But then you are sending credentials in clear text over the network. That will get logged on the corporate access logs ensuring a quick permanent vacation once they notice how careless the employee is, not to mention the mixing personal and work resources.

Edit: forgot to mention, most work devices also decrypt SSL traffic by using man-in-the-middle approach (unless they are very incompetent). Even stuff like personal email and shopping should not be accessed on a work device if you don’t want your work to have your passwords.

For those interested, there are some vacuum models listed on this project: https://valetudo.cloud/

It can get technical (since they want people to learn), but the documentation is pretty detailed.

That brought back some printer PTSD

For people living with others it might not be a choice though. The lights not working for a day the way they normally do is all it takes for someone to lose all faith in automation. It’s easier when you plan for a specific time and day to update things, as long as you are not exposed to the internet, slightly out of date apps are not a big worry

I get that, but the services listed by the other comment run just fine in docker with less hassle by throwing in some bind mounts.

The 4 VMs dedicated dockge instances is exactly the kind of thing I had in mind for people that want to avoid something that sounds more like work than a hobby when starting out. Building the knowledge takes time and each product introduced reduces the likelihood of it being completed anytime soon.

I would give docker compose a try instead. I found Proxmox to be too much, when a simple yaml file (that can be checked into a repo) can do the job.

Pay attention to when people say things can be improved (secrets/passwords, rootless/podman, backups), etc. And come back to them later.

Just don’t expose things to the internet until you understand the risks and don’t check in secrets to a public git repo and go from there. It is a lot more manageable and feels like a hobby vs feeling like I’m still at work trying to get high availability, concurrency and all this other stuff that does not matter for a home setup.

After getting a NAS to replace my raspberry pi 4 as a home server, I literally just SCPd the bind mounts and docker compose folder, adjusted a few env variables (and found out of a few I needed to add for things like the uid/guid the NAS used as default for the media user I created) and it took maybe 30 minutes total to be back and running. Highly agree with you from experience.

They are also way too small in terms of storage given that they don’t support external cards (Apple is similar). Google/Apple definitely want buyers to also buy their subscription storage services or pay the high premium for the next storage level.

I’m on an XR right now and it feels older, but still very much usable. I wish companies offered options to only get security patches instead of having to buy new phones every few years, that’s the 1 thing I hope Google keeps around and doesn’t walk back in the future.

The impressive part is that they are also known for being reliable, there are the occasional issues, but overall very trustworthy products.

Great summary “a lot of common error checking has gone into it. It can be told what you want without specifics that would only potentially be applicable to 1 system type.”

While I read the title I was thinking “that sounds like Linux with extra steps” - maybe that’s good enough for some discussion.

They only provided replacements after the a class action lawsuit and specifically only replaced them in North America for the longest time. That was on July 2020. Five years later and the flaw is still there on brand new devices. There is nothing to applaud or give credit for.

Edit: to say that $80 is not expensive is to be completely detached from reality. 28% of Americans have savings of less than $1,000.

Not to mention those things are expensive AF. If I had to replace a part on my car that cost 25% of the cost of the entire car EACH time, I would just not buy from that company any longer (which is what I’m doing). Not sure why this person is writing paragraphs and paragraphs of excuses for Nintendo.

Also we don’t pay taxes but will fuck up the roads with the extra weight. Good luck driving over potholes suckers!

Out of curiosity as an owner of a QNAP NAS, how did it go out? Any signs it was in its last legs? Now that I’ve used one, the form factor is the only thing better than most options out there when I got it.

Nowadays all QNAP, Sinology and other NAS vendors supposedly offer a lot of extra value with their cloud options, but I find them a sure way to get hacked based on the average company’s investment in security (I work in IT, it is a sad affair sometimes) combined with all the ransomware specifically targeting them due to old packages they rely on = I’ll build my next system from the ground up, even if the initial cost is higher and the result is uglier.

deleted by creator

deleted by creator

Not to mention that some providers offer APIs to provide certificates without opening port(s) 80/443. This allows using nice host names on your personal domain with valid SSL over the internal network too. Want to migrate a server or service? Just change the IP associated with the domain on the internal DNS. Makes migrating and upgrading a lot easier.

You don’t have to take my word on this, but when you have so many vulnerabilities, the foundation and knowledge about security practices by the developers is missing some key ingredients.

I use Jellyfin. I like jellyfin. I would like people to use jellyfin, but do it responsibly.

Citing backwards compatibility is not an acceptable answer either. If individual endpoints and/or protocols (web sockets) are being addressed as separate issues, then there is no overall filter for the most basic thing as checking if the user is authenticated, you know a potential attacker will look for more.

Will they target jellyfin instead of your average government website with a low budget and similar issues? Unlikely, but possible if the level of effort is low and can potentially create a large botnet, maybe?

You handle these with overall filters (or whatever they are called on c#) and white lists if something truly needs not to have it instead of reacting when someone reports it.

The simple fact that some of the code was sending api keys as GET parameters (which get logged cross every access log in the middleware on its way to the target server) and it didn’t raise any flags seems sufficient enough to suggest DO NOT expose jellyfin directly to the internet.

By then you would have racked up thousands of dollars in legal fees. Not to mention if anyone posts anything negative about the current administration you could be used as an example.

We already have students on visas being kidnapped off the streets, let’s stop pretending the law actually matters for the people in power.