Skip to main content

Gadget Wisdom

Category: Security & Networking

0 Responses

The Great Migration: When Moving Day Comes Around for Your Server

In New York City, from colonial times to the mid-20th century, May 1st was “Moving Day”, when the majority of leases in the city would expire and much of the city would pick up and move.

Every few years, it is time to update my servers. While servers require regular bug fixes, every few years, it is time to clean out the cruft. Just as people move because of changes in conditions and for new opportunities, the neighborhood that is the internet has become a noisier dirtier place.

Why Your Server Needs a New Neighborhood

The world changes so much in between major upgrades. Now we have AI bots scraping the internet, hammering websites and using up resources, requiring new solutions. We didn’t need a heavy deadbolt to keep the bots out, a simple lock would do. Moving isn’t just about a new view; it’s about surviving the new climate of the web.

I could just fix things that are worn, sometimes you just need complete replacement. Even with the same specs, this ensures a clean start, and a better server.

When it comes to home servers, moves usually happen when I am upgrading the hardware. But when it comes to my VPSes, which are hosted online, I tend to build a new server, migrate to it, and then shut down the old one. It also allows me to reexamine and refresh myself on things that may have developed in the interim. Review new software options, new features, configuration settings.

So, how do you go about this.

Packing Your Digital Boxes: The Audit Before the Move

  • Inventory the services you have.  Docker containers, databases, servers. It is not just the services, but what they are used for.
  • Toss out the junk you don’t need anymore…old software that isn’t active, cron jobs that don’t need to run.

Security and Monitoring: The Modern Dilemma of Convenience vs. Control

In the modern world, security gets harder and harder for the average person. There is a reason why people are turning to companies like Cloudflare to handle it for them. Cloudflare does offer a generous free plan, but it adds a dependency not under your control, and a free plan can so easily turn into a paid trap. Even though my firewall has held for many years, it lacks more modern tools to help me manage it, as I still do everything in a text window. For the same reason that people use Cloudflare, I don’t always have the time to get down into the code, and need the ability to do quick monitoring on the go.

When a Total Rebuild is the Only Cure

This is a great time to review new operating systems, new servers, and if sticking with the same, new configurations. If you never rebuild anything, you also forget how your system works.

In the end, you will have a brand new server, ready to face new challenges and you’ll be set for a few years. And as I work on this, I will be commenting on some of those tools.

 

Published on May 6, 2026
Full Post
Portable travel router next to a laptop and phone in a hotel room, illustrating the best travel router for hotel Wi-Fi in 2026
0 Responses

Best Travel Router for Hotel Wi-Fi in 2026

There are many reasons to use a travel router when on the go. For example, protecting yourself from malicious actors on hotel wifi. As I write this, I am in an extended stay at a foreign hotel. The hotel TV has built in YouTube and streaming, and on three occasions so far, the TV has been taken over by people in other rooms apparently by accident.

At minimum, a travel router isolates your devices from the other people on the hotel wifi. But it can do so much more. It can allow you to add a streaming device to the TV, as many cannot navigate the captive portal. Many can support a connected USB drive to act as a simple media server to stream to the device you connect to your TV.

Finally, your device can act as a VPN gateway for your devices, something I am doing with my travel router as we speak. Every web request is running through my VPN server in my apartment. My current preference has been the GL.iNet line of travel routers. They run a variant of an open firmware and have general been reliable. I have had several.

Quick Picks: Best Travel Routers in 2026

The best travel router depends on what problem you are trying to solve. Hotel Wi-Fi, captive portals, VPN sharing, streaming devices, and working from a temporary setup all put slightly different demands on the router.

Use Case Recommended Router Why
Best mature travel router for most people GL.iNet Beryl AX / MT-1300 A reliable, mature Wi-Fi 6 travel router that should be enough for most hotel Wi-Fi, VPN, and portable-networking needs.
Best current personal pick / proven travel setup GL.iNet Slate Plus / A1300 The travel router I have been using on the road; still useful if you do not need the newest or fastest option.
Best faster Slate option GL.iNet Slate AX A newer Slate-series option with more performance, though it may be more router than many hotel Wi-Fi setups need.
Best premium Slate option GL.iNet Slate 7 Adds a control screen and newer hardware, but the premium may not be worth it unless you specifically want those features.

