Also like Ente uses: https://github.com/ente-io/ente/pull/7945#issuecomment-3538457041

You can’t always use the dev tools. Sometimes the sites have JavaScript that detects when you open the dev tools and then lock stuff up more.

Relevant thread: https://lemmy.today/post/32621021

tl;dr https://addons.mozilla.org/en-US/firefox/addon/hls-stream-detector/ + yt-dlp

Link? I went to https://lemmy.today/post/18243468 , but didn’t see anything relevant. (I’m sure there probably is something relevant in there, but it’s a huge area to sift through.)

Harden your server first

Do you have any tutorials or guides on this handy?

Use your router/server to block some counties using geoip

Yeah, definitely all my users are in the same town/region/country as me. So this could be doable.

Configure rate limits in Nginx

Hm, currently using Caddy as my reverse proxy. I guess there’s some module for this.

only open ports in your firewall you really want to open

The only port I need open is 443 for accessing Jellyfin and Immich. I can definitely block 22 from the public internet. And fuck it no automatic redirects from 80 to 443. TLS or bust.

GAAH! OK! I’M NOT CRAZY!

The exact same thing is happening to my wife’s phone. We’re both on Pixel 8s, have the same VPN settings, but for some magic reason Tailscale breaks only her phone. She has to turn off Tailscale and reboot her phone to regain connectivity.

These shenanigans is why I’m considering just exposing things to the public internet. I’m using Tailscale on several device types and Tailscale adds friction to all of my devices (except Arch where everything always works).

I understand the friction is there for a good reason, but my family doesn’t. They just see that Jellyfin doesn’t work and that all of this is buggy and maybe they just should sign up for Netflix instead of dealing with all of these bugs.

“roaming” device is always connected to their “home” network by VPN

Ah, right. Well, currently I do have my wife’s and my phone on the Tailscale VPN. The issue I’m trying to solve is that the VPN app on Android (and other environments) isn’t 100% bug-free. For some unknown reason, my wife frequently has issues with Tailscale. It’ll break her entire networking on her phone. The only way to fix it is by rebooting her phone. I have no idea why because we have the same phone and the same settings and it works fine on my phone. I’ve tried turning off Tailscale, logging out, and back in, and the network won’t recover. Sometimes the Tailscale app won’t even trigger the SSO page to sign in. So it just stays permanently logged off.

The Nvidia Shield also has similar issues where I have to fuss around with the VPN.

So at this point, I feel like I’m done debugging VPN apps and maybe it would be easier for users if I expose stuff to the public internet. Obviously, it makes management for me harder, but that’s ok if everything Just Works for everyone without extra steps or without having to reboot your phone every week.

i knew what i did and why i did it, two years ago, after which i never had to touch it again until now

Hahaha, true. This is why I try to keep as many notes as possible, leave lots of comments, add READMEs, links, and otherwise document what I did and why.

It’s not perfect, it’s often tedious, and I don’t always do it, but when I come back 2 years later wondering why I set some random option, it’s pretty nice having at least some hint.

site-to-site VPN configurations between routers at each location … the router itself handle routing of specific traffic over the VPN connection, instead of needing each device to connect to the VPN individually.

Interesting. This could help with my home network and my parent’s, but I also need to handle cases where I don’t control the network. I have clients that are phones. My family would expect that the services keep working even if they’re in a different city on cellular or at a friend’s house.

What kinds of things are you planning to expose?

Primarily Jellyfin and Immich.

What I expose I hide behind a reverse proxy with IP whitelists.

Do all your clients have fixed IPs? I have some clients that are phones or laptops, but I would imagine those change as people drive around to different cities or connect to different coffee shop WiFi.

I am kinda interested in WireGuard, but how does it work with multiple non-PC devices on different networks? Tailscale runs seamlessly on my Arch laptop, but Android, TVs, and streaming sticks have hiccups from time to time.

I have services that I want to share with my non-techie family. If a service stops working, they suck at debugging and fixing the issue on their own.

you understand it more when you build something by yourself, so it’s easier for you to fix it when it’s broken.

For me, this is a big selling point. Instead of trying to figure out why someone did something or wrestling with their decisions, I know what I did, why I did it, and if necessary, and I can change it.

Every time I hear him speak, I am reminded of just how stupid he is.

I know this is common knowledge on Lemmy, but damn it’s still nice to read. When I talk to folks around town, they all think he’s a genius… it’s really jarring.

I’ve noticed the more subscriptions I add, the slower my feed loads. All does seem to load faster for me as well.

Oooooh, ok. TIL.

At least Arch and Debian seem to use top from procps-ng. Good to know.

^^^^ get to posting, OP! These comms aren’t gonna fill themselves!

I missed this part during my first read:

This screen allows you to customise which fields are displayed in the currently selected window. Use cursor keys (or Alt + j and k) to move up and down this list, d to toggle whether a field is displayed and s to choose the field by which the window is sorted.

and when I tried it, it seemed like my commands weren’t doing anything… so in case anyone else finds this helpful…

How to sort columns in top.

• Launch top
• Press f (not SHIFT+F)
• Use arrow keys or alt+j / alt+k to select a column
• Press s to sort by the column you’ve currently selected
  • note: you won’t get any obvious feedback, this is normal… I guess
  • look at the top line: whose current sort field is $COLUMN_NAME
  • this line will change when you press s
• Press q to exit the Fields Management screen
• Selected column should now be sorted from largest to smallest

At this point, top may not look like it sorted the selected column. It may be helpful to tell top to highlight the currently sorted column. Press x to do this.

Now it should be easier to tell which column was sorted.

Wait… what?

$ top --version
top from procps-ng 4.0.5-dirty

The following utilities are provided by procps:

• free - Report the amounts of free and used memory in the system
• hugetop - Report hugepage usage of processes and the system as a whole
• kill - Send a signal to a process based on PID
• pgrep - List processes based on name or other attributes
• pkill - Send a signal to a process based on name or other attributes
• pmap - Report the memory map of a process
• ps - Report process information including PID and resource usage
• pwdx - Report the current working directory of a process
• skill - Obsolete version of pgrep/pkill
• slabtop - Display kernel slab cache information in real time
• snice - Renice a process
• sysctl - Read or write kernel parameters at run-time
• tload - Graphical representation of system load average
• top - Dynamic real-time view of running processes
• uptime - Display how long the system has been running
• vmstat - Report virtual memory statistics
• w - Report logged in users and what they are doing
• watch - Execute a program periodically, showing output fullscreen

https://gitlab.com/procps-ng/procps

Oh, so these guys manage top and a few other common utilities.

I would often just grab htop because I had no idea how to read the CPU usage out of top.

lol, same! 1t gets me 90% of the functionality I use in htop.