ZeldaFreak

My first advice is: it’s always too small. You always realize that you need more, as you can get bigger. As an example from me. I started with 3TB of storage for data hoarding. I quickly upgraded to 21TB and it’s still not enough. You may start with something small, but there is so much. Technically you could go up to AI selfhosting. Especially when you go the route with image and video generation, this takes up resources. I heard the Mac Mini is getting used for local AI.

As for what to host, you should ask yourself what do you need. Lemmy and Peertube I count towards not useful for private usage. A cloud storage like Nextcloud is something very useful. Jellyfin is useful. I would start with cutting out 3rd party cloud services from your personal usage. Instead using dropbox/google drive/iCloud and so on, use Nextcloud. Same for images. Make your local media like movies, music, audio books, books and so on accessible to all devices, with the neat features we love from other services like Netflix, Audible, Kindle and so on. You could also just starting hosting your own game servers, than renting or making it only available when you also play.

But be aware of the risks. Something like a Minecraft Server can be made accessible via VPN. If its open to the internet, the damage is rather small, if you don’t value your minecraft world that high. I rather have my Minecraft World deleted, than my personal pictures stolen. When you can open your service only to LAN, you have a lower risk to get it compromised (the risk isn’t zero! It’s never zero. Air gaped systems make it near zero, but not zero.)

When you do open your stuff to the internet, you need to update your software well and configure it well. Stuff like email is a pain to configure. I looked long for a managing software package, which made it easier for me but to leave me freedom. Next important thing is updates. YOU NEED TO UPDATE YOUR STUFF! I do prefer everything with auto updates. I use watchtower for my docker containers, even though it’s not recommended with some containers. What’s currently a big deal breaker for me is PostgreSQL. I threw out containers and avoided containers requiring it, as it needs manual interaction. For work I actually need to migrate from MariaDB to PostgreSQL for our chat system. At least they do use the LTS version, so you aren’t constantly needing to manually update.

As for the hardware, it highly depends on what do you need. A rented server (a VPS or a dedicated Server) does have the advantage to be easily in the internet and on the same note, this is a disadvantage. For email and websites this is good but you need to be very careful. You can start with a Raspberry Pi. Home Assistant does run on it and they do offer some apps, like AdGuard Home, Bookstack and Vaultwarden. You can also start with a NAS. I run my stuff on my Synology NAS, a DS920+. It has Docker. But you may want to look into a different company, as Synology did some bad stuff, that makes me them not recommending it anymore. I did heard Ugreen should be good. Obviously you could always go bigger and build your own NAS and using truenas or something else. You can also start with a MiniPC and use Proxmox.

For the operating system, I think the best thing is what floats your boat. I do use Ubuntu. Why? Because I like it. Using Containers is a big recommendation from me. With Proxmox you have VMs and LXC containers, which allows you to experiment within a container and separate stuff. You can throw it away easier, without disturbing other stuff, that is working.

I really would recommend to start small and keeping an eye on risk. Start in your local network and with stuff that isn’t big risk. If you stark taking more risks, don’t go full in in the beginning. If for example you hosts your own file cloud or email, don’t abandon your previous provider and start small, with unimportant stuff.

Now to myself: I have running a rented server, a Pi, a Synology NAS and a mini PC.

I did start with a VPS. Very hard and I made quite a few mistakes. the authorities twice called me out for stupid mistakes. It was the fun days, where I actually thought running a Windows Server in the Internet was a smart idea. I did run a webserver and email from them for quite some time. I even had a Skype Music Bot running without issues. What the authorities didn’t like where my attempts with the DNS Server and my MSSQL Server. Now my rented server is running my mail and webserver (with Nextcloud) and if I feel fancy, a game server. I don’t utilize it as I could and in the near future, I do want to switch things up but I need to keep my mail running.

My Synology NAS is the big stuff. It has my data on it and runs most my docker stuff. There I run audiobookshelf, calibre-web, gitea, jellyfin and paperless-ngx for my main stuff.

My Raspberry Pi 5 is running HomeAssistant to control my smart home stuff and a new addition is Music Assistant.

My mini PC is running Proxmox with Frigate. Frigate is a NVR for your cctv. Not that I have a big cctv system.

Technically I did start earlier with a Minecraft Server and a Teamspeak server, running from my own PC but that has the big downside, that you need to keep your PC running.

In Germany a school recently held a funeral for their school skeleton, which was an actual human. They suspected that this was a young Indian man. Up to the 20th century, you could easily buy a dead person from India. There are still schools with actual human remains.

