qjkxbmwvz

joined 1 year ago
[–] [email protected] 9 points 9 months ago (2 children)

https://en.m.wikipedia.org/wiki/Apple%E2%80%93FBI_encryption_dispute

Not sure how that compares to the response from other companies though. But I would guess favorably, from a user privacy perspective?

They also have faced pressure to scan iCloud content, but have afaik refused https://www.eff.org/deeplinks/2022/12/victory-apple-commits-encrypting-icloud-and-drops-phone-scanning-plans

[–] [email protected] 2 points 9 months ago

Where I am there's a smallish internet provider, Sonic, that advertises almost-too-good-to-be-true service. As a former subscriber...nope, it's pretty much what they say it is. It was gigabit fiber and I could iperf to a university server and get 900Mbps+ (depending on time of day). Fast.com would say 1Gbps.

My only complaint was that iirc the advertised price was for service, with an extra charge for router. BYO router meant you were charged slightly more for service (this is my recollection, not positive though).

They are a pretty vocal net neutrality advocate, and from what the tech told me they offer "best effort" service, meaning while ATT fiber may support gigabit, they'll throttle it and upcharge you for the extra speed; Sonic, afaik, didn't do that. They now offer 10Gbps Internet for I think the same price as the gigabit, but I think you need to BYO network gear to take advantage of it.

Unfortunately our new place doesn't offer them, otherwise I would still be a subscriber.

Point being...too good to be true usually is just that, but sometimes it's not 🀷

[–] [email protected] 11 points 9 months ago (2 children)

Behind in specs? Depends on which specs I guess


but CPU/GPU performance is AFAIK pretty great? https://www.tomsguide.com/features/iphone-15-pro-benchmarks

Features, yeah, depends on what you're looking for. AFAIK iPhones are the only mainstream phone to offer satellite texting though.

I have both an iPhone (work) and an android (personal), and they both...kinda just work 🀷

[–] [email protected] 2 points 9 months ago* (last edited 9 months ago)

I love my orange pi (5+, 16GB, 256GB eMMC, 2TB NVME). New, with case and eMMC (excluding NVME) was about $200.

Smart switch says it idles at about 2.9W, transcoding 1080p with Jellyfin draws about 5W (at several hundred FPS with HW transcoding


so it presumably won't draw that much for the entire duration of the media). Not sure how reliable smart switch is at those powers but I'm guessing it's ballpark accurate.

Works flawlessly for Immich of course.

The duel 2.5G NICs are underutilized by me but kinda fun to have I guess.

For me, idle power is important, so the ARM SBC route is pretty appealing. A new x64 NUC at same price might offer comparable performance I suppose, and something used could be beefier at the expense of more power usage. But to each their own!

[–] [email protected] 13 points 9 months ago* (last edited 9 months ago) (1 children)

In grad school I picked up a free used HP LaserJet. It had Ethernet, and could use generic/off brand cartridges. Yeah it was big and noisy but it was an awesome workhorse and it Just Worked (with out-of-the-box CUPS/Linux support too, IIRC).

How the mighty have fallen.

[–] [email protected] 3 points 9 months ago

Immich! It's an amazing self hosted Google Photos replacement.

Zigbee definitely fun with HomeAssistant. I have an SLZB-06M adapter which has PoE (important for me) and is a fairly "open" product (don't need to jump through hoops to flash firmware). I read somewhere that it may offer Thread support at some point but wouldn't count on that.

[–] [email protected] 18 points 9 months ago (2 children)

When I was in college, working for Google was a dream job for a lot of my friends. I have to think that hiring from that position is awesome


lots of really smart, motivated, enthusiastic grads, and you get to pick the best. I wonder if all that has changed?

Old article, and yes, "corporations are not friends" yada yada: https://www.businessinsider.com/tech-companines-that-havent-had-layoffs-job-cuts-yet-2023-1

If I'm ever in the market for another job and have the luxury of choice, the layoff question will be pretty high up.

[–] [email protected] 7 points 9 months ago (2 children)

Not a lawyer; would this likely stand up in court? Obviously I wouldn't risk it were I the dev, but just curious.

