WYGIWYG

  • 0 Posts
  • 125 Comments
Joined 6 months ago
cake
Cake day: September 24th, 2024

help-circle
  • The DMZ is the right idea. But it’s the old way. You definitely want whatever is serving your website to be separated out from your house. You’re hosting should be on an isolated VLAN. The internet should only be able to talk to the server it needs to talk to, no other ports. That box should only be allowed to talk to what it absolutely must talk to and only on the ports that are required. You should run an independent firewall on each one of the boxes that are involved in the hosting with only the proper ports open.

    Giving up your private IP Will definitely give away your general location to everyone and your precise location to the authorities.

    I would highly recommend using cloudflare or one of the other funnel options. A lot of people don’t like cloud flare because they can capitalize on your traffic, The cloudflare also just won’t shut you down and sell you out like your ISP will at the first request, They don’t do shit about anything until there’s a warrant or a court filing. On the upside you don’t give out your private IP to anyone. You have DDOS protection, and a reasonable layer of anominity.

    You need to check daily to make sure all of your software is updated. We’re talking OS, middleware, plugins, application. Preferably via automation. All of the software and plugins you use for this type of hosting end up getting vulnerabilities.

    Security is especially difficult on forums. There’s lots of opportunities there for skilled people who are pissed off at what you or someone else is saying to get butthurt. People know exactly what you’re running, then they do some magic behind the scenes next thing you know there’s a bunch of admins you didn’t create.

    You don’t need to be hosting your own email but you are going to need an SMTP provider, most free services won’t let you masquerade the from address.






  • They don’t even have the excuse

    just for ref, I’m not downvoting you. They do offer some things that cost them dev/money/time. And some of those things are pain points on Jellyfin.

    They give you SSL and dynamic DNS style stuff behind the scenes. They give you a remote service that tells you if you’re remotely visible. They cache the tvdb and manage some subscriptions for EPG and do a pretty good job partnering with (and presumably caching) open subtitles.

    None of that makes up for their rug-pulling bullshit.

    You used to be able to download shit to your phone then become a local server so other people on your local network could watch off your device.

    You used to be able to run 3rd party plugins improving libraries and storing off youtube meta

    They’re scrapping watch together

    They’re scrapping free remote

    They’re spiraling the drain… But I won’t miss them, I’ll miss what they once were.








  • Unless I’m misreading it which is possible it’s awfully late, he said he processed 60,000 rows didn’t find what he was looking for but his hard drive overheated on the full pass.

    Discs don’t overheat because there was load. Even if he f***** up and didn’t index the data correctly (I assume it’s a relational database since he’s talking about rows) The disc isn’t just going to overheat because the job is big. It’s going to be lack of air flow or lack of heatsink.

    I guarantee you he was running on an external NVMe, and one of those little shitty-ass Chinese enclosures. Or maybe one of those self immolating SanDisk enclosures. Hell, maybe he’s on a desktop and he slept a raw NVMe on his motherboard without a heatsink

    There are times when you want a brilliant college student on your team, But you need seasoned professionals to help them through the things they’ve never seen before and never done before.






  • Non SSL behind your ingress proxy is acceptable professionally in most circumstances, assuming your network is properly segmented it’s not really a big deal.

    Self-signing and adding the CA is a bit of a pain in the ass and adds another unnecessary layer for failure in a home network.

    If it really grinds your gears you could issue yourself a real wild card cert from lets encrypt then at DNS names with that wild card on your local DNS server with internal IPs, but to auto renew it you’re going to have to do some pretty decent DNS work.

    To be honest I’ve scrapped most of my reverse proxies for a nice tailscale network. Less moving parts, encrypted end-to-end.



  • Especially on Lemmy, the only thing it’s really doing is bringing some discoverability but the discoverability isn’t all that bad on Lemmy you have to look around for like 2 minutes to find the communities, okay, well you have to understand that there are like communities on multiple instances, figure out how to switch from local to all, then look around for 2 minutes

    After hanging out on Blue sky for a bit I’m pretty sure Mastodon could use a little algorithmic help. The communities on Mastodon are so loosely formed they can be a little hard to find, you end up looking for people with the same taste and follow their followers. It works but nothing ever gets surface to you that you didn’t actually actively look for and it seems to be kind of a mess in a Twitter scenario.