If you got a $20 10g Ethernet, chances are you didn’t get one that is well supported on Freebsd. They currently lag behind Linux on the drivers for those. If you had a fully supported card, network throughput often beats Linux (with the caviat that it is going to depend on what you are doing with the firewall and QOS, obviously).

If you go with eBay, still look local for someone who is selling surplus stuff. There’s a lot of hassle and cost for the seller over ebay, but they are not allowed to arrange anything via a back channel - however, once you have bought one thing and you are happy with them, you have their contact info! You can ask for more or reach out in the future directly when they look to have lots of stock of something you like. They will probably be happy to avoid eBay and get some easy sales.

I don’t prefer this approach either, but if you do, a lot of commercial models (e.g. thinkpads) can be set to keep the battery at a given percent Max. Set it to only charge to 80% instead of full, and safely shutdown at like 30% and the battery will be far more stable long term. Also set ntfy alarms to your phone on the thermal sensors so you know right away if a fan gets clogged.

I wish more people were like us on this matter, but they don’t appear to be. People are using video for everything, regardless of how bad it is. One of the most popular genre of short form video is some well manicured person pointing up at some text that appears in the top of a video, set to terrible music. 20-100 words at most.

Oh neat. I was scared off by OIC going to a data “blob” backend store. I want my files still accessible directly if the database blows up. Looks like opencloud gives you the choice: https://nexus.opencloud.community/docs/app-development/storage-backends/

This absolutely. Anyone who actually wants open registration will be configuring their own SSO or whatever backend. The default should be safe for testing and/or hobbyists.

To anyone afraid of the above conclusion, a dedicated $5 VPS with automatic snapshots get you a long way.

Any time you have a server willing to process random data uploaded from randos, just expect it to be compromised eventually and prepare for the eventuality by isolating it, backing it up religiously, and setting up good monitoring of some sort. Doesnt matter if its a forge, a wiki, or like nextcloud or whatever. It will happen.

We also have COW filesystems now. If you need large datasets in different places, used by different projects, etc, just copy them and use BTRFS or ZFS or whatever. It wont take any space and be safer. Git also has multiple ways of connecting external data artifacts. Git should by default reject symlinks.

Theres a HUGE difference between hosting it essentially read-only to the world, vs allowing account creation, uploading, and processing unknown files by the server.

I have thought of blocking access to the commit history pages at the reverse proxy to cut off 99% of the traffic from bots. If anyone wants to look at the history, its just a git clone away.

You can git pull a repo to your machine, make your changes and then use git to submit a patch via email. Its not pretty, but it works. Hopefully federation is built soon and you will be able to submit a pull request from your own forge.

While good, network security isnt the issue. Its running a web service with open registration allowing randos to upload content that gets processed by the server.

Throw this up on a dedicated $5 VPS and you still have a problem. The default should be manual registration by admins.

Its coming: https://codeberg.org/forgejo-contrib/federation/src/branch/main/FederationRoadmap.md

Its always code forges and wikis that are effected by this because the scrapers spider down into every commit or edit in your entire history, then come back the next day and check every “page” again to see if any changed. Consider just blocking pages that are commit history at your reverse proxy.

Probably better to use them for their screen, firewalled off from everything except whatever is providing a dashboard or info display (e.g., homeassistant).

Your perspective aligns with a lot of self-hoisters who run things on rpi’s and such, but not the “home labbers”. Also, see the pubnix, tildeverse, smol web, indie web, and to some extent the retro computing communities. You are definitely not alone!

Restic is great, and the de-duplication between snapshots is amazingly good. Same content in different files (e.g. tar files of linux systems) take very little space like magic). Backrest is a nice web frontend for it.

Note that you should use some retention features of your provider to manage the risk of ransomware deleting your backups.

This comment prompted me to look for a picture of it. Nothing I can find, except in the background behind a baby picture of my now-in-university baby when I was apparently debugging the network connection:

There was a time when I had an old desktop packed full of spinning hard drives in my living room under a CRT television! Yes that works, but a NAS in the furnace room that is accessible from “smart TVs” and everyone’s mobile devices is pretty nice. No more fan noise either.

While true, neither backups nor checksums are exclusive to hosting anything.