rest-server VS libreddit

Similar here. Termux with restic, so it does deduplication and encryption and such (also compression since a few months but haven't turned it on yet).

On local laptop: run https://github.com/restic/rest-server/ to accept the incoming data, then (if 1234 is the port that rest-server runs on):

    user@laptop:~$ ssh -R 1234:localhost:1234 root@phone

I use restic to a cloud storage provider and restic-server to another nas. I used hyperbackup for a long time but proved to not be flexible enough and I wanted to get away from a proprietary backup that could only be restored on another Synology.

Have a look at restic and restic-rest-server.

Min.io is just one of the supported storage backends. If you prefer, the restic rest server seems to be supported and might be easier to host. https://github.com/restic/rest-server

restic with rest-server

This one is quite unclear:

> We have added checksums for various backends so data uploaded to a backend can be checked there.

What do you mean checksums? All data is already stored in files with as filename the sha256sum of the contents, so clearly it's all already checksummed and can be verified right?

Looking into the changelog entry[1], this is about verifying the integrity upon uploading:

> The verification works by informing the backend about the expected hash of the uploaded file. The backend then verifies the upload and thereby rules out any data corruption during upload. \n\n [...] besides integrity checking for uploads [this] also means that restic can now be used to store backups in S3 buckets which have Object Lock enabled.

Object lock is mentioned in passing (and only in this more detailed info) but this is a big one. S3 docs:

> Object Lock can help prevent objects from being deleted or overwritten for a fixed amount of time or indefinitely.

i.e. ransomware protection. Good luck wiping backups if your backup host refuses to overwrite or delete the files. And you know the files are good because they match their hash.

Extortion is still a thing, but if people would use this, it more-or-less wipes out the attack vector of ransomware. The only risk is if the attacker is in your systems long enough to outlast your retention period. Did anyone say "test your backups"?

For self-hosting, restic has a custom back-end called rest-server[2] for that which supports a so-called "append-only mode" (no overwriting or deleting). I worked on the docs for this[3] together with rawtaz and MichaelEischer to make this more secure, because eventually, of course, your disks are full or you want to stop paying for legacy data on S3, and an attacker could have added dummy backups to fool your automatic removal script into thinking it needs to leave only the dummy backups. Using the right retention options, this attack cannot happen.

Others are doing some pretty cool stuff in the backup sphere as well, e.g. bupstash[4] has public key encryption so you don't need to have the decryption keys as a backup client.

[1] https://github.com/restic/restic/releases/v0.13.0

[2] https://github.com/restic/rest-server/

[3] https://restic.readthedocs.io/en/latest/060_forget.html#secu...

[4] https://github.com/andrewchambers/bupstash/

The append-only mode can be implemented using https://github.com/restic/rest-server or services like rsync.net that offer read-only zfs snapshots. Doesn’t solve the asymmetric crypto of course.

But how is that better than running the REST server which is also an HTTP-based API? Or is it? I suspect the answer is going to be system dependent but I am curious.

Don't use Youtube without going through a proxy like Invidious [1] or Newpipe

Don't use {site} Search without going through a proxy like SearxNG [2]

Don't use TwiXXer without going through a proxy like Nitter - this has gotten more difficult lately but it still works as long as you feed the daemon some registered accounts. Video does not work at the moment but that seems to be fixable.

Don't use Reddit without going through a proxy like libreddit [4]

Start noticing the pattern? Maybe it is time to start producing promotional posters:

The only thing to come between you and ADS could be a proxy / ADS. I'ts just not worth the risk

ADS / New rules for a sane net / Sane net protects you, your partner and your community

A proxy here and a filter there, ADS nowhere

The more you tighten your grip, ${site}, the more viewers will slip through your fingers

[1] https://github.com/iv-org/invidious

[2] https://github.com/searxng/searxng

[3] https://github.com/zedeus/nitter

[4] https://github.com/libreddit/libreddit

This is a particular teddit instance shutting down, not teddit the software project.

Stuff is moving a lot currently and there is a bumpy road ahead, but there are several courses of action already being mapped out (scraping html, r-e the private gql api, a setting for operators to put some auth token, ..).

https://github.com/libreddit/libreddit/issues/836

https://codeberg.org/teddit/teddit/issues/400

Sadly the quick refresh is no longer working for me, and going through all of the instances on Libredirect, they all seem to be constantly down now.

It appears that they are trying to deal with this issue here:

https://github.com/libreddit/libreddit/issues/836

Yes, the official Reddit app uses a different endpoint for authentication. There has been great progress in reverse-engineering the private API: https://github.com/libreddit/libreddit/issues/818

There's a fork of Libreddit that uses the API key leaked from the official Reddit app: https://github.com/libreddit/libreddit/pull/819