Private I use Nextcloud + Betterbird (Thunderbird Softfork (stays compatible with the matching esr version)) + DAVx5 for Android.

At work we use an old web calendar in php5, as this is the only calendar we found that has a side by side view. Each coworker has his own calendar and in the 4 week view, each is displayed side by side. We didn’t found any replacement with that kind of view. Also we use the categories very strict. Each entry need a category, the admin defines the categories and it shows icons for it. Nextcloud even introduced categories a few years ago and still doesn’t have the option to define ones and delete default ones. You can add own categories on the fly, but this is so bad in design, as everyone needs discipline, which doesn’t happen.

At least something that is legal and that you can be sure that this is the persons will.

What I found weird is that in Germany until 4 years ago “ads” for an abortion was illegal but abortion itself is legal. Under ads it even counted when a doctor posted on their website, that they do abortions. They than changed that law and revoked any conviction until 1990.

Overall when I think how recent some laws changed and what was normal back when I was born or when my parents where born.

Thats why assisted death/suicide should be more legalized and talked about. I mean in such a case, the case is pretty simple. In such a case, they need a second doctor from outside to confirm the diagnosis, get a notary or some kind to confirm that this is the wish of the patient and they got all the necessary information. I guess in a week they should have the clearance.

This way someone can leave the world on their terms, without pain or traumatizing or hurting bystanders.

Yes, the software I use is heavily connected within Windows. Old versions where developed for MacOS and Linux, but they dumped that for quite some time. They even use sub .NET5 as framework. Even our customers are pissed with Windows 11, as they now all upgrade or already upgraded. For SSL key stuff, I do use WSL as well, as I couldn’t really got it working under Windows.

When you really want to know what pain is, try working with their admin panels. I did learn some basic Windows Server stuff but their admin panels… all Windows OSes are childs play. I would rather use Windows 8 (not 8.1) or Vista, as this shit. And the joke is, we don’t use the complicated stuff. Office, Visual Studio and Teams (well we do need some meeting software and if we have Teams, why not using it?). Office is a requirement, as our document/archive/CMS system only has an plugin for Word under Windows. We tried switching, but outside the IT department, no one, even the CEO, took some time to test alternatives, that they feel comfortable to use. For building our software, I actually want to look if there is a better solution but no time and a massive backlog. We need to argue a lot with our CEO, when we mention we change some of the operation stuff.

But hey, there is some good things. I convinced the company to use a Linux Server for some stuff. Inside the IT, we can and do switch stuff, when it benefits our workflow but outside, nobody is interested, even though it could make stuff so much easier. We did installed a test system and gave everyone access but nobody tested it.

First would be programming and second gaming. Not all my games I own, do work with ProtonDB and with programming, well parts we use, don’t work with Linux. We tried. Its probably just figuring out the right settings but spending several hours tweaking everything, in the hope to get it properly running, isn’t worth it, when it all runs on Windows out of the box.

You can rollback easily. I’ve upgraded to Windows 11 a while ago and after 48 hours, I rolled back to 10. But this is how I will feel like in October.

And no, Linux is NOT an option for me, at least for my main PC. My laptop gets Linux, as there I don’t do stuff, that isn’t running under Linux. But I still hope that Microslop does something good and fix their shit.

Of course everything can be hacked. When I think something is compromised, then I need to change everything. So far I didn’t heard of any remote zero click compromise. With the fancy hacking tools of some companies, its not publicly known how they gained access. I suspect either physical access or some malware. But we are speaking on a high level of hacking, that most people don’t need to be scared off. At that level, there are other things to worry about.

When we just look at the dangers an average person might encounter, this level of security is fine. I do had accounts compromised and I can exactly tell what my mistake was. One was sharing my password with someone else and not knowing how secure his devices where and not having 2FA. The second one was that I used the same password everywhere. At this point I was switching to generated passwords and still didn’t had every account changed (the unimportant ones).

Of course Passkeys are by nature a more secure implementation, as you are unable to save plaintext passwords but there is one thing that this can’t solve and that’s being that they remove and reset your auth, without verifying your identity. Hackers still can steal session tokens and sites don’t need to require additional authentification, when altering your authentification.

I quote myself from a different comment:

I just needed to think of the scene from the Simpsons, where Mr. Burns and Smithers go all through the security checks and in the end, there is a flimsy open backdoor, where a stray dog entered the room. All security in the front doesn’t matter, if the backdoor is not secure at all and until the backdoor is that unsecure, I’m not willing to add money and time, to make the front door more secure.

