ZeldaFreak

I don’t miss any breaches (I inform myself with other news portals) and the most recent one with 2 billion is included but no actual account. Of course some of the addresses the spammers guessed for my domain could be in a breach that I don’t know of but I don’t care. Just guessing email addresses is not hard for a catch all address.

They want money? I have 2 domains registered and I’m currently at 10 breaches (9 on one and 1 on the other (my serious domain)).

The thing is, the stuff is bloated anyways. Aliases as “webmaster80@”, “webmaster13@”, “webmaster01@”, “2webmaster@” I never used. Even the “webmaster@” I only posted as contact mail but never used myself. There are 13 breaches across 6 aliases, that I never used. With Synthient Credential Stuffing 4 got added.

Spammers do roll a ton of addresses with that one domain. I even let AI wrote a ps script, so I can easily add an alias to my spam mailbox, which rejects any mail and deletes them instantly.

They should clarify it. If these 3 points are just offering an easier way to do it, then fine. If they block these features in general when you want to manage it yourself, then screw it. I had one self hosted software, which blocked remote access even when you use your own reverse proxy. At least it was a one time payment.

Databases are not the issue but that the updater doesn’t handle it… My personal instance and our work instance never take long (a few seconds) to fix the database. I mean the instance is already in maintenance mode and adding a checkbox to do it or not to do it, should be simple. I don’t know if there are instances where it takes long and its better to do it during the night.

I do have both (VPN and Reverse Proxy) running. For VPN my router uses Wireguard and at work we use Wireguard as well. You can alter the config in such a way, that only internal traffic would get routed through your VPN. I love this, because for regular traffic, I’m not bound to the upload at my home network or with work, route my personal traffic through the company internet or lose access to my own network.

Reverse proxy isn’t bad either. I have a DNS running at home, that redirects my domain used for home stuff, directly to the reverse proxy. This way I can block certain stuff, I want a fancy domain but not be accessed from the outside, because its not needed or not set up properly.

With a VPN, you would be more secure, because its a single instance you need to keep safe. With regular updates and set up properly, this shouldn’t be an issue. But I would suggest reading tech news portals, that do cover security breaches of well known software.

With a reverse proxy setup I use, I must trust so many things. I must trust my reverse proxy with the firewall and then each server I run.

But keep one thing in mind. If you for example use stuff like Home Assistant, that you access in the background, it wouldn’t work if you connect via a VPN. With Wireguard I can be connected 24/7 to my VPN, even at home. With the previous VPN my router used (I guess it was OpenVPN), this wasn’t possible.

A coworker uses it as backup and he is happy about it. I have rented an auction server (a dedicated server) from them and on it is my Nextcloud and stuff and I backup my NAS to my Nextcloud and my Server to my NAS via WebDAV. Zero issues. I had once contact with their technical support, because a Harddrive failed. I was a low priority case but they handled my case exceptionally fast. Opened the ticket on a Friday after a holiday on 23:09 and at 23:51 the hard drive was changed.

Yes, they are different. I thing your “IKEA pairing” would be touchlink paring. I would say connecting the device through the controller offers the most flexibility. When you use Zigbee2MQTT, you can take a look at https://www.zigbee2mqtt.io/supported-devices/ what your device exposes. Sometimes you could loose a feature. For example the “VINDSTYRKA air quality and humidity sensor” can be connected directly to the STARKVIND air purifier, so it uses its value for the air quality. I never tried if I could connect it both ways.

On the other hand there is my Paulmann RGB remote control. I could connect the remote directly to lamps. I decided to do the automatons via HA and it has 116 different actions. Obviously its quite the task to do the automations, especially how I need to access the values.

But to not frighten you, its not always complicated. I have a few buttons and they aren’t complicated. Connect through Z2M, press every button in each variation (single, double click, hold), add the automation and then what happens.

You can make it more complicated (and fun). My hue dimmer switch could have 5 scenes via the hue hub but not via HA and Z2M. With Node-Red I programmed a small logic, that just counts how often I pressed the on button, within a certain time limit. It then cycles through my selected scenes. I can add as little and as much as I like. Oh and to clarify: Node-Red can be added as Addon to HA. It allows node bases programming. I find it easier then HA Automation, because it looks visually clearer. Also its way cooler, because it has more options.

My passiv cooled Pi5 (case as radiator) with HA is at 44°C (room is at 33°C). Idk how hot it gets on a regular basis, I just enabled the system monitor integration right now.

I mean with CPU temps, thermal throttling starts usually at 80°C, so nothing to worry.

Doesn’t work Invalid parameter --. I have zero clue where it gets the --. But the issue would be new devices or other ports. I did this manually once, needed to unplug my PC and needed to do this once again. At least there seems to be an option doing this in bulk but it’s not optimal.

