More technically there’s two ways to move data between two separate services. You can either pull or push the data.

Assume for both scenarios that the client is your phone and the server is some machine in the cloud.

With pulls the client calls an API and the server returns a response. Generally the www works this way. You ask a server for a wab page and you effectively pull the source down to your browser.

Pushes work the opposite, in that a server has data for the client and needs to push or otherwise give it to you. Pulls are relatively strait forward because every server has a well known name (the domain name and url). But your phone’s IP address changes constantly. So how does a server know how to contact your device? There’s generally two ways:

1. Your device can poll (make repeated pulls to a server checking for new data)
2. Or you can register some identifier and your IP address with some central server every time it changes. And then the server can essentially call a URL on your device directly. This is essentially what Google and Apple are doing as it doesn’t waste CPU resources and your battery.

You could in theory implement either of these yourself but because of the way the OSes work on both Android and iOS there’s no guarantee that you can keep a process running in the background forever. As the OS can kill your process if the OS needs more free ram, etc … The built in notification APIs are exempt from this because they are part of the OS.

If you’re worried about your IoT devices on your LAN the problem isn’t necessarily that they can access WAN but rather that there’s a security vulnerability and that they can be accessed by the WAN. Once a device is compromised and attacker can then use it as a “beachhead” to access other devices on your network.

So for example, with my setup every IoT device is on a separate VLAN (the guest network acts similarly) which can’t get access to WAN, can’t be accessed from the WAN and can’t initiate any network calls to any other VLAN. Now my primary VLAN can talk to my IoT VLAN, and IoT can talk back, it just can’t start the communication.

This does pose a problem for TVs though that need to talk to Jellyfin as hinted at in the original post. So what you could do is create a specific firewall rule that allows the TVs to at least initiate communication to Jellyfin but not any other device on your primary VLAN. This will probably require a more sophisticated router though than most of the consumer ones out there. Just be mindful that if n IoT device is compromised they can then try to attack the jellyfin server to jump to your other VLAN and then the rest of your network.

Just wanted to add… After reading your initial post I did some more digging on adding tracking headers, etc… especially by T-Mobile.

While it’s definitely a thing, it only applies to HTTP traffic. Even HTTPS blocks their ability to add those headers. So any traffic that’s using any other protocol (DNS, email, ssh, or just gaming, etc…) would be safe from your ISP from at least trying to add these tracking headers.

Yes but while the service is targeted for home use there still is remote work which generally requires a VPN back to the company network. They wouldn’t be able to block this. Now sure they might be more inclined to block Mullvad but they’d impact too many businesses by blocking wireguard as a whole.

And assuming they did block Mullvad but not wireguard… Just rent a VPS and install a wireguard server and client there to bridge back to Mullvad.

I know this doesn’t help much but I use T-Mobile cell towers with an always on VPN with no issue. But I don’t see why they’d block Mullvad. (I’d be more concerned that they’d block them than wireguard in general). But there’s completely legitimate reasons to use both so I don’t see them really bothering to block either.

Yes, but Google at least innovated and tried to increase customer value with Android. They also make better phones (from some people’s perspective) than Apple. I’ve seen nothing from Epic that tells me that their product is better than Steam. Sure they have free games, but that business model isn’t sustainable and for the non free games, why would I buy from them vs Valve? Sure, if I was a developer I might get a better deal with Epic, especially if I can sign an exclusivity agreement), but I’m not a game developer I’m a gamer just looking to play my games on my PC as easily as possible.

I can’t speak for anyone else but I can at least share why I didn’t care for it.

Steam already exists and there isn’t a lot I feel is missing from the Steam store. Not to mention there isn’t anything that Epic does better than Valve for their storefronts. Epic doesn’t provide any new value that Valve doesn’t. In fact I’d argue that Epic causes negative value for several reasons:

1. They essentially fragmented the PC market as now I can’t access all of my games in a single location. The same reason for example that I hate that Netflix, Hulu, Disney+, HBO Max, etc … exist. It just makes the overall experience less convenient and more expensive.

2. Several features that Steam already has working are either broken or missing in the Epic Store. Especially around the shopping cart, etc … I haven’t gone to look recently to verify if any of these have been fixed and probably won’t until the other points are addressed, if they even can be resolved.

3. There’s no level of trust with Epic compared to Steam. I have a massive Steam collection and Valve has shown time and time again that I can trust that my data is relatively safe with them. When was the last time you saw Valve in the media because of a data breach? When was the last time your Steam account got hacked. Epic is just new here so they haven’t had a chance to earn that trust.

4. Their motives for wanting to create a new store wasn’t to improve the customer experience. Instead it was to improve their bottom line. The court cases against Google and Apple prove this. If they at least tried to have a PR campaign to show how Epic is innovating compared to Steam especially for making the customer experience better, the Epic Store might have sit better with me.

5. Timed exclusives. Similar to point 1, but they were just trying to use their massive cash reserves from Fortnight to buy their way into the market rather than earn the trust of customers. This again resulted in fragmentation of the PC market.

Anyway, just my two cents.

I’ve tried commenting out the ports in the compose file, which should make them only available on the internal network, I thought. But when I do that, the containers can no longer connect to each other.

