Some IT guy, IDK.

  • 1 Post
  • 229 Comments
Joined 1 year ago
cake
Cake day: June 5th, 2023

help-circle

  • One thing that was recommended to me by someone a while ago, is that, unless you need it for something specific, mount your media in Plex as read only.

    Plex has functions where you can delete content from the library from their UI. If you need that for some reason, obviously don’t make it read only. If you’re hoarding the data, and therefore never delete it, or use an external system for deleting files, then RO all the way.

    The only caveat to this is if you’re using a local disk on the Plex system, which then shares out the drive/folder for adding new content, in which case, you’re screwed. It has to be rw so the OS can add/remove data.

    In my case, as I think may be common (or at least, not rare), my back end data for Plex Media is on a NAS, so it’s easy to simply have the system running Plex, mount that network share as RO, and you’re done. The data on the NAS can be accessed and managed by other systems RW, direct to the NAS.

    Since Plex is exposed to the internet, if anyone with sufficient rights is compromised, in theory, an attacker could delete the entire contents of your media folder with it. If you limit RW access to internal systems only, then that risk can be effectively mitigated.



  • APC makes low end offline UPS units, which are cheap garbage.

    They also make line interactive and online ups units, which are decidedly not completely garbage.

    I pick up line interactive APC units from used locations like eBay, and go buy off label replacement batteries. Haven’t had any problems with them so far.

    To date, over the last ~10 years of running a homelab, I have used mainly SMT 1500 units, one was a rack mount. I’ve recently upgraded to an SMX2000. I’ve replaced batteries, but never a UPS, and never any server components due to power issues. I’ve run servers ranging from a Dell PE 2950, to a full c6100 chassis, plus several networking devices, including firewalls, routers and PoE switches. Not a single power related issue with any of them.




  • As IT/network/security, using a well known port for something that’s not what is supposed to run on that port, is inviting all kinds of problems.

    Especially the very well known ones, like ftp, ssh, SMTP, http, HTTPS, etc (to name a few). People make it their mission to find and exploit open FTP systems. I opened up FTP on a system once to the internet as kind of a honeypot, and within a week or so, there was someone uploading data to it.

    No bueno. Don’t use well known ports for things unless the thing that well known port is known for, is what you want to do.













  • You can do whatever you want. Don’t let anyone tell you it’s “wrong”. A big part of homelabbing is to try stuff. If it doesn’t work, that’s fine, you learned something, and that was the point.

    For me, I don’t see a UPS as essential. It’s generally a good idea, but not strictly essential. My servers are on 24/7, because I have services that do things overnight for me. I also know that some people access my lab when I’m not awake, so I just leave it on so it can be ready for anything at any time. It poses some unique challenges sometimes when running stuff that’s basically 24/7/365.

    Be safe, have fun, learn stuff.


  • Yep, there’s actually quite a few more than what I mentioned, if you get into the advanced dialogs.

    IMO, it’s unnecessarily complicated, but given that NTFS is used for network file sharing in large companies, I get why it’s so crazy. They probably demand those kinds of granular permissions.

    I know Linux is a lot simpler. Just read/write/execute, and a single group, single owner, and a setting for “everyone else” kind of thing, which is generally sufficient for 90% of use cases.