tburkhol

tburkhol , 2 days ago

It's even easier with digital broadcast. I finally had to give up my PCI tuner, because who puts PCI slots on a modern mobo? $25 will get you a USB TV tuner capable of getting all the OTA and cable channels. I used to get, like, 7 analog OTA channels - ABC, CBS, NBC, PBS, and a regional independent - but I get 30 digital. All the majors have added 3-5 channels of SD reruns or other filler. I mean, it's mostly shit, and the only thing I actually watch is local news, but for a one-time $25 cost, it's a great supplement to streaming.

My biggest problem with MythTV is it doesn't interface with streaming, so I use Kodi on the frontend to source from mythtv, netflix, hbo, or whatever.

tburkhol , 9 days ago

Heh. House I rented was built before ubiquitous electricity. At some point, someone slapped a fuse box on the outside of the back wall and drilled a bunch of 1" holes in said wall to pass wiring. House was built on piers, so they just dragged wires around to places where they wanted outlets, which were mostly planted in the floor. Not a ground wire on site. I have no idea how they got away with renting that out, but it's not like I called code enforcement, either.

tburkhol , 10 days ago

Yeah, I think it really depends on use case. Like, I'm trying to imagine what aspect of my home lab could go so wrong, while I'm out of the house, that it would need fixed right away, and there's nothing. I only leave my house for work or maybe a week of vacation, though, and I can imagine someone who's occasionally away from home/house for 6-month deployments, or has a vacation home they only visit four weekends a year, might want more extensive remote maintenance. I'd still want to do that via ssh or vpn, but that's me.

tburkhol , 9 days ago

I do ssh because I'm more comfortable with it: it's ubiquitous and as close to bulletproof as any security. Put it on a nonstandard port, restrict authentication to public keys, and I have no qualms.

tburkhol , 5 days ago

I just don't like my logs filling up with scripted login attempts. Even with fail2ban, for a while there I was getting 100+ login attempts every day, and it upset my sense of order.

tburkhol , 16 days ago

IPv6 does have private spaces. Any prefix beginning with fd is 'private,' and (IIRC) there's a formula to generate the next 40 bits of prefix to minimize the chance of intersections. i.e., you can generate your own internal /48 functionally equivalent to 192.168/16 or 10/8

Don't know if you can use that with SLAAAC, but it works if you run a dhcpv6 and makes ipv6 feel a lot like ipv4. You have to NAT everything inside &c, but if you already have a functioning internal IPv4 network, IPv6 is just a matter of figuring out which config options need to be changed (eg, dhcp6.name-servers for option domain-name-servers)

tburkhol , 15 days ago

Yeah, my ISP "supports" IPv6, but assigns a /128 to users. It seems to wipe out most of the desirable features of IPv6, and has probably given me a distorted view of its philosophy. OTOH, it did force me to learn how to do DNS views, so names can have the ULA address inside and the global address outside the house, which is pretty cool.

tburkhol , 5 days ago

This is an old post about ipv6, but it inspired me to go looking, and I wanted to share my findings.

1. for globally routeable IPv6 addresses, probably do let it happen automatically, either direct from the ISP, through the router by prefix delegation, or your own implementation of prefix delegation.

2. for devices you want to access, internally, create a ULA within the fd00::/8 space, and assign numbers (and names) however you like. Translate all your 192.168.x.y IPv4 addresses to fd00::x:y and go. Only limitation is you won't be able to access those devices, using the ULA, from outside your network.

3. you can do both of these on the same subnet, and devices pick up both addresses then use the global address for internet and the ULA for intranet.

That means you can do dhcp, dynamic DNS, private domains, and all the stuff you know about IPv4 for IPv6, and still do all the stateless autoconfig that "they" want. Some devices, like my android phone, never played well with dhcpd6, but immediately preferred IPv6 as soon as I let them SLAAC.

If the prefix assigned by the ISP doesn't change, then device SLAAC address shouldn't change, either, because they're calculated from MAC, so if you need to access some internal devices from the internet, you have to mark that address, but (IMO) marking the full address is not that much worse than marking the prefix and remembering the device number.

tburkhol , 18 days ago

Definitely agree for a single install. If OP has a bunch of these installs to do, then editing an install USB to configure networking and enable sshd might be worth the effort. Do the install over ssh and hope the machine starts up as desired, but even then, if it doesn't just magically appear on the network, he's going to need a monitor to see where the startup failed.

