A lot of those points are more or less unrelated.

You can set up a samba share with a bare metal ubuntu/fedora/gentoo/whatever machine. Similarly, you can run nextcloud on whatever (I like the containerized version but…). And you can (probably) do both on a freenas box.

As for my personal setup: most of my NAS I just access via smb or scp/rsync. But for stuff that I do need synchronized, I use nextcloud… with said smb share('s directory) mounted into the container. It is far from the most secure approach (seriously, how the hell is nextcloud a commercial product when it is so feature bare and prone to breaking in containers!!!), but these are files where the goal is mostly convenience (game saves, etc) rather than privacy.

Nope. And I doubt I ever will.

But it is pennies a month in terms of power loss having a smart plug and gives me peace of mind for a big ass potential vulnerability.

I have a bit of a mess that detects active processes and traffic and sends a signal to homeassistant which then informs me the same way it does when my garage door opens or whatever.

But mostly, the key is to put it into a system that will actually alert you. Like with any alert

1. Dynamic DNS hooked in to one of my spare domains
2. Wireguard running on my firewall
3. An alert set up to inform me any time ANY client connects to said VPN
4. Smart plug between my firewall and the UPS

Connect on my device or my travel router to get onto my home network and then access additional services as though I were local. And on the off chance I get an alert that something is connected and it is not me? I kill my network and deal with it when I get home. Not perfect (since I could be asleep) but gives me peace of mind on the off chance my VPN somehow becomes compromised.

Double check the numbers (I checked these maybe a year and a half ago?) but for 4 bays/drives or less, just get a Synology. Amazing price to performance ratio and synology make a good OS

If you want more than four drives? Do you “love linux”? If so, go with a Truenas or a Ceph build. Do you want it to “just work”? Unraid.

So based on your use case and comments: Just get them a synology. Then either use the Synology Drive Client software, set it up as a smb share/network drive and have them manually copy files in, or go semi-crazy and run Nextcloud.

That said: if the focus is on photos and videos, you may just want to look into google drive or one of the other user oriented cloud services. Fairly inexpensive and, unless you are filming a lot of Those Kind of Movies, the loss of privacy knowing that your birthday pictures will probably be used for an internal training set are offset by having firm backups and one less thing to worry about in an emergency.

That is even less fiddling. Too lazy to go plug it into my hub so going to use the device buttons, but this works with m+kb if you have one plugged in

1. Unlock the deck
2. Hit the steam button (this is probably the windows/apple key but, again, lazy)
3. Click power
4. Click “switch to desktop”

And congrats. You are in a KDE Plasma (best desktop) environment that behaves perfectly normally.

Not sure of a good way to change the default after a reboot (google it), but that is the extent of faffing about.

You really don’t have to fiddle with the deck to anywhere near the degree people think you do. The vast majority of games either “just work” or involve switching your proton version (one menu). Beyond that, it is just adjusting game settings until it runs well… which is needed for “modest/patient gaming” anyway. And the windows based devices (including a steam deck running windows?) get rid of the proton aspect.

But yeah. It very much sounds like you want a “real” computer. So either save your fingers and sanity and go for a mid tower or have fun cable managing an htpc/mini-itx build until you have some semblance of airflow.

And in that case, a thin client is probably what you want. And in a lot of ways, NUCs set that back pretty far.

People ask for a lot of things. But it boils down to what they are actually trying to do.

The nuc was… a bad product. Power wise, the moment you do anything you start running into thermal issues. Getting a used one cheap is great for home automation and lightweight server work (hell, my router/firewall is more nuc than not). But in terms of actual user computing? A laptop is better in almost every possible way. If only because you aren’t mounting it to the back of a monitor: it IS the monitor. Similar (often much better) performance, similar thermal savings in a crowded office, and you can take your laptop into meetings or even home because 9 to 5 is just a suggestion when you are salaried.

In a lot of ways, nucs felt like a pretty big misstep even at the time. We already had thin(nish) clients in the form of the Solaris Sun ray and the like. Which, to a corporate environment, provides pretty much all the benefits AND a much more centralized security model (we see a shift back to that with the push for VDI solutions).

And from the conversation with that user: They want a computer for gaming. A nuc was never going to be that. A low-ish tier gaming laptop (I have a Razer Blade Stealth that I love) might do that. But they have their heart set on a “real computer”. MAYBE a nuc-like with a good APU could do that but… thermals. Which means, a desktop of some form. Whether it is an HTPC or a tower or whatever.

Then yeah. Steam Deck. GDP Win whatever the hell, Aya Neo, or (if you don’t expect to ever need any customer support) the asus one.

Bang for your buck? Those rival (arguably beat if you aren’t a youtuber with a warehouse full of free parts) desktop builds, tend to have okay-ish thermals, and don’t have many battery issues when docked. And most of them double as mediocre “normal” computing experiences on top.

Again, it really depends on what you are using it for.

“Gaming laptops” are often fairly horrible for temperature control. But otherwise? Most modern laptops have performance comparable to the average desktop that has poorly applied thermal paste and was never maintenanced in its existence.

