Encrypt-Keeper

It’s not the only answer, but it’s the one that will get you the most secure with the least amount of effort.

Not so much a fight as an exercise in futility lol

Worse. KaraKeep was partially inspired by Linkwarden.

Have they fixed the titles of saved links being clipped for no reason?

I found Linkwarden entirely unusable because of this and switched to KaraKeep the moment I realized they’d mastered the ancient magic of “Make sure the link titles are actually fully visible”

EDIT: It would appear not since I can see they’re clipped in the thumbnail lol. All that wasted space sitting there doing nothing when it could be… containing the title of the link.

The first game is a ton of fun. And seems to have been an 8/10 game. This one is evidently more so and is a 9/10 game. How you get 5/10 from that I’ll never know.

I think the DS games are just not for you.

This is the biggest weakness of Jellyfin. Native OIDC support would really be a no brainer at this point.

You’ve argued from a position of weakness against a well known and accepted truth, and have provided zero proof to back up your outlandish claim. On the contrary you’ve admitted to the existence of unwanted access attempts to your services, as well as your usage of mitigations to the same problem you insist doesn’t exist.

It’s over man. You’re certified expert yapper but that’s not going to convince me or anyone else here that you know what you’re talking about. It’s a wrap.

It’s over man. You’ve made it very clear you have no idea what you’re talking about, how any of this works, or even what’s going on with your own selfhosted services. Back peddling away from your own arguments and trying to sweep up the beans you’ve already spilled isn’t going to help your case.

Maybe stick to your day job, I just don’t think that cybersecurity career is in the cards for you.

As OP should be. 2k attempts a day at unauthorized access to your services is a pretty clear indicator of that. Seems you’ve mitigated it well enough, why would you suggest that OP not bother doing the same? If you’re so convinced those 2k attempts are not malicious, then go ahead and remove those rules if they’re unnecessary.

Perhaps as someone with only meager experience running a Jellyfin server who can’t even recognize malicious traffic to their server, and zero understanding of the modern internet threat landscape, you shouldn’t be spreading misinformation that’s potentially damaging to new selfhosters?

a rule blocking connections from other countries, and also requiring the request for the login page come from one of the services on your domain, will block virtually all malicious attempts to access your services.

Whoa whoa whoa. What malicious attempts?

You just told me you were the statistical wonder that nobody is bothering attack?

That’s 2k requests made. None of them were served.

So those 2k requests were not you then? They were hostile actors attempting to gain unauthorized access to your services?

Well there we have it folks lmao

Yes they are. The idea that they’re not would be a statistical wonder.

2k requests made to the Authelia login page in the last 24 hours

Are you logging into your Authelia login page 2k times a day? If not, I suspect that some (most) of those are malicious lol.

You don’t know jack shit about what’s going on in another persons network

It’s the internet, not your network. And I’m well aware of how the internet works. What you’re trying to argue here is like arguing that there’s no possible way that I know your part of the earth revolves around the sun. Unless you’re on a different internet from the rest of us, you’re subject to the same behavior. I mean I guess I didn’t ask if you were hosting your server in North Korea but since you’re posting here, I doubt it.

I’m not sure why you’re acting like some kind of expert

Well I am an expert with over a decade of experience in cybersecurity, but I’m not acting like an expert here, I’m acting like somebody with at least a rudimentary understanding of how these things work.

https://youtu.be/GuTp4Am51i0

There’s a group with a petition to “Stop Killing Games” which seeks to legally remedy the issue of game developers making games that are later turned off and left unplayable even in the case of them being single player.

Thor of PirateSoftware owns a development outfit that makes indie games and he also does a lot of streams. He’s against Stop Killing Games, but doesn’t seem to even understand it, and has publicly spoke out against it, going so far as to spread misinformation about it.

What about the 92 metacritic score and the vast majority of reviews calling it “better than the first game in every way” makes it look like a 5/10 for you?

Anything you expose to the internet publicly will be attacked, just about constantly. Brute force attempts, exploit attempts, the whole nine. It is a ubiquitous and fundamental truth I’m afraid. If you think it’s not happening to you, you just don’t know enough about what you’re doing to realize.

You can mitigate it, but you can’t stop it. There’s a reason you’ll hear terms like “attack surface” used when discussing this stuff. There’s no “if” factor when it comes to being attacked. If you have an attack surface, it is being attacked.

No, they are actively trying to get in right now. If you have Authelia exposed they’re brute forcing it. They’re actively trying to exploit vulnerabilities that exist in whatever outwardly accessible software you’re exposing is, and in many cases also in software you’re not even using in scattershot fashion. Cloudflare is blocking a lot of the well known CVEs for sure, so you won’t see those hit your server logs. If you look at your Authelia logs you’ll see the login attempts though. If you connect via SSH you’ll see those in your server logs.

You’re mitigating it, sure. But they are absolutely 100% trying to get into your server right now, same as everyone else. There is no consideration to whether you are a self hosted or a Fortune 500 company.

I look forward to hearing about the workarounds kids find.

Look no further, the workaround is the humble VPN. The kids that found that work around are 50+ now lmao

If you loosely follow the definition of social media to mean “Website where you can interact with people in any way” then yes.

But I think the average colloquial use of the term social media really refers to websites where you make a real life personal profile and share things on that profile. Facebook, Instagram, Twitter, etc. You as the individual are the focus of those types of sites.

The (original at least) point of sites like Lemmy and Reddit is sharing information where you as an individual are not the focus. Hence posting to communities rather than your own wall or profile, the use of usernames over real names etc.

I’ve been served PirateSoftware’s shorts long before all this controversy and it always bugged me how confidently wrong he was about systems and network things. He seems to be under the impression that he understands these things on an advanced level due to his experience as a checks notes QA tester for Blizzard, and a… indie software developer lol.

All this backlash against him is so vindicating.

I mean, big YouTubers like Charlie and others covering Thor’s bullshit is what drove this huge spike in signatures so maybe we should be thanking Thor lol

If you’re a beginner and you’re looking for the most secure way with least amount of effort, just VPN into your home network using something like WireGuard, or use an off the shelf mesh vpn like Tailscale to connect directly to your JF server. You can give access to your VPN to other people to use. Tailscale would be the easiest to do this with, but if you want to go full self-hosted you can do it with WireGuard if you’re willing to put in a little extra leg work.

What I’ve done in the past is run a reverse proxy on a cloud VPS and tunnel that to the JF server. The cloud VPS acts as a reverse proxy and a web application firewall which blocks common exploits, failed connection attempts etc. you can take it one step beyond that if you want people to authenticate BEFORE they reach your server by using an oauth provider and whatever forward Auth your reverse proxy software supports.