dgdft
@dgdft@lemmy.world
- Comment on Is this mail something I should be concerned about? 1 week ago:
What kind of vulnerabilities are you worried about from such a sudo call?
- Comment on Is this mail something I should be concerned about? 1 week ago:
That’s how it already works — Caddy doesn’t require elevated privileges in general. You can toss a binary + config + certs anywhere in the homedir and it’ll go fine if you bind to a non-privileged port.
But users want software to do stuff like help set up certs and serve on ports 80 & 443, so what better option is there than to limit scope of execution by doing pinhole actions with sudo?
- Comment on Is this mail something I should be concerned about? 1 week ago:
What would be the correct way for caddy to run actions like this that require elevated permissions, in your view?
- Comment on Round Two: Can I manage to set up Jellyfin correctly this time? 1 week ago:
Rt, my bad for the personal attack; I was trying to be saucy with that opener and missed the mark.
That being said, your opinion is still utter hot garbage. It’s not hard at all to host dynamic services publicly with minimal risk if you know what you’re doing, and Jellyfin is pretty damn low risk.
The argument you’re making is comparable to going on a car forum and saying no one should ever drive on a public road because you might crash, and there are drivers doing things you can’t control. It’s factually true that you mitigate all risk by doing so, but misses the fact the people can and do drive on public roads all the time without much hurrah.
- Comment on Round Two: Can I manage to set up Jellyfin correctly this time? 1 week ago:
Sorry, I assumed you were intelligent and sanewashed your comment.
I assumed you were talking about the fact that internal web servers that services like Jellyfin run are often DoSable without a proxy.
Jellyfin is quite literally a web app and perfectly safe to host on the web. Wanna prove me wrong? I’ll happily spin up an instance and throw a $500 bounty on there for you.
- Comment on Round Two: Can I manage to set up Jellyfin correctly this time? 1 week ago:
Did you read the thread body? Op is using Caddy to reverse proxy.
The smoothbrain top comment is claiming that Jellyfin “wasn’t designed to be exposed to the internet” AT ALL, reverse proxy or not. You’re poking at a strawman here, and putting words in my mouth that I didn’t say.
- Comment on Round Two: Can I manage to set up Jellyfin correctly this time? 1 week ago:
Yeah, you’ll probably want to give your Pi a static internal IP too, but the details for that will depend on the specifics of your router and network.
- Comment on Round Two: Can I manage to set up Jellyfin correctly this time? 1 week ago:
Yeah, fair point — I was only talking RCE.
That’s a real risk if you get hit by a lazy stuffing script, and I personally SSH tunnel my self-hosted to a public VPS to avoid that sorta thing.
@Op, if you do notice slowdowns for your whole network & suspicious noise in your Jellyfin logs, the easy move is to configure fail2ban and ask your ISP to rotate your router’s IP for you.
- Comment on Round Two: Can I manage to set up Jellyfin correctly this time? 1 week ago:
Assuming you’ve forwarded ports 80 & 443 on your router, that’ll do just fine.
Speaking as a hacker and SWE, the cringelords telling you that exposing Jellyfin is some major liability are LARPers who don’t know what they’re talking about.
- Comment on Tool to move watched files from on Plex lib to another 2 weeks ago:
Just a thought, but you might be able to do this easier by looking at atime and mtime rather than fiddling with the API.
- Comment on Leaving GitHub. Music server alternatives? 2 weeks ago:
Lemmy is optional, and the project is hosted on Github.
- Comment on Automating Restic backups 3 weeks ago:
Seconding this answer. The error message and description scream envvar issue.
This is my first time using systemd, so I’m not sure if I am overlooking an obvious step or what.
@gedaliyah@lemmy.world Did you run a
systemctl daemon-reload
after making the PassEnvironment change to your service file? - Comment on My first post ever – life in a tent 3 weeks ago:
Welcome to Lemmy! Sincerely hope you can find some reprieve from your physical circumstances here.
As a friendly heads up, you posted this thread to a tech-related board. Your post may be removed for that reason, but you should consider reposting on a more general comm such as !casualconversation@piefed.social.
- Comment on How to enhance Caddy's basic_auth? 4 weeks ago:
Yeah, you don’t need to extend Caddy at all for that.
Add a properly-formatted Authorization header to any requests you make to the server and it’ll work. See Wikipedia page for header string format:
- Comment on How to enhance Caddy's basic_auth? 4 weeks ago:
How does programmatic access tie into the desire for a login form?
Either way, you can do a login form -> basic auth forwarding page by rigging up some simple JS, or access programmatically in a direct way by simply setting a manual Authorization header.
- Comment on Hackers Are Finding New Ways to Hide Malware in DNS Records 5 weeks ago:
Not to detract from the article, but this has actually been a long time coming and known as a vector for decades.
DNS backed website PoC from a few years ago: news.ycombinator.com/item?id=27598164
- Comment on Immich Flatpak 5 weeks ago:
It’s extra work to maintain and test another release format — and the core developers want to focus on making software.
