I’ve made that exact comparison before. TLS uses encryption; ransomware also uses encryption; by their logic, serving web content through HTTPS with no way to bypass it is a form of malware. The same goes for injecting their donation banner using an iframe.

But don’t you know that Anubis is MALWARE?

…according to some of the clowns at the FSF, which is definitely one of the opinions to have. https://www.fsf.org/blogs/sysadmin/our-small-team-vs-millions-of-bots

My immediate thought is a cron job that tests the user account’s last login time and fires a script if it is exceeded.

You can use basically any HTTP server to achieve that, like Apache or Nginx. If the directory (specified by the path in the URL) doesn’t contain a file that matches the default file in the config (index.html and such), the server will list the directory contents instead.

I’m sure all the reactions will be nothing but respectful and factual, and not riddled with festering teenage emotions.

hosting their videos on their own website

I love that entrepreneurial attitude. If an online service is unsatisfactory, just develop your own software from the ground up and provision the infrastructure from your pocket. Car industry sucks? Just build your own car! GPU prices high? Grab a soldering iron and a handful of sand, how hard could it be?

Things are always more complex than they appear. The whole point of services like Youtube and Patreon is to offload that complexity onto the provider in exchange for a fee (or some other form of compensation) from the user. Just look at how many early Lemmy instances have gone offline because of the overwhelming financial or administrative burden. Hate the companies all you like, and by all means look for independent solutions, but don’t pretend they offer no value whatsoever.

What if you try reaching it through your public IP?

Stupid question, but is the service reachable at all? What if you map 81 to 81? Or whichever port the other, confirmed-to-work service uses? What if you map that other service to 8100?

It’s based on hole punching, but with extras. The clients punch a hole in their respective firewalls then the service connect the holes so the clients end up communicating directly with each other. They have a lengthy blog post about NAT traversal.

Tailscale. It does some UDP fuckery to bypass NAT and firewalls (most of the time) so you don’t even need to open any ports. You can run it on individual hosts to access them directly, and/or you can set it up on one device to advertise an entire subnet and have the client work like a split tunnel VPN. I don’t know about OpenWRT, but both pfSense and OpnSense have built-in Tailscale plugins.

People are freaking out about their plan to go public, but for the moment, it’s a reliable, high quality service even on the free tier.

I’ve also used Ngrok and Twingate to access my LAN from outside, but they simply use relay servers instead of Tailscale’s black magic fuckery.

Ansible is an abstraction layer over system utilities, shell, and other programs. You can specify what you want to happen, and it will figure out how to do it. For example, you can use the ansible.builtin.package module to specify which packages you want to be present, and Ansible will decide which specific package manager module should handle it and how.

Ansible tasks are also idempotent – they are concerned with the end state instead of the action. Many of the modules (like the package module above) take a state parameter with the possible values of present or absent (instead of the more common “install” and “remove” actions). If the system’s state satisfies the task’s expected end state (e.g. the package is already present), the task will be skipped – unlike a shell script, which would simply re-run the entire script every time.

Ansible also implements strict error checking. If a task fails, it won’t run any subsequent tasks on the host since the end states would be unpredictable.

That’s unfortunate, I have no idea how Tailscale does routing on Windows. Try running the client without accepting any subnet advertisements.

I’ve also found this: https://tailscale.com/kb/1023/troubleshooting#lan-traffic-prioritization-with-overlapping-subnet-routes The solution might be to advertise a larger subnet (e.g. 192.168.1.0/23) to make the route advertisements on the tailnet less specific than on the LAN. Advertising a larger subnet won’t cause any additional issues because it’s in a private IP range.

How did you set up subnet advertisements on the router, and which subnets? Did you touch the ACL in the tailnet’s admin console?

On the home PC, did you accept advertised routes with the Tailscale client?

What happens when you ping a host on the LAN using tailscale ping ADDR? What happens when you try to tracert or tracepath to it?

Perhaps there was an easier lighter-weight way of doing this?

sshuttle does exactly that. It’s basically a VPN that uses SSH tunnelling. If you have a host in the same network as the target machine, and you can SSH into it, sshuttle can route all TCP traffic between you and the target (or a subnet) through the host without having to bind local ports manually.

sshuttle -r ssh_server <targets/subnets...>

deleted by creator

Minio is about to get Redis’d.

I use self-hosted services in the following categories as much as possible…

That question could really use a “not applicable” option. I don’t operate any home automation solutions, so any answer from me would be invalid, and neutral answers because the item is not relevant will appear the same as neutral answers because I use both self-hosted and externally hosted solutions (e.g. Mullvad for privacy and Tailscale to get around CGNAT).

The minimum spec is whatever e-waste you can find that still powers on.

My home server has an i3-4160, 10 gigabytes of mis-matched RAM, a ten-year-old 240 GB SSD with 36000 hours on it, and three 1 TB hard drives in a RAID5 array each with ~25000 power-on hours. It runs Proxmox on the metal with a virtualized OPNsense, Nextcloud, and Jellyfin server (plus smaller services). Jank levels are high, but not fatal, and it was mostly free.

are rolling release distros stable enough

I’ve been using Arch (or some flavor of it) for several years, and I’ve never had any serious issues that I didn’t cause myself. The thing that might catch you with your pants down is if a dependency introduces a change that breaks another application, but catastrophic failures are fairly rare, as long as you’re willing to learn how to maintain your system.

is it possible/easy to roll back to a previous version

Yes. The application is called Timeshift, and it’s specifically designed to back up the system files to a separate partition. If your root filesystem is btrfs, it can also manage filesystem-level snapshots that you can roll back if you bugger the system.