Raspberry Pi's disk imager will let you pre-configure networking, accounts, and ssh, so you just write the image to an SD card, plug it in, and go. That's a great solutions for systems usually meant to be headless and removable media. If OP's client hardware allows, he could plug in the M2 or SATA drive meant to be the server's startup, install Deb there, and. transfer to the server hardware. That's definitely more work that just swapping the keyboard & monitor, but it accomplishes OP's stated goal. (Otherwise, a lot of this thread follows the linux meme of "How do I [X]?" "[X] is dumb, do [Y] instead.")

tburkhol , 22 days ago

I don't so much care where it's made. The real selling point, to me, for Pi is that their products are well documented, in English, and solutions for problems are easily googled. There's tons of SBCs out there, some of them even inexpensive, but I can't tell if any are going to last longer than a single production run. Meanwhile, I can still buy a Pi 3 after almost a decade. Or I can take the hat I made for a Pi3, plug it straight into a new Pi Zero, and expect it to work without changes.

IPO is a big step down the path to enshittification, especially when there's no clear, dominant alternative.

tburkhol , 27 days ago

Especially if she has 20 years' experience with CC apps. All of the deeply entrained jargon, keyboard shortcuts, menu structures... Switching apps after that long takes months of training and practice, and the cost of that training is a key lever of enshittification.

tburkhol , 1 month ago

With 25 GbE, even 10, I'd be tempted to PXE boot client systems. Maybe still have a local PCIe SSD for windows game files.

Dunno how that would actually work with Windows, but it was fun when I did it for beowulf nodes. Setting RPis to netboot is a little involved, but you can create an OSMC image and give all your TVs a consistent 'smart' interface. You don't even need 10GbE to be pretty functional for the Pi, but my experience is that WiFi is not fast enough.

tburkhol , 1 month ago

There are 3rd party plugins for kodi to work with a lot of streaming services, using your account and not 'cheating' in any way that's obvious to me.

Netflix: https://forum.kodi.tv/showthread.php?tid=329767

Fairly extensive collection: https://github.com/matthuisman/slyguy.addons

tburkhol , 1 month ago

Depends on how you calculate costs. Like, I have Kodi running on a RPi for home entertainment/theater. There's no way to outsource that, but the RPi is idle most of the time. Adding services to it is effectively or marginally free, except for my time, and there's still a significant time cost to get paid, off-site cloud services set up.

But charging for your own time is kind of disingenuous. You don't include your time in the cost of eating (a Big Mac worth $60??), watching a video, or going on vacation. The only people self-hosting have a personal, hobby/entertainment interest in it, and I think it's more accurate to compare the costs of self hosting with the costs of other forms of entertainment. Do you get more fun-value out of the costs of self hosting or out of a theater ticket?

tburkhol , 1 month ago

I don't get this counter-argument. Is TFA actually suggesting that the average grandma quit using Yahoo mail or Facebook and set up her own email server and mastodon instance? The only people even considering self-hosting are people with technology interest and reasonable passion. It's an article written for a niche techie website, and we're discussing it on a forum for self-hosting nerds.

The counter-argument is like saying the average layman should stick to televised football, because they don't have the physical savvy or aptitude for the game, and most people aren't gonna put in the time or effort to build their strength & endurance to compete. It may be an accurate statement, but the people you're addressing (grandma) weren't TFA's target audience and weren't even going to try in the first place, and you discourage people who might really enjoy giving the hobby a try.

tburkhol , 1 month ago

I'm a big fan of Backblaze's failure statistics. https://www.backblaze.com/cloud-storage/resources/hard-drive-test-data

Annualized failure rates go from 0.3%/year to 3+%/year, even just looking at the drives they have million+ hours for, and I'd rather be at the lower end of that 10x range.

tburkhol , 2 months ago

HA doesn't require 4/4/32, that's just the hardware the HA people sell. (which, given that your phone may be 8/16/128, is hardly "robust"). Generally, the Home Assistant crowd kind of target an audience that's probably already running some kind of home server, NAS, or router, and HA can probably be installed on that device.

Theoretically, there's no reason the HA server couldn't be installed on your phone, except then your smart home functions would only work while your phone is in the house and not sleeping. Kind of defeats the point of a lot of it, unless you're just thinking of smart home like "remote control for everything." Regardless, much smaller niche for an already-small market, and apparently not a priority for the dev team.

tburkhol , 2 months ago

I didn't think I was. I got sucked in by sensors to monitor indoor temp, humidity, air quality... A smart switch to turn lights on and off when I'm not home. Now I'm thinking of how to turn the HVAC fan off when IAQ is good and temperature is comfortable. I'm not ready to have the house turn lights on when I enter a room or start the oven when I get within a mile of the end of my commute, but it's been growing, one $30 gadget at a time with no subscriptions and no data leaving my LAN.

tburkhol , 2 months ago

I can see that. Most of my house gets enough light - or streetlights at night - to walk through with the lights out at midnight. Add in a lumen sensor, though, to dial lights up when it's cloudy and down when it's sunny...