No one is stopping you from rolling your own flatpak.
- Comment on Medieval medicine was smarter than you think—and weirdly similar to TikTok trends 5 weeks ago:
No personal disrespect to you OP, but gotta call a spade a spade: this article is dogwater clickbait and an awful fit for this comm.
- Comment on Tape drive backups 5 weeks ago:
tape drives seem to be the best
Tape drives are the keytars of the tech world. They seem cool and a pro can really jam with them… but they’re not the most practical and you should really get a guitar or a keyboard until you know what you’re doing.
Yeet your shit onto rsync.net or anything else simple and call it a day, unless you’re in it for the meme.
- Comment on [deleted] 1 month ago:
I respect the spirit you’re going for, but FYI, Libby and Overdrive are private-equity owned and just as exploitative (if not more so) than the major publishers were.
They do not give libraries an unlimited license for digital books, but rather make them pay what they would for a physical book, and allow them to loan out the digital copy a relatively small number of times (usually around ~4-5 IIRC) under the guise that a physical book would have been irreparably degraded after having been lent out that many times. There’s a stream of billions of dollars being moved from non-consenting taxpayers going right to a monopolistic gatekeeper.
If we’re talking physical books, libraries are definitely still great for that, but I find that the vast majority of the time I look to check if they have a specific book I’m after, there are zero physical copies anywhere in the system, and all the digital “copies” are already “checked out”. E.g., I went looking for a copy of PKD’s Valis last week, and my options were: library audiobook (vomit), wait two weeks for a “checked out” digital copy from the library (vomit), buy from Amazon (vomit), or sail the seas.
So no, that’s a shitty substitute – and your moral high-ground has a sinkhole beneath it.
- Comment on Got my first script kiddy 1 month ago:
Absolutely not — the issue here is OP knowingly submitting false abuse reports.
Port scans of public hosts are not considered abuse per the CFAA or Amazon’s AUP without other accompanying signs of malicious intent.
Amazon may take action against egregious mass-scanning offenders per the “…to violate the security, integrity, or availability of any user, network…” verbiage, especially if they’re fingerprinting services or engaging in more sophisticated recon, but OP’s complaints are nowhere near meeting that threshold.
- Comment on WhisperX — Automated Transcripts w/ Timestamps and Speaker Tagging 1 month ago:
You should be able to get decent results from that if you pipe your tracks through demucs first to isolate the vocals.
- Comment on WhisperX — Automated Transcripts w/ Timestamps and Speaker Tagging 1 month ago:
Are you self hosting the long context llm, of do what are you using?
I did a lot of my exploration back when GPT4 128K over API was the only long-context game in town.
I imagine the options are much better these days between Llama 3/4, Deepseek, and Gemini, and Qwen — but haven’t tried them locally myself.
- Submitted 1 month ago to selfhosted@lemmy.world | 28 comments
- Comment on Keeping track of different targets in terminal 1 month ago:
You’ll get used to it eventually, but you can e.g. tweak your PS1 to an all-caps hostname, or use a custom tmux layout with dedicated panes for each box you connect to.
- Comment on Hardware Suggestions For A Beginner? 1 month ago:
If you really want something upgradeable, used enterprise SFF is the way to go: discountelectronics.com
However, the hardware market is in a weird spot right now; you’ll get far more bang for your buck with an Intel N150. You can find a 16GB DDR5 w/ 1 TB SSD around the $200 mark, and that’s what I’d roll with in your shoes, assuming you don’t mind living without a spinning disk. Your Jellyfin and Immich instances will run far smoother.
Obligatory reminder that you’ll be missing out on most of the commonly-cited benefits of a VPN by self-hosting at home.
- Comment on Cow eggs 1 month ago:
Bovines are ungulates, and thus have hooves. These eggs do not have hooves, and therefore are not bovine eggs.
QED
- Comment on Archaeology dig helps Tonkawa Tribe rediscover Texas roots 2 months ago:
I got back yesterday from working on this dig, and had a great time. It was my first field school experience — but despite the fuckery that is tent-camping in central Texas midsummer, I can safely say I’ll be back every chance I get.
The project was a beautiful reminder that even in rural Texas, there are plenty of unsung heroes out in the wild who dedicate their entire lives to building community and looking out for others.
- Submitted 2 months ago to archaeology@mander.xyz | 1 comment
- Comment on Got any security advice for setting up a locally hosted website/external service? 2 months ago:
Please tell me more, which firewall would you recommend that plays nice with Docker?
Firewalld
No NAT?
Another user in this thread suggested DMZing, so combine your advice with theirs and boom. It’s not uncommon. Most people don’t knowingly choose to use a firewall that they don’t intend to work, like you would.
why would you copy paste a docker compose without reading it?
There’s more than one way to use docker. Spinning up an official mysql image using the official
docker run
ORdocker compose
call suggested by the docs would start up a server wide open to the entire internet if DMZ’d.