https://blog.cloudflare.com/updated-tos/

Finally, we made it clear that customers can serve video and other large files using the CDN so long as that content is hosted by a Cloudflare service like Stream, Images, or R2.

I will always recommend Borg backup just because of it’s compression+de-duplication algorithms:

550gb of raw data, 20 historical backups going back over a year (10.98tb of data total), only 400gb of disc space used to store them all…

You can backup directly to remote servers via ssh, nfs, or directly between two borg instances, optionally encrypted in transit and at rest.

Borg is a CLI tool normally, but there are a number of GUI frontends you can use if you really want: Vorta, BorgWeb, and BorgWarehouse for example. (I’ve not used any of these, just examples from a google search)

FileBrowser

Create share links allowing anyone with the link (+ optional password) to browse and download individual files, or whole folder contents.

If someone needs to send me a file, I can create a user for them in a few seconds; so they can upload to that as well.

… Try ~12 million.

Its 2025, not 2023; your graph is old af.

/edit for some reason I completely skimmed the title and focused on the quoted text… Ocf it’s old, it’s talking about the most upvoted post on lemmy 🤦

I definitely recommend it, particularly using docker compose. It’s made it incredibly easy to add, remove, and modify software installs; keeping everything independent and isolated from each other.

This also makes backups and rolling back updates to individual projects much easier when you do run into problems.

Hmm, I wonder if the failed updates are only direct installs vs docker.

I run two piholes, a primary on a rpi 3b running pios, and a secondary on my main server. Both are installed via docker and both updated without issue (besides the password thing).

I like having the primary DNS on a separate machine; it’s kind of important and I like to mess with the main server a lot…

Interesting; I’ll definitely have to keep that in mind. Much cheaper than getting basically a whole new set of hdds at almost $30/tb (new nas-grade drives, not referbs).

Thanks!

What hardware are you using to read/write tape, and what does that cost you?

I’ve got around 30tb that I need to shift off of a Drobo at some point so I can repurpose the drives into a proper RAID setup that isn’t a closed source black-box from a dead company (that was a poor choice, 6 years ago 🙁). Keeping an eye out for solutions for when I get around to fixing that mess.

I wonder why so many people had issues with the v6 pihole update.

I pulled the new docker container and it ran overtop the previous version just fine. The only issue I had was I had the admin password set to empty via an env variable and that variable name changed. Took like 10 min to find and fix. The rest migrated perfectly.

Now I’m just waiting on orbital-sync to add v6 support, but that’s just around the corner and not that critical.

95% of things I just don’t expose to the net; so I don’t worry about them.

Most of what I do expose doesn’t really have access to any sensitive info; at most an attacker could delete some replaceable media. Big whoop.

The only thing I expose that has the potential for massive damage is OpenVPN, and there’s enough of a community and money invested in that protocol/project that I trust issues will be found and fixed promptly.

Overall I have very little available to attack, and a pretty low public presence. I don’t really host any services for public use, so there’s very little reason to even find my domain/ip, let alone attack it.

Looking at openspeedtests github page, this immediately sticks out to me:

Warning! If you run it behind a Reverse Proxy, you should increase the post-body content length to 35 megabytes.

Follow our NGINX config

/edit;

Decided to spin up this container and play with it a bit myself.

I just used my standard nginx proxy config which enables websockets and https, but I didn’t explicitly set the max_body_size like their example does. I don’t really notice a difference in speed, switching between the proxy and a direct connection.

So, That may be a bit of a red herring.

Should check which ports.

Mine blocks 80 inbound and 25 outbound, but everything else I’ve tried works. (so no default http, and no outbound email)

I only really want 443 for simplicity, everything else can be random ports.

Public IPV4 here. It’s not static, but very rarely rotates. DDNS ftw.

Telus Residential in Canada.

DoH on the lan between devices is completely pointless; I’m talking about DoH between the lan and external dns which unbound does NOT do.

This part always confuses me, so I won’t be able to give specifics; just a general direction. Most guides explain how to route traffic from a vpn client to the lan of the vpn host. You need to route traffic from the vpn host/lan to a client of the vpn.

You need to change the routing table on the VPS, adding a static route to route traffic heading for your VPNs subnet to the VPN host instead of out the default gateway.

How exactly to do that I’ll have to leave to someone else unfortunately. Network config confuses the hell out of me.

I prefer cloudflared myself.

While unbound requests its answers from the authoritative servers for each domain; it does so using regular DNS queries, so it’s susceptible to monitoring and modification like any other DNS request. While adding latency by extending that request to several servers, instead of a single trusted provider.

That doesn’t really seem beneficial to me. I’d rather use DOH.

Many people advocate for Cloudflared as a tunneling solution, but it’s not a one-size-fits-all tool. Personally, I avoid it. Your VPS already functions as a firewall for your connection. Using Tailscale is also self-host and avoids reliance on third-party services like Cloudflare while maintaining security and the same functionality.

OPs not using cloudflareds tunneling or services at all; in this application, it’s purely a local tool for translating regular DNS to DOH using the chosen DOH provider. Mullvad in this case.

How well does it do with text in images?

I often find searching for things like ‘horse’ will do a decent job bringing up images of horses, but will often miss images containing the word ‘horse’.

I’m curious;

Which ML CLIP model did you go with, and how accurate are you finding the search results?

I found the default kinda sub-par, particularly when it came to text in images.

Switched to “immich-app/XLM-Roberta-Large-Vit-B-16Plus” and it’s improved a bit; but I still find the search somewhat lacking.

That is one beefy fan for a rpi.

I’ve just got a case similar to this; but all snap together, no screws:

The fan runs off the pin headers. Meant for 5v, but I use the 3.3v line to run it a little quieter/slower.

Even that makes a good 10°c difference.