When I think of automations, it's either things like coordinating big power draws to cheap electricity or trivial quality of life enhancements, like turning out the lights in an empty room. The latter, I have trouble justifying to spend on occupancy sensors and smart switches if it's only going to save 20 Watts of LED or five steps. Once it's become your hobby, it's much easier to say, "I'm going to buy these sensors because they're fun to play with and it gives me joy to see them work."

tburkhol , 3 months ago

+1 porkbun. $1.60 for a .top whois privacy. 2FA with security key. Even let me host my own nameserver, so I can have separate internal and external views.

tburkhol , 3 months ago

I recently set up DNSSEC on my home domain, and I have been shocked to learn that none of my financial institutions use it. Going back through my logs, the only external host that even tries is api.weather.gov, and only for the CNAME pointing to a CDN host.

tburkhol , 3 months ago

Ditto. Started 20 years ago with one service I wanted. Complicated it a little more every time some new use case or interesting trinket came up, and now it's the most complicated network in the neighborhood. Weekend projects once a year add up.

If you have the resources, experiment with new services on a completely different server than everything else. The testing-production model exists for a reason: backups are good, but restoring everything is a pain in the ass.

I also like to keep a text editor open and paste everything I'm doing, as I do it, into that window. Clean it up a little, and you've got documentation for when you eventually have to change/fix it.

tburkhol , 3 months ago

I used to have this with homeassistant and zwavejs. Every time I'd pull a new homeassistant, the zwave integration would fail, because it required a newer version of zwavejs. Taught me to build the chain of services into one docker-compose, so they'd all update together. That's become one of the rationales for me to use docker: got a chain of dependent processes? wrap them in a docker so you're working with (probably) the same dependencies as the devs.

My other rationale is just portability, and docker is just one of many solutions there. In my little home environment, where servers are either retired desktops or gee-that-seems-cool SBCs, it's nice to be able to easily move stuff independent of architecture or OS.

tburkhol , 3 months ago

There's a quote from 1908's Wind in the Willows: Believe me, my young friend, there is nothing–absolutely nothing–half so much worth doing as simply messing about in boats.

Fill in your own hobby, and it reads just as well.

tburkhol , 4 months ago

5W vs 50W is an annual difference of 400 kWh. Or 150 kG CO2e, if that's your metric. Either way, it's not a huge cost for most people capable of running a 24/7 home lab.

If you start thinking about the costs - either cash or ghg - of creating an RPi or other dedicated low power server; the energy to run HDDs, at 5-10W each, or other accessories, well, the picture gets pretty complicated. Power is one aspect, and it's really easy to measure objectively, but that also makes it easy to fetishize.

tburkhol , 4 months ago

$10/month is one drink in the pub on one Friday night out of four. It's not even a movie ticket.

European electricity rates are closer to $0.30, and I agree that 100W 24/7 is a cost worth being aware of. I think we're seeing in this thread that it's pretty easy to find a system with standard PC parts from the past decade that idles in the 50W range, like OP, even with a couple of HDDs, and $50/year (US), even $150/year (EU), electricity cost to keep an old desktop out of a landfill maybe doesn't seem so bad.

I mean, one should think hard whether their home lab really needs a second full system running for failover, or whether they really need a separate desktop-based system just for NAS. And maybe don't convert your old gaming rig and its GPU to a home server. Or the quad-Xeon server that work is 'just giving away,' even if it would be cool to have a $50,000 computer running in the basement.

tburkhol , 4 months ago

I recently moved my internal network to a public domain. [random letters].top was $1.60 at porkbun, and now I can do DNSSEC and letsencrypt. I added a pre-hook to LE's renew that briefly opens the firewall for their challenges, but now I'm going to have to look at the DNS challenge.

Almost everything I do references just hostname, with dns-search supplied by dhcp, so there was surprisingly little configuration to change when I switched domains.

tburkhol , 4 months ago

Haven't noticed any issues, but I'm not intentionally using mDNS. dhcpd tells all the clients where the nameserver is and issues ddns updates to bind, so I haven't needed any of the zero-config stuff. I did disable avahi on a linux server, but that was more because it was too chatty than caused any actual problems. I wouldn't think there would be any more issues between mDNS and a fake domain than between mDNS and a real, big-boy domain on the same network.

tburkhol , 5 months ago

This is exactly the kind of semi-ridiculous thing I like about home automations: the power to answer one's most trivial curiosities.

