Cyber

Cyber, 4 months ago

It all depends on your usecase to define the risk vs effort.

I work in a cyber security role, yet my personal laptop has minimal security, because it doesn’t need it. Am I keeping military secrets on it? No. Does it contain bank records? No. So no full disk encryption, no app sandboxing, no AV scanning.

My work laptop… well, that’s a different case altogether.

My advice: do 1 thing at a time and make sure you understand it. For example, do you need a SSH server on a desktop device? Just disable it and that’s it secured. No need for additional jails, fail2ban, firewalls, etc… now it’s easier to maintain, which improves your overall security posture.

Have a look at Lynis and CIS-CAT, etc to audit your system… if it’s vulnerable and you don’t use it, remove it.

That’s why I use Arch… it only has the components you need.

Cyber, 4 months ago

I don’t have practical experience with ZFS, but my understanding is that it uses RAM a lot… if that’s new, it might be worth checking the RAM by booting up memtest (for example) and just ruling that out.

Maybe also worth watching the system with nmon or htop (running in another tmux / screen pane) at the beginning of the next session, then when you think it’s jammed up, see what looks different…

Cyber, 4 months ago

Yep, look into Wake On LAN if you just want to power the NAS on remotely.

My NAS also powers on at certaIn times of day and off again after a while - IF - no-one’s connected / no network traffic / etc.

I do NOT need my NAS on at 3am…

Edit : forgot to say, check out OpenMediaVault

Cyber, 4 months ago

I have both Fractal Design and SilverStone cases… love them… but the internal layout is not 100% of the consideration

Have a think about airflow and cabling… some of them have weird air flow designs and if you’re putting the machine inside something, or next to something, then that can make more impact on day-to-day use.

For example, I have a Node 304 (not enough drive space for you) because it fits nicely inside Ikea shelving. But the front air flow under the front bezel did mean I keep that machine near the front of the shelf, not pushed back.

And also consider hotswap drive bay caddies that fit smaller drives into large drive bays. Sometimes these have weird power connections, but if you don’t have them do you have enough PSU leads? So, are they absolutely essential? Possibly. Possibly not…

Maybe not the answer you were lookong for, but those are my main considerations now…

Cyber, 4 months ago

No, I (respectfully) disagree… When I had a tower PC under my desk, I upped Boinc to use ~50% idle CPU (from memory… might’ve been more) and that would just keep the chill off my office so that I didn’t need to heat it (unless it was really cold).

In the Summer I would drop Boinc down to ~25% as it was getting too hot in there.

Cyber, 4 months ago

Logseq.

I used Joplin in the past, but just didn’t quite get completely comfortable with it.

I also tried Nextcloud in the past… that project has become too big for my needs and the file syncing had issues.

Logseq is very similar to Joplin (ie markdown files), but IMHO the editor is easier with Logseq, plus the files are just simple plaintext files, named after the page title, so are easy to edit outside of the application (and immediately update in the app)

At first, I was a little unsure of Logseq’s default of working as a daily journal, but after a while it makes more sense for me - I use it at work, so 99.9% of my notes are meetings, tasks that occur during daily life… and of course those daily journals can refer to other “non-time based” project pages…

I also use syncthing to sync the notes between android phone, linux and Windows laptops and my NAS… so that wouldn’t change for you.

Cyber, 5 months ago

Have a look at the ServeTheHome site and channel on youtube … he’s done a load of good reviews of AliExpress devices and some tiny/mini/micro devices (think thinclients)

He covers power consumption and some interesting points (like which recent multi-Gb NICs are supported by pfSense / Proxmox / etc)

Just watching those should at least help you decide what you need.

I was going to build my own virt server and I ended up with a low power, silent, passively cooled box to run all my VMs in… for much cheap.

Cyber, 5 months ago

Thanks for the XY link… I’ve seen this occur loads of times, but that sums it up succinctly. Thanks

Cyber, 5 months ago

This is probably waaaay outside what you’re asking, but MythTV can do the tracking for whatever you watch through it (both TV and movies) or listen to… but it can’t do suggestions.

Cyber, 5 months ago

Interesting.

I have no idea how the piggyback operators work (ie, purely financial, nothing technical?), but a quick check shows Tesco (uses O2) responds the same way.

I’m lucky to have static IPs, but I have a noip.com and that appears to work ok, so it can’t be a blanket policy on dynamic DNS per se.

Cyber, 5 months ago

Logseq and syncthing

I use these for both work and personal life - and you can edit on multiple devices…

Now, the caveat there is, it’s not entirely realtime editing …

logseq updates the display when the underlying markdown file changes, so you can edit on multiple devices if you let them sync which takes a second or so (setup that syncthing folder to watch the filesystem, instead of periodic)

So, I edit a note on my phone, walk ovee to a laptop then see the changes come in and edit some more… pick up the phone, unlock it, probably ready to edit again…

If I leave the house, syncthing could sync over the internet, but I’ve not aet that up… so in the unlikely chance that someone edits the file(s) on my laptop AND I edit on my phone, then syncthing would give me 2 files which others have explained well.

