I use SimpleLogin with my own domain and have no problems 99% of the time. Every once in a while I’ll find a site that doesn’t like my .net domain, but those typically won’t take anything that isn’t a major provider. I use that as a sign I probably don’t need to use that service.
There are two things in my house I don’t “play” with: internet connectivity and core home functions (lights, locks, garage doors, etc). That doesn’t mean I don’t self host anything or then, but I always start from a mindset of “must work”.
I run HA on a Yellow (functionally an RPi 5 with radios and storage interface built in). My lights are either Hue running as plain Zigbee devices, or Zigbee switches. I don’t necessarily want more customization with home automation, I want stable, extensible, and easy to use day today. HA checks all those boxes easily. I’ve not done much looking into OpenHAB, but I would caution against going with something for home automation just because it’s more customizable. Sure, it’s great to have an automation routine that turns on your lights when you get home, it’s less great to have an integration that misbehaves and now you cannot turn off a light, or lock your door, or turn down the volume on your music, etc. Be sure to know what you want to accomplish before you buy devices, build automations, and always build things with a manual backup operation option.
There is, I think, a few things that contribute here.
Eh, it can be a lot of work but doesn’t have to be. I’ve automated backups, and if you follow current best practice guidance from industry, you should use long pass phrases and not worry about regularly rotating them. For things like SSH keys, you can rotate them if you think you’ve had a breach but in normal usage there isn’t a huge benefit security-wise since they functionally can’t be guessed and would need to be stolen. If an adversary steals your SSH keys then you’re already pretty hosed as the next step is for them to establish another backdoor to access your server without needing your key.
Honestly it’s not a ton of time. A few minutes to run patches every few weeks, and the initial investment to plan, install, and configure your services (but then that’s the fun part no?). Self hosting IMO isn’t a great way to save time and money, or even to get out of the pocket of big tech. If those are your goals you’re better off looking at hosted solutions that are Open, and likely paying for it since running IT stacks isn’t free. Self hosting is a hobby, something you do to learn and because you enjoy it. It is hard sometimes, takes time, and comes with risks, but so do most other hobbies.
It doesn’t usually matter what the service is, the basic concepts are the same. If you want to access a service you host on your internal network from another external network you either need to use a VPN to securely connect into your network, or expose the service directly. If you are exposing it directly you should put it (or a proxy like NPM) in your DMZ. The specifics of how to do this though will vary from service to service and with your specific network config.
You can run a port scan against your public IP from another network to see what is open. But if you haven’t specifically set something up for external access through port forwarding you are probably fine.
Only expose services internally then use a secure VPN to access your services, this makes your network no more vulnerable in practice than not self hosting. If you need/want to expose something to the internet, make sure you setup your network right. Use a DMZ to separate that service and leverage something like CrowdSec along with good passwords, antivirus, and keep things patched.
This was posted here yesterday by the dev. Overall the reaction seems positive.
A quick look through the repo it looks pretty legit, it’s a lot of effort to create something that works, with all the documentation (including a lot of planning docs) just to collect data on you. Traffic to various IPs, foreign or otherwise, wouldn’t really be odd for an app like this either. You could try and run it through something like virustotal though to look for malicious code (there are more than a few docker scanning tools on GitHub that use virustotal).
I use cloudflare mostly because I buy my domains through them as they offer at cost domain names for many TLDs. Internally I use PiHole and then just point what I need externally to cloudflare trough a reverse proxy and a DMZ box.
My work usually means I can’t listen to anything while I’m working (lots of meetings and video calls), but when I need to just head down get something done I listen to this lo fi beats playlist my wife made. It’s also great for reading while in a plane.
100% this, my wife makes a menu for the week on Monday then creates a list from that in Apple Reminders that I use to shop from. She knows if it isn’t on the list it isn’t going to be in the bag I bring home. Even hand writing a list is better than trying to memorize one, anything to take that mental load off in a place designed to make you over buy on stuff you don’t need will help.
It wasn’t standard previously, and if you have TV service I think it’s still inconsistent but the past ~5 years it seems to be more common that they are setup that way from the start. If you have internet only service, and a newer ONT (like less than 10 years old) it is the standard configuration and is how the self install guide tell you to hook up the “quantum gateway” router from Verizon.