I'd probably add a logger, so I could follow the history of Mohkno's food thievery, then try different techniques to discourage her. Have ha also play a recording of you saying 'Mohkno, no!' Some activity to distract her during the critical food-stealing window. Or go all-in and get those microchip-reading pet feeders.

tburkhol OP , 5 months ago

I'd tried that...this has been going on for five days, and I can not describe my level of frustration. But I solved it, literally just now.

Despite systemctl status apparmor.service claiming it was inactive, it was secretly active. audit.log was so full of sudo that I failed to see all of the

apparmor="DENIED" operation="mknod" profile="/usr/sbin/named" name="/etc/bind/dnssec-keys/K[zone].+013+16035.l6WOJd" pid=152161 comm="isc-net-0002" requested_mask="c" denied_mask="c" fsuid=124 ouid=124FSUID="bind" OUID="bind"

That made me realize, when I thought I fixed the apparmor rule, I'd used /etc/bind/dnskey/ rw instead of /etc/bind/dnskey/** rw

The bind manual claims that you don't need to manually create keys or manually include them in your zone file, if you use dnssec-policy default or presumably any other policy with inline-signing. Claims that bind will generate its own keys, write them, and even manage timed rotation or migration to a new policy. I can't confirm or deny that, because it definitely found the keys I had manually created (one of which was $INCLUDEd in the zone file, and one not) and used them. It also edited them and created .state files.

I feel like I should take the rest of the day off and celebrate.

tburkhol , 5 months ago

Back in the day, I'd go through HDDs faster than systems-always needed to add storage before I could replace the CPU. I didn't start disassembling them until they got up to the 500 _M_B range, but you'd often get 3 platters back then. OP must be harvesting from a whole workgroup - I've only got a 3cm stack and 7 drives waiting for the screwdriver.

tburkhol , 5 months ago

Fred78290 is the man. Much better than Fred78920

tburkhol , 5 months ago

Pi 4's were hard to get there for a while. Pi 5's are expensive. Lot of other SBCs are also expensive, as in not all that much cheaper than a 2-3 generations old low-end x86. That makes them less attractive for special purpose computing, especially among people who have a lot of old hardware lying around.

Any desktop from the last decade can easily host multiple single-household computer services, and it's easier to maintain just one box than a half dozen SBCs, with a half dozen power supplies, a half dozen network connections, etc. Selfhosters often have a 'real' computer running 24/7 for video transcoding or something, so hosting a bunch of minimal-use services on it doesn't even increase the electric bill.

For me, the most interesting aspect of those SBCs was GPIO and access to raw sensor data. In the last few years, 'smart home' technology seems to have really exploded, to where many of the sensors I was interested in 10 years ago are now available with zigbee, bluetooth or even wifi connectivity, so you don't need that GPIO anymore. There are still some specific control applications where, for me, Pi's make sense, but I'm more likely to migrate towards Pi-0 than Pi-5.

SBCs were also an attractive solution for media/home theater displays, as clients for plex/jellyfin/mythtv servers, but modern smart-TVs seem mostly to have built-in clients for most of those. Personally, I'm still happy with kodi running on a pi-4 and a 15 year old dumb TV.

tburkhol , 5 months ago

https://www.acepcs.com/products/mini-pc-intel-n100-ultra is only $140, and it looks to me like Pi5+ is $160 with PS/case/microSD.

tburkhol , 5 months ago

My guess is Firefox. I'm using Kodi - OSMC/libreelec - and it coasts along at 1080p, with plenty of spare CPU to run pihole and some environmental monitors. Haven't tried anything 4k, but supposedly Pi4 offloads that to hardware decoding and handles it just fine. (as long as the codec is supported).

tburkhol , 5 months ago

Pi5+ just because I'd originally written Pi5+PS/case/SD.

And you're right that everything has gotten more expensive, but $35 in 2016 (Pi-3) is only $45 today (and you can still get a 3B for $35). The older Pis hit, for me, a sweet spot of functionality, ease, and price. Price-wise, they were more comparable to an Arduino board than a PC. They had GPIOs like a microcontroller. They could run a full operating system, so easy to access, configure, and program, without having to deal with the added overhead of cross-compiling or directly programing a microcontroller. That generation of Pi was vastly overpowered for replacing an Arduino, so naturally people started running other services on them.

Pi 3 was barely functional as a desktop, and the Pi Foundation pushed them as a cheap platform to provide desktop computing and programming experience for poor populations. Pi4, and especially Pi5, dramatically improved desktop functionality at the cost of marginal price increases, at the same time as Intel was expanding its inexpensive, low-power options. So now, a high-end Pi5 is almost as good as a low-end x86, but also almost as expensive. It's no longer attractive to people who mostly want an easy path to embedded computing, and (I think) in developed countries, that was what drove Pi hype.

