A likely comparatively barebones (but sufficient for my needs) solution that I use is Obsidian with Synching.

What specific features are you looking for?

Neat!

Can you ping the Jellyfish server from the laptop? Can any other device access the Jellyfish server?

I use KDE Plasma on my desktop and GNOME on my laptop — though, by my experience, GNOME has been mildly annoying. I just find it too “restrictive” when compared with KDE. I’m also not super fond of how some apps seem to integrate rather poorly with GNOME. I do think that GNOME’s interface works well with a laptop, but the UX hasn’t been the best for me. I have few, if any, complaints regarding KDE.

I will preface by saying that I am not casting doubt on your claim, I’m simply curious: What is the rationale behind why it would be so unlikely for such an exploit to occur? What rationale causes you to be so confident?

Looks like a Fractal Node 304?

Yep! I’ve found that the case is possibly a little too cramped for my liking — I’m not overly fond of the placement of the drive bay hangars — but overall it’s been alright. It’s definitely a nice form factor.

It wasn’t a deliberate choice. It was simply hardware that I already had available at the time. I have had no performance issues of note as a result of the hardware’s age, so I’ve seen no reason to upgrade it just yet.

Main Server

Services

• Jellyfin
• FreshRSS
• Borg
• Immich
• Nextcloud AIO
• RSS-Bridge

Hardware

• CPU: Intel Core i5-4460
• GPU: Nvidia GeForce GTX 760
• Memory: Kingston KHX1600C10D3/8G (8GB DDR3-1600)
• Motherboard: ASUS H81I-PLUS

OS

• Ubuntu 22.04.5 LTS

Reverse Proxy

Services

• Caddy

Hardware

• Rasbperry Pi 4 Model B Rev 1.5 (2GB)

OS

• Debian 12

Router

Hardware

• TP-Link Archer C7 AC1750

OS

• OpenWRT 23.05.5

For clarity, I’m not claiming that it would, with any degree of certainty, lead to incurred damage, but the ability to upload unvetted content carries some degree of risk. For there to be no risk, fedi-safety/pictrs-safety would have to be guaranteed to be absolutely 100% free of any possible exploit, as well as the underlying OS (and maybe even the underlying hardware), which seems like an impossible claim to make, but perhaps I’m missing something important.

“Security risk” is probably a better term. That being said, a security risk can also infer a privacy risk.

Yeah, that was poor wording on my part — what I mean to say is that there would be unvetted data flowing into my local network and being processed on a local machine. It may be overparanoia, but that feels like a privacy risk.

You’re referring to using only fedi-safety instead of pictrs-safety, as was mentioned in §“For other fediverse software admins”, here, right?

One thing you’ll learn quickly is that Lemmy is version 0 for a reason.

Fair warning 😆

One problem with a big list is that different instances have different ideas over what is acceptable.

Yeah, that would be where being able to choose from any number of lists, or to freely create one comes in handy.

create from it each day or so yo run on the images since it was last destroyed.

Unfortunately, for this usecase, the GPU needs to be accessible in real time; there is a 10 second window when an image is posted for it to be processed [1].

Probably the best option would be to have a snapshot

Could you point me towards some documentation so that I can look into exactly what you mean by this? I’m not sure I understand the exact procedure that you are describing.

[…] if you’re going to run an instance and aren’t already on Matrix, make an account. It’s how instance admins tend to keep in contact with each other.

This is good advice.

Fediseer provides a web of trust. An instance receives a guarantee from another instance. That instance then guarantees another instance. It creates a web of trust starting from some known good instances. Then if you wish you can choose to have your lemmy instance only federate with instances that have been guaranteed by another instance. Spam instances can’t guarantee each other, because they need an instance that is already part of the web to guarantee them, and instances won’t do that because they risk their own place in the web if they falsely guarantee another instances (say, if one instance keeps guaranteeing new instances that turn out to be spam, they will quickly lose their own guarantee).

How would one get a new instance approved by Fediseer?

There is a chat room where instance admins share details of spam accounts, and it’s about the best we have for Lemmy at the moment (it works quite well, really, because everyone can be instantly notified but also make their own decisions about who to ban or if something is spam or allowed on their instance - because it’s pretty common that things are not black and white).

Yeah I think I’m more on the side of this, now. The chat is a decent, and workable solution. It’s definitely a lot more hands-on/manual, but I think it’s a solid middle ground solution, for the time being.