Both!

The native automation is perfectly cromulent for what I want, usually, but there’s a couple of cases where the integrations either don’t exist or don’t return meaningful data.

FOR EXAMPLE, the video playback in the living room thing. Sure, the roku integration says “something is playing” but it’s shockingly wrong and unreliable. What happens is it falls into ‘idle’ status between videos, or if you’re fast forwarding sometimes and thus the automation was not doing exactly what I wanted.

The Jellyfin API, though, can look at the living room tv user and is spot on as to what is going on with play/pause/stopped statuses, so I have node red yank that data direct from the API and it works great.

big fan of mini PC’s

Same, but just be careful if you venture outside of the “reputable” vendors.

I bought one recently from Aliexpress, and while it’s perfectly functional, it’s using an ethernet chipset that doesn’t have in-kernel drivers so I have to keep compiling new drivers for it every time the kernel upgrades.

Not the end of the world, but an annoyance that I could do without, and not something a slightly more expensive version of what I got would have.

I’ve gone way too far down the automation path.

All manner of temperature, humidity, occupancy, motion, and air quality sensors make all sorts of things do appropriate responses.

For example, I’ve got a mmwave motion/occupancy sensor in the bathroom, and if there’s no motion/occupancy and the humidity is more than 5% higher than the hallway sensor, then turn on the exhaust fan until it’s not.

Or, if the air particulate count in the kitchen is too high, turn on the exhaust fan until it’s not.

Or, if the living room is occupied, and the tv is on and playing media, turn the overhead lights off and turn the RGB accent light on very dimly. And if the media is paused or stopped, increase the brightness of the RGB lighting so you can see where you’re walking, and if it stays paused or stopped for more than 10 minutes, turn the main lights back to whatever state they were in before media playback started.

No dashboards though, since the goal is essentially that you don’t have to think about what is going on, because it should Just Work™ and never be something you have to deal with.

…though, really, I’d say we’re at like 80% successful with that.

For manual interactions I’ve got a bunch of NFC tags in various places that will trigger the appropriate automation in the case that you either want to do it by hand or it fails to do the needful, plus the app is configured to allow manual control of any device and to trigger specific automations.

Privacy regulations are all fine and dandy, but even with the strictest ones in place,

They’re also subject to interpretation, regulatory capture, as well as just plain being ignored when it’s sufficiently convenient for the regulators to do so.

“There ought to be a law!” is nice, but it’s not a solution when there’s a good couple of centuries of modern regulatory frameworks having had existed, and a couple centuries of endless examples of where absolutely none of it matters when sufficient money and power is in play.

Like, for example, the GDPR: it made a lot of shit illegal under penalty of company-breaking penalties.

So uh, nobody in the EU has had their personal data misused since it was passed? And all the big data brokers that are violating it have been fined out of business?

And this is, of course, ignoring the itty bitty little fact that you have to be aware of the misuse of the data: if some dude does some shady shit quietly, then well, nobody knows it happened to even bring action?

How exactly are “communities offering services” a different thing than “hosted software”?

I think what they’re saying is that the ideal wouldn’t be to force everyone to host their own, but rather for the people who want to run stuff to offer them to their friends and family.

Kinda like how your mechanic neighbor sometimes helps you do shit on your car: one person shares a skill they have, and the other person also benefits. And then later your neighbor will ask you to babysit their kids, and shit.

Basically: a very very goofy way of saying “Hey! Do nice things for your friends and family, because that’s kinda how life used to work.”

The master-omnibus image bundles all that into a single container is MUCH simpler to deploy.

Literally just used their compose file they provide at https://github.com/AnalogJ/scrutiny/blob/master/docker/example.omnibus.docker-compose.yml and added in the device names and was done.

Are uptimekuma and whatever you’re trying to monitor on the same physical hardware, or is it all different kit?

My first feeling is that you’ve got some DNS/routing configuration that’s causing issues if you’re leaving your local network and then going through two layers before coming back in, especially if you have split horizon DNS.

For sure, just wanted to mention that it’s not just the China side of the trip you need to be vigilant about.

If your device is out of your sight, then yeah, you should probably assume it’s compromised.

Of course, that’s hardly JUST China doing funky shit with your devices, but depending where you’re calling home, odds are customs/immigration when you head home will try to do the exact same thing, too.