 

My current one for this trip is the A1300, aka the Slate Plus, released in 2022.  But I have been finding it was time to try to improve throughput of my VPN. So, I looked at what was available.

A year younger is the slightly faster Beryl AX, the MT-1300. The Slate Plus has two WAN and one LAN port, the Beryl AX has one LAN port.

There are two newer versions in the Slate line, the Slate AX and the Slate 7. The company is also prepping a new addition to the Beryl line. The Slate 7 offers a LCD control screen, which is a useful feature, but not necessarily worth the premium. The Slate series also has a reputation for running a bit hotter.

So, even though the Beryl AX is two years old now, and newer devices exist, it is a more mature reliable choice. Even spending an extended time traveling, do you need faster wifi, or 2.5gb networking? Neither of which most hotels have. What you need is speed and reliability, and the ability to add additional security measures.

Published on November 27, 2025
Full Post
Illustration of a person monitoring POE security cameras using Frigate NVR software on a computer, with outdoor cameras mounted on a house and detection alerts shown on screen.
0 Responses

POE Cameras and Frigate NVR: Why I Switched to Local Home Surveillance

During my recent renovation, I added two additional cameras to my new space, at the two points of ingress. This was something of a departure as these were also the first Power Over Ethernet(POE) cameras I’ve had installed, as I had someone on-site available who could run the cables cleanly.

I’ve tried a variety of ecosystems for cameras, both for myself and others. Many of them push you toward subscription-based cloud services, which features like video history, motion detection, and notifications only work fully if you pay monthly. Some of them barely provide any features without paying, despite the fact you bought the device.  Even when offering local options, this is often storage with a microSD card in the camera, which is clunky, slow, and unreliable.

That is why I decided to go with a network video recorder. A server that takes the feeds from all the cameras and stores the recordings. You can buy commercial NVRs you can purchase and install in your house, including some that integrate with the specific hardware cameras you bought, but I wanted a solution that aligned with my philosophy of self-hosted, privacy first smart home tech.

So I chose Frigate.

Quick Answer: Why Use POE Cameras With Frigate?

POE cameras and Frigate make sense if you want a local home-surveillance system that does not depend on a cloud subscription. Power Over Ethernet cameras are more reliable than Wi-Fi cameras, and Frigate can record video, detect people, cars, animals, and other objects, and let you tune alerts around the parts of your property you actually care about.

Choice Why It Matters
POE cameras More reliable than Wi-Fi cameras and powered through the network cable
Frigate NVR Local recording and object detection without relying on a cloud camera plan
Detection zones Reduce false alerts from sidewalks, streets, neighbors, or passing cars
Self-hosted storage Keeps recordings under your control instead of inside a camera company’s subscription
Frigate+ Optional model improvements without turning the whole system into a traditional cloud lock-in product

Why Frigate?

Frigate is an open-source NVR designed for real-time object detection all running on local hardware. It is deeply customizable and can be tuned to only record what matters to you – people, cars, or animals, depending on what zones and filters you decide.

For example, one of my outdoor cameras flagged every pedestrian across the street, which is well outside of the zone I am concerned about. I can narrow the zone to only my property, to dramatically reduce noise in footage and alerts.

Frigate recently added:

  • facial recognition
  • license plate recognition.
  • View-only user roles for shared access

Everything is processed locally, with no cloud dependency.

Frigate+: Smarter Detection, Optional Subscription

To improve detection, you can also subscribe to Frigate+, a $50/year subscription which offers better trained models for detection. These are trained by other users of Frigate. You can participate by submitting false positives and other information voluntarily. If you cancel, you get to keep the downloaded models, you just stop getting updates.

This helps support the developers and doesn’t lock you into a traditional subscription model.

Frigate Notifications

One gap in the core Frigate setup is the lack of built-in robust multi-platform notifications. That’s where another piece of software, Frigate-Notify, comes in. It offers all of the notification options I might want.

