I usually use HTTPS, because a lot of web features only work over HTTPS.

You can use Let’s Encrypt DNS challenges to get real TLS certificates for internal hosts, instead of having to use your own CA or self-signed certificates.

Tailscale has several NAT bypass / hole punching methods for double NAT (including CGNAT) and symmetric NAT, but they don’t work in 100% of cases. https://tailscale.com/blog/how-nat-traversal-works

IPv6 is definitely a good solution since then you don’t have to deal with NAT at all. IPv6 is pretty easily doable in the USA (at long as you’re not using Starlink) but can be harder in other countries that don’t have as robust IPv6 infrastructure.

this means their permissions do not work like docker, and it is not in fact a drop-in replacement for docker

It might a drop-in replacement for Docker if you’re running Docker in rootless mode? Not sure how common that is, though.

I like Unraid because it’s essentially “just Linux” but with a nice web UI. It’s got a great UI for Docker, VMs (KVM) and Linux containers (LXC).

Don’t. Use a VPN like Tailscale or Wireguard. Tailscale uses the Wireguard protocol but it’s very easy to configure, and will automatically set up a peer-to-peer mesh network for you (each node on the VPN can reach any other node, without having to route through a central server).

The only things that should be exposed publicly are things that absolutely need to be - for example, parts of Home Assistant need to be publicly exposed if you use the Google Assistant or Alexa integrations, since Google and Amazon need to be able to reach it.

this community is literally built around hosting your own local infrastructure.

That’s part of it, but using a dedicated server, colocated server, or VPS are also considered “self hosted” too. “self hosted” is broader than just having a server at home, and means any server, web service, etc where you maintain it yourself.

Hardware in your own house is generally referred to as a “home lab”.

Web is a bit easier than native since the browsers handle all the platform-specific details across all common platforms, and you mostly just have to follow some guidelines that aren’t overly technical or arcane. Some examples:

• Use ARIA roles where appropriate
• Ensure sufficient contrast between text and background colours. Should at least meet the WCAG level AA which is a 4.5:1 contrast ratio, but ideally meet AAA which is a 7:1 ratio for body text and a 4.5:1 ratio for headings.
• Ensure you use <label> tags to label for all your <input>s, alt attributes on all images, title attributes where appropriate (e.g. on <table>s to describe the data contained inside the table), etc.

If you use Firefox, its developer tools have an “Accessibility” tab that can audit for common issues - things like missing labels on checkboxes and radio buttons, colours that don’t meet WCAG contrast ratio requirements, etc.

It’s a good time to learn more about building accessible sites and apps given it’s becoming a legal requirement in some jurisdictions. For example, the European Accessibility Act (EAA) goes into effect later this year, and it mandates that sites and mobile apps for various industries (like ecommerce, airlines and other transport, media streaming, social media, banks, and some others) meet accessibility guidelines.

I’m on an all Linux machine and the only accessibility software I know of is Orca and it’s so and so last time I tried it.

It’s probably worth spinning up a Windows VM to test in NVDA. It’s one of the most popular screen readers and probably the most popular open-source one, but only works on Windows since it deeply hooks into the Microsoft Speech API, accessibility APIs, and and other Windows APIs.

This is a really well written article. It’s unfortunate that this person has to deal with all these issues.

I suspect the reason that both MATE and the Debian installer have good accessibility support is because their codebases are quite old. In general, it seems like older software is more likely to have better accessibility support than newer software.

Accessibility should be something that’s built into software from the very beginning, but I totally understand that not all developers have time for it or properly understand it. It’s unfortunate.

Edit: I forgot to mention that accessibility is going to be mandated for some types of sites and apps in the EU thanks to the European Accessibility Act (EAA) coming into effect later this year, which should help somewhat. Won’t really help with Linux itself though.

For storing the backups, I use a storage VPS. I got one from HostHatch a few years ago during Black Friday sales, with 10TB space for $10/month. Hetzner have good deals with their storage boxes, too - they offer 5TB space for $13/month if you’re in the USA (you need to add VAT if you’re in Europe).

