Huh? Did you even read the whole thread? They’re linked above.

They could put a banner in the network settings warning users about these security issues while they get them fixed, that doesn’t require fixing any inherited code. In the GitHub issue linked, there’s at least one upset user because they had no idea this was even a problem.

What about the pwned users of Jellyfin that have unknowingly had security holes for 5 years because Jellyfin doesn’t care enough to even put a banner in their settings to say it’s not secure?

I mean, that’s fine, but it’s still an issue and a risk that would cause me to want to use VPN for remote viewing. It doesn’t seem like security is Jellyfin’s priority at the moment, not that it’s Plex’s either, but it’s not to a place where it’s worth it to switch from a security standpoint, personally.

I’d love to switch. I would do it right now, but the problem is that Jellyfin’s security isn’t better if you open it up to the internet. For example, I’d have to set up a VPN for my remote users for proper security, and most of my users are in other states, not technically inclined, and watch on their TVs. I’d have to at least support a raspberry pi for them, or some sort of site to site VPN, and if it goes down, I’ll be expected to fix it. On top of that, if I do a simple raspberry pi based VPN, it would be made even more complicated since they’d want it to work with their smart TVs.

Again, I really want to switch. But Jellyfin needs to fix their security issues before I can. I’m also happy with the way Plex is reporting this, it’s above the standard “your data is lost” notifications.

Edit: here’s a link to the related GitHub issue I’ve been following: https://github.com/jellyfin/jellyfin/issues/5415

And @Saik0Shinigami@lemmy.saik0.com has a great thread explaining more: https://lemmy.today/comment/18923504

Ah, I stand corrected. That’s probably why I’ve never been charged, 2.5k is a lot for my use.

Which part? If you’re wanting to use cloudflare pages, it’s relatively straightforward. You can follow this and get up & running pretty quickly: https://www.hongkiat.com/blog/host-static-website-cloudflare-pages/

If you’re asking about the tarpits, there’s two ways (generally) to accomplish that. Even if you don’t use cloudflare pages to host your site directly (if you use nginx on your server, for example), you can still enable AI tarpits for your entire domain, so long as you use cloudflare for your DNS provider. If you use pages, the setup is mostly the same: https://blog.cloudflare.com/ai-labyrinth/#how-to-use-ai-labyrinth-to-stop-ai-crawlers

If you want to do it all locally, you could instead setup iocaine or nepenthes which are both self hosted and can integrate with various webserver software. Obviously, cloudflare’s tarpits are stupid simple to setup compared to these, but these give you greater control of exactly how you’re poisoning the well and trapping crawlers.

+1 for Duplicacy (the GUI, as a container). Very worth it, IMO. Not only do I use it for my PC, I back up my server to my other server in another state with it. I also use it with Backblaze B2 (for very important files) which is slightly more than Hetzner ($6/TB). I haven’t run into any chunking issues and they don’t charge for API calls. Highly recommendated.

Yep, on top of simply blocking, if you’re self hosting or using cloudflare, you can enable AI tarpits.

The problem is the github issue has hallucinations and incorrect technical terminology. It really shouldn’t be used for this purpose, it’s pretty selfish to expect maintainers to consider something that you used LLM for in my opinion. I don’t think that’s elitist, is it really all that difficult to write a feature request on your own, especially if you’ve already done the hard part (the research)?

I mean, sure, but LLM issues are currently plaguing open source projects. Curl, for example: https://gist.github.com/bagder/07f7581f6e3d78ef37dfbfc81fd1d1cd

If someone isn’t passionate about something enough to write their own request, why would the devs be passionate about implementing it?

Yikes. Why would the devs implement anything created by LLM? It shows that the requester (you, in this case) isn’t passionate enough to sit down and write something on their own.

So we’re filing LLM slop for Lemmy issues now? Also that’s a pretty poor choice for a name.

Quadlets changed my life.

The (wildcard) certs are the same, as it’s what caddy is pulling via API. You can either build the cloudflare module into caddy via docker build, or use a prebuilt version. It doesn’t create two separate certs for local and remote.

It works really well for me, and is actually the most straight forward way to get valid certs for internal services I’ve found. Since they’re wildcard, my internal domains don’t get exposed through certificate authorities.

Efficiency still matters very much when self hosting. You need to consider power usage (do you have enough amps in your service to power a single GPU? probably. what about 10? probably not) and heat (it’s going to make you need to run more A/C in the summer, do you have enough in your service to power an A/C and your massive amount of GPUs? not likely).

Homes are not designed for huge amounts of hardware. I think a lot of self hosters (including my past self) can forget that in their excitement of their hobby. Personally, I’m just fine not running huge models at home. I can get by with models that can run on a single GPU, and even if I had more GPUs in my server, I don’t think the results (which would still contain many hallucinations) would be worth the power cost, strain on my A/C, and possible electrical overload.

You can use caddy to get internal https via cloudflare API, and no traffic needs to go through a cloudflare tunnel for that.

Oh my god, not you again. Give the slop a rest. Your last (now-deleted) post said you had “no marketing”, but here you are again.

It’s a structured low tech kit solution that uses Legos and hammers to hit them when the data tells it to with no guidance or tutorials which makes you money when you (a solo builder) are going broke.

What’s so hard to understand about that?

It’s clear that we don’t get guidance - you don’t even seem to know what your “platform” does.