The owners closed the restaurant and started a new one so I let the domain lapse.

ISPs often have SMTP relay servers. If you hook into that, your mail gets instant street cred.

Setting up fail2ban to block people trying to brute force the admin panel is a good start.

PlexAmp is an amazing bit of software for a phone. It doesn’t translate well to the desktop, but it’s still pretty good.

Your flacs will play lossless on wifi, and transcode to 128kbps opus on mobile. You can tweak those settings too.

Most smart TVs have a native plex app available too.

I know about that one. The 800MB “fix” for it has been crashing machines quite hard.

I don’t have that problem because I don’t run Windows.

Windows is shit.

IPv6 should not be disabled under any circumstances.

In fact, many devices in my house have IPv4 disabled. Disabling IPv4 on my public-facing SSH reduced the attack traffic to zero.

IPv4 is shit.

Public-facing: Password generator, stored in a password manager.

Internal LAN: Everything gets the same re-used, low-effort password.

Nobody is going to hack my CUPS server.

Thanks! I’m going through a DisplayPort to HDMI adapter because it was the only way to get 4K video. Pipewire is a bit flaky and applies filters that I don’t want. It’s a 3.1 channel setup. The goal is for the AV receiver to do all the decoding.

I’m on the new HTPC version installed as a snap. I can see that it’s meant to work with passthrough, but I find that it… doesn’t.

I haven’t tried in a few versions. Maybe I should give it another crack.

I used MythTV for decades. I really loved the “raw” digital output of the music player. It would casually hop from 44/16/2.0 to 96/24/5.1 between songs and my amp would decode it. I even contributed a small patch to make the visualizer work with 24bit audio.

The live TV hardware accelerated deinterlacing was really good too. TV recording was super reliable.

The TVDb lookup was a tad glitchy. It turns out that it didn’t include the year in the lookup. I wrote a patch that did it (and improved my metadata lookups heaps) but never made a PR.

I jumped to Plex around 2020. Mostly for things like streaming to my phone so I can have my music on the train. I believe Myth was better for HTPC, but Plex isn’t too far off.

The longest outage I’ve had in a decade is when my primary SSD died a 2 months ago and I had to reinstall using config backups. It was down for around a day.

I’ve thrown a UPS on it and flown overseas for a week or two. It’s basically just email for me and the kids.

I’ve had longer outages on hosted services, TBH.

I host my own mail. When it’s down, the mail just gets delivered after I get online again. Almost all mail servers are configured to retry over a period of several days before giving up.

Once my health insurer sent me mail by post to tell me that my mail server was down. That was kinda funny.

TightVNC. Use TightVNC.

I did have LUKS and a USB flash drive with a key to be inserted on boot. It was definitely difficult and caused performance issues. It was particularly difficult to add/remove drives from the array. These days I only encrypt my off-site backups that sit at the office where my coworkers potentially have physical access.

There have been recent advancements in TPM so disk encryption is easier to maintain and doesn’t affect performance. I’ll need to investigate this one day. My server/NAS is a 4th-gen i5, so it may not support the functions I would need. Full disk encryption will land in Ubuntu soon. I’m hanging out for that.

I personally would flick through the OpenWRT supported devices and pick the best supported device with 802.11ax.

Everything exposed except NFS, CUPS and Samba. They absolutely cannot be exposed.

Like, even my DNS server is public because I use DoT for AdBlock on my phone.

Nextcloud, IMAP, SMTP, Plex, SSH, NTP, WordPress, ZoneMinder are all public facing (and mostly passworded).

A fun note: All of it is dual-stacked except SSH. Fail2Ban comparatively picks up almost zero activity on IPv6.

Testdisk and photorec? It’s saved me heaps of times.

I was thinking “she should be able to” … “ask one of my friends to figure it out”.

As long as she knows what the passwords are, a tach savvy friend will figure out the rest.

My backup solution is hard to setup and maintain, but shouldn’t be terrible for someone else to recover from.

All the phones sync to nextcloud when on wifi and charging. My server has alternating encrypted backups, and one is always off-site.

If I go, my wife can plug it in and punch in the password. Hopefully that’s enough.

My wife has a laminated card which has the instructions to my KeePass vault, and an explanation of how the backup drives are encrypted.

Once the family photos are safe and she can login to all my accounts to finalize them, the server can be replaced with a WRT54G for all I care. Continuity will be impossible. Even a qualified sysadmin would probably struggle with it.