I don’t know what is typical, but when I use AI locally I’ve been running llama-cpp with models grabbed from HF (ex. QwenCoder). Then in my VS code plugin (RooCode) I use the “OpenAI compatible” option to point it at my local server.

Not sure how hard that is to get working, but my hope is that “OpenAI Compatible” helps.

Are there plans for mobile apps? In particular, obsidian and nextcloud don’t seem to work well together on android. Changes made to files via obsidian don’t get picked up by nextcloud unless I manually go sync the file. This might just be nextcloud’s app dropping the ball.

I see on the page it says you can bring an anthropic or openai key. Can I also point it at my own locally hosted model?

If everyone else moved, they would too. But no one will, so they won’t. Same as it ever was.

I have an edge router and switch, and two unifi APs. All accounts running locally. Works fine for my uses, though I think if I had it to do over again I’d investigate pfsense or opnsense. Not sure about hardware tho.

since it uses ZFS I don’t know it would be good for home use

TrueNAS is all I’ve used for my home for the better part of a decade. It’s been fine, what is your concern?

I feel like if that’s something you’re doing, you’re using containers wrong. At least docker ones. I expect a container to have no state from run to run except what is written to mounted volumes. I should always be able to blow away my containers and images, and rebuild them from scratch. Afaik docker compose always implicitly runs with --rm for this reason.

Just answering the question you asked.

So they could view their cameras while they’re away?

Step 1 is to do everything inside your network with data you don’t care about. Get comfortable starting services, visiting them locally, and playing around with them. See what you like and don’t like. Feel free to completely nuke everything and start from scratch a few times. (Containers like Docker make this super easy).

Step 2 is to start relying on it for things inside your network. Have a NAS, maybe home assistant, or some other services like Immich or Navidrome. Figure out how to give services access to your data without relying on them to not harm it (use read only mounts, permissions, snapshots, etc.)

Step 3 is to figure out how to make services more accessible away from home. Whether that is via a VPN, or something like tailscale, or just carefully opening specific ports to specific secure and up-to-date services. This is the part you’re feeling anxious about, and I think you’ll feel less anxious if you do steps 1 and 2 first and not even think about 3 yet. Consider it its own challenge, and just do one challenge at a time.

Then I can’t share images and albums through Immich :/

Thanks, those are some tricks I didn’t know about.

Thanks, yeah maybe not quite what I was asking for, but it does give me some stuff I didn’t know about that I could consider.

If I had one user that would work, but I have multiple.

Some people don’t have the luxury of being in the same place as the people they’re celebrating with. Jackbox games is a popular remote party game, but I am curious if there exists a similar, open, self hosted alternative.

I am really having a hard time understanding what OP is describing. Does anyone have a video example of the phenomenon?

Hah yeah, I’ve definitely pulled the plug on my router before because I wasn’t sure what I was seeing.

I mean, cybersecurity I would consider to be a research field. In practice, yeah, it’s a bunch of people just doing their best.

I tend to keep everything inside my network and only expose what I need visible on non standard ports, one of those being a VPN. It’s not that I couldn’t run these services public facing, it’s that the people taking the time to constantly update, configure, and auditing everything full time to head off red team are being paid. I don’t need to deal with an attack surface any larger than it needs to be, ain’t nobody got time for that.

The ability to generate a bunch of traffic that looks like it’s coming from legit, every-day residential IPs is invaluable to disinformation campaigns. If they can get persistence in your network, they can toss it into a bot net which they’ll sell access to on the dark web.

A sucker opens insecure services to the open internet every day, that’s free real estate to bot farms. Only when the probability of finding them is low enough is it not worth the energy/network costs. I think hosting on non-standard ports is probably correlated with lowering that probability below some threshold where it becomes not worth it…don’t quote me, though.

At the end of the day, the rule is not to depend on security by obscurity, but that doesn’t mean never use it.

The resources required to port scan every port on every IP is generally not worth it. AFAIK they tend to stick to lower ports or popular ports. Unless they’re intentionally targeting a specific IP or IP range, they’re just looking for low hanging fruit.

Are you not actually open to the public internet? Is it running on a nonstandard port? Is it already pwned and something is scrubbing logs?

Fair enough lol, can’t argue with that.