  • Rich notifications
  • Cross-platform delivery including mobile, desktop, and messaging apps
  • Fully customizable

Next Steps For My Frigate NVR

Inspired by how well the new system is performing, I plan to replace more of my older Wi-Fi cameras with wired POE models for improved reliability. Wired cameras streaming directly to my NVR reduces lag, improves reliability, and gives me full control over recording, storage, and alerts—without the cloud.

If you’re tired of cloud lock-in and unreliable Wi-Fi cams, and you want a privacy-respecting, smarter surveillance system, Frigate + POE may be the combo you’ve been looking for.

 

Published on September 8, 2025
Full Post
Home NAS server with drive bays and network cables, illustrating TrueNAS vs Unraid vs OpenMediaVault NAS software
1 Response

TrueNAS vs Unraid vs OpenMediaVault: Choosing NAS Software

I have gone through a lot of evolution of computer technology over the years, not only the technology, but my thinking. I remember my first server, which doubled as a NAS. It was a yellow full tower server system and had wheels . Why yellow? It was really inexpensive. But it was also really overbuilt for what I needed. I never filled all the bays and I never used it to its full capacity. And technology changed. I started building smaller, rather than overbuilding. I’ve gone from desktop, to laptop, to small PC, to mini PC, which is an evolution conversation in itself.

When my home built NAS died in the middle of the night some years ago, I ran to the store and bought a commercial NAS, because I was at the point in my life where I didn’t want to deal with another home build. So I went with a NAS and then a dedicated home server next to the NAS. And that was partly because the commercial NAS software was limiting and the manufacturer has stopped updating my model, but also because the hardware in NASes is always behind what you can get if you build it yourself. So, by investing in a NAS case, a motherboard, and using open-source, I can in future swap out the motherboard, upgrade the RAM, etc and continue…provided I keep to the same software platform.The lifespan is much longer.

I could run all my applications on the NAS, especially with the new hardware, but I want something that acts like an appliance…something that only is storage and storage related functions. I don’t want to clutter it with other things, even though it means another system to run server functions. Last time, I installed Linux and configured it. But there is software to make a computer a dedicated appliance, so it eliminated all the work I had to do to get everything working.

Quick Answer: Which NAS Software Should You Choose?

For a homebuilt NAS, the best software depends on what you want the box to do. I chose TrueNAS because I wanted a storage-first appliance with ZFS and a strong focus on data integrity. Unraid is often better if you want flexibility with mixed drive sizes and an easier app/server experience. OpenMediaVault is a good free option if you want something lighter and more traditional without paying for Unraid.

NAS Software Best For Main Tradeoff
TrueNAS Storage-first NAS, ZFS, data integrity, snapshots Less flexible with mismatched drives and can feel more appliance-like
Unraid Mixed drive sizes, easy expansion, apps, home-server flexibility Commercial license and a different storage model than traditional RAID/ZFS
OpenMediaVault Free, lightweight NAS setup on standard Linux May require more tinkering depending on plugins and use case

There are three popular options for NAS software…TrueNAS, Unraid, and OpenMediaVault.

TrueNAS has a commercial and a community version. It comes in the classic Core version, based on FreeBSD and the newer Linux based Scale. I get the impression impression Scale is the future for the project. Scale allows for containers and virtual machines if you want to run your applications on top of it. For the drives, it offers ZFS and the ability to deploy object storage similar to Amazon’s S3. ZFS is an incredibly robust filesystem.

Unraid, by comparison, is also commercially supported, with a license cost of $49 to $249, which includes the software. The most expensive membership at $249 is lifetime, which means updates for life, and the others offer updates for a year with a fee to upgrade after that. Even with no updates, some security patches are still offered for the older versions. The advantage of Unraid is it can manage drives that vary in size, speed, brand, and filesystem…so no RAID technology. Instead, it uses a dedicated parity drive, and offers a cache drive for speed.

Openmediavault is somewhere closer to Unraid in its simplicity, but has no commercial cost. It seems to be in the middle of the option here and can veer toward the Unraid feature set or the TrueNAS ones.

I ended up with TrueNAS, because I wanted the features it offered for data storage.

That choice also fits how I separate my setup: the NAS should mostly be storage, while other services can live on separate server hardware. For the networking side of that build, see my guide to 2.5G vs 10G Ethernet for a home network.

