Yeah, Samsung TVs don’t have a native Jellyfin app either. You can sideload it, but good luck walking your “you touched my computer six months ago and now it’s broken. This is your fault” grandmother through that over the phone.

honestly every explanation probably just ends at ‘this is what i learned on and it works’.

Yeah, lots of these answers basically boil down to “when all you have is a hammer, everything looks like a nail.”

That still won’t work. Either the forwarded port is getting blocked by Mullvad (which is bad) or you’re bypassing Mullvad to use the forwarded port (which is really bad). You’ve essentially roped yourself into a double-NAT situation, where your router has a forwarded port but the router behind yours (the VPN server, which you have no control over) doesn’t.

The issue is that they assume “I don’t have social media” is a lie. They assume it’s really just code for “I refuse to tell you what my username is.”

Not anything that I have found, but at least LL is pretty solid. It may actually help development if LL gets some more focus from the community; It sort of got overshadowed by Readarr, simply because people wanted to stay within the *arr ecosystem.

Many jobs will already disqualify applicants if they don’t have any social media, or refuse to provide account names. The rise of cancel culture means many businesses are extremely risk-averse, and don’t want any employees who are prone to posting inflammatory things.

A honeypot is something that is intentionally left available, to alert you when it gets hit. In practice, they’re just a tool to tell security specialists when they need to start worrying; They wouldn’t be used by the average user at all.

The goal is to build your security like layers, and ideally have all of your services behind the secure walls. Between these layers, you have honeypots. If someone gets through your first layer of security but hits the honeypot, you know someone is sniffing around, or maybe has an exploit for your outer layer that you need to research. If they get through the second layer and hit your second honeypot, you know that someone is specifically targeting you (instead of simply running automated scans) and you need to pay closer attention. Etc…

Reinforcing the attack layer comes in two main forms, which work in tandem: Strengthening the actual layer, and reducing attack vectors. The first is focused on using strong passwords, keeping systems up to date, running something like Fail2Ban for services that are exposed, etc… The goal is for each layer of security to be robust, to reduce the chances of a bot attack actually working. Bots will simply sniff around and automatically throw shit at the wall to see if anything sticks.

The second part is focused on identifying and mitigating attack vectors. Essentially reducing the amount of holes in the wall. It doesn’t matter how strong the wall is if it’s full of holes for your server’s various services. The goal is typically to have each layer be as solid as possible, and grant access to the layers below it. So for instance, running a VPN. The VPN gets you access to the network, without exposing services externally. In order to access your services, they need to get through the VPN first, making the VPN the primary attack vector. So you can focus on ensuring that the VPN is secure, instead of trying to spread your focus amongst a dozen different services. If it’s exposed to the open internet, it is a new potential attack vector; The strength of the wall doesn’t actually matter, if one of those services has an exploit that someone can use to get inside your network.

Home users really only need to worry about things like compromised services, but corporate security specialists also focus on things like someone talking their way past the receptionist and into the server room, USB sticks getting “lost” around the building and plugged into random machines by curious employees, etc… All of these are attack vectors, even if they’re not digital. If you have three or four layers of security in a corporate setting and your third or fourth honeypot gets hit, you potentially have some corporate spy wrist-deep in your server room.

For an easy example, imagine having a default password on a service, and then exposing it to the internet via port forwarding. It doesn’t matter how strong your firewall is anymore. The bot will simply sniff the service’s port, try the default credentials, and now it has control of that service.

The better way to do it would be to reduce your attack vectors at each layer; Require the VPN to access the network via a secure connection, then have a strong password on the service so it can’t easily be compromised.

Yup, the sad reality is that you don’t need to worry about the attacks you expect; You need to worry about the ones you don’t know anything about. Honeypots exist specifically to alert you that something has been breached.

Just nobody wants to scan all 65k ports.

Shodan has entered the chat.

People misunderstand the “no security through obscurity” phrase. If you build security as a chain, where the chain is only as good as the weakest link, then it’s bad. But if you build security in layers, like a castle, then it can only help. It’s OK for a layer to be weak when there are other layers behind it.

And this is what should be sung from the hills and mountaintops. There’s some old infosec advice that you should have two or three honeypots, buried successively deeper behind your security, and only start to worry when the second or third gets hit; The first one getting hit simply means they’re sniffing around with automated port scanners and bots. They’re just throwing common vulnerabilities at the wall to see if any of them stick. The first one is usually enough for them to go “ah shit I guess I hit a honeypot. They must be looking for me now. Never mind.” The second is when you know they’re actually targeting you specifically. And the third is when you need to start considering pulling plugs.

