It can be both server and DNS provider. For instance, Cloudflare allows you to set rules for what traffic is allowed. And you can set it to automatically drop traffic for everything except your specific subdomains. I also have mine set to ban a IP after 5 failed subdomain attempts. That alone will do a lot of heavy lifting, because it ensures your server is only getting hit with the requests that have already figured out a working subdomain.

Personally, I see a lot of hacking attempts aimed at my main www. subdomain, for Wordpress. Luckily, I don’t run Wordpress. But the bots are 100% out there, just casually scanning for Wordpress vulnerabilities.

+1 for dropped connections on invalid domains. Or hell, redirect them to something stupid like ooo.eeeee.ooo just so you can check your redirect logs and see what kind of BS the bots are up to.

Yup. Queue is a line. Cue is a trigger. The cashier can cue the next person in the queue to approach the register.

Even more confusingly, my job frequently shorthands “cue” as “Q” because it is quicker to write in a script. For instance, the script margins will have the stage manager’s notes, which include lighting cues, sound cues, etc… So the stage manager will write something like “Q136 when light switch flipped” if lighting cue 136 needs to fire when the actor flips the light switch. So they can call it at the appropriate time.

Yeah, the Tizen app will be huge for me. I’ve been dual-running Plex and JF specifically because a few of my users have Tizen devices. And there’s no way I’d be able to explain sideloading to my “throws up their hands and says it’s too complicated as soon as they see anything unexpected” relatives over the phone.

Luckily, I got a lifetime PlexPass like a decade ago, before JF even existed. So it’s not like supporting Tizen is costing me anything extra.

Other side of the same coin: I work for a municipality, and I can’t even connect my phone to the intranet because they use MAC whitelists for the entire network. The only thing non-whitelisted devices can even connect to is the (really shitty) public WiFi. Many cities used to be pretty lax about cybersecurity, but a few high profile attacks have made most of them (at least anything larger than a small town) rethink that stance. Hell, one city a few miles away had a ransomware attack that left their city services entirely unavailable for like three weeks. That was actually studied by lots of the local cities, to see what they can do to prevent similar attacks.

allowing a threat actor to better navigate your network without needing to do ip scans (which are very obvious and should trigger even basic detection)

I mean, basically any device will send a DHCPDISCOVER broadcast on 255 when it connects, to see if there is a DHCP server on the network. Unless you’re running your entire network on pre-configured static addresses and have your router set up to intercept all broadcast messages (and treat the broadcasting device as hostile), any device plugging into the network would automatically broadcast a message anyways.

And honestly, if you’re being that paranoid about your network, you’d probably be better off just using port security and a MAC whitelist instead. It would save you a lot of time with manually configuring IP addresses. That way any threat actor would only be able to connect if they already knew a whitelisted MAC. And gentle device discovery can also be automated without obvious brute force “ping every IP in the subnet at the same time, and blatantly scan common ports on responding IPs” network scans. They’ll take longer, (and passive scans may miss some devices) but they wouldn’t trip the rudimentary “watch for any device firing ping requests out to every single IP” scan detection. Passive scans can be particularly difficult to detect.

Tax productivity, not work. Worker productivity has skyrocketed in the past few decades, but taxes have remained constant. So the rich have been able to extract increasing amounts of productivity, while paying proportionally less and less in taxes. Meanwhile, worker wages have remained stagnant, meaning their productivity has gone up but they’re still being paid (and taxed) the same.

Wealth taxes should still absolutely be a thing, but they should be entirely divorced from a work (productivity) tax.

While I agree with Section 230 in theory, it is often only used in practice to protect megacorps. For example, many Lemmy instances started getting spammed by CSAM after the Reddit API migration. It was very clearly some angry redditors who were trying to shut down instances, to try and keep people on Reddit.

But individual server owners were legitimately concerned that they could be held liable for the CSAM existing on their servers, even if they were not the ones who uploaded it. The concern was that Section 230 would be thrown out the window if the instance owners were just lone devs and not massive megacorps.

Especially since federation caused content to be cached whenever a user scrolled past another instance’s posts. So even if they moderated their own server’s content heavily (which wasn’t even possible with the mod tools that existed at the time), then there was still the risk that they’d end up cacheing CSAM from other instances. It led to a lot of instances moving from federation blacklists to whitelists instead. Basically, default to not federating with an instance, unless that instance owner takes the time to jump through some hoops and promises to moderate their own shit.

+1 for Home Assistant, though the Docker implementation doesn’t allow add-ons. That may be fine at first, but a lot of the more complicated setup requires add-ons. For me, it was worth it to just go ahead and grab an HA Green to run my HA stuff.

Because the venn diagram of “people who would maliciously do something like this” and “people with good enough photoshop skills to make it look realistic” were nearly two separate circles. AI has added a third “people with access to AI image generators” circle, and it has a LOT of overlap with the second group simply because it is so large.