You can always call and ask to have your ONT converted to Ethernet output if it isn’t already and as long as it supports it I haven’t heard reports of much trouble there. The very early ONTs though don’t support it though IIRC but those should be being replaced at this point anyways.
I mean you can, an ONT is not a router, it’s essentially a media converter. I use my own router (and have for many years) and had no issues. The FiOS tech even ran a long Ethernet run in my basement to connect the ONT and my router in my rack when they installed service.
It depends, and without knowing your ISP I’m not sure there is a way to tell you for sure. I know for example Comcast gigabit Pro has been known to directly connect to an ISP SPF module in your firewall/router, but Verizon FiOS (and most FTTP that I know of) provide an ONT that converts the fiber to Ethernet which you would then connect directly to your hardware.
I would verify if the ISP router you refer to is not really an ONT in which case you are directly connected to the ISP functionally and there isn’t really an advantage to getting an SPF and getting the fiber directly connected if you even can.
I’m curious how everyone documents their core/critical configs to allow the non-technical in our homes work with it if needed. For instance if I’m on work travel and the Pi-hole goes down for whatever reason my wife wouldn’t be able to use pretty much anything online. I can remote in and fix it but that could be hours/a day or two later. Same then for the proxmox stack that everything runs on.
Along the same lines, how are folks documenting for EOL? It may not be a happy thought but we are all going to go someday, so what is your plan and how have you ensured loved ones can access/save important data?
It’s worth remembering the full elimination dieting doesn’t work for almost anyone because of exactly this. Sure ADHD makes it harder/different, but everyone has a dopamine dependency and food is a huge part of that.
Dieting is mostly mental, and about all of your habits around eating. Look at things like overall portion sizes, and trucking your brain into realizing you’ve had enough. It’s okay to have some chips, but put them in a small bowl and then put the bag away. Eat dinner on smaller snack plates and not full dinner plates so it looks like you have way more food available. Eat slower, and don’t eat while doing other things like watching TV or reading as that distracts you from the signals your stomach gives that your full. And give yourself a reward sometimes, it’s important to enjoy life and food is part of that. Finally, is your dieting strategy sustainable long term (like “the rest of your life” long term)? If you cut out chocolate you may lose the weight you want, but if you go back to eating it again in a year, or two, or three you’ll likely gain much of it back.
You 100% can do it, but be sure to set yourself up for long term success! You’re not just trying to lose weight/be healthier, you’re working on lifelong habits to be happier as well.
Agree 100%. Most of the former Plex users turned Jellyfin users I have come across did so better Plex was broken in some way for them. For me it was the general lack of care in creating/maintaining a good Apple TV app. Over the past few years it’s just gotten buggier and buggier with a lot of complaints on the Plex forums where devs would essentially stop by to say they weren’t working on any fixes.
Jellyfin doesn’t fix 100% of the issues, but at least there is active development on Swiftfin that showed a desire to fully support all devices.
I do exactly this. My bank will try to use ACH or a one time debit card automatically, but inevitably ends up sending a check each month. What’s better is if I use the bill the water company sends and mail it back with a check there is a fee, but they don’t charge it when my bank sends a check.
It really depends on what you want to accomplish, your priorities, the amount of time and effort you are willing/able to put into it, and your risk appetite (not just privacy but also availability of your mail server).
It is for sure one of the more challenging services to self-host, and IMO doesn’t offer a huge improvement over a hosted solution with your own domain from an actual security and privacy standards point since email is inherently insecure and non-privacy protecting without adding additional not-always-standard layers on top like PGP/GPG, SMIME, one-time passcode escrow systems, etc. that all have their own huge trade offs.
Your self-hosted server will have downtime as well, some planned but also some unplanned. If your server is down, it can’t accept or send mail obviously which can be an issue (many services will try to deliver again after a back off period, but won’t try forever). Enterprises work around this with load balanced servers and running different services on fault tolerant infrastructure. That increases complexity quickly though and isn’t what most self hosters do AFAIK.