And the answer to everything is yes, always use a VPN if you don’t trust the network and you should never trust the network.

Judging from the last time I looked at their comment platform, it had the feeling that the only users of it were ones that were banned from Youtube because of the toxic shit they’re wanting to post so I mean, I guess, but it’s not the experience you’re wanting, probably.

Yeah quicksync won’t help you there.

I thought nVidia’s limit was enforced by their drivers, but that’s probably changed since it’s been a while since I looked at nvenc as a solution (quicksync, then an ARC card over here).

If you have an Intel CPU with quicksync, it will likely perform better than the 1060 in terms of visual quality, if its coffee lake or newer (8th gen).

If not, well, it’ll be fine up to whatever the stream limit is (4?).

Fair, but he said he wants to move from Windows to Linux, so I just assumed there wasn’t going to be any of those since, well, they’re not going to run in Linux anyways.

Not in a way you’re probably going to like.

You could set up a bare metal hypervisor on the system and set up a VM for your NAS, Windows, and Linux and swap between them as needed, but uh, that’s not really an exceedingly pleasant desktop use case, for a number of reasons, one of which is that you really won’t have the normal ‘sit down, and use the computer’ desktop experience.

Alternate option: run the NAS and either the Linux or Windows install in a VM, and keep it booted into, say, the desktop Linux environment with everything else being a virtualized setup.

Since android apps are required, I’d maybe go about this another way: find the app you like the most, then stand up whatever backend it uses for sync.

I was already in the FreshRSS ecosystem, but man, I don’t really like any of the android apps on offer, but swapping at this point would be annoying (bookmarks, saved stories, etc.)

good ideia to run restic as root

As a general rule, run absolutely nothing as root unless there’s absolutely no other way to do what you’re trying to do. And, frankly, there’s maybe a dozen things that must be root, at most.

One of the biggest hardening things you can do for yourself is to always, always run everything as the lowest privilege level you can to accomplish what you need.

If all your data is owned by a user, run the backup tool as that user.

If it’s owned by several non-priviliged users, then you want to make sure that the group permissions let you access it.

As a related note, this also applies to containers and software you’re running: you shouldn’t run docker containers as root unless they specifically MUST have a permission that only root has, and I personally don’t run internet facing ones as the same user as all the others: if something gets popped, then they not only do not have root permissions, but they’re also siloed into their own data in the event of a container escape.

My expectation is that, at some point, I’ll miss a CVE and get pwnt, so the goal is to reduce how much damage someone can do when that happens, rather than assume I’m going to be able to keep it from happening at all, so everything is focused on ‘once this is compromised, how can i make the compromise useless to the attacker’.

Unifi Gateway Ultra

How have you liked the gateway? Any stupid decisions that have annoyed?

My USG has decided that, after a decade, it’s going to be flaky and crash if it wants to (even after replacing it’s 4th dead PSU and 2nd USB stick) and I’m thinking it’s probably time to upgrade.

I’ll admit to both liking the Unifi ecosystem and firmly not trusting the Unifi ecosystem one damn bit, which is bit of a weird situation where I’ve been really really unwilling to upgrade anything because that hasn’t always gone uh, smoothly.

Also if you’ve never seen it, lazydocker might be something up your alley.

It’s a TUI, but it provides easy access to docker containers, logs, updating/restarting/stopping/etc them and so on.

You could also use nginx if you wanted; it’ll do arbitrary tcp data with the stream plugin.

I mean, recovery from parity data is how all of this works, this just doesn’t require you to have a controller, use a specific filesystem, have matching sized drives or anything else. Recovery is mostly like any other raid option I’ve ever used.

The only drawback is that the parity data is mostly equivalent in size to the actual data you’re making parity data of, and you need to keep a couple copies of indexes since if you lose the index or the parity data, no recovery for you.

In my case, I didn’t care: I’m using the oldest drives I’ve got as the parity drives, and the newer, larger drives for the data.

If i were doing the build now and not 5 years ago, I might pick a different solution but there’s something to be said for an option that’s dead simple (looking at you, zfs) and likely to be reliable because it’s not doing anything fancy (looking at you, btrfs).

From a usage (not technical) standpoint, the most equivalent commercial/prefabbed solution would probably be something like unraid.