Skip Navigation

InitialsDiceBearhttps://github.com/dicebear/dicebearhttps://creativecommons.org/publicdomain/zero/1.0/„Initials” (https://github.com/dicebear/dicebear) by „DiceBear”, licensed under „CC0 1.0” (https://creativecommons.org/publicdomain/zero/1.0/)K

kitnaht

@ kitnaht @lemmy.world

Posts
1
Comments
810
Joined
2 yr. ago

  • First layer gore! ❤️

    Jump

  • An Ender 3 v2 with the plate on backwards.

    Just be aware that the plastic shroud tends to disintegrate over time. The MrIscoc firmware for that machine is a huge step up from what comes with it; if that's your kinda thing. If modding machines isn't though, don't ever touch the firmware.

  • Big Oil Is Following Big Gun’s Playbook | To protect themselves from liability, fossil fuel companies are taking inspiration from laws shielding gunmakers from lawsuits.

    Jump

  • This is a gun control article disguised as a big-oil article.

    The lack of liability in terms of gun control makes sense. Guns are designed to kill people. Literally what they are designed for. It doesn't make sense to hold gun manufacturers liable for someone using their guns to kill someone innocent, as that was not its intended purpose. When used correctly, they're safe and effective at power equalization.

    I read the article hoping they'd ... give SOMETHING about how this is supposed to apply to oil companies, but...there's nothing.

    How in hell COULD you apply this to big oil? It doesn't many any sense at all. The article doesn't explain it either. The WHOLE article is just about guns.

  • Infinite Monkey Theorem

    Jump

  • We are IN the timeline where a monkey wrote Shakespeare. That monkey was Shakespeare.

  • Hard day at work

    Jump

  • Spray Chalk; it's a thing.

  • The thing about Europe: it’s the actual land of the free now

    Jump

  • I'm committing to Linux, but it's so unstable. Any suggestions?

    Jump

  • Something is awfully weird here, because Linux literally runs the worlds infrastructure for the internet. It is not unstable by any stretch of the imagination. Something you're doing between all distros has got to be the culprit - something you do differently than other people.

  • How do I securely host Jellyfin? (Part 2)

    Jump

  • And again - if you put those behind a fail2ban; and you 404 5x in an hour, which is likely - you've solved that issue. Had my jellyfin instance publicly available for 2 years on its own VM with passthrough GPU, and haven't had any issues. People poke around quite often, and get blackholed via the firewall for 30d.

    It wouldn't stop a dedicated attacker, but I doubt anyone's threat model here is that intense. Most compromised servers happen from automated attacks probing for vulnerabilities in order to get RCE; not probing for what movies you have -- Because having movies on a media server doesn't prove that you didn't rip them all off of blu-ray...it just means you have movies.

    You're not going to have 100% privacy when you put up ANY service on your network. Everything leaves a trace somehow; but I'm starting to think half of you are Chinese spies or something with the amount of paranoia people here show sometimes. :P

  • Is Trump Pulling Off the Biggest Financial Fraud in History? A Dire Warning

    Jump

  • This is that shit where your enemy has to be both the biggest moron in the world, and also some divine master mind of 4D chess.

    No. He's not that fucking smart. Markets were TANKING and his handlers said "you had better fucking do something". He chickened the fuck out at the last minute.

  • How do I securely host Jellyfin? (Part 2)

    Jump

  • Hmm, that's a good point. I just checked my Jellyfin, and I don't put any of the cert data into its config, I'm using caddy as my reverse proxy to serve it and I didn't even think about this. No reason it has to be a self-signed cert, it could technically be local only and still be a Let's Encrypt cert.

  • How do I securely host Jellyfin? (Part 2)

    Jump

  • If they need SSL certs, they've got to. Jellyfin doesn't accept self-signed certs, which means DNS entries in a domain, and access from the internet.

    Really, honestly - what they need to do is just install Jellyfin on the Raspberry Pi and ditch the encryption requirement altogether. There's no reason to have it on a LAN-only environment. They aren't going to need it, nobody is going to MITM their lan environment, and VPNs will regularly allow LAN passthrough.

    If ProntonVPNs own client doesn't allow LAN connections, they either need to swap to the Wireguard vanilla client (if that's allowed on free tier), or upgrade their VPN service.

    OR switch VPNs altogether.

    There isn't a way to do this without breaking one of their requirements

    Only options here are to publicly host with real SSL certs, on a domain and tunnel out -- Or swap VPN providers/software so that you can achieve LAN access and forego HTTPS altogether.

    Edit: And sorry -- the previous post is gone regarding their only needing access within the home, there's no way I could have known that.

    There's a bit of paranoia going on here to begin with - There's no reason they need this level of "security" within their home network on the LAN side anyhow. They could possibly buy a managed switch and make the jellyfin server only visible to a specific vlan that didn't include the router, but that doesn't quite match up with what it sounds like they're needing.

  • How do I securely host Jellyfin? (Part 2)

    Jump

  • Yeah, this whole thread feels like a "but I can't do that, work around it for me"

  • How do I securely host Jellyfin? (Part 2)

    Jump

  • Do. And make sure your logs are piped through fail2ban.

    All of these "vulnerabilities", require already having knowledge of the ItemIDs, and anyone without it poking around will get banned.

    The rest of them require a user be authenticated, but allows horizontal information gathering. These are not RCEs or anything serious. The ones which allowed cross-user information editing have been fixed.

  • How do I securely host Jellyfin? (Part 2)

    Jump

  • Tailscale is only for the server/host. You're not changing all of your VPN services over to this, you're using it in a 'reverse' fashion. You're VPN-ing the server out to the world so it's reachable and you have port forwarding options, etc.

    From there, it can be reached by any client on the internet as a service. From there though, I don't know how you'd get to it securely without a domain and SSL (Let's Encrypt/Caddy) certs.

    A domain is only like $16/year. So it's not prohibitively expensive.

  • JWZ weighs in on Signal again

    Jump

  • I (wrongly) assumed that if he was hilarious to have made that graphic, that he'd maybe be more reasonable, hopefully funny. I was disappoint.

    It did kick off me spending about 2 hours comparing Signal to SimpleX, and Briar, and a bunch of others, and I can only conclude Signal is the best out of them. The security community seems to be REALLY paranoid about every, single, tiny little thing - but I understand that they must be.

    SimpleX doesn't do any kind of IP address masking or have quantum resistant double ratchet encryption.

    Briar doesn't account for rogue-tor nodes, etc.

    There's just always some big glaring flaw in one of them.

  • JWZ weighs in on Signal again

    Jump

  • That's probably the only reason I clicked it. Honestly, kinda regret that I did because the author just seems like a dude yelling at the sky because he's wildly critical of the smallest things but doesn't offer up any solutions.

  • D E A L

    Jump

  • Holy crap this is both so seemingly counter-intuitive, and awesome at the same time.

  • D E A L

    Jump

  • I drink so much milk constantly throughout the days, almost never anything else, and haven't had this issue. I think you've gotta be predisposed to it as well.

  • ain't your buddy, pal!

    Jump

  • Breh.

  • Study Finds Biking to Work HALVES Risk of Early Death | Berm Peak

    Jump

  • Yeah, I probably should look at quitting and starting the business under my own LLC and running it local to me. I repair 3D printers for a living, and there's only like 5 places in the US that do so. So finding work closer to home isn't an option, but moving the work closer to home could suffice. I've certainly been mulling it over.

    But I also love driving, so there's that too :D