It's pathetic that I'll happily recommend my Emporia Vue2 energy monitor to folks running HA


not because it works out of the box, but because the company is aware of the community integration projects and seems ok with it, even if they don't actually support it. (ESPHome Firmware flash gives you local control


It's been pretty great!)

[–] [email protected] 9 points 9 months ago (3 children)

Not a lawyer; would this likely stand up in court? Obviously I wouldn't risk it were I the dev, but just curious.

[–] [email protected] 2 points 9 months ago

As others have said, I'd play with routing/IP forwarding such that being VPN'd to one machine gives you access to everything


basically I would set it up as a "road warrior" VPN (but possibly split tunnel on the client [yes I know, WireGuard doesn't have servers or clients but you know what I mean]).

Alternately, I think you could do some reverse proxy magic such that everything goes through the WireGuard box


a.lan goes to service A, b.lan to service B, etc., but if you have non-http services this may be a little more cumbersome.

[–] [email protected] 3 points 9 months ago

I'm really liking my orange pi 5 Plus. Wasn't able to get the 32GB version, but 16GB is realistically more than I need anyway.

Main bonus for me over RPi is the RAM and storage


SD, eMMC, and NVME. The dual NICs and extra efficiency cores are a nice perk, too.

[–] [email protected] 1 points 10 months ago

Cannot recommend Immich enough as a self-hosted Photos alternative. Obviously not a drop in replacement, and if you don't want to self-host it's not really feasible. But it is just awesome.

 

Looking for advice for self hosted networking.

Question first, details below:

Everything works fine now, but feels...hacky. My question is, what's the best way of dealing with allowing only certain services to be accessible to the world while blocking other services to everything except local (+vpn) clients? Currently, because of my vps port forwarding, all external traffic appears to come from that machine. So, what I have now in my nginx config is to allow traffic from the local & wireguard subnets, except for traffic from the vps itself.

So: looking for advice on how to better manage access, but of course, if anyone has other improvements/suggestions, I'm all ears.

My current setup is:

Machines:

  • VPS (vps) with public IP.
  • Home router (router) with no public IP or open ports.
  • Home server (srv-home).
  • Remote server (srv-remote), located with family.

Network structure, ignoring vlans and whatnot, is:

  • vps <--wireguard--> router
  • vps <--wireguard--> srv-remote
  • router <--ethernet--> srv-home

srv-remote and srv-home can communicate through vps+router.

Services & structure, broadly speaking:

vps port forwards http/s to router, which port forwards to srv-home (can optionally have it port forward directly to srv-home, doesn't really matter to me).

srv-home handles SSL, both for services on srv-home and srv-remote. This allows me to a) manage certificates locally in one place (not on vps), and b) use local DNS on my router to bypass vps for locally hosted services. Works great.

srv-home and srv-remote both host some services which I would like to be publically accessible and some that I would like to remain private.

vps also acts as my roadwarrior vpn, on the same wireguard interface that's used for the vps<-->router link. One solution would be to just have separate wireguard interfaces (or maybe just separate address spaces?) for the vps<-->router and vps<-->[roadwarrior] links? Another would be to get the vps portforwarding set up in a way that doesn't lose originating IP address, but so far I have been unsuccessful there.

Thanks in advance for any insight!

1
submitted 1 year ago* (last edited 1 year ago) by [email protected] to c/[email protected]
 

SOLVED: delete using web client, and mobile will re-upload.

I haven't been able to find the proper way to force a re-upload of an image from mobile


any suggestions?

The images in question are from an iOS device. They show up correctly on the iOS device (both native Photos app and Immich), and claim to be uploaded (cloud w/check mark icon). On Android and web, they do not show up. If I try to download the image on web, it fails, with an immich_server log message of

ERROR [ExceptionsHandler] ENOENT: no such file or directory, stat 'upload/library/admin/path/to/file.jpg'

I've read it's possible to fix these issues with some Postgres magic, but I've also read that that is Strongly Discouraged.

I believe the original issue of why the files got borked was I didn't have a sufficient client_max_body_size set (I'm using a reverse proxy, nginx). This is just a hunch though...

Thanks in advance


will just ask the immich.app crowd if that's a more appropriate place.

view more: next β€Ί