Waryle

You can look up for:

• Setting up max authentication attemps per connection -> slows up a lot brute force attacks. If your password is strong enough, that’s already a big step to secure your server.
• Generate SSH Keys and disable password authentication -> do this only if you’re connecting through the same devices, because you won’t be able to connect from any device that has not being set up. Personally I don’t use this because I want to be able to access my server even if I’m not home and without my laptop
• Set up Crowdsec -> it’s a local service which scans logs and will block access to any suspicious IPs. It also relies on a crowdsourced list of IPs that are identified as threat and will preventively block them

Oh you insufferable rawgabbit. Even in the face of definitive proof, the only thing you care about is throwing a 4 paragraphs tantrum trying to twist every single word just to not say “OK, maybe I was wrong on that thing”. I’m out.

https://www.legifrance.gouv.fr/juri/id/JURITEXT000030635061/

Case law from the Cour de Cassation, where the defendant was convicted, by Articles 323-1 and 323-5, of having extracted data freely following a proven failure of the protection system.

The complainant just had to show that the data SHOULD have been inaccessible, by expressing this “with a special warning” :

"3°) alors qu’en l’absence de dispositif de protection des données, la maître du système doit manifester clairement et expressément manifester, par une mise en garde spéciale, sa volonté d’interdire ou de restreindre l’accès aux données ; qu’en déduisant de la seule présence d’un contrôle d’accès sur la page d’accueil du site de l’ANSES que M. X… s’était irrégulièrement maintenu dans le système contre le gré de son propriétaire, la cour d’appel a violé l’article 323-1 du code pénal ;

Translated :

“3°) whereas in the absence of a data protection system, the master of the system must clearly and expressly manifest, by means of a special warning, his intention to prohibit or restrict access to the data; that in deducing from the mere presence of an access control on the home page of the ANSES site that Mr. X… had irregularly maintained himself in the system against the owner’s will, the Court of Appeal violated article 323-1 of the French Penal Code ;

In my case, the first thing you see when you arrive at my Jellyfin instance is a login form blocking your entry, and you have to go through a backdoor to access my data, so there’s no ambiguity on this point.

You’re wrong, period. Stop trying to debate laws interpretation of a country you don’t even speak the language of.

I live in France, and these are the relevant laws :

• Article 323-1 : you access my server without my authorization -> 3 years of prison, 100k€ fine
• Article 323-3 : you touch my data in any way -> 5 years of prison, 150k fine

Using a flaw in a software to retrieve data you should not have access to is illegal where I live, the same way as you’re not suddenly allowed to enter my house and fetch my drawers just because I left a window open. I won’t debate this point further.

Keeping that copy on a web accessible platform that is accessible by anyone on the internet(unauthenticated) isn’t covered by your rights at a bare minimum.

It’s as accessible as my DVD collection in my living room: anyone can get into my home without a key by illegally breaking a window.

Using a flaw in my Jellyfin to access my content is illegal and can’t be used against me to sue me, period. The idea of rights holders who would hack me to sue me is just plain ridiculous.

Depending on the content “timing” if they trigger on something that doesn’t have a physical/consumer release yet… or all sorts of other “impossible” conditions. This is obviously reliant on what content you actually have on your server.

And again, the only proof they would have could not be used in courts.

For real, you’re just fear-mongering at this point.

I was sincerely hoping someone would bring some real concerns, like how one of these security breaches listed in the OP could allow privilege escalation or something, but if all you got is “Universal might hire hackers to break through your server and sue you”, you’re comforting me in my idea that I don’t have much to fear

Where I live, I have the legal right to have a copy of a film of which I have a legal version, they can watch my media library as much as they want, it’s not enough to prove that it’s illegal.

And hacking my server is illegal, they can’t go to court by presenting evidence obtained through hacking, they would risk much more than me.

My Jellyfin server is behind Cloudflare with IP outside of my country banned.

I got Crowdsec set up on Cloudflare, Traefik and Debian directly.

I got Jellyfin up in a docker container behind Traefik, my router opens only 80 and 443 ports and direct them to Traefik.

Jellyfin has only access to my media files which are just downloaded movies and shows hardlinked by Sonarr/Radarr from my download folder.

It is publicly exposed to be able to watch it from anywhere, and share it to family and friends.

So what? They might access the movies, even delete them, I don’t care, I’ll just hardlink them back or re-download them. What harm can they do that would justify locking everything down?

Now let’s do intercity trains and tramways then

So we can have autonomous metros, buses and taxis that allow people anywhere when they need it so they don’t rely on having a car?

You must add the repo first using this link

Brb, I must warn my ancestors of 1789 that they should have overthrown the monarchy by discussing politely rather than by cutting off the king’s head and fighting his henchmen

Don’t bother, he’s a pro-china anti-western shill, his comment history is a mess

Most instances will stop allowing new accounts to be created when it reaches a certain size that gets difficult to manage (hardware and moderating-wise). They self-regulate that way, and instances that get out of control will just be defederated by the others.

I liked the thought that if I were to lose my phone while traveling, I could just borrow a computer and access all my accounts anyway and not getting very uncomfortably stuck. This is putting me at big risk there.

ZFS Raid Expansion has been released days ago in OpenZFS 2.3.0 : https://www.cyberciti.biz/linux-news/zfs-raidz-expansion-finally-here-in-version-2-3-0/

It might help you with deciding how much storage you want

While true, how is that any different to the arguments that were used for TV?

Television is bad because it is a passive activity, but it is less harmful than the continuous ingestion of micro-videos. But I don’t see what it has to do here.

Additionally, Lemmy is a social network in the same way that Reddit is. Is this not also dangerous?

What’s the connection? I didn’t mention Reddit.

As has been the recommendation for practically everything for the four decades I’ve been on this earth, moderation is key. Instead of hating new media, either regulate it (if the evidence is truly that great) or treat it with healthy moderation.

This would be to ignore the particularly addictive nature of this kind of content. It would be like comparing apples to Snickers: both are sweet, yes, but one is much more problematic.

Let’s be blunt here. Most of the people in this thread aren’t worried about health

That could be a point, but I’m pretty sure that if you ask anybody, the main reason given would be that it makes you stupid. But I can agree that this opinion would not necessarily be based on anything other than the eternal contempt for novelty as video games or manga were, for example, before they became popular.

ITT: People in their mid-twenties or later, who feel superior to those that like one form of media over their preferred media.

You’re just waving away an important fact, which is that shorts and their equivalents are notoriously known for killing attention spans and disrupting the management of dopamine in the brain, causing depression in particular.

We are no longer simply in the traditional custom of the elderly who despise the activities of the younger generations, we are talking about health.

Hexgears and of course lemmygrad.ml are of the same kind

Come on, even the comment above it specifically mention waste generated by nuclear power and its management