Use something like Backblaze or Hetzner storage boxes for off-site backups. There are a number of tools for making this painless, so pick your favorite. If you have the means, I recommend doing a disaster recovery scenario every so often (i.e. disconnect existing drives, reinstall the OS, and load everything from remote backup).

Generally speaking, follow the 3-2-1 rule:

• 3 copies of everything on
• 2 different types of media with
• 1 copy off site (at least)

For your situation, this could be:

• 3 copies - your computer (NVMe?), TrueNas (HDD?), off-site backup; ideally have a third local device (second computer?)
• 2 media - NVMe and HDD
• 1 copy off site - Backblaze, Hetzner, etc

You could rent a cloud server, but it’ll be a lot more expensive vs just renting storage.

Yeah, ideally something like Immich is just some metadata pointing at existing files. An album should be some combination of synced directories (i.e. new files added outside Immich should be detected and added, if selected) and individual files.

That doesn’t sound that complex. Maybe I’ll look into Immich and see about adding that. I don’t currently use it, but I don’t have an image solution, so I’ll give it a shot.

I haven’t really needed to, I just show them. I open up Jellyfin and explain that I put all the movies I own there so I don’t need to find the discs or pay for a service like Netflix. Or I’ll show them my OCIS setup with LibreOffice online and explain that I don’t need Google Docs or Microsoft Office 365. If they ask where it runs, I point to the server on my desk.

Everyone has their own reasons for doing it, and I think they can draw their own conclusions just by seeing it in action.

You can accept them on internal networks, just have a file size limit and don’t extract them locally, but send to some cloud service for handling. You could even have it work with email attachments if you want.

Basically:

1. Put file somewhere
2. Spin up runner
3. Upload and execute code
4. Spin down runner either upon success or after a time limit
5. Send result to the student (if it to took too long, that’s a fail too)

kubernetes

Kubernetes isn’t just resource isolation, it encourages splitting services across hardware in a cluster. So you’ll get more latency than VMs, but you get to scale the hardware much more easily.

Those terms do mean something, but they’re a lot simpler than execs claim they are.

My vote is Podman with an immutable distro, like OpenSUSE MicroOS or Fedora Silverblue. Here are my reasons:

• rolling base, with very minimal footprint, so you don’t need to worry about upgrades
• podman runs proper rootless containers, so you get better security vs docker, which tends to run as root (breaking out does less damage if you manage permissions properly)
• deploying a new service (or moving a service) just means copying configs and running, no concerns about what the host has
• there’s nothing special about the host, so if MicroOS or Silverblue are abandoned, just copy the configs and data to a new host

It’s a little more work to set up, but once things are running, it’s drama free. And I think that’s the best thing to optimize for, keeping things boring is a good thing.

Cool! I have some old drives laying around because I didn’t know how to recycle them.

bootstrap

Sure, so bake in a set of default “mods” whose influence goes away as people interact with the moderator system. Start with a CSAM bot, for example (fairly common on Reddit, so there’s plenty of prior art here), and allow users to manually opt-in to make those moderators permanent.

pure web of trust

I don’t think anyone wants a pure web of trust, since that relies on absolute trust of peers, and in a system like a message board, you won’t have that trust.

Instead, build it with transitive trust, weighting peers based on how much you align with them, and trust those they trust as bit less, and so on.

easily gameable

Maybe? That really depends on how you design it. If you require a lot of samples before trusting someone (e.g. samples where you align on votes), the bots would need to be pretty long-lived to build clout. And at some point, someone is bound to notice bot-like behaviour and report it, which would impact how much it impacts visible content.

DDOS

That can happen with any P2P system, yet it’s not that common of a problebut

it probably would have a UX that’s very different from reddit

I don’t see why it would. All you need is:

• agree/disagree - by default, would have little impact on moderation
• relevance up/down (this is your agree/disagree metric)
• report for rules violation (users could tune how much they care about different report categories)
• star/favorite - dramatically increases your trust of that user

Reddit/lemmy has everything but a distinction between agree/disagree and relevant/irrelevant. People tend to use votes as agree/disagree regardless, so having a distinction could lead to better moderation.

You’d need to tweak the weights, but the core algorithm doesn’t need to be super complex, just keep track of the N most aligned users and some number of “runners up” so you have a pool to swap the top group with when you start aligning more with someone else. Keep all of that local and drop posts/comments that don’t meet some threshold.

It’s way more complex than centralized moderation and will need lots of iteration to tune properly, but I think it can work reasonably well at scale since everything is local.

I’ve thought about this idea for my own project, and my best solution is to have a network of trust where people rely on curation from their peers and thus only see the content their peers have approved.