Did you create an explicit network for them to talk on? Otherwise the default docker network doesn’t support internal DNS queries.

https://docs.docker.com/engine/network/#container-networks

Specifically you need a network using the bridge driver: https://docs.docker.com/engine/network/drivers/bridge/

Can you share the Home Assistant automation / setup that you have for Uptime Kuma notifications? As I’m in the same boat as you. I just got a webhook setup but I’m getting flooded with notifications, especially after services update.

My hope is I just want to be notified when a particular service is down for say 5 minutes but all I care about is knowing the node name. I don’t necessarily care to get notified if the service comes back up.

Yes it would. In my case though I know all of the users that should have remote access snd I’m more concerned about unauthorized access than ease of use.

If I wanted to host a website for the general public to use though, I’d buy a VPS and host it there. Then use SSH with private key authentication for remote management. This way, again, if someone hacks that server they can’t get access to my home lan.

Their setup sounds similar to mine. But no, only a single service is exposed to the internet: wireguard.

The idea is that you can have any number of servers running on your lan, etc… but in order to access them remotely you first need to VPN into your home network. This way the only thing you need to worry about security wise is wireguard. If there’s a security hole / vulnerability in one of the services you’re running on your network or in nginx, etc… attackers would still need to get past wireguard first before they could access your network.

But here is exactly what I’ve done:

1. Bought a domain so that I don’t have to remember my IP address.
2. Setup DDNS so that the A record for my domain always points to my home ip.
3. Run a wireguard server on my lan.
4. Port forwarded the wireguard port to the wireguard server.
5. Created client configs for all remote devices that should have access to my lan.

Now I can just turn on my phone’s VPN whenever I need to access any one of the services that would normally only be accessible from home.

P.s. there’s additional steps I did to ensure that the masquerade of the VPN was disabled, that all VPN clients use my pihole, and that I can still get decent internet speeds while on the VPN. But that’s slightly beyond the original ask here.

A couple of options in my opinion, as I just did this myself:

You can use the CLI tool to “upload” them. You can even do this from the server itself. So upload times would be as fast as your network card can process or however fast your server is, whichever is slower. It does require that you create an API key for the user in question though.

Otherwise you can create an external library and link that to your account. Now Immich will still index this library but it won’t move or manage the actual files. I’m not sure though if it looks at those files for duplicates (i.e. if you try and upload the same photo from your phone to the server). This external library will also prevent deleting photos as well, FYI.

There might be other options that I’m not aware of, as I’ve only been using Immich for about a month now.

Edit: link to the CLI documentation: https://immich.app/docs/features/command-line-interface/

Correct. As I can only provide links to posts that are on your selected home instance. Eventually I’ll change this but you’ll get a 404 page for links that aren’t on your home instance, but see my P.S. below.

P.s. there have been changes to the Lemmy API that have prevented me from getting updates for about a month now. So most of the results you’re seeing are from old posts only. Until I can rebuild the crawler or find a new API there won’t be any new content.

This is the same reason I had to turn off my search engines crawler.

There were changes made to the API to ignore any page > 99. So if you ask for page 100 or page 1_000_000_000 you get the first page again. This would cause my crawler to never end in fetching “new” posts.

lemm.ee on the other hand made a similar change but anything over 99 returns an empty response. lemm.ee also flat out ignores sort=Old, always returning an empty array.

Both of these servers did it for I assume the same reason. Using a high page number significantly increases the response time. It used to be (before they blocked pages over 99) that responses could take over 8-10 seconds! But asking for a low page number would return in 300ms or less. So because it’s a lot harder to optimize the existing queries, and maybe not possible, for now the problematic APIs were just disabled.

I was using it’s APIs. But new restrictions have effectively been put in place that prevent me from using them for what I need. Similar API calls were being made that were causing DDOS attacks on lemmy.world.

As for running a lemmy instance itself. That’s a thought but I need the data in a different format to do efficient searches. It’s a tricky problem.

Yep that’s the new idea. The sad part is that with this method there’s no way to get historical data. Only new posts. So if a server goes down, gets DDOSd etc… I’ll lose posts forever.

Also building an ActivityPub implementation from scratch isn’t trivial either. So that’ll take some time.

I’ve got a few other ideas I’m playing with as well. Like just assuming that internal post IDs are all sequential and literally fetching them one by one. Or maybe some combination of both?

Thanks for the shout-out.

But FYI I’ve run into some bugs that’s preventing new content from being indexed. So you won’t see anything new (from about a week ago) until I can find a new method to fetch new posts.

By default there’s no way to hotlink, if you will, to a post on any platform. Now some apps might be doing something special to get around this, but out of the box this isn’t supported at the moment.

Now there is an issue on lemmy itself which I’m exploring that should “fix” this: https://github.com/LemmyNet/lemmy/issues/2987

But I’m not sure how that might translate in a mobile app.

Missing features are fine. Even then, and maybe it’s just me, but Push Notifications + User Highlight/Tagging doesn’t seem like $2 worth of value to me. Just trying to call out that the current value-to-cost ratio seems off. And sure there are other features and maybe other users will get $2 worth of value out of those, but in my opinion that’s why I won’t be buying a subscription, even if I want to support the developer.

Originally it just looked like a collapsable title. (https://www.digitalocean.com/community/tutorials/android-collapsingtoolbarlayout-example). Then I just happened to tap it trying to find out how to change my default sorting. Although I’m not sure why Sync doesn’t just use the default from my profile?