BeyondCompare or meld or… vim… can do simple comparisons in these cases.

Been doing this for a while…Just my 2p

Cyber, 5 months ago

Whatever you do:

• keep notes
• consider the 1st build “wrong”
• “destroy” it (before it’s the only place your data is stored in)
• build it again

That means you’ll really understand it and how to maintain it.

And others have said: 3-2-1 backups

Cyber, 5 months ago

ext with the Sticky Bit? Ah, yes, me too 🤭

Cyber, 5 months ago

I normally shrug off most of the changes, but dropping ping from yaml AND fixing the interval just does my head in.

I’m using HA’s basic, built-in, doesn’t need an integration, standard ping, to monitor my network and inform me if people are home, turned off, etc…

And it was simple to just add more ping sensors in yaml, just copy some similar ones.

Now? Jeez…

And overloading HA via too high a ping rate? That’s a fundamental design issue with HA, not a reason to force a move to an automation…

Oh… and my lights don’t work now… ffs

Cyber, 5 months ago

Yep. This is the way…

IMHO the only accurate way to detect a sleeping person that doesn’t move for hours, is by weight / pressure.

Cyber, 5 months ago

Nextcloud is definitely overkill if you’re just after a calendar / reminder.

I ditched Nextcloud and went for radicale, but I’ve not looked into sending emails as reminders (I want less emails not more)

Is this for adhoc events like “visit the dentist”, or are you trying to automate a regular event like “put out the recycling”?

The latter could be done with cron and sendmail for example

Cyber, 5 months ago

+1 Came here to say the same thing.

And if there’s a conflict, well, you just end up with both files (rather than neither)

IMHO, I think the Logseq devs should forget about their sync - but I understand that they need something to attract funding…

Cyber, 5 months ago

Sync (one-way) from our phones to an always on tablet in the house - the screensaver is a photo gallery so now we actually SEE those photos we take.

Just update the exclusion list (on the tablet) every now and again to ignore older photos (ie 2023-10*) and it keeps them fresh.

Cyber, 6 months ago

Nice. I like that idea. Thanks for sharing.

Only concern would be if the tape started going yellow over time…

But, who am I kidding, we’ll all be swapping our house cabling to fibre in a few years time anyway ;)

Cyber, 6 months ago

MythTV for the AV … Volumio too, but, not upgrading that to v3.

Not seen radicale mentioned here…

I was an early adopter of OwnCloud and then switched to Nextcloud and, well, just gave up with it… no-one edits documents on it, we don’t look at photos on it, but we did use a shared calendar… so I ditched that, installed radicale and been much happier (ie less admin time, more life time)

Also running syncthing from our phones to a home built NAS and a tablet in the kitchen as the NextCloud photo upload was (still is?) broken.

I run Arch btw

Home Assistant of course… MotionEye in a Pi Zero…

And it’s all behind a pfSense box with DNS and GeoIP blockers installed.

Oh, and EmonCMS for my SolarPV.

Cyber, 6 months ago

What do you use on your phone for Tasks?

OpenTasks is great, but hasn’t had an update in 3 years, but jtx Board is unclear and massive overkill for me

Cyber, 6 months ago

I have never seen nor used a WD MyCloud, but if you know that an upgrade allowed for HA to run (I presume in Docker), then how about just wiping whatever OS is on the NAS and installing a Linix distro, then moving up from there?

A few use TrueNAS to run HA in docker, but a few quick searches shows that won’t work on your hardware.

Probably a lot more work than you were intending, but should simplify the future for that NAS and prevent any kludgy workarounds from trapping you again in the future.

And… I presume you have a backup of everything on that NAS 😉

Cyber, 6 months ago

Using my real surname for email was ok a few years ago, but I don’t have a common surname, and with GeoIP I just felt having a personally identifiable domain name / URL was 1 step towards lack of privacy.

For example anyone lookong for nextcloud.thatstheguy.com was going to be fairly confident they were brute-forcing MY system. (Yes, I know, MFA…)

Short & snappy is a much better approach IMHO

Cyber, 6 months ago

I’m kinda repeating things already said here, but there’s a couple of points I wanted to highlight…

Monitor the SMART health: Enterprize and consumer drives fail, it’s good to know in advance.

Plan for failure: something will go wrong… might be a drive failure, might be you wiping it by accident… just do backups.

Use redundancy; several cheapo rubbish drives in a RAID / ZFS / BTRFS pool are always better than 1 “good” drive on it’s own.

Main point: build something and destroy it to see what happens, before you build your “final” setup - experience is always better than theory.

I built my own NAS and was going with ZFS until I fkd around with it… for me… I then went with BTRFS because of my skills, tools I use, etc… BTRFS just made more sense to me… so I know I can repair it.

And test your backups 🎃

Cyber, 6 months ago

I can’t see the image the other reply had but I installed the Avahi package on pfSense to get mDNS between networks. That worked for me (slightly different scenario, but similar to you)