• 200 Posts
  • 700 Comments
Joined 2 years ago
cake
Cake day: June 12th, 2023

help-circle

  • Does your storage include any kind of RAID? If not then that’s something I’d personally add in to the mix to avoid interruptions for the service. Also 32 gig of RAM is not much, so don’t use ZFS on proxmox, it eats up your memory and if you run out everything is stupidly slow (personal experience speaking here, my proxmox server has 32gig as well).

    Also, that’s quite a lot of stuff to maintain, but you do you. Personally I would not like that big stack to maintain for my everyday needs, but I have wife, kids, kids hobbies and a ton of other stuff going on so I have barely enough personal capacity to run my own proxmox, pihole, immich and HomeAssistant and none of those are in perfect condition. Specially the HA setup badly needs some TLC.

    And then there’s the obvious. Personal mail server on a home grade uplink is a beast of it’s own to manage and if you really don’t know what you’re getting into I’d recommend against it. And I’m advocating every mail server which is not owned by alphabet/microsoft/apple/etc. It’s just a complicated thing to do right and email is quite essential thing for everyday life today, so be aware. If you know what’s coming up (or are willing to eat up the mistakes and learn from them) then by all means, go for it. If not, then I’d suggest paying for someone to make it happen.

    And then the backups. I’ve made the mistake few times where I thought it’d be fine to set up backups at some point in the future. And that has bit me in the rear. You either have backups on the pipeline coming Very Soon™ or you lose your data. And even if it’s coming Very Soon, you’ll still risk losing your data.

    Plus with backups, if you don’t test recovery from them then you don’t have backups. Altough for a home gamer it’s often a bit much to ask for a blank slate recovery, so at least I’ve settled on the scenario where I know for sure I can recover from any disaster happening in the home lab without testing as I don’t have enough spare hardware to run that test fully.

    Beyond that, just have fun. Recently I ran into an issue where my proxmox server needed some hardware maintenance/changes and that took my pihole-server down, so whole LAN was out of DNS services. No tthe end of the world for me, but a problem anyways and I’ve been planning for a remedy against that, but haven’t yet done anyting concrete for it.



  • I changed my proxmox server from zfs raid pool to software raid with mdadm. Saved me a ton of ram and cheap ssd’s don’t really like zfs, so it’s a win win. And while messing around with drive setups I also changed the system around a bit. Previously it had only single ssd with LVM and 7x4TB drives with zfs but as I don’t really need that much storage it’s now running 3x1TB SSD + 4x4TB HDD, both with software raid5 so 2TB of fast(ish, they’re still sata drives) storage and 12TB (or 10,6 in the real wold, TB vs TiB) of spinning rust storage.

    Well enough for my needs and I finally have enough fast storage for my immich server to maintain all the photos and videos over 20+ years. Took “a while” to copy ~5TB over 1gig lan to other system and back, but it’s now done and the copying didn’t need babysitting in the first place, so not too big of a deal. Biggest unexpected issue was that my 3,5" hdd hotswap cradles didn’t have option to mount 2,5" drives so I had to shut down the server and open the case to mount the drives.

    And while doing that my piHole was down, so the whole network didn’t have DNS server around. I’d need to either set up another pihole server or just set up some scripts to the router to change DNS offerings to dhcp clients while pihole is down and shorten the lease time to few minutes.




  • I personally prefer printed out books of our photos. We are missing quite a few years due to life getting in the way, but the end goal is to have actual books of photos with titles like ‘Our family in 2018’ and ‘Sports of our first born at 2022’. In europe we have a company called ‘ifolor’ where you can design and order printouts of your photos. They’re not really cheap, but the quality is pretty damn good. And their offerings go to pretty decent sized photo albums, up to A3 size and 180 pages (which is over 200€). So, not cheap, but at least so far their quality has been worth the money.

    And they have cheaper options too, but personally I think it’s worth the money to get the best quality you can for printouts. And even the smallest and cheapest option is far superior over not having anything at all due to hardware failure or whatever.


  • I still listen to the Thriller album sometimes, and though it is always freighted with the context of what came later

    I’m very much aware of the controversy around MJ, but in the end he was cleared on all the charges. There’s obviously a ton of things which are problematic, to say the least, but in my personal opinion he was a victim of the system too. There’s absolutely things to condem him for, but I don’t think he was a bad person in the end. Just someone who really needed some help which wasn’t there. Britney Spears would be a better comparison than Kanye.

    And there’s quite a big gap between being a problematic human being who created (ambiguously) some of the best art around and someone who straight up wants to make a statement of being a bigger natzi than Elon.