I’ll be talking more about that, but setting it up took more time to restore my data than it did to set it up. It is now handling 100% of the file serving the previous server did. I still have backup and other redundancy functions to configure, but I’m 100% back online.

Published on May 31, 2024
Full Post
0 Responses

Monitoring with Uptime Kuma

Earlier today, the server that hosts Gadget Wisdom was down for ten minutes. This happens every so often, and the server is due for replacement one of these days as the oldest one I have. But one of the problems I have is that local monitoring is…well, local. You shouldn’t run your monitoring solely on the server you are monitoring. You need something external as well.

So, enter Uptime Kuma. Uptime Kuma came onto the scene two years ago, as a self-hosted version of something like UptimeRobot(which does offer a free tier). There are other self-hosted products as well, but I was able to get this running in a short period of time and it provides exactly what I want, and it looks like it has an active development team.

So, what features does Uptime Kuma offer?

  • Dozens of notification methods to configure….email, messaging, SMS, etc.
  • HTTP, ping, as well as server specific monitoring.
  • Useful Stats and Graphs
  • Optional Public Status Pages

So, now, I’m waiting for my next downtime, to see how exactly this works in production, but just having the ability to remotely monitor and get notifications is another tool in my monitoring arsenal.

Published on December 26, 2023
Full Post
0 Responses

Multiple Vulnerabilities found in Wink and Insteon Systems

Rapid 7 reported that they detected major vulnerabilities in the Wink and Insteon Smart Hub systems.

This is of particular concern to me as a Wink hub user. The Wink Android app was storing sensitive information insecurely, which has now been patched.

The other vulnerability is apparently being fixed. The Wink API does not revoke authentication tokens when you log out, and new tokens do not invalidate the use of old tokens.

I’ve long been concerned about the long term health of Wink. It’s been with two different owners and it is hard to understand where it might go. And hubs in general might go away in favor of wifi or bluetooth as a standard over things like zigbee and z-wave.

But the fact they fixed these issues at least suggests that they plan to move forward.

Published on September 28, 2017
Full Post
0 Responses

Mozilla-supported Let’s Encrypt goes out of Beta

Mozilla-supported Let’s Encrypt goes out of Beta (The Mozilla Blog)

In 2014, Mozilla teamed up with Akamai, Cisco, the Electronic Frontier Foundation, Identrust, and the University of Michigan to found Let’s Encrypt  in order to …

Published on April 17, 2016
Full Post
1 Response

Let’s Build a Server: Part 2 – Monitoring

Monit

Last time, in Part 1, we discussed setting up a firewall and an email relay so notifications from the firewall could get to us.

Now, in Part 2, we’re going to talk about more signal. Server monitoring and alerting. Our primary software for monitoring is Monit.

Monit has a single configuration file, but many distributions, including mine, set up a /etc/monit.d folder so you can divide your monit configuration into different files.

Once it is running, you can monitor its status by running
monit status
It will show the status of whatever is monitoring. There is also an optional web component, if you want to check status in a web browser.

What can you monitor?

Monit can monitor any program and restart it if it crashes.
check process nginx with pidfile /var/run/nginx.pid
start program = "/bin/systemctl start nginx.service"
stop program = "/bin/systemctl stop nginx.service"
if failed host 127.0.0.1 port 80
protocol http then restart
if 5 restarts within 5 cycles then timeout

As you can see, the simple scripting language allows you to not only restart, execute programs, but alert the user.

Not only can it make sure something is running, but it can monitor its resource usage, as well as system resource usage. It can monitor processes, network connections, programs and scripts, files, directories, etc.

An Alternative to Email Alerts

The default for an alert is to send an alert email, but for bigger emergencies, a phone push notification is also useful.

Monit provides a simple instruction on how to set it up for Pushover. There is also the alternative of PushBullet.

Pushover costs $5 per platform(Android, iOS, Desktop) to use on as many devices as you want. There is a per application limit of 7,500 messages per month. Pushbullet is, by comparison, free. The basic difference as I see it is that Pushbullet is more geared toward the consumer, and Pushover is more geared toward developers in how it was initially set up. They do have similar feature sets though.

