Not sure how loose you define tech, but mine would be my motorcyle, a 1981 Yamaha XS400 that my grandfather gifted me. It’s certainly feeling it’s age, so it requires a lot more effort on my end to keep running than most bikes made this century. It’s not made for modern highway speeds, it’s not happy when I try, so I keep it off the interstate, 50 and under. That said, when the weather’s good, I’ve never had a carbeurated engine start so easily, and it’s a joy to ride!
Can ISP’s really flash firmware to a 3rd party router? That’s wild. I’m not sure that’s happened to me before, and I’ve been forced to use Comcast/xfinity my whole adult life. I’ve had multiple Arris modems, and whenever I check their status page, it was always Arris branded, and stayed the same before and after hooking it up and registering it with the ISP.
I always assumed the rigamarole of registering a personal modem was simply a white listing process (give MAC address, receive internet). I’ll have to look more into it, I didn’t know there was anything else going on.
I like the way you’ve explained the concept! I never could find the right word for it, I always thought of it as “meta” media, though that never seemed 100% right. “Reconstruction” is much better, it implies a more thorough understanding (and appreciation!) of the source material than mere meta-jokes. My concept of meta would lump Shaun of the Dead in with shit like Disaster Movie, which are obviously leagues apart.
Yes, there has to be a minimal level of trust between the server and devices/users. You’re level of security defines what point the computer decides “yep, that’s good enough, I can trust this is the real user accessing me.” A true, perfectly secure system has no access, it’s a black box that nothing can interact with, because it can only trust itself.
At some point you have to trust yourself not to mess up too bad, you are the weak point in security, since I’m assuming you’re the only one who’s accessing the system right now.
I personally use plaintext password files, with appropriately managed permissions (only the owner can see or read the file.) As long as the user login is secure, and root/admin access is secure, I feel comfortable that no one but me can access the credentials. To manage remote access to the system, I use hardware (YubiKey) to store my SSH keys, with a PIN code lock that wipes the keys if entered incorrectly 5 times. I don’t have any government agencies coming after me (as far as i know) so no one has a practical way to extract the keys if the device were stolen off me, and the PIN retry limit prevents brute forcing. I trust myself to manage these hardware keys appropriately.
*Edit: to add to the “appropriately managed” bit there, each sub system (home automation, file server, media hosting, etc) should be properly containerized or isolated (using different user accounts) so that if one service is compromised, the others are still somewhat protected. *
Physical access to your server is endgame. If an attacker can physically mess with your system, you’ve lost, and that can only be fixed externally with home security improvements. A skilled attacker doesn’t need your ssh tokens to gain access if they can plug a keyboard into the server itself. I’ve also seen a demo of a neat little kit the feds use to seamlessly move a computer power cord from the wall to a portable battery pack, so they can simply walk out, with the device still powered up, and do what they want to it back at home base (it’s used mainly for raids on various computer fraudsters, but still, it exists, and can be used on you). I trust myself not to do stupid stuff that gets me targeted by a hacker group, or raided by the FBI.
Something less targeted, like a burglary (not focused on your server), can be protected against by disk encryption. I don’t use any disk encryption, but I probably should. I like the idea other user’s wrote down here, of using a TPM module to store disk encryption keys, so it can detect if the hardware or OS changed between boots and deny decryption. I’d also take it one step further and encrypt the data/password files with an encryption method that requires someone to log in and type a password, that way if someone were to steal the device and power it up elsewhere, the passwords are still safe until you OK it, essentially authorizing unexpected reboots, at the cost of having to log into the server every time it starts (not fun if you’re doing maintenance.) if you do this bit right, you don’t have to trust yourself to do anything but remember the password.
Sorry about the length there, but security and access management is a complicated topic, so it requires a lot of talking. Hopefully it helped!
Both are good ideas! A newer Gen cpu is never a bad thing in this hobby. Either method will do you good, so if you’d rather have the extra cpu horsepower of a newer cpu, you should go for it!
I have no opinion or knowledge of which Intel cpu is best for you besides “bigger number = more better” so hopefully the other responses with advice are accurate. Good luck!
If money is tight, then the cheapest solution would probably then be an nvidia GPU with NVENC support, since you wouldn’t have to upgrade anything to make it work (assuming it fits in your case of course) . I believe I managed to grab my 1050TI for about $100USD, and it supports many, many streams, especially with the NVENC unlock driver patch, and my cpu sits pretty at maybe 10% usage tops.
If you’re mainly using this server for plex, then a 13 series Intel with quicksync will be the way to go, from what I read the newest generation of quicksync is really good for transcodes. That and more RAM, can never have enough ram!
Is plex transcoding what’s making your server struggle? Even with older gens, I would think using hardware transcodes would keep the cpu load light. At least that’s what I noticed when I dropped an nvidia card into my server (no integrated graphics in my cpu)
I had to refresh a pc with Windows 11 recently (unfortunately) and I can confirm it works, but I found it only works on a completely clean install, and you have to run the command IMMEDIATELY when starting setup. I had to re-install twice, because the first time I connected to Wi-Fi, and even running the command and disabling wifi, it still demanded an account. I had to wipe the drive an install a second time, then run the command right at the start of the setup process, before doing anything. THEN it let me skip connecting to internet and logging into an account.