Really depends on what you are using it for

• Internet browsing and media consumption on a big monitor? Light code development and/or office work? Just get a semi-modern laptop with USB c (preferably thunderbolt) out and a hub.
• Gaming: Honestly? The Steam Deck or one of the other vita form factor PCs are surprisingly good bang for your buck gaming wise. Same rules regarding a hub and monitors. And some gaming laptops are pretty affordable too.
• “Power user”: Build an htpc/mini-itx build and learn to hate everything about cable management

I love my big ass full sized tower. But the vast majority of computer users would be fine with a laptop and a dock/hub.

Again, how many “active members” are likely to understand the issue well enough to make that report. Or are they going to need to use up the time of those core developers to understand well enough to write it up?

I’ve been through similar a decent number of times on the corporate side. Something has gone very wrong. People want answers. A good manager assesses the situation and responds back “Look, we know what is going on and all hands are on deck to fix it. Making a powerpoint is not fixing it. We’ll do a proper write up for next week but we can either have So and So fix it or report on it.”

Obviously that stops being an option as you begin impacting investors. But that is when it becomes a trade off of “Okay, Jen barely understands what Roy and Moss are doing. But she can say something that hopefully won’t be too wrong and then apologize and give a correction tomorrow”

But people very much don’t seem to understand how small this project is. Spend time with passion projects and “open source” projects that AREN’T on the scale of a small-medium sized company and you understand that standards are going to be lower because people have day jobs and so forth.

I mean, there is a reason reddit hired so many people over the years. And if you are going to jump down the throats of people who prioritize fixing an issue and counting on “active members” to notify users over writing up the reports that many of those users won’t even look at? You want a production quality piece of software. That means Reddit or Threads or Bluesky.

And if this were a large company? Yes.

This is an open source project with less than 200 devs with the VAST majority coming from two.

Part of this is very much the learning curve and why you should very much think twice about using open source passion projects in “production”. This is the kind of stress testing that comes from lemmy/mastodon/The Fediverse actually having users.

But also?

• It has been indicated that there is an ongoing problem and the fixes are (hopefully) done with frantic work based on https://github.com/LemmyNet/lemmy-ui/pulls?q=is%3Apr+is%3Aclosed
• Publish mitigation in appropriate bulletin systems: It is far from textbook, but this is a social media platform. Users are spreading word of mouth while devs do actual work
• Publish fix in appropriate bulletin systems: It is far from textbook, but this is a social media platform. Users are spreading word of mouth while devs do actual work

Most of the information I (as a person running a lemmy server) have been able to glean is from random threads spread across random communities.

So you are saying that you were told there is an issue. And you can do exactly what I did while writing this message: Check the github page.

Do I think the lemmy devs are doing everything by the book? Hell no.

Do I think, given the resources available and the timeframe of the attack, that they are doing it correctly? Yes. They identified the vulnerability, (hopefully) implemented a mitigation, and pushed that all within 24 hours. Popular docker containers have already been updated, users are spreading The Good Word, and so forth. And I would much rather they use their limited resources to focus on actual fixes than doing proper writeups, just so long as the fixes are getting propagated.

Optimally? I want those proper reports filed within the next day or two. Given that this is likely NOT a full time job and all the chaos of the past 24 hours or so? I’ll give them a week.

And if your complaint is that they aren’t behaving the same way large corporations and massive projects (that often became corporations) do? Maybe Lemmy is not for you. And I don’t mean that in an insulting manner. If I were tasked with finding a message board solution or whatever for my company, there is absolutely zero chance I would recommend Lemmy. It is not production quality.

But for shitposting and actively not providing PII or anything useful? Let’s see how things get hardened from here on out.

Exactly

Yes, the vulnerability is out there. Maybe the root cause actually introduced a LOT of vulnerabilities. The fix is being pushed at a frantic pace. To expect the devs to take time out of the mad rush to notify those impacted to do a proper writeup is just insanity.

The way I see it? This (hopefully) got fixed pretty much instantly and there is active work to get the fix applied by the people who need to apply it. That is what should be done. Give it a week or two to see how they handle the public disclosure side of things.

I mean, that is just another way of checking your dashboards. So is just futzing around semi-regularly.

Unless you are dealing with a high availability setup, it matters a lot less whether you do a push/pull model for notifications so long as you are regularly checking then. The issue is when you have people who just buy a synology or a qnap, shove it in the attic for two years, and then realize they lost three drives AND are infected by ransomware.

Honestly? You already hit it. The pihole. Maybe a firewall/router so that they can switch away from the comcast “modem” to a small computer running opnsense and then either ubiquity or omada for easily upgraded wifi support.

For just about anything else? I would honestly say “no” to the “average joe”. Unless you are running a backup solution, it is just a liability. And a backup solution involves offsite backups of the important stuff. Just having a NAS is worse than worthless unless it is solely used for data you don’t want to keep at which point… why do you have it? Because hardware failures will happen and, unless you are regularly checking your dashboards, they will happen in rapid succession.