Good point. Setting up shadowsocks and tunneling wireguard through is on my to-do list. I believe ss also works over TCP so it should work reliably in filtered networks.
Good point. Setting up shadowsocks and tunneling wireguard through is on my to-do list. I believe ss also works over TCP so it should work reliably in filtered networks.
Protections of consumers and regulating ISPs is the job of the FCC. If consumer protection gets reduced and things like net neutrality get worse, pirating will get more difficult and/or risky.
E.g. until recently ISP’s didn’t have to really do anything if a user was caught infringing on someones copyright (e.g. through torrenting). This has now changed and the risk of getting disconnected massively increased. [1]
An example of the worst case might be Germany, where copyright owners can demand the information of a user who was caught infringing on someones copyright. This allows them to sue users directly for damages of sharing copyrighted material.
tl;dr
It is important for us pirates who decides what the FCC focuses on.
Wireguard uses UDP which results in better latency and power usage (e.g. mobile). This does not mean Wireguard can’t tunnel TCP packets, just like OpenVPN also supports tunneling UDP.
I’m using Wireguard succesfully for torrenting.
I wouldn’t use Mint or other desktop-focused OS for a server. Ubuntu’s advantage of newer packages gets largely negated by how long Mint takes to release a new major release, so I’d rather use Debian.
I do think Ubuntu is fine for servers too, like almost any other point release distro.
For newcomers I’d recommend docker and images like gluetun for setting up the VPN. It makes it easy to forward ports (for remote access) while keeping the torrent client behind the VPN.
I remember taking my first selfhosting/Linux steps a year or so after the launch of Let’s Encrypt with a Pi 3. At the time, most tutorials didn’t set up https at all, and if they did, they were self signed certificates (resulting in browser warnings).
Self-signed certificates are annoying and creating them was a series of copy pasting long, weird commands, usually using long exspiration dates (manual renewing sucks).
Not long after, guides started recommending certbot. Nowadays reverse proxys like caddy set up TLS automatically.
At least that’s how I remember it, given my complete lack of knowledge about Linux at the time.
Yes, the restriction to a single VPN client is annoying.
Blocking ad/telemetry domains can be done by adding Adguards DNS servers in the OS settings. Sadly blocking apps Internet permissions completely is not possible (except on OS like LineageOS, CalyxOS or GrapheneOS).
Symphonium is a great Android music player which connects to a Subsonic or Jellyfin server (or any other protocol like SMB).
Navidrome is a music server which implements the Subsonic protocol. This means apps like Symphonium can connect to it.
Any old PC is enough, even a Raspberry Pi is fast enough for a music server.
Anything more like SSL (https) and a domain is optional for getting it working, and only a benefit if used outside of your home network. Using Tailscale makes a domain/SSL unnecessary and also no longer needs messing around with networking (e.g. no opening ports on the router).
The survey was originally sent out on reddit /r/selfhosted, so I expect most respondents are from there.
No, I haven’t connected a Pi to a 4k TV.
Analogue likely doesn’t emulate the hardware at the transistor level, as it’s far more difficult than doing what most software emulators do.
From an interesting (altough non-conclusive) HN-thread [1].
Without seeing the code, it’s impossible to know where Analog’s implementation falls on the spectrum of software emulation vs hardware simulation. There is nothing magical about FPGAs that automatically makes anything developed with them a 1:1 representation of real hardware. In fact, there are plenty of instances where the FPGA version of a particular console is literally just a representation of a popular emulator only in verilog/vhdl. In many instances, even the best FPGA implementations of some systems are still only simulating system level behavior. Off the top of my head, one famously difficult case is audio, where many chips have analog circuitry that cannot be fully simulated.
FreeTube does not have controller support, and for AndroidTV I’d recommend SmartTube.
Kodi/LibreELEC is able to do all of it, but IMO it’s not a good experience for browsing YouTube and I don’t know how well the third party Steam Link integrations work.
This is why I’d also recommend LineageOS Android TV, which supports Pi’s thanks to konstakang. But I’m not sure why it’d work better than a FireTV stick, since both run AndroidTV.
Edit: I’ve had an issue where the Pi 5 wouldn’t boot AndroidTV, until I tried to turn it on again after a few weeks. So I’d recommend sticking with the FireTV + SmartTube + Jellyfin + Steam Link (unless you’ve got a Pi 5 lying around anyway).
Edit 2: The Pi 5 + Android TV had issues with HDMI-CEC of the TV, so I had to buy a remote with a USB adapter. This sends the wrong signals (e.g. keyboard enter, not what Android TV expects), which is fixable with some app remapper. Maybe it’ll work better for you, but the FireTV is likely the easier solution.
Yes.
Because they use the official apps/web-vault, they don’t need to implement most of the vault/encryption features, so at least the actual data should be fine.
Security audits are expensive, so I don’t expect it to happen, unless some sponsor pays for it.
They have processes for CVEs and it seems like there wasn’t any major security issues (altough I wouldn’t host a public instance for unknown users).
Vaultwarden is one of the few services I’d actually trust to be secure, so I wouldn’t worry if you update timely to new versions.
Yes, Bitwarden browser plugins require TLS, so I use DNS challenge to get a cert without an open port 80/443.
The domain points to a local IP, so I can’t access it without the VPN.
Having everything behind a reverse proxy makes it much easier to know which services are open, and I only need to open port 80/443 on my servers firewall.
Fully agreed.
Accessing Vaultwarden through a VPN gives me peace of mind that it can’t be attacked.
Another great thing about Bitwarden is that it’s possible to export locally cached passwords to (encrypted) json/csv. This makes recovery possible even if all backups were gone.
Great to hear you found my comment helpful.
Just make sure you make backups regularly. Especially with used drives, I wouldn’t count on them surviving the stress of a rebuild. If a second drive fails in a RAID10, all data might be gone.
Edit: I’d be thankful if you could report back how the test goes. I need a drive for a backup ;) and I’m considering buying from eBay too.
I will test them upon receiving and see how it goes from there:)
I don’t know where exactly you live, but if your in the EU customs/taxes + shipping will make the deal worse, but better than expected.
E.g. for Germany, this drive would cost 382€ with UPS Saver Duties & Taxes included, instead of 273€ for the drive itself.
I’ve found the same drive with a local commercial eBay seller for 420€, including taxes and shipping.
A new 24TB drive would cost 485€.
Edit: IMO a better deal would be 22TB drives, which have the same price per TB but are new. But then again, their used/recertified price is also ~10% lower than new.
Pirate groups generally try to optimize for the minimum they themselves actually need.
For example most specialized trackers only allow for english audio and some even restrict subtitles, which makes it difficult to find torrents for other languages. The only option is finding BluRay disks and then doing the remuxing.