Ah, good catch, thanks.

It’s moot point for me because I’m sick of unifi so I’m not going back to worse performance and locked-away features.

This is an opinion on the WiFi access points.

I took the unifi pill in 2018 on the advice of my devops coworkers that ubiquiti is set-and-forget. I also was sold on the unifi network controller I deployed and used until last month being easy to use and local only.

The single pane of glass to control and update the access points is nice. Wifi works OK. There are, however, several downsides:

• channel and power management are not automatic and tweaking WiFi settings with unifi is not intuitive.
• similar to your nas experience unifi advanced metrics are locked behind paying for other unifi equipment or an official controller.
• network appliance is built on mongodb and its performance is pretty abysmal (Up to 2.5GB memory to run it)
• the network appliance is now discontinued and self-hosting the network appliance can no longer happen software-only, you have to use their “server os”, which can’t be run in a container. edit: its been pointed out to me that running the network controller in a container is possible.

After the unifi Debian repo stopped updating properly, I decided to install openwrt on my APs.

Not only did it work well, but performance is now much better with openwrt.

I’m personally stepping away from brands that have their own ecosystems from now on, if I can help it. The enshitification is just too tempting for them, it seems, and it it’s always at our expense.

Fair enough.

I see your posts and comments regularly in self-hosted, keep it up. Staying engaged is learning.

As a fellow tinhat wearer, I applaud your reluctance to trust what they tell you.

However, there isn’t much you can do about your VPN provider setting up multiple exit routes, or maybe they’re doing something really fancy like NAT filtering DNS requests so big players like Netflix have a harder time catching on to ppl geo-hopping.

But the outcome is the same: you have no control over this behaviour.

DNS leak tests only understand your exit IP. If your VPN provider allows round Robin load balancing, this may happen. This is a drawback of VPN exits out of your control, that you can’t know how their exits are handled.

Why you are so concerned about DNS leaks beyond one test is another matter only you can solve. Unless you are changing your dnssec config daily, this should be checked once.

22. There are usually one or two of those that are just experimental and might get trashed.

Use the trash guides, it’s all in there.

Musicbrainz Picard.

I only ever touch them to add media

Bingo. Every other day.

The problem with my family buying into the setup is that I’m now the media manager. And I’m OK with that, but sheesh… Sometimes it feels like I’m torrenting manually again.

I’m working on Fatiguarr. A locally-hosted web instance to give me a f%&!ing day off from managing the bloody Xarrs in my life.

Fair enough, thanks for taking the time.

With respect, help me out here…

I process PDFs all the time, both assembling text and images into PDFs and extracting images, text, layouts, etc. My uses are mostly cleaning up metadata and unwanted elements so they render correctly in more environments. I use pdftk and imagemagick for this, generally.

Is bentopdf just a nice GUI for tools like these?

I’m struggling to understand what part of bentopdf is “self-hosted”.

Maybe I don’t understand the use case for bentopdf, and considering how popular it is, that is likely true. However, I don’t get what this does…

• it’s self-hosted, but the processing happens on the client? Is this just a local application?
• it only works with PDF documents?
• What advantage does bentopdf have over something like paperless ng?

Again, if this is obvious to most ppl, forgive me.

Ah, well that’s one I don’t have any data on.

I feel the same way, and honestly, I’m happy to see others do too.

I’m almost done my exit from google, just the actual email left. Calendar, map data, photos, everything in drive is gone to my private infrastructure.

Yeah, from your post I think you’ll be fine setting up a black hole manually.

If you’re comfortable with full-fat DNS, Technitium has all the controls of bind9 and can do ad blocking as well, but it isn’t as… esoteric to setup. Easy import/export, decent webui, other quality-of-life features. Highly recommend.

Amazing. I’m off to donate to keep your stuff going. Great work.

Thanks for the reply.

That is not an answer.

Here’s a simple way to look at it

I’m not looking for a simple way to look at it. I want a technical breakdown of why rebuilding back end instances is valuable in a security context.

• When do the rebuilds occur? Are they triggered by some event?
• what happens to session tokens?
• do you have frontend / backend auth? What happens to that?
• are you rotating secrets as well? Compromised back end would imply your secrets can no longer be trusted.
• is data encrypted in massive blobs, or can one request only blocks of data?
• can the app tune storage requirements depending on S3 configuration?

I’ll be blunt with you: your answers to this and others have been very surface-level and scant on technical details, which gives a strong impression that you don’t actually know how this thing works.

You are responsible for your output. If you want chatgpt or github ai tools to help you, that’s fine, but you still need to understand how the whole thing works.

You are making something “secure”, you need to be able to explain how that security works.