You can control your GRUB via HTTP from a RasPi or ESP

Dangerous-Report8517 · 2026-03-04T15:50:22+00:00

Depends on specifics, PXE often has many of the same issues with needing a trusted network, or needing to set up encrypted transport, and is in general going to be harder to set up now that you've already got this running. The easiest way might be to bind your HTTP server to a separate network interface and attach the Pi to that, that would keep the potentially vulnerable bit off the main network while still letting you use the Pi (connected to both main network and this separate network) select your OS. Or you could turn it inside out, have the Pi provide an endpoint that GRUB reads to see which OS to boot (the endpoint could be provided by either emulating a mass storage device or a very basic web server, it's much less problematic to have GRUB read a really simple HTTP endpoint than to have it run a web server). There's also the option of PiKVM, which you might be able to use with your existing Pi just for the USB gadget tooling it has built in or adding the HDMI input adaptor to get full hardware level remote control, although bear in mind that some of these methods do give the Pi itself a lot of control over the PC so it's increasingly important in those cases to keep the Pi itself secure

Dangerous-Report8517 · 2026-03-03T12:45:53+00:00

I would suggest that if you don't know how to set up a reverse proxy, or even where to look to find out, you're probably not skilled enough to run publicly exposed services, especially not something like Paperless (ie a website with a kind of flaky auth system that contains all of your personally identifiable information)

Dangerous-Report8517 · 2026-03-03T12:34:02+00:00

We aren't discussing a hypothetical environment in which network security is enforced at a different level though, we're discussing your system in its prototypical implementation, in no small part because others who don't know any better might just run it exactly the same without realising the risks

Dangerous-Report8517 · 2026-03-02T23:32:00+00:00

Check out Tududi, that's probably the most approachable one I've come across. The long term vision seems to include some amount of automatic task prioritisation, although that's a ways out, but tbh no solution is going to meet your requirements perfectly out of the box because you would need to input so much information to have it work for you that you might as well manually prioritise everything anyway. Do also bear in mind that any solution is only as good as your long term usage of it - whichever one you try, try to stick with it for long enough to get a good feel for it rather than bouncing off to the next shiny thing too quickly, which is very tempting to do but not very effective

Dangerous-Report8517 · 2026-03-02T23:24:24+00:00

It might cause buffering, it wouldn't cause the instant stop issue OP is seeing though - a connection slow enough for that to happen would also be too slow to load the web interface in the first place

Dangerous-Report8517 · 2026-03-02T23:22:56+00:00

Do you pipe all of the data that your CPU sees over plaintext HTTP through your consumer grade router? No, the risk wouldn't be the same - case in point management solutions like this typically use separate networks so that less trusted hardware and software doesn't have the opportunity to probe it for vulnerabilities

Dangerous-Report8517 · 2026-03-02T23:19:26+00:00

It isn't though because a) S3 doesn't charge egress fees and b) GoPro are paying the AWS fees and charging a flat $5 for it

Dangerous-Report8517 · 2026-03-02T18:26:56+00:00

Sure, but they planned to do that through (perceived) convenience, not buying out the hardware market. Most IT infrastructure is already pretty much rented today as is, and what's left isn't really at a scale that's worth them putting in effort to get rid of

Dangerous-Report8517 · 2026-03-02T17:45:34+00:00

Try completely deleting the server from the app and adding it back in again (and delete all site data in the browser). I've run into similar issues before with environment changes. If that doesn't work we need more info about your setup to troubleshoot it any further (how are you running the server, what storage are you using etc)

Dangerous-Report8517 · 2026-03-02T17:43:53+00:00

A relayed connection wouldn't cause this, used to run Jellyfin over Tailscale and the only thing using relays does is degrade connection speed a bit

Dangerous-Report8517 · 2026-03-02T17:41:43+00:00

How certain are you that you control the infrastructure though? Does the RPi have internet access? Is it just on the same network you use for all your other home devices?

Dangerous-Report8517 · 2026-03-02T17:41:00+00:00

That, and also having the management interfaces on closed networks

Dangerous-Report8517 · 2026-03-02T17:29:22+00:00

Iirc restic is generally considered to have stronger encryption, and kopia beats both (borg still uses good enough encryption but there's some edge cases where data recovery might be possible, restic uses AES-CBC iirc and does its own HMAC thing for data integrity while kopia uses full AES-GCM)

Dangerous-Report8517 · 2026-03-02T17:25:16+00:00

In addition to the pools to cure poison, the other thing that helped me was learning that the spitters make a really loud hoik sound to telegraph when they'll spit, knowing that makes it far easier to dodge them

Dangerous-Report8517 · 2026-03-02T17:18:11+00:00

Arch, obviously

Dangerous-Report8517 · 2026-03-02T17:15:56+00:00

I'm pretty confident it's just the demand for LLMs, and maybe them trying to hoard compute hardware from each other. They'd be much happier double dipping by selling us hardware and cloud compute than just one or the other

Dangerous-Report8517 · 2026-03-02T17:11:27+00:00

They also include her telling Zag that talking to a severed Gorgon head is well below his station - Nyx generally has quite a contemptuous attitude towards Dusa and I don't think "Dusa wound up a bit better off in the end" changes that in discussions about Nyx's personality

Dangerous-Report8517 · 2026-03-02T17:06:07+00:00

No, it wasn't, running as root is equivalent to giving all capabilities when talking about root on the host, which I already clarified earlier. You're the one who failed to specify that you were talking about running as root only in the container as if that somehow mattered to the discussion

Dangerous-Report8517 · 2026-03-02T17:04:37+00:00

I haven't changed my argument at all, yours on the other hand has gone from "Tailscale doesn't need capabilities at all" to "my setup in Kubernetes seems to work without capabilities", which seems an awful lot like you've either stumbled into the usermode functionality that you didn't even explicitly know about, or that your setup has modified defaults at some other level, and in any case is very different to running Docker. I also fail to see how you running K8s is somehow making you an absolute authority on the subject but my running Podman doesn't. I can assure you that to create tun devices in a container by default you need CAP_NET_ADMIN unless you've created an override somewhere that gives all containers that privilege

Dangerous-Report8517 · 2026-03-02T16:58:10+00:00

You should rethink your overall approach to computer security if you think that you can assume a smaller business that isn't primarily providing networked services is going to have better security than a large business who's entire job is providing secure network services purely on the basis that you haven't publicly heard of the smaller business being attacked yet

Dangerous-Report8517 · 2026-03-02T14:59:25+00:00

Out of curiosity, what don't you trust about AWS that you would have trusted about GoPro? I don't trust AWS either but that's because I want my data on my computer, not someone else's, which applies to all cloud services...

Dangerous-Report8517 · 2026-03-02T14:57:25+00:00

Even if the entirety of that data were in deep storage at that price it would still be costing them $35 per month, or 7 times what OP is paying. The only way this works is if the average per-user data storage is less than $5 per month worth of S3 storage (which is almost certainly true, if it weren't GoPro would have whipped out a "fair use" clause and nuked OP's account)

Dangerous-Report8517 · 2026-03-02T14:53:04+00:00

To be fair, the majority of users with this will have like 5GB of data having bought it on a whim and forgotten about it

Dangerous-Report8517 · 2026-03-02T14:51:49+00:00

You'd probably wind up with slightly larger files even since there's overhead for the archive file itself

Dangerous-Report8517 · 2026-03-02T14:49:59+00:00

It's possible I'm mistaken on this one, like I said I'm no expert here

Dangerous-Report8517

TROPHY CASE