Also, uBlock Origin isn’t an AV program. It blocks ads, which may be malicious… But malicious ads are only one potential vector for malware, and being blocked won’t necessarily stop drive-by attacks. Because of the way browser ad blockers work, the ad still has to load in the background before it can be blocked, so you’re still being served the potentially malicious ads. It probably would’ve helped in this scenario (where OP actually clicked a malicious ad) but there’s no telling what other BS they picked up just by browsing.

Libertarians are grumpy indoor cats. They’re violently independent and want to be left alone, but their survival is also entirely dependent on the systems surrounding them, which they completely take for granted.

The grumpy indoor cat doesn’t want your attention, they just want their auto-feeder to activate like it always does. Never mind the fact that you’re the one who keeps the auto-feeder filled. They don’t care about that, they just care that the auto-feeder dispenses food.

The problem is that these kinds of laws are becoming widespread. When they become the norm, simply VPN’ing to a different country won’t save you, because there won’t be any “safe” countries.

Shit like this is why I unironically considered spinning up a NSFW Jellyfin instance. At least if I save the degen content like a data hoarder, they can’t legislate away my access.

Yeah, I guess I should have been more clear. Hardlinks also work for things like RAID drives. But if your PC has a C:/ and D:/ drive, you can’t hardlink across the two.

Plex is a lot better at grabbing a pack of loosely organized files and understanding episode structure without renaming or moving files, which is great for continuing to seed files that are in the library.

You may want to look into the *arr suite. Sonarr for managing TV show downloads, Radarr for managing movie downloads, Jellyseerr for managing media requests, Prowlarr for managing torrent/usenet indexers (search engines), Cleanuparr for automatic download management, and Huntarr for automatic downloads.

I haven’t seen anyone discuss this, so maybe I’m doing something wrong?

The go-to these days is to use hardlinks, which will allow you to have the files show up in two places at once. Sort of like a shortcut, but it actually shows the true file instead of simply pointing to a different file location. One stays in your torrent’s location for seeding, and a second hardlink is created in your media folder, with proper naming structure for Plex/Jellyfin to find. The *arr suite automates that process. It tracks your downloads, and automatically creates Plex/Jellyfin file names in the corresponding library folders when the download is completed.

It’s the best in every sense:

• You can continue seeding.
• You don’t need to keep multiple copies of the same file, because the hardlink in your library folder is pointing to the same file as the torrent. So it doesn’t take up twice as much space on your drive.
• You get proper naming conventions for your media discovery.
• You don’t need to manually manage your library.

The big downside to hardlinks is that they can’t be used across drives or partitions. The hardlink can only point to a file on the same drive. So if your torrent download folder is on a different drive than your library folders, you can’t use hardlinks.

Yeah, the primary reason people end up exposing things to the internet is because of friends and family. I can call my tech-illiterate “anything more difficult than logging into Facebook has her throwing up her hands in defeat, saying it is too hard, and tech is just too complicated these days” mother-in-law and walk her through setting up Plex… But that only works because Plex is exposed to the internet. If I had to walk her through setting up Tailscale on her living room TV before she could connect, it would be a non-starter.

Yup, good notes are really the difference between beginner and expert self-hosters. Write the notes as if they’re documentation to be read by someone who has never seen them before. Don’t tell yourself that you’ll remember things; that is the devil talking. You will forget in 6 months when you’re looking at it again.

You have no inhibitive filter, and compulsively blurt out whatever you’re thinking, including whatever the person is thinking when you’re reading their mind.

It’s mostly an issue when you have them sharing boot drives via partitions. If you keep them isolated to their own separate drives, Windows doesn’t tend to muck with things. It’s because Windows is bad about killing bootloaders, and automatically setting itself as the default in the boot order. So if you have it sharing a drive, it’ll nuke your boot. But if you don’t have them sharing a drive, and boot via a loader on the Linux drive, there is no boot loader on the Windows drive to nuke.

Yeah, I’m genuinely excited about the new controller. My biggest complaint about the Steam Deck has been the lack of touch-enabled controllers for mouse control. Because even in Big Picture mode, there are still some games that occasionally need to use the mouse. Launchers, random in-game menus, emulator menus, etc… I have the original Steam Controller, and use it occasionally, but it has a few big flaws… Notably, the lack of arrow keys, which makes playing certain console games (or emulators) on it difficult.

The PS5 controller at least has a touch pad, but there’s no easy way to scale the mouse sensitivity for the controller’s touchpad, and the default sensitivity is way too high. Barely touching the pad has the mouse cursor zipping across the screen. Hitting tiny options on a “1080p launcher on a 4k TV” drop-down menu is nearly impossible. There’s also the issue where you need to hold the PlayStation button to enable mouse mode, but holding the button for ~15 seconds turns off the controller. It’s a laughably dumb oversight, where you have to do all of your (completely unscaled, way too sensitive) mouse movement in ~10 second increments, or else you’ll accidentally turn your controller off.