The phone argument lacks a bit. Accessing the TOTP App and the password manager do require a separate authentification, to get encrypted. Sure if they snatch my phone away, when its fully unlocked, including my password manager, they have access for a limited time. They need to be fast enough, until I can remotly lock it or until it automatically locks itself. Android phones can now detect when they are stolen. Either by the movement or when it goes offline. The latter I tested and it’s not instant, but you still don’t have long.

I don’t think about potential backdoors. If there is no known backdoor, then I deem it save. Sure they also could me to unlock the phone. This would be xkcd 538. And this applies to any security.

Adding more security and inconvenience doesn’t make sense to me, so long the backend is shit. So far a few big companies did screw up hard in their backend and dozens of smaller sites do some bad stuff, that it doesn’t really matter how strong your login is. Here I reference back to my quote.

In a closed system, like a company, this added security makes sense, as they usually control the backend as well. If my CEO would send me a text request to reset his logins, I would call him or walk to his office, and ask him directly. Sure with AI, they could impersonate his voice but I don’t think they can impersonate his way to speak.

I didn’t invested too much time into hardware keys but requiring additional software on other PCs, still is a no-go for me. With my current setup, I only need my smartphone and I always carry it around.

For business use, this is a whole different topic. With a proper setup, all machines would require the software and you shouldn’t access these accounts outside from company devices. Its also an expense which the company must carry and its easier for them to handle backups. Also in that Setup, you can have SSO/LDAP, where you can physically proof that you are you and requesting resetting the MFA. With an online service, they usually require a weak proof, like just the access to an email account.

I just needed to think of the scene from the Simpsons, where Mr. Burns and Smithers go all through the security checks and in the end, there is a flimsy open backdoor, where a stray dog entered the room. All security in the front doesn’t matter, if the backdoor is not secure at all and until the backdoor is that unsecure, I’m not willing to add money and time, to make the front door more secure.

Vanilla KeePass. The Dev isn’t interested to providing a communication outside of its program, but he clarified, that plugins have all the right access, to do that but as it seemed to the dev, there is no dev interested to making such a plugin. KeePassXC does support it but they are still missing entry templates. This is the only missing feature that is holding me back to switch.

Or the obscure ways for 2FA/MFA. Passkeys are mostly cloud based. Yeah fuck no! The weakest Passkey is weaker than my usual random generated password, if the site don’t do any shady business and require a weak password. Hardware keys are luckily not pushed for usage. I don’t like them either. You require at least 2, for backup reasons. They also cost quite some money and they have zero auth. Just connect to usb and tap it. Also retrieving the backup and get a replacement for a defective one, takes some time.

Good old TOTP as 2FA is perfect, paired with a strong, random password. With my TOTP, I have an encrypted backup in my cloud, on my NAS, older backups in secure places and backup codes in several places. The TOTP App I use is open source and I have a mirror of the source code.

This should be enough security, if sites don’t screw up all the time. You can bypass 2FA all the time. Even the credit card company screwed up big time. Usually you get 2 separate letters, one with your pin and one with your card. Both came on the same day. Also I actually didn’t needed the pin in the first place. I was able to add the card to the app and see the pin there, without actually verifying anything, except the credit card number.

Maybe when passkeys are supported in my password manager, I will try it but so far it isn’t and switching is not an option, as it doesn’t support the features I need. There is an open issue for an alternative password manager, with that feature request and it has some people wanting it, but its still not added. But passkeys doesn’t fix the issue for me using stronger keys, it fixes the site owners to allow stronger keys but they are still not required to use it. Some devs are just weird. I’ve read one PR for an FOSS project I use, where someone wanted to implement a universal oath or such stuff, that would support all types of external authentifications. Nope, the dev refused the PR and they wanted to stay at the 2 proprietary implementations, for 2 services, even though this universal implementation would work with these 2 too. I can’t tell exactly what it was. I was experimenting with an auth service for my self hosted stuff, to not deal with several accounts and rights systems. This service was the first one which I wanted to switch and they didn’t wanted to support it, leaving me with the standard login.

Also they aren’t rated to get screamed at: https://www.youtube.com/watch?v=tDacjrSCeq4

I once thought the same. Started with 3TB usable storage. Now my NAS has 21TB usable storage and it has less than 3TB free space available. Alone my Jellyfin Media uses 7.7TB. Another big factor is my retro game collection. Once you realize what you can do, you use more and more storage.