You can configure it. Whats worse, my current PC actually allows every device to wake up my PC. My old PC didn’t allowed it and only allowed the power button and WoL. You can turn it off for each device (there is no bulk option, thanks MS), but when you plug in a new device… Recently I forgot to unplug my mouse from charging and my PC started right away.

I have no problem that there is this option. Might be handy in the right situation. I have a problem that you can’t configure it easily. But I guess hibernation is something that Devs forget these days. I have a few programs that don’t play along nicely.

Here people even “steal” books from public bookcases and sell them.

For people who aren’t familiar, let me explain: These public bookcases are a weatherproof shelf, old phone booth or something in the streets. The concept is you can take any book and leave any book. There are no written rules and you can keep a book if you like or just read it and put it back. In recent years people started to scan the barcodes and checked what books they can sell. There is a debate going on if people should mark these books or not, so they can’t be sold.

Images are just bytes. Just encode an image via base64 and now you can send it via text. People will find ways.

To be more specific: Postgresql requires manual steps with major versions. Tutorials I found require you to dump the database in the old version first, then update and then import. You could use a tagged version of postgresql and just auto update there but the main container might require a newer version. I saw containers who try this but none looked production ready.

Yeah I expected that this would happen. They already did this with RAM. They just rebrand RAM, sell it for a way higher price and add a check. When they brought their own branded HDDs, I knew they will pull of the same scam.

Building an own server isn’t that more expensive and you don’t have to deal with the whole lockout with Synology. For example I had quite the issue to access hardware. I wasn’t able to get Home Assistant running on my NAS. The issue was my Zigbee USB Stick. I got it running to the point where I was able to send commands (e.g. turn on or off lights) but the status didn’t came back. I threw it on my Pi3 (now Pi5) and zero issues.

The next NAS is self build. Probably Proxmox as base, with truenas or so as main server and the rest depends on what I might need.

Auto updates can cause problems. Some recommend it, some tell you to not do it. My standpoint is, when a container can’t work with auto updates, they suck. Sure there are containers who require some additional attention after an update, like gitea with some config changes but I use it in an environment where it can be offline of some time.

If a container uses Postgresql, you can’t auto update. So far I didn’t found a well maintained container, that can do this. You also should keep an eye on your containers. As I mentioned, Gitea had some config changes, breaking the default theme (nothing major). They even screwed up their tags and I had 3 times an RC in a tag where no RC should get published. With Jellyfin I was on a tag that didn’t got any updates anymore and I needed to use a different one.

I don’t think there are people attempting to log into HA, because it has zero value to them. HA would log failed login attempts but not bots trying other stuff. When I look into my web statistics for my rented server for march with 404 errors, I got over 750 and they try to access wordpress, find old (and probably not updated) stuff and some config files, like .env files. This kinda makes sense and probably would find everybody in their access logs. Its just automated stuff and they probably run auto exploits. Wordpress sites are interesting and its worth just getting access to a kinda serious email sender or just other stuff. My ssh blocklist currently has 14000 banned IPs. Might not sure how I set it up, but it looks I picked 1 year ban time.

If you know where to look, you would see bots trying to enter your system but you would see they aim big, not small. HA is small. Sure if HA has a serious hole, you would get attacks from pranksters. Still is always a good idea to have proper security procedures for all of your accounts and servers. Most interesting are targets where they could find value within these services or using the hardware but there are always people who just want to mess with someone. There are for example people who search the internet for Minecraft servers, that they can grieve the shit out of it. Doesn’t matter if its a big professional server or just a server from 2 kiddos, that play together after school.

Auto update. Works like a charm, except PostgreSQL. For me it’s good enough and even though works with containers, where they don’t recommend it. I do have backups and for my private time, I don’t get paid, so it should be as maintenance as possible from my side.

I do check from time to time if something is broken and I noticed a container where they removed a version tag, I was using. The “biggest” thing that was broken, was my gitea server where they changed the config for the default Theme.

Also that’s why I hate PostgreSQL. It requires manual labor for updating. Had a recipe Docker and they cut support for previous major version quickly. Not good. That stuff could break, ist an option with every update. This is why backups exist. As a single user, it’s not a problem. For a big system, I wouldn’t do auto updates, so I can check if everything works.

I’ve never seen a USB-A to A cable in the wild, except recently, where I finally unpacked my SATA/IDE USB adapter from Ugreen.

Not Nextcloud. livesync is better. Requires CouchDB (Docker available) but with that, its a powerful sync option. Even Settings can be synced

With a digital electric meter, I could read that out but I still have an old analog meter. But individually measuring devices is also appealing. HA allows for that. Opening the box would require an electrician and it only gives measurements per room or circuit. This may also be appealing to some.

I now look into ESP Home. I sadly didn’t found a clamp meter here that works outside the distribution box or require lose mains power but ESP has the option for clamp meters