNS-01 challenge, and then apply that cert to all of your subdomains. Here’s a pretty decent video that walks you through the process: https://m.youtube.com/watch?v=TBGOJA27m_0

Just use client-side encryption, then it doesn’t matter where it goes

the network appliance is now discontinued and self-hosting the network appliance can no longer happen software-only, you have to use their “server os”, which can’t be run in a container.

Of course it can, they just don’t provide a pre-containerized version but other people do. The server software just a regular program that you can install on any Linux OS. I use the linuxserver Docker version, it’s regularly updated and works without issue. It uses about 1.2 GB of RAM, so a little heavy, but nothing crazy.

https://community.ui.com/releases/UniFi-Network-Application-10-0-162/2efd581a-3a55-4c36-80bf-1267dbfc2aee

https://docs.linuxserver.io/images/docker-unifi-network-application/

You can back up ~/.ssh though, and restore it on any system.

BentoPDF is for editing PDFs, Paperless is for organizing PDFs. Think GIMP vs Immich.

Do not split a RAID array across drives in separate USB enclosures.

Doing RAID on USB drives is alright, as long as they’re all in the same enclosure and use a single USB interface. If you split an array between drives with separate USB interfaces, you will face corruption and rebuild issues when one of the controllers has a hiccup or comes up slower/faster than the other, which WILL happen. If you need to run a RAID array on USB-connected drives, use a 2-bay USB-connected DAS. I’ve used the QNAP TR-002 in the past, it works fine, just set it to individual mode.

The better option since we’re just talking about a mirror, is to run on one drive primarily, and occasionally sync your data to the other for a backup.

4-bay DAS with a handful of big HDDs in RAIDZ1. Load it up, then store it in your office at work or at a friend or family member’s house. Retrieve, update, and scrub somewhere between once every few weeks to once every few months, depending on how often your critical data is changing.

These modern app devs can pry my ncurses TUIs from my cold dead fingers

Thanks! BentoPDF is fantastic, I never knew something like this existed.

I have a todo list where I keep track of services I might be interested in one day, I read your post a few hours ago and added Bento to my list, thinking I might get around to it in a few days/weeks/months. Then out of nowhere 15 minutes ago I randomly needed to crop and split a PDF and realized I didn’t have anything to do it. I fired Bento up and was done in under a minute.