  • After reading the previous discussion I think that you should get more than single drive to store cold backups. That way you can at least spread out the risk of single drive failing. 2TB spinning drives are pretty cheap today and if you have, for example, 4 of them, you can buy one now, write your backups to it and in 6 months buy another, write data on that and so on.

    This way you’ll have drives with year or two difference on purchase date, so it’s pretty unlikely all of them fail at once and a single drive gets powered on and checked every other year or so. My personal experience is that spinning drives are pretty stable on the shelf, but I wouldn’t rely on them for decades. And of course even with multiple drives you’ll still want to replace them every 3-5 years each. Plus with multiple drives, if I were to build setup like that, I’d set up some sort of scripts or other solution where I can just plug the thing in and doubleclick an icon on desktop to refresh the data and maybe get a notification automatically that the drive you’re using should be replaced.

    And for actual, long term storage, printouts are the way to go. At least in here you can get books made out of photo paper with your pictures. That’s one media which is actually stable over long period and using them doesn’t require a lot of technical knowledge nor hardware. But I’d still keep digital copies around, as the printouts aren’t resistant to things like house fire or water damage.



  • This seems to be a common point of view for email self hosting.

    However, my own experience is a whole another thing. Sure, my hosts have been on every spam list imaginable, mostly with Microsoft, but just a week ago I migrated the whole setup to new VPS and while there’s still a thing or two I’ll need to iron out the emails are running just fine. Biggest issue was that I forgot to add IPv6 DNS records for the VPS and thus got blocked by gmail, but they gave a clear error why that was and once I fixed the problem it’s been smooth sailing.

    With current domains I’ve been running things since 2016 or 2018 and even commercially. It’s mostly problem free and things just work, Microsoft being the bigest ass on to work with. For example last october/november they decided to reject everything from one of my servers but both their JMRP portal and support claimed that there’s nothing wrong with our server. It took couple of days to clear without any definitive explanation. But beyond that, on various environments since 2009 (I think) it’s been mostly problem free hosting.

    Sure, hosting email for anyone requires at least some understanding on how things should work (both technically and ethically/legally) and the skillset needed is a bit more complex than hosting a web site to public internet, but it’s still something practically anyone can do if they really want to.

    And sure, there’s a ton of stuff you need to get right. And then there’s cases when you miss something and your ‘Contact me’ web form becomes a spammer heaven and your servers end up sending few million viagra ads around the net and your IP/domain is on every shitlist there is. It takes some persistence and time to clean that up and learn from the experience, but it’s not the end of the world.

    Self hosting your email is perfectly viable, it can be done regardless of google/microsoft, and I hightly recommend doing that. Email is one of the last “old” fronts to the net where everything is not centralized to a single/few actors. But you really need to know what you’re doing. Copy’n’paste commands to set up whatever the latest hot stuff is on docker containers just isn’t enough.




  • “Hankkiessani passia vuonna 202x lainsäädäntö salli biometristen tunnisteiden käytön pelkästään passin oikeellisuuden tarkastamiseen ja Euroopan perusoikeuksien viraston mukaan tunnistetietojen säilyttäminen missään muissa järjestelmissä passin myöntämisen jälkeen ei ole ollut tarkoituksenmukaista. Nyt uusi esitetty lainsäädäntö kuitenkin mahdollistaa takautuvasti aikaisemmin annettujen tunnisteiden käytön myös muussa käytössä, joka on pahasti ristiriidassa sekä myöntöhetken lainsäädännön että FRA:n kannanottojen kanssa. Tällainen takautuvasti vaikuttava lainsäädäntö ei ole hyvän hallintotavan mukaista ja on selkeästi ristiriidassa GPDR:n lisäksi monien muiden yksityisyydensuojaan liittyvien lakien ja asetusten kanssa ja päätös tulee kokonaisuudessaan perua ja palauttaa valmisteluun. Valmistelussa tulee ehdottomasti ottaa paremmin huomioon yksittäisen henkilön tietosuojan varmistaminen ja niin passien kuin henkilökorttien yhteydessä tallennettavien biometristen tunnisteiden käsittely ja säilytys tulee rajata pelkästään näihin käyttökohteisiin. Tätä laajempi edes tekninen mahdollisuus tietojen käyttöön, nykyisessä maailmantilanteessa jatkuvine tietomurtoineen, uhkaa vakavasti yksittäisen kansalaisen turvallisuutta ja täten edes teoreettinen tekninen optio tietojen jatkokäyttöön varsinaisen käyttötarkoituksen jälkeen tulee yksiselitteisesti estää ja tehdä kaikin tavoin mahdottomaksi.”

