Whenever I have a Linux box without Internet I just USB tether an Android phone—if the phone is on WiFi then it uses that (not cell), so it’s basically just a WiFi adapter that’s almost universally supported. (I think it NATs, so in some circumstances won’t work, but good enough for most emergency use cases.)

I would recommend PoE security cameras. You probably want support for RTSP / ONVIF.

I have some Amcrest cameras talking to Frigate. It is completely local—cameras on a separate VLAN that can’t talk to the Internet, footage is recorded on a server running Frigate. Works very well for me. No vendor lock-in is also nice!

I probably would have ordered my matrix so that my/my and (not my)/(not my) were the diagonal elements, but that’s just nitpicking I suppose.

The pandemic was great for my city (San Francisco) in this regard—they shut/heavily discouraged a bunch of streets to through traffic for a number of “slow streets.” Kids and adults alike run, bike, scooter, etc. in the middle of these streets. Obviously people love them, so they remained after the pandemic (at least, the one’s I’m familiar with remain).

It’s not a full-on car ban, but it’s a start!

640k 780k ought to be enough for anybody…

If you search around you might find free ones. Oracle has/had a free tier (though it’s Oracle, so…).

Yes, but you can run multiple VPS, from different providers, simultaneously.

What I like is that while it does depend on an external provider, it doesn’t depend on a specific external provider. Any VPS with a public IPv4 would work.

VPS+VPN, this is what I do.

VPS has public IP and runs WireGuard “server”* and a reverse proxy (and fail2ban…). Reverse proxy points to my home computer over the WireGuard link. No open ports on my home router.

For private facing/LAN-only services I just don’t have an entry in the VPS reverse proxy. DNS on the router points everything to my local server, so if at home I access everything directly. To access internal services remotely requires VPN (i.e., WireGuard to the VPS).

Works well; I have a tiny free tier VPS but even so, no complaints.

*Yes I know there are no wg clients or servers, only peers, but it plays a server-likr role.

Americans had “unity” after 9/11

Uh, no we didn’t. Source: am American, lived through that period.

Yes we had a brief period of unity (and solidarity with NYC) following 9/11, but as soon as the American War Machine woke up, my country was intensely divided.

I used Photoprism years ago, so my knowledge is probably pretty outdated.

My experience of Photoprism was that mobile was not tightly integrated. At the time I used Syncthing to sync photos — it worked ok for me, but I wasn’t going to set it up on my partner’s phone, for example.

Immich Just Works on both mobile and desktop. Multi user is great, sharing is great, and the local ML and face detection work remarkably well.

Whatever works for you is the best of course! Immich fits the bill for me, and it was very much worth it for me to “buy” it.

xscreensaver of course! Note that this is not an option on Windows—jwz hates Microsoft, and any xscreensaver port to Windows is against his wishes.

I use yabai and sketchybar for a tiling WM feel. It’s nowhere as nice as my preferred i3, but it’s ok. Unfortunately it often breaks with major OS updates, so I’m sure to hold back updating my system until yabai is working.

IIRC sshfs will work on macOS but it’s more work to install. Worth it if allowed by your IT policies and your work can benefit from it.

Vim, tmux, and the usual *NIX stuff you might want.

The coreutils are not the GNU coreutils you typically find on a Linux system, so you may find a few differences. I believe sed is slightly different, and the flags for ls must be before the filename arguments, but I’ve found it’s mostly silly stuff like that (I used zsh before using macOS, so no problem there).

Regarding DNS servers, what router do you have? Some routers have simple enough DNS capabilities — I have a MikroTik, and have it set up with DNS entries for internal services (including wildcard). Publicly accessible services just use my registrar’s DNS (namecheap — no complaints).

You’re right, for new drives it looks like a little more with this 20GB retailing for $230, or $11.50/TB.

For refurbished, I recently got a factory renewed 12TB Seagate for $112 ($9.33/TB), but that price is now up to $199 for the same drive (!).

Official numbers here https://www.debian.org/mirror/size

About 4.4TB, but that’s all architectures and (I believe?) all distributions (stable, testing…).

If you only want source+all+amd64+arm64, and only want stable, it will be smaller of course.

Not nothing, but at $10/TB or so, it’s not much.

And if you’re following 3-2-1, I’m pretty sure the “1” is already handled for you :)

I know right? Almost like it should be called Spaceballs II: The Search for More Money.

On low end CPUs you can max out the CPU before maxing out network—if you want to get fancy, you can use rsync over an unencrypted remote shell like rsh, but I would only do this if the computers were directly connected to each other by one Ethernet cable.

If you’re running it via docker compose it’s trivial to upgrade, and there are no breaking changes. Pull, down, up, you’re done.

Frigate is pretty good, too. I’ve only been running it for a few months but I’m very happy with it.

Though, technically that leaves you more at risk of ransomeware or something that overwrites your data.

I rsync as well, but use snapshotting on the remote drives. So, a bad rsync would suck but shouldn’t really result in data loss. Ransomware on my local+remote server would of course be very bad…

I do something similar — I have a raspberry pi and a HD, with daily rsync and snapshots (monthly retained indefinitely, weekly retained for a month, daily retained for a week). It’s at family’s house, connected to my home via WireGuard via a VPS. Tailscale (or anything really) would also work here.

It’s a great setup! Just have some watchdog reboot if it can’t talk to home (a simple cronjob with ping -c1 home.lan || reboot or similar).

Even our “slow” 35Mbps upload speed is way more than enough for incremental rsyncs of my Immich library. The initial sync was done in person, though.