The specifics of the current program are as follows: (1) a terrorist act must cause $5 million in insured losses to be certified for TRIA coverage, (2) the aggregate insured losses from certified acts of terrorism must be $200 million in a year for the government coverage to begin, and (3) an individual insurer must meet a deductible of 20% of its annual premiums for the government coverage to begin. Once these thresholds are met, the government covers 80% of insured losses due to terrorism
Sure, and let me know how it goes for you. I'm on a dell r720xd, about to upgrade my ram from 128 to 296 gb... don't want to spend the money for a new gpu right now.
My interpretation of your linked instruction (granted, I haven't tried plex) is that it's the same two scenarios.
Your plex client app login talks directly to your server login. The client app meeting the server is arranged by the plex relay server and nothing more. There is no 'logging in' to the plex relay server; it's function is to arrange a meeting of two tunnels and that's it, much like a tailscale derp server.
The relay server is serving the same function as caddy on a VPS, hell, they could even be using tailscale under the hood and it'd look exactly the same to a user.
Anyway, attack vectors even with a public facing jellyfin are mitigated because
a) jellyfin is running in a docker container = a successful attacker would only be able to trash my jellyfin container, which ultimately is not that big of a deal (unless there is a different docker exploit that enables access to the server itself, which is an entirely different issue and larger than a jellyfin/plex discussion)
b) fail2ban in conjunction with a reverse proxy bans malicious ip addresses that come back with too many errors too many times (errors that you, the admin, specify) So, for example, brute force login attacks are mitigated.
c) the reverse proxy itself allows access to only one specified internal ip address/port combination. Pending a caddy exploit (again, a different discussion) it is not possible to fish for acrive ip addresses or port scan my internal network.
I see. So if you read that instruction you'll see it's the exact same setup that I outlined. They use a vpn to connect your client to your server and just negotiate the meeting in the middle. It's the exact same risk scenario as running a reverse proxy on your own vps. Unless I'm missing something else?
My home connection is behind cgnat so I got a free VPS from oracle (provides a public ip address), install caddy on VPS, install tailscale on VPS and router, expose routes from LAN to tailscale network.
Now you can use caddy to expose, for example, a docker container (jellyfin) at 192.168.1.100 to subdomain.exampledomain.com with ssl cert provided by caddy.
VPS also requires some other stuff like ddclient and fail2ban.
I pieced this all together myself... it's doable if you spend some time reading.
I've used Wise (formerly TransferWise) for years. They have competitive exchange rates and acceptably low fees. They offer a debit card (electronic; you can see all the info/numbers in the app) that works for me for some online vendors in México (I'm US), but doesn't work for others. Your mileage may vary depending which country you're trying to use it in.
I also use my capital one venture credit card as a daily driver. They have no foreign transaction fees and exchange rates are pretty close to daily spot price (and it gets 2% back on purchases everywhere).
Another option could be Charles schwab checking account debit card (i forget the name of the actual product). It offers no foreign transaction fees on purchases and atm withdrawals and they reimburse atm fees worldwide.
I tried minicpm-v, granite3.2-vision, and mistral.
Granite didn't work with paperless-gpt at all. Mistral worked sometimes but also just kept running sometimes and didn't finish within a reasonable time (15 minutes for 2 pages). minicpm-v finishes every time, but i just looked at some of the results and seems as though it's not even worth keeping it running either. I suppose maybe the first one I tried that gave me a good impression was a fluke.
To be fair, I'm a noob at local ai, and I also don't have a good gpu (gtx1650). So these failures could all be self induced. I like the idea of ai powered ocr so I'll probably try again in the future...
I spun up ollama and paperless-gpt to add ai ocr sidecar to paperless-ngx. It's okay. It can read handwritten stuff okayish, which is better than tesseract (doesnt read hand writing at all), so I throw handwritten stuff to it, but the difference on typed text is marginal in my single day I spent testing 3 different models on a few different typed receipts.
If i remember correctly, jackett allows you to add trackers that prowlarr doesn't have natively. Then you add jackett to prowlarr to distribute to the rest of your containers.
If you're using docker it's easy to set up a second qbittorrent on a different port to meet different needs.