Here is Monit’s suggested Pushover script, which can be run instead of an email alert.

/usr/bin/curl -s
-F "token=your_mmonit_or_monit_app_token"
-F "user=your_pushover_net_user_token"
-F "message=[$MONIT_HOST] $MONIT_SERVICE - $MONIT_DESCRIPTION"
https://api.pushover.net/1/messages.json

Here is an alternative version for Pushbullet

curl -u <your_access_token_here>: -X POST https://api.pushbullet.com/v2/pushes --header 'Content-Type: application/json' --data-binary '{"type": "note", "title": "$MONIT_HOST", "body": "$MONIT_SERVICE - $MONIT_DESCRIPTION"}'

Conclusion

In all cases, monit allows you to monitor your system and take action based on a change in performance. The complexity of your rules is entirely up to you. But, if you give thought to their setup, you can not only be told when there is a server emergency, but the system can take action to fix it.

Published on December 7, 2014
Full Post
1 Response

Let’s Build a Server: Part 1 – The Firewall

Tux, the Linux penguin

Necessity is the mother of invention. It is once again time to upgrade the Gadget Wisdom servers. And, as I have committed to writing more here, I will be writing some articles on server construction.

Now, this will all be done using a Virtual Private Server, so the hardware is outside of the scope of this series.

The first piece of software I usually install on network accessible servers is the ConfigServer Security & Firewall(CSF). This is a firewall with login/intrusion detection, and security. Most distributions of Linux come with some sort of firewall, but this set of scripts works with iptables to be much more secure.

CSF provides scripting for a firewall, and handles login failure handling for a variety of stock services, as well as unsupported services using regular expressions.

There are a lot of options in the CSF configuration file…read through the description of each…decide which ports you want open, and deploy. CSF will automatically update itself when there is a new version.

In order to ensure notifications from the firewall and other administrative notifications are read, you will likely wish to arrange for the ability to send mail. However, you may not need or wish the trouble of setting up a mail server. The simpler solution is to set up an SMTP relay.

The example below configures Postfix, available with many Linux distributions, for use with a gmail account. Add the following lines to the bottom of your /etc/postfix/main.cf

smtp_use_tls=yes
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
smtp_sasl_security_options = noanonymous
smtp_sasl_tls_security_options = noanonymous

Create a file with your gmail credentials.

smtp.gmail.com user@gmail.com:PASSWORD

Then secure the file.

chmod 640 /etc/postfix/sasl_passwd*
postmap /etc/postfix/sasl_passwd

Now, any external email will route through your gmail account. We have now protected our server from a variety of attacks, and ensured, if there is a problem, we’ll be notified of it.

There are alternatives to Gmail. For example, Mandrill offers 12,000 emails per month for free, and 20 cents per thousand after that, and Sendgrid offers 200 emails, and 10 cents per thousand.

You can use Mandrill or Sendgrid instead of Gmail by using the below credentials.

[smtp.mandrillapp.com]:587 USERNAME:API_KEY
[smtp.sendgrid.net]:587 USERNAME:PASSWORD

 

 

Published on November 28, 2014
Full Post
0 Responses

Let’s Encrypt – A New Certificate Authority

Diagram of a public key infrastructure

 

Security Expert Bruce Schneier recently pointed to a joint project to create a new certificate authority that lets everyone get basic certificates for their domain through a simple process.

 

The idea would include not only free, but automatic, secure, transparent, open, and cooperative.

The service, called Let’s Encrypt, is set to launch in the summer of 2015.

The reason for the delay is that the service wants to leverage new standards. The most notable is ACME(Automated Certificate Management Environment). The idea is that the Certificate Authority communicates with the web server and the two work together to prove ownership and download the certificate, as well as handle configuration and renewal.

Now, considering how much of a chore certificates are right now, the standard, even outside of Lets Encrypt, would save a lot of anguish. Once the server has proven that it is the server of record for that domain, it can handle everything.

There’s more to it then that, and certainly, there are still risks, but we’ll see what these people come up with by the time the ACME standard is finalized.

 

Published on November 23, 2014
Full Post

Get New Posts By Email