Files on a SD card is what I do. It’s so simple.

Back in the day I used to use dynamic DNS.

Use syncthing-fork from fdroid.

I’ve been using ogg vorbis for music since about the mid 2000s. In the begining I was ripping them from my CD collection using grip on mandrake Linux (anyone remember?)

Nowadays I download vorbis direct from bandcamp.

Recently I compared 192 kbps vorbis files to FLACs and couldn’t discern the difference, which I’m happy about since my 15000 file collection can fit on a very cheap 128GB SD card in my phone.

I use syncthing to sync music to my phone automatically.

Really happy with the setup.

I looked into this recently.

There’s a DNS challenge designed for this exact scenario called (from memory) DNS01, but it’s more of a faff than I’m willing to get involved with.

Basically you push proof that you own the domain into a DNS record instead of to a file on a web server. It requires a DNS provider that has an API and a client that speaks that API.

It also leaks private DNS stuff into the public domain.

I’d love it if someone devised an easier way. Maybe there is an easier way?

I use https://www.mythic-beasts.com/

I gave up on kodi. Jellyfin works better, presumably because it transcodes better.

syncthing is great.

It’s this (excuse formatting): https://www.openssh.com/releasenotes.html

sshd(8) will now penalise client addresses that, for various reasons, do not successfully complete authentication. This feature is controlled by a new sshd_config(5) PerSourcePenalties option and is on by default.

sshd(8) will now identify situations where the session did not authenticate as expected. These conditions include when the client repeatedly attempted authentication unsucessfully (possibly indicating an attack against one or more accounts, e.g. password guessing), or when client behaviour caused sshd to crash (possibly indicating attempts to exploit bugs in sshd).

When such a condition is observed, sshd will record a penalty of some duration (e.g. 30 seconds) against the client’s address. If this time is above a minimum configurable threshold, then all connections from the client address will be refused (along with any others in the same PerSourceNetBlockSize CIDR range) until the penalty expire.

Repeated offenses by the same client address will accrue greater penalties, up to a configurable maximum. Address ranges may be fully exempted from penalties, e.g. to guarantee access from a set of trusted management addresses, using the new sshd_config(5) PerSourcePenaltyExemptList option.

I recall hearing that openssh has something like fail2ban built-in now. I forget the name of the feature.

Unless somethkng changed in the last few years, SSDs are much much faster.

That’s true. I did learn a lot, but the idea of setting it all up again gives me anxiety.

I self host my email. It was hard work to set up. 0/10. Would not come again.

What the hell is this? Half way down the page it becomes a crypto advert…

In case, like me, you were wondering what this has to do with ssh:

openssh does not directly use liblzma. However debian and several other distributions patch openssh to support systemd notification, and libsystemd does depend on lzma.

With ftps, can you use a self-signed cert? If so, how does it verify the cert? Do you have to upload the public key, or does it cache it on first use?

When using reolink in a self-hosted setting:

• how do you get notifications of someone at the door?
• can you use the android app still?
• how do you securely store video on your server? They say they support ftps, but I have no idea how hard that is to set up. Shame they don’t support sftp.

Thanks

Why what?

Alright. Who bent the rack ears? Own up…

I’m not crazy on web apps either. I’d want to edit my notes in vim.