Yeah, lots of people don’t realize that the public education system was designed to prepare kids for factories. It goes all the way back to the Industrial Revolution, when parents were working 16 hour days in the factories. They needed some way to keep their kids occupied while dad was stamping steel and mom was weaving fabric. The factory workers lived in corporate-owned towns, and all of their needs were (hopefully) covered by the factory owners. And along this line of thinking, the factory owners started public schools, both to keep the kids occupied during the day, and to prep them to work in the factories once they were old enough to know how.

Basically everything about modern education is run like a factory. Everything is standardized to the median 85% of the population; students who deviate too far from that are punished or segregated via special education. You work (study) when the bell tells you, eat when the bell tells you, shit when the bell tells you. You’re expected to sit quietly and do your work, no socializing except when the bell tells you. Et cetera… The entire idea was to give students a baseline level of education that they would need to work in the factory, and prep children to work in factories under the same grueling conditions.

There’s also the fact that instances can simply choose to ignore delete requests. Because that’s all it is; A request. Let’s say I post on .world and it gets federated to other instances. If I then delete that .world post, there’s nothing requiring those other instances to actually delete anything. .world simply sends a delete request, but the individual instances can choose to ignore it if they want.

That’s a large part of why the “I delete my content after a day or two so LLMs can’t use my data” crowd is so stupid. If someone was looking to train an LLM on Lemmy data, they’d simply set up an instance to aggregate posts, and refuse to delete anything.

Except that bots already have a higher pass rate than humans, so the captcha isn’t even good at preventing bots.

I have like a dozen Gmail accounts, and I know plenty of others who do too. Before I owned my own domain, I used the different accounts for different things.

Yeah, all of the “vibes are off” jokes aside, TikTok is drastically different after the ban was lifted. I have gotten straight up racist and fascist propaganda on my fyp, and there are a lot of sympathetic comments on those videos. But I never got those videos before, because my algorithm was automatically filtering them out. It’s almost as if the app has been programmed to bypass the algorithm and occasionally show alt-right talking points to everyone, just in the hopes of casting as wide a net as possible.

Also worth noting that breaker ratings are for instantaneous usage. A 15A 120v breaker can only actually support 12A of continuous usage. But it says 15, because most things use a little extra power when they first turn on. AC system spinning up the fans and compressor, for instance. Spinning things up takes more power than keeping it moving. If you put a 15A device on a 15A breaker, it would likely trip as soon as that device turned on. In that instance, you’d likely use a 20A breaker to support the 15A device instead. But that 20A breaker would also call for upgraded wiring and outlets which could support 20A.

Jellyfin doesn’t have an app on every App Store. On some, you have to sideload it, by enabling developer mode and connecting to a PC that is running an App Store server. Then the TV downloads it from the PC.

Lots of those issues have been blown out of proportion, and would never be a real concern for the “just a dude running a server in his closet for his friends” setups. Which, to be clear, is the vast majority of setups.

For instance, virtually all of the worst issues require that the attacker already has a valid login token. So unless they stole your buddy’s credentials, the only one to truly worry about would be your buddy directly. But yes, Jellyfin has some gaping holes, and letting it touch the WAN at all is always a risk. You’re giving attackers a new potential vector of attack that didn’t exist before, so that’s worth noting.

I disagree; Self-hosting is for a variety of things, and plenty of people (in fact, I’d say probably the majority of Plex users) just want to be able to pirate Netflix without a ton of setup.

Is learning some networking inevitable? Yeah, probably. But I also think this xkcd is apt. The reality is that what may be simple for you and me actually requires a lot of studying for a complete novice. Plenty of people will need to google what a port is, let alone how to forward one. And that’s assuming they even know the word “port” to google. Plenty of people won’t even know where to start.

And true novices are hopefully going to be extremely wary of any info they find online. It’s easy to fuck something up without even realizing it, and leave your entire system exposed; especially when the braindead “lol just forward your Jellyfin port and use your public IP” advice is posted somewhere in every single advice thread.

To set it up “correctly”, yes. It’ll require owning your own domain, being able to configure it properly (with either a static IP, or DDNS to point to your server at home), knowing how to automate https certificate refreshes, and a few other things. Plex just requires forwarding a port in your router.