Drink less paranoia smoothie…

I’ve been self-hosting for almost a decade now; never bothered with any of the giants. Just a domain pointed at me, and an open port or two. Never had an issue.

Don’t expose anything you don’t share with others; monitor the things you do expose with tools like fail2ban. VPN into the LAN for access to everything else.

and using DDNS

As in, running software to update your DNS records automatically based on your current system IP. Great for dynamic IPs, or just moving location.

Sure, cloudflare provides other security benefits; but that’s not what OP was talking about. They just wanted/liked the plug+play aspect, which doesn’t need cloudflare.

Those ‘benefits’ are also really not necessary for the vast majority of self hosters. What are you hosting, from your home, that garners that kind of attention?

The only things I host from home are private services for myself or a very limited group; which, as far as ‘attacks’ goes, just gets the occasional script kiddy looking for exposed endpoints. Nothing that needs mitigation.

Unless you are behind CGNAT; you would have had the same plug+play experience by using your own router instead of the ISP supplied one, and using DDNS.

At least, I did.

The middle-man provides plausible deniability in this case. PornHub can genuinely say they don’t see connections from age-verification states atm. That stops being true if they host the VPN, making them aware of actual client locations.

I have one more thought for you:

If downtime is your concern, you could always use a mixed approach. Run a daily backup system like I described, somewhat haphazard with everything still running. Then once a month at 4am or whatever, perform a more comprehensive backup, looping through each docker project and shutting them down before running the backup and bringing it all online again.

I setup borg around 4 months ago using option 1. I’ve messed around with it a bit, restoring a few backups, and haven’t run into any issues with corrupt/broken databases.

I just used the example script provided by borg, but modified it to include my docker data, and write info to a log file instead of the console.

Daily at midnight, a new backup of around 427gb of data is taken. At the moment that takes 2-15min to complete, depending on how much data has changed since yesterday; though the initial backup was closer to 45min. Then old backups are trimmed; Backups <24hr old are kept, along with 7 dailys, 3 weeklys, and 6 monthlys. Anything outside that scope gets deleted.

With the compression and de-duplication process borg does; the 15 backups I have so far (5.75tb of data) currently take up 255.74gb of space. 10/10 would recommend on that aspect alone.

/edit, one note: I’m not backing up Docker volumes directly, though you could just fine. Anything I want backed up lives in a regular folder that’s then bind mounted to a docker container. (including things like paperless-ngxs databases)

As in; when this was written…

Dirty secrets about you.

They aren’t offering to do it, just asking if it’s what you want.

Gotta check and be sure you’re being annoyed as much as possible.

Perhaps. Unless you consider multiverse theory: The idea that the act of traveling to the past splits the timeline into two realities. One containing the original (to your perspective) timeline with the event(s) that caused you to travel back, and a second where you’ve arrived in the past to alter those events and the results there of.

Not sure I believe it, but it’s a theory none the less.

Or maybe it’s only possible to travel forward in time. Closer to our current understanding of the universe.

Assuming time travel exists: is it possible to alter the past?

If an event occurs, and you decide to travel back in time to change/prevent that event: It has no longer occurred in the way that caused you to want to change it; thus you never travel back to change it, and it does occur…

deleted by creator

Companies like to keep posts/comments/other data, but they rarely keep the history of changes you’ve made to that data.

So before deleting the account, replace all the data in it with garbage. Then it wont matter if they keep it.

Finger missed the n key… Didn’t mean to type gleam

They weren’t storing your name in the first place; they’ve acquired a new service ‘blowfish’ for which an account is automatically created for you if you currently or in the past have used glassdoor. Blowfish demands a real name to be used at all. (including to delete your account)

Ontop of this, after linking the two services on your behalf; glassdoor will now automatically populate your real name and any other information they can gleam from blowfish, your resumes, and any other sources they can find, regardless of whether the information is correct (users have reported lots of incorrect changes). This is new.

As well as subpoenas from lawsuits / law enforcement.

After reading this thread and a few other similar ones, I tried out BorgBackup and have been massively impressed with it’s efficiency.

Data that hasn’t changed, is stored under a different location, or otherwise is identical to what’s already stored in the backup repository (both in the backup currently being created and all historical backups) isn’t replicated. Only the information required to link that existing data to its doppelgangers is stored.

The original set of data I’ve got being backed up is around 270gb: I currently have 13 backups of it. Raw; thats 3.78tb of data. After just compression using zlib; that’s down to 1.56tb. But the incredible bit is after de-duplication (the part described in the above paragraph), the raw data stored on disk for all 13 of those backups: 67.9gb.

I can mount any one of those 13 backups to the filesystem, or just extract any of 3.78tb of files directly from that backup repository of just 67.9gb of data.

Linux?

I just use sshfs to mount ssh shares and move files between them like any other folder.

Same with samba shares (windows).

Configure ethernet with fixed IPs, and configure wifi to use your phone hotspot.

Then you can use one to troubleshoot the other as needed.

Then your normal setup would be wired between the pi+laptop, with the laptop connected to local wifi for internet.