    Noin esimerkiksi. En ole lakimies tai mikään muukaan asiantuntija, joten lusikallinen suolaa ja lähdekritiikkiä perään.



  • GARM on lopettanut toimintansa elokuussa päivätyn tiedotteen mukaan. WFAin sääntöjä ei ainakaan ihan pienellä penkomisella löydy, mutta sikäli kun muutama minuutti tuon lafkan nettisivuilla antaa oikean kuvan niin ainakaan mitään sitovaa ohjeistusta tuolta ei ole jaossa.

    Toki jos tuommoinen taho sanoo että Muskin mediassa mainostaminen on huonoa pr:ää niin kai sen voi ohjeenakin tulkita, mutta tuntuisi että globaali ‘non-profit’ toimija ei lähde aivan hatusta repimään suosituksiaan vaan tarjoaa jäsenilleen perusteet miksi lafka x tai y kannattaa jättää väliin tai miksi kannattaa käyttää niiden palveluita.

    Aika laajasti tuolla WFAlla on kuitenkin jäseniä, joten kai tuosta voi ainakin Muskin mielikuvituksessa repiä kartellisyytöksiä mutta jos tarjottava tieto on että “twitterissä mainoksesi päätyy natsimielipiteiden viereen, tässä todisteet” niin ainakaan minun oikeustajulla tuossa ei paljon auta kitistä.


  • Liimaa? Nuo rätit ja koristeet nyt vielä jotenkin pystyy ymmärtämään mutta että 88 tuhatta pakettia erilaisia liimoja? Onko tässä nyt joku somehömpötys mistä en ole tietoinen vai onko erikeeperin hinta yhtäkkiä hypännyt aivan taivaisiin? Kaikenlaiset rakennusliimat nyt toki maksaa jotain, mutta en kyllä arvaisi mitään temulaatua käyttää oman mökin korjauksissa kun jos ne värkit onkin sitten sutta ja sekundaa niin valuu säästöt ajassa ja hukkaanmenneissä materiaaleissa moneen kertaan.

    Samaten 66 paketillista saksia tuntuu jotenkin hullulta kun melkolailla maailman parhaat sakset saa melkein joka marketista ja kotimaisena tuotantona.

    Tuo halpa tekstiilikrääsä on tietysti oma lukunsa joka päätyy lähinnä kaatopaikkoja täyttämään ja sen voisi jättää alunperinkin kokonaan valmistamatta. Sitä on paha arvioida miten paljon, jos yhtään, tuosta menisi kotimaiseen tuotantoon sikäli kun noita kiinalaisia halpakauppoja ei olisi käytettävissä, markkinasegmentti kun on aikalailla eri. EU on sentään ilmeisesti jollain aikataululla suitsimassa noita kauppoja ja joskus hamassa tulevaisuudessa kiinakrääsänkin pitää täyttää täkäläiset tuotevaatimukset. Aika näyttää miten hyvin tuossa onnistutaan ja kauanko tuossa muutoksessa menee.




  • I kinda-sorta finalized my migration to a smaller setup with my mail+web server. I’ve been running a small MSP business for several years and as customers flee right and left mostly to microsoft (due to 365 setup pricing) it’s been in a decline for quite a while. So, I finally pulled the plug and shut down the business side of things and downscaled that to a single VPS with a handful of domains, email service and a few simple wodrpress sites.

    Also I kinda-sorta moved all of my photo archive of 20+ years to immich and set up a backup scheme for it, which is now (only) 2-1-1. I also need more storage for that thing, but it needs to wait for few days until paycheck and after that migration I can finish importing all the photos I have laying around. That also requires some reconfiguration of my disk arrays, copying couple of terabytes from system to another and back again, but that’s relatively easy thing to do, but it takes “a while” to accomplish.

    After that there’s a long list of things to do, but mostly I’ll spend my free time and money to improve the current setup as quickly as possible in the immediate future.


  • True. And there’s also a ton of devices around which don’t trust LetsEncrypt either. There’s always edge cases. For example, take a bit older photocopier and it’s more than likely that it doesn’t trust on anything on this planet anymore and there’s no easy way to update CA lists even if the hardware itself is still perfectly functional.

    That doesn’t mean that your self-signed CA, in itself, would be technically any less secure than the most expensive Verisign certificate you can find. And yes, there’s a ton of details and nuances here and there, but I’m not going to go trough every technical detail about how certificates work. I’m not an expert on that field by any stretch even if I do know a thing or two and there’s plenty of material online to dig deep into the topic if you want to.