Simple put, no. In order to be save with a LLM that can execute stuff on its own it needs to be completely sandboxed.

A very nice talk about flaws in agentic AI can be found here: https://media.ccc.de/v/39c3-agentic-probllms-exploiting-ai-computer-use-and-coding-agents

I can also recommend the object storage from hetzner for backups. Quite price competitive.

It actually does both. Not really tested the multimonitor features but its there and it works, not sure if to the same degree as in rdp.

There is a box for manually added monthly savings. But yes, hard to classify what you would actually subscribe to if you would not have a server already.

But same for video. I would never buy 3 streaking service at a time.

The other answer is already good but I answer more general.

Rate limiting. Do not allow as many requests as your CPU can handle but limit authentication requests. Like a couple requests per second already goes a long way.

The ‘immediate attacks’ ppl mention is just static background noise. Server / scripts that run trying to find misconfigured, highly out to date or exploitable endpoints/servers/software.

Once you update your software, set up basic brute force protection and maybe regional blocking, you do not have to worry about this kind of attack.

Much more scary are so called 0-Day attacks.

1. No one will waste an expensive exploit on you
2. It sometimes can happen that 0-Days that get public get widly exploited and take long time to get closed like for example log4shell was. Here is work necessary to inform yourself and disable things accorsing to what is patched and what not.

As i already said, no one will waste time on you, there are so much easier targets out there that do not follow those basic rules or actually valuable targets.

There is obviously more that you can do, like hiding everything behind a VPN or advanced thread detections. Also choosing the kind of software you want to run is relevant.

Yeah I’m not saying its perfect and LLMs are non-deterministic so it could give you some crap. You’re not wrong and it’s good to be aware of that. How do you verify some random stranger from the internet wasn’t an asshole and gave you malicious config? 🤷

There is no guarantee either, but on a public forum at least a couple of eyes look at it too. Not saying that this makes it trust worthy. But a LLM usually words it output very direct and saying “this is the absolut truth” which can lead to a much higher trust relation then a stranger on a forum that writes “maybe try this”.

I generelly would not recommend using the llm for potential security related questions (or important or professionally questions) were your own knowledge is not big enough to quickly vet the output.

You are still talking about someone that is not able to create the config themself, but that someone should be able to test everything?

But still, how would verify if the config is good or not? For example if it exposes root?

The discussion is about low effort Link only Video and or others Posts. If you are not reffering to them then you missed the point.

It seems, the majority does not want it.

If ppl do not like it they can use another selfhosted from another instance. Thats what lemmy or the fediverse is build for.

Most ppl seem to agree with me.

But how would you know before watching?

“Based on the upvotes and comments” Oh then others doing the work to watch it and rate it on lemmy for you.

Imo, when a link to a video or forum or whatever is posted, then at least a summery or a discussion should be included.

No, you have not understood anything. Assuming Jellyfin would go closed source, (ignoring the GPL license and so on) you would not notice anything. Your server and service would be unchanged by this.

Emby is the best example, the community will fork it and you server lives on. Even if not, then the server and software is still yours.

If it becomes an issue, then you’re in the exact same position you’d be in today if you decided to move away from Plex now.

I disagree. Right now you got time to do the research, plan the move and test it out with a demo setup. You do not know if you got the time if Plex decides to screw their lifetime users.

Yes this is hypothetical.

Brother we have the opposite problem. You are not putting yourself in my shoes, or other people like me.

Bold claim. But no i am putting myself in your shoes and yes there was also a time were i tried to work around to host mail myself. But its easy and no headache to set up.

None of those things are necessary. Like I don’t even have email configured on my server because I don’t need it at all except when the developer unnecessarily integrates it to the extent that it breaks it.

Depending on the view, a functioning service something like password reset is necessary. To design the software that it can ship without functioning password can or cannot make sense, depening on the design choices. Depending on what else got send via e-mail designing the software around that can be challenging and burdening for the future of developing.

If the setup required you to setup e-mail, the software and then also the developer can always assume there is a communication path to the individual user.

As i said, it can and cannot make sense, but saying

That makes no sense.

and not even trying to put yourself into other shoes just does not make sense.

Why wouldn’t you give users the option to not use it?

Since then you would need to have another way to achive the goals e-mail does. Like password resets, user invitations etc. Thats all software burden for that one user that does not want it.

Setting up email is a pain in the ass, costs money, is dependent on 3rd parties, violates privacy, and is just completely unnecessary.

None of these i would actually say. To work around it you can just simply set up local reachable postfix. Done. You can setup a complete local mail server, with a few clicks.

Choose the software you want to use wisely and dont jump to the first solution you find when you are that licky about your requirements. If you are ao reluctant about e-mail and the service requires it, then maybe the design goals of the software do not fit your goals.

They went with OpenDesk, which uses Nextcloud as Cloud System.

Where have you read that they are going to switch to OpenCloud?

And for containers auto updates once every day.