Pi Zero, at $15, is more attractive to those people who want a familiar interface to sensors and controllers, but they aren't powerful enough to run NAS, libreelec, pihole, and the like. Where "Rasperry Pi" used to be a melting pot for people making cool gadgets and cheap computing, they've now segmented their customer base into Pi-Zero for gadgets and Pi-400/Pi-5 for cheap computing.

tburkhol , 5 months ago

No idea, honestly, what the popular perception of N100 platform is. It only came to my mind because I'd watched https://www.youtube.com/watch?v=hekzpSH25lk a couple days ago. His perspective was basically the opposite of yours, i.e.: Is a Pi-5 good enough to replace an N100?

tburkhol , 5 months ago

I have a 'roll-your-own' using an adafruit SCD-30 module https://www.adafruit.com/product/4867 IR-based CO2, temp & humidity; I2C with python libraries, so integrating it with an RPi is easy. Sensor is self-calibrating over time, so if you leave it in a higher CO2 space with no exposure to fresh air, it will eventually drift such that the lowest observed CO2 reports as 420 ppm. Newer SCD-40 is only $45, but different sensor technology.

Dunno about their shipping outside the US.

tburkhol , 5 months ago

I would rather spend (modestly) more time checking my own than less time standing idly with nothing to do but watch some kid checking out my goods. It feels better to be an active participant. Where it breaks down for me and my 12 items is when all the self-check lanes are clogged with people trying to ring up a full cart of groceries, who still haven't figured out how to work self-checks, who are encumbered by a baby in one arm and a phone in the other hand, or who just can't move all that well.

Managers using the presence of self-check as an excuse to understaff the actual checkouts makes all of those problems worse, and makes the checkout process suck for everyone.

tburkhol , 5 months ago

Some of that turn is physical plant. Kitchens, especially, are built to serve human forms, where tech solutions to food prep would rather be stand-alone boxes. It's a far harder problem to make a robot that uses a restaurant's existing grills, ovens, and deep fryers than it is to make a box that turns out perfect french fries. It's a riskier proposal for a restaurant to replace its fry station, where a human can make fries, onion rings, egg rolls, or whatever new fad hits tiktok, with a fries-and-rings-only box with less than 10 years commercial proof. Generative AI, for all its faults, is just code that runs on a computer you already have, or maybe in a cloud service with zero physical footprint. Relative to replacing your barista with a vending machine, trying ChatGPT for a quarter or two is practically zero risk.

tburkhol , 5 months ago

I've never been in a coffee shop without an automatic/one-touch espresso machine. The last one I tried - a place that roasts their own beans and offers a range of classes and Specialty Coffee of America certifications - I asked if they could make me a "bad" espresso, and they basically said, "Nope, you're gonna get whatever the button gives us."

tburkhol , 8 months ago

Quaint rhyme from better times. Boss is making $34 for my dime today.

tburkhol , 9 months ago

And does it apply only to verbal, podium speech, or also to written books and speech by people in [drag] costume.

tburkhol , 11 months ago

Collecting and comparing environmental data was the whole reason I started homeassistant. I mostly use indoor sensors and compare with national weather service for outdoor, but I like seeing the data. Graphs of indoor/outdoor, next to https://cdn.star.nesdis.noaa.gov/GOES16/ABI/SECTOR/se/GEOCOLOR/600x600.jpg (which updates every 5 minutes) I live in the US Southeast, and the indoor/outdoor comparison, especially dewpoint, lets me know when it's ok to open windows overnight. i.e.: the overnight temperature usually drops below the A/C set point, but if that's going to draw in a bunch of humid air, it may feel more comfortable to keep the warmer, drier air. Actual, local outdoor conditions would be even better, because we do get localized summer showers that really raise the humidity in very small areas, and the NWS data comes from an airport 5 miles away.

I'd love to have some motorized windows, or even blinds, for automation. Absent that, there's nothing super obvious to me to trigger off environmental data.

tburkhol , 11 months ago

Definitely dual stack if you do. The real benefit of IPv6 is that, supposedly, each of your internal devices can have its own address and be directly accessible, but I don't think anyone actually wants all of their internal network exposed to the internet. My ISP provides IPv6, but only a single /128 address, so everything still goes through NAT.

Setting it up was definitely a learning process - SLAAC vs DHCP; isc's dhcpd uses all different keywords for 6 vs 4, you have to run 6 and 4 in separate processes. It's definitely doable, but I think the main benefit is the knowledge you gain.