The main benefit is also the main downside: content you disagree with is still there, you just don’t see it. That means there could absolutely be pockets of CSAM and other content on the network, but your average user wouldn’t have that on their system since they only store curated content.

I’m not sure how I feel about that, but I think it’s the best you can do without centralized moderation.

If your traffic is pretty low, rent a VPS for $5/month or whatever and set up a Wireguard server on it, have your devices maintain a connection to it (search keepalive for Wireguard), and set up HAProxy to do SNI-based routing for your various subdomains to the appropriate device.

Benefits:

• you control everything, so switching to a new provider is as simple as copying configs instead of reconfiguring everything
• most VPN companies only route traffic going out, not in; you can probably find one that does, but it probably costs more than the DIY option
• easy to share with others, just give a URL

Downsides:

• more complicated to configure
• bandwidth limitations

If you only need access on devices you control, something like Tailscale could work.

Benefits:

• very simple setup - Tailscale supports a ton of things
• potentially free, depending on your needs

Downsides:

• no public access, so you’d need to configure every device that wants to access it
• you don’t control it, so if Tailscale goes evil, you’d need to change everything

I did the first and it works well.

If you have old parts, use those, it’ll probably overkill. Most server stuff isn’t very resource intensive, so a little goes a long way.

If you’re buying something new, I’d recommend something small, like a Mini PC or an N100 rig. 16GB RAM is probably enough, and anything with more than 4 cores is probably overkill. A dedicated GPU is unnecessary, something with a modern-ish iGPU will be plenty to transcode video.

The SOC also isn’t fully open, so you won’t get top tier performance with a purely FOSS stack. I push the limits on mine (Retropie mostly), so using their OS is the better bet (I use the one shipped by Retropie, which is super old).

I actually kinda hate the Raspberry Pi because of how closed it is. It’s gotten a bit better over the years, but the Pi 5 took a big step back. But unfortunately, its competitors aren’t much better, so I still use my RPis, but I probably won’t buy more.

I’m also not a fan of Debian in general, so if I switched, I would probably use openSUSE or Arch instead (I tried Arch, but it had issues syncing to disk after updates; they fixed that, but it shows that other distros will be a bit wonky). Raspbian works, so I stick with it.

Yeah, I always run Raspbian.

I’m a big fan of old PC parts. My current NAS/home lab is my old PC, so a Ryzen 1700 + GTX 750 Ti. It’s overkill for what I need, doesn’t use a ton of power, and I didn’t need to pay anything for it.

If that’s not available, I recommend second hand. Look around your local area and see what’s available, or check online at places like eBay. Be mindful of power usage for server products if that matters to you.

My next option after that depends on what I’m looking for. A mini PC with an external drive enclosure can be really nice, and there are some reasonable ITX-esque DIY rigs with drive bays that look nice. I’ll be a lot more picky when buying new though, so I’m not going to recommend specific setups without knowing your priorities (space? Power usage? Noise?).

ECC is nice, but not a requirement. AV1 on the CPU is nice, but you can get that on a relatively inexpensive GPU if you go that route, or you could encode everything into AV1 at rest in a bulk operation. There are lots of options, so it mostly comes down to what you have access to, your budget, and your priorities.

I don’t audit the code, but I do somewhat audit the project. I look at:

• recent commits
• variety of contributors
• engagement in issues and pull requests by maintainers

I think that catches the worst issues, but it’s far from an audit, which would require digging through the code and looking for code smells.

If it’s literally just copying data, a Pi Zero should be plenty, especially if there are gaps in between (i.e. motion detection). The main concern is if writing to the SD card can keep up, but I’d totally give it a shot first before buying something.

A Hetzner storage box could work, which is about $3-4/mo for 1TB.

But if you really want it local, a cheap SBC w/ a big SD card seems like a good option. It’ll be slow and you’ll need to replace the card periodically, but it will sip power and is incredibly easy to conceal.

Why not a VPS? $5/month gets you 40GB storage instance, and 2 vCPUs at Hetzner (or a number of other places) so you could even give it a web interface so you could access it remotely. Install something like MicroOS or Silverblue and it’ll update itself.

That monthly cost is probably not much more than the electrical cost for an alternative, plus years worth of whatever you’re paying for the hardware.

Edit: Any cheap SBC with a big enough SD card would work too, but you’ll need to replace the card every so often. I’d still prefer the VPS here.

Why not use the NUC as a PC and have it do NAS stuff as well? You’d just need a drive enclosure for extra storage.

I was kind of surprised by my answers when I stopped to reflect. I realized I:

• don’t really like self-hosting
• know a lot about new tech, but am not very excited about it
• don’t use a lot of the popular services

Anyway, I hope the results are useful! I don’t know if you’ve done it already, but it would be interesting to compare results from different sources, like Lemmy vs Reddit or wherever you posted it.