A good rule of thumb is to never pay more than $5/TB/month, and during Black Friday it’s closer to $2/TB/month. The LowEndTalk forum has the best Black Friday deals.

I use Borgbackup for backups, and Borgmatic to handle scheduling them. Borgbackup is a fantastic piece of software.

Borgmatic has an “append only” mode which lets you configure particular SSH keys to only be able to add data to the backup, not delete it. Even if someone/something (ransomware, malicious users, etc) gains access to your system and tries to delete the backups, they can’t. Essentially, this is protection against ransomware.

This is a very common issue with other backup solutions - the client has full access to the backup, so malware on the client system could potentially delete all the backups.

I have two backup copies of most things. One copy on my home server and one copy on my storage VPS. If you do do multiple backups, Borgbackup recommend doing two separate backups rather than doing one then rsyncing it to another server.

Same with industrial automation. There’s some robotic arms, assembly lines, etc in use today that still use PCs with ISA slots - the predecessor to PCI, which was the predecessor to PCIe. Old 16-bit bus with a max speed of around 5Mbps. That’s why you’ll occasionally see newish “industrial” motherboards that have ISA slots and parallel ports.

They also often have a lot of the hardware in stock and ready to deploy, to handle replacements.

A project I worked on at university (way back in 2010) was for one of the largest providers of air traffic control systems. Our project was interesting - overlaying eye tracking data from Tobii eye trackers they provided (thousands of dollars each at the time) on top of screen recordings taken via VNC, to aid in training of air traffic controllers.

It was even more interesting to learn about some of their processes, though. Whenever they built an ATC computer system for a client, they’d build one or two spares at the same time, with exactly identical hardware. They did this for two reasons:

1. If the hardware breaks down, they can supply a new system that exactly matches the hardware that was verified.
2. If a client has an issue with their system, they can try and replicate the issue on a clone of that client’s system.

We got to see a storage room with a large number of these systems. Lots of different PCs anywhere from a month to maybe 15 years old. :)

Crowdsec is much more efficient than fail2ban. Fail2ban is a lot of old single-threaded Python code with inefficient log parsing/tailing routines. Crowdsec is a more modern Go codebase.

If you’re looking at old-school solutions, there’s also DenyHosts.

Crowdsec blocks login attempts too.

Does this have a way of sharing a directory publicly?

It was missing a bunch of features last time I tried it - no crossfades, no automatic playlists (for things like liked songs, decades, etc), no artist radio (play an artist plus similar artists), no way to play sonically similar songs (based on server-side analysis), no loudness leveling, no Android Auto. Maybe it’s improved now - I’ll have to give it another shot.

Unfortunately I’m not sure I know enough about audio processing and similarity analysis to be able to implement those features myself.

Yeah, unfortunately it’s closed-source. It’s a good app though! If you build something similar that’s fully open source, with an Android app and Android Auto support, then I’d definitely be interested in trying it.

Have you tried Plexamp? It supports all the features in your list. You need a Plex Pass for most of its features though.

I’m not mentioning it to suggest your project is bad or to discourage you; I’m mentioning it since it might give you some inspiration for features to implement in your one :)

Bitwarden and Vaultwarden are different products. Vaultwarden is API-compatible with the Bitwarden client apps, but it’s a completely separate project.

Both are self hostable. Bitwarden is designed for large deployments (like companies with tens of thousands of employees) so the design is very different to Vaultwarden which is designed for small deployments.

I used to self-host Bitwarden but switched to Vaultwarden a while back.

In the Bitwarden Android app, make sure all the autofill settings are enabled, including accessibility (which helps with autofill in apps that don’t officially support it). Sometimes, system updates seem to disable them.

Also note that Android apps need to explicitly support autofill. Not all apps do. The “use accessibility” option is supposed to help with apps that don’t officially support autofill.

These seem to be the two most commonly supported distros by laptop manufacturers. Framework officially support these two distros, too (they have unofficial guides for a bunch of other distros though)

Wow, a post from 2001 that’s still online today. You don’t see that often any more!