I’ve subscribed to their RSS feed, but their server is so unreliable, my feed reader complains all the time that it is unreachable. When I manually retry it mostly works, only to fail again later. I’m wondering what’s going on there. I never have this problem with any other feed…

Oops, you are correct of course, 6A is what I meant, plain 6 should work fine also most of the time, but there is pretty much no point going for that, unless you have that deployed already.

Can anyone explain to me if a headless chrome browser is dangerous the way a regular chrome browser is?

Almost. You want to make sure to keep it as up-to-date as you would a regular Chrome browser. It does almost everything a regular Chrome does, including running arbitrary scripts on websites.

Anyone have experience converting from 1G LAN to 2.5 or even 10?

Going from 1 G to 2.5 G is fairly cheap these days. You can almost certainly use the same cabling, even when you’ve got only Cat.5e cabling. While you can do 10 G over copper, I wouldn’t suggest doing that, since it consumes quite a lot of power compared to both 1 G and 2.5 G. You’d need Cat.6E for reliable 10 G over copper.

I don’t know your exact setup, but you should add the IP that Jellyfin sees when the reverse proxy makes a request. That probably comes from the IP of your Traefik docker container.

Thanks for pointing this out! I probably would have missed this, since I didn’t expect such a change for a patch release.

Their documentation mentions:

For jellyfin to know which reverse proxy is trusted, the IP, Hostname or Subnet has to be set in the Known Proxies (under Admin Dashboard -> Networking) setting.

Does this really mean, that the only way to configure this is through the web UI? This is kind of a problem when deploying it, since without the reverse proxy I can’t reach the Jellyfin server. Is there no way of doing this outside the web UI, via a config file or something?

Edit: Apparently the configuration for the proxies is stored in Jellyfin’s network.xml config file. So it should be possible to do this without manually configuring it via the web UI.

Another edit: It works. Adding <KnownProxies>[proxy ip or hostname]</KnownProxies> in place of the empty <KnownProxies/> key to that config file does the trick.

It’s on April 1st, but nobody takes it seriously.

I like Miniflux.

The at load efficency isn’t always the most important metric, depending on what you are using the machines for. If they are mostly idle, efficiency isn’t too bad. Many server tasks don’t load the CPU to the fullest anyway.

They are not too terrible really. 3rd gen i7 is the Ivy Bridge generation, so 22 nm. For many homelab server tasks the CPUs would be just fine. Power efficiency is of course worse than modern CPUs, but way better than the previous 32 nm Sandybridge generation. I had such a system with integrated graphics and one SSD and that drew 15 W at idle at the wall.

Pi Zero uses the CPU from the 3

No, the original Pi Zero uses the CPU of the Pi1 (only clocked higher). So it is quite a bit slower than a Pi 2, since it has only a single ARMv6 CPU core. Still fine for a DNS server on a typical home network.

It won’t get wikis or issues though.

You can easily mirror Github wikis as well. You just need to add .wiki.git to the repo URL. That way you can clone the wiki just like any other Git repo.

Sure, if you have exactly one client that can access the server and you can ensure physical security of the actual network, I suppose it is fine. Still, those are some severe limitations and show how limited the ancient NFS protocol is, even in version 4.

NFS is bulletproof.

For it to be bulletproof, it would help if it came with security built in. Kerberos is a complex mess.

If someone compromises the host system you are in trouble.

Not only the host. You have to trust every client to behave, as @forbiddenlake already mentioned, NFS relies on IDs that clients can easily fake to pretend they are someone else. Without rolling out all the Kerberos stuff, there really is no security when it comes to NFS.

archival strength USB NVME drive,

Does such a thing exist? Ordinary flash storage is pretty bad at keeping its content when powered off for a long time, due to how flash memory works. I’d be curious about such drives.

Thanks, I think the risk here is that there may not be hardware to read it.

M-Disc DVDs are readable by ordinary DVD drives. So you could simply put a USB DVD drive alongside those backup M-Discs on the shelf.

The script appears to be missing the #! line. Without that, it is unclear which interpreter should be used for executing the script.

or a domain with a random string of characters so no one could reasonably guess it? Does it matter?

That does not work. As soon as you get SSL certificates, expect the domain name to be public knowledge, especially with Let’s Encrypt and all other certificate authorities with transparency logs. As a general rule, don’t rely on something to be hidden from others as a security measure.

Then I don’t understand what your point is. A CPU on its own without a system isn’t of any use. Since there were no motherboards allowing you to use that much RAM, the point about the CPU supporting it is moot as far as I am concerned.