Old Profile: https://beehaw.org/u/Mikelius
Daily on my Gentoo server, through a Cronjob every morning. It’s a custom script though, so there’s more than just doing an emerge update. It’ll send me ntfy notifications for the update results, if there are new news items, and if there are any time config merge updates to make. A few other things as well but that’s the main stuff.
Other servers, typically weekly or only manually when I ssh into them (for the ones I don’t really feel the need to update frequently).
I’ve been using “passwords” on nextcloud for a few years now. Minimal issues with the app, moving apps, and browser extensions. Not perfect, but hey it’s self hosted and reliable.
My personal advice, secure it down to only permitting what needs it, regardless of your trust to the network.
Treat each device as if they’ve been compromised and the attacker on the compromised device is now trying to move laterally. Example scenario: had you blocked all devices except your laptop or phone to your server, your server wouldn’t have been hacked because someone went through a hacked cloud-connected HVAC panel.
I lock down everything and grant access only to devices that should have access. Then on top of that, I enable passwords and 2FA on everything as if it were public… Nothing I self host is public. It’s all behind my network firewall and router firewall, and can only be accessed externally by a VPN.
Interesting, I’ve never had this problem and have been using the auto upload for many years. I only use it for the photo taking, though. Any time I go through a phone cleanup and delete photos and videos, I’ll look at the folders I backup to on nc and actually go through them carefully to make sure everything was uploaded.
My install comes from f-droid so not sure if that’s something to do with it (unless yours is too).