
Photoprism users every time this topic comes up

Photoprism users every time this topic comes up
Supersized Form Factor
If you want something that fits the SFF cube shape so you can throw it next to a TV or desk for video output, you can probably go for the SYS-A22GA-NBRT.
Easy to upgrade CPU & RAM later down the line if you start doing more stuff with it, plus space for dedicated GPU if you ever want to do heavy media server stuff.
Would avoid pi due to the underperformance for the price. Plus best bang for buck usable storage will always be HDDs. SD cards are nice but you have to disable journaling to keep the writes low as to not wear down usable blocks.


NSA is that you?
Also jokes aside, how does the use case compare to some existing tools like BBOT?
This seems morr geared towards public facing targets than targeted information OSINT (user profiling, etc.)


Domain for $8 a year and 300Mbps fiber for $45 a month which snake ass AT&T keeps increasing in 5 dollar increments, so thank you for reminding me to call Spectrum for a quote so I can then call AT&T and harass them into giving me the correct price for another year.
Anything that you can shove hardware into (CPU, RAM, HDDs, maybe a PCI slot), so any used workstation is a great start, and don’t bother splurging initially, just follow the quality tool rule and only buy when something becomes inadequate. If you want to jump straight into loud and noisy severs, you can pick up used servers for cheap like R730s which there’s a ton of out there. Just avoid 2.5" drive bays because 3.5" HDDS are way cheaper per Gb.
Would recommend podman over docker as its matured to the point where it has a lot of better features like rootless, quadlets, etc that you might want to take advantage of in the future. OS is whatever linux you prefer, but I recommend you stay away from Ubuntu. If you want something RedHat but not as cutting edge as Fedora, I’ve heard OpenSUSE is pretty nice.
For apps, If you want to do HTTPS via GUI then npmplus is nice option, Otherwise caddy can do the same with text config. Rest is whatever you want to try out :)
EDIT: If you start making an *arr stack, I would recommend recyclarr to handle the quite expansive content filter settings for sonarr and radarr.


I hate to break the news but the issue with Bitwarden is that the client sucks total ass, and there are no drop in 3rd party replacements for the browser plugin.
Been running Vaultwarden for a while now and even though the sync implementation is nice and clean, it’s just not worth the end user experience.


This is really dumb when compared to literally every other password manager, open source and enterprise which does a much better job of actually being a password manager and not a glorified encrypted text file.
I’m eventually going to switch back to KeePassXC and just suggest setting a master password with Firefox’s builtin password manager for everyone else who just wants a painless user experience and not have to deal with syncing vaults.
Wireguard.
Dunno if Cloudflare does effective auth for the tunnel or if you have to set that up yourself, but I don’t bother trying to expose services to the internet in any way because some of this stuff was just never designed for proper web security (cough Jellyfin).
It’s still worth setting up a wildcard cert with ACME so you get nice https and a real domain.


I’ve been trialing Vaultwarden for a while and while I do like the server sync setup and clean web access, the Bitwarden browser plugin is just okay despite being an “enterprise” solution. It misses probably about 20% of websites when creating a new account, forcing you to grab the password from the generator history and make a new entry manually.
KeepassXC is much better in that regard, and it’s almost as good as the default credential handler of Firefox, and it lets you set up a bunch of custom stuff to extend the functionality if you want. Plus it has some neat kbdx options aside from AES256.
Only downside is syncing, which I’m debating how I’ll deal with something better than syncthing on android (protocol is great, android makes it a PITA to have a background process if its not Google spyware).


(I don’t need strong censorship resistance; it just has to work in offices and hotel WiFis.
Wireguard on 443 or OpenVPN + Stunnel on 443
Wireguard is easier to setup because there’s no OpenVPN app that packages stunnel (afaik), so you have to run 2 apps on your phone to make it work.
A server like caddy can also accept HTTPS traffic for some regular websites next to the VPN server.
Wireguard uses UDP, so just run whatever you want on 443 TCP with caddy (unless you want QUIC for some reason?)
Anything beyond that and you’d be looking at using a proper obfuscation solution like Shadowsocks or obfs4, in which case you should look into Amnezia or Tor bridges.


Use our easy bash oneliner to install our software!
Looks inside script
if [ $(command -v apt-get) ]; then apt-get install app; else echo “Unsupported OS”
Still less annoying than trying to build something from source in which the dev claims has like 3 dependencies but in reality requires 500mb of random packages you’ve never even heard of, all while their build system doesn’t do any pre comp checking so the build fails after a solid hours of compilation.


Gamefreak used an additional hardcoded RSA public key auth in Pokémon Black/White because for some reason they didn’t trust OpenSSL to not fail for their HTTPS API connections, and yet here we are in 2026 with unauthenticated API endpoints.
Was ChatGPT unable to generate swagger docs they could have lazily plugged into an API scanner bruh
Or better yet notice the big fat “unathenticated” label when you look at the endpoint list.


No sweat, try mirroring a private tracker and you’ll very quickly run out lol. You need a couple of petabytes worth.
The real problem is the price of HDDs not going down due to lower production in light of SSDs.
I fully expect WD to drop this as some stupidly expensive SAS drives that almost no consumer will buy. They should at least apply the dual heads for speed tech so we get faster HDDs for the same price.

How I sleep knowing Fedora + podman actually uses safe firewalld zones out of box instead of expecting the user to hack around with the clown show that is ufw.
I could be wrong here but I feel like the answer is in the docs itself:
If you are running Docker with the iptables or ip6tables options set to true, and firewalld is enabled on your system, in addition to its usual iptables or nftables rules, Docker creates a firewalld zone called docker, with target ACCEPT.
All bridge network interfaces created by Docker (for example, docker0) are inserted into the docker zone.
Docker also creates a forwarding policy called docker-forwarding that allows forwarding from ANY zone to the docker zone.
Modify the zone to your security needs? Or does Docker reset the zone rules ever startup? If this is the same as podman, the docker zone should actually accept traffic from your public zone which has your physical NIC, which would mean you don’t have to do anything since public default is to DROP.


Couldn’t you just lazy build your own images if you don’t trust the source?
Even then most of these containerized apps can be run perfectly fine as a host binary, you just have to make your own start script and a systemd unit which isn’t that bad.
You could then build a completely custom image if you’d like, or move it into a VM if you don’t like the idea of running it baremetal.


How does it compare to Photoprism? Been on that solution for a while and I really like it, but have seen lots of people suggest Immich as well.


Ubuntu and Docker.
Really? Netplan alone disqualifies Ubuntu as a “friendly stable starter distro”, and I can guarantee you that your guide will somehow become outdated with a single new Ubuntu release, or some poor soul who accidentally selected an LTS release.
Docker doesn’t matter as much, but there’s a reason beyond just FOSS licensing why podman exists.
Would highly recommend Debian instead.
I started on Ubuntu similar to this many years ago and both the server and desktop experience was not fun at all.
HEVC support is enabled for Firefox 134
Cool for anyone not using AV1 which I assume is a big chunk of the userbase because not everyone has good AV1 hardware acceleration lol


“No”
– everyone using compose to orchestrate software deployments
Yes it is, and there’s a age old joke about docker being used for configuration management, which doesn’t require a container system.
Yeah I might switch over too because immich didn’t originally have some of the sort and detection features like Photoprism.
Photoprism is pretty good but it doesn’t have some of the nicer UI features immich has.