These kind of changes will go a long way towards making it more accessible for the less technically inclined. Glad to see some actual progress in that direction, instead of the standard ‘git good’ style of Linux gatekeeping.

This could go a long way towards fighting online censorship. One less issue when an authoritarian overreach gets your domain seized. Pretty awesome.

Learning/practice, and any use that feeds in sensitive data you want to keep on-prem.

Unless you’re set to retire within the next 5 years, the best reason is to keep your resume up to date with some hands-on experience. With the way they’re trying to shove AI into every possible application, there will be few (if any) industries untouched. If you don’t start now, you’re going to be playing catch up in a few years.

Isn’t that the entire design philosophy of tailscale?: reduce friction, at the cost of some security.

If security is your main priority, you should be using more secure options, even if they are less convenient or tougher to maintain.

Damn. They’re really ripping the copper wiring out of the walls.

Why?

Yeah, I get it. I just prefer the polish.

Emby’s better than both, but jellyfin folks are probably going to crucify me for saying that.

Agreed. You also have to make sure you get everything configured correctly. The admin should get some suggestions for set up needed in the settings screen.

I also had to provision a lot of cpu cores for it. It doesn’t use much while idle, but try to pull a doc or picture, and you’ll see the cpu usage skyrocket.

And at the end of the day, it’s going to be heavily impacted by your disk speed. If you want superior performance, time to consider data center grade solid state drives.

Didn’t know about borg warehouse. Thanks for the heads up!

I like borg with rsync.

I’m not sure it would intelligently handle that on its own. There’d need to be some manual work on your end.

I recommend looking into a borg/borgmatic setup.

Regarding the ‘taking your phone with and joining untrusted networks,’ you can set up WireGuard to auto join your vpn on any network you haven’t whitelisted, including your cellular network.

Does it need to be exposed to the internet? Putting it behind a vpn would be best.

Besides that, just make sure only the users you need to have access to ssh logins, and use keys for extra hardening. Keep your system updated. Limit that system’s access to other systems on your network, so if it is compromised, they can’t use it as a pivot point for the rest of your setup.

The other commenter’s suggestion of fail2ban is also solid.

Plus certbot and acme easily auto renew the certs.

This Russiaphobia is so completely out of fucking control.

This is why I’ve stuck with Emby.

I get why people switched, and I’m open to it eventually, but Emby is much more polished. That’s not to say the Emby clients don’t also crash from time to time.

Thanks for the heads up! Tired of trying to make the Emby app work for audiobooks.

I just wish their official app would get out of beta already. It’s been stuck in limbo forever.