Objdct storage is anyway something I prefer over their app. Restic(/rustic) does the backup client side. B2 or any other storage to just save the data. This way you also have no vendor lock.

Wow, those are big networks. Obviously I suppose in case of AWS it doesn’t matter as no human visitor (except maybe some VPN connection?) will visit from there.

As someone who bans /32 IPs only, is the main advantage resource consumption?

I presume you mean running Plex in host namespace. I don’t do that as I run the synology package, but I can totally see the issue you mean.

Running in host namespace is bad, not terrible, especially because my NAS in on a separate VLAN, so besides being able to reach other NAS local services, cannot do do much. Much much much less risk than exposing the service on the internet (which I also don’t).

Also, this all is not a problem for me, I don’t use remote streaming at all, hence why I am also experimenting with jellyfin. If I were though, I would have only 2 options: expose jellyfin on the internet, maybe with some hacky IP whitelist, or expect my mom to understand VPNs for her TV.

(which doesn’t harden security as much as you think)

Would be nice to elaborate this. I think it reduces a lot of risk, compared to exposing the service publicly. Any vulnerability of the software can’t be directly exploited because the Plex server is not reachable, you need an intermediate point of compromise. Maybe Plex infra can be exploited, but that’s a massively different type of attack compared to the opportunities and no-cost “run shodab to check exposed Plex instances” attack.

No that’s the thing. Plex can also use their infra as a tunneling system. You can have remote streaming without exposing Plex publicly and without VPN. It is slow though.

Well, as an application it has a huge attack surface, it’s also able to download stuff from internet (e.g., subs) and many people run it on NAS. I run jellyfin in docker, I didn’t do a security assessment yet, but for sure it needs volume mounts, not sure about what capabilities it runs with (surely NET_BIND, and I think DAC_READ_SEARCH to avoid file ownership issues with downloaders?). Either way, I would never expose a service like that on the internet.

Not to be “achtuallying” bit VPN is not a way to remote stream, it’s a way to bring remote clients in the local network.

Likewise exposing services on the internet…not really going to happen esepcially for people - like me - that run plex/jellyfin on their NAS.

I don’t have a horse in this race, i don’t use remote streaming, I only ever streamed from my nas to my 2 TVs, and I am experimenting with jellyfin. But for those who do need remote streaming, jellyfin is going to be problematic.

Run it with sudo in case you don’t see the process name with the above command.

sudo ss -patln | grep 443

I get the racial stereotypation, but at least it should be funny.

Btw, taking a hunting license requires a medical exam (including psycho-physic evaluation), a basic zoology exam to recognize species, an exam on laws around hunting, one about nature preservation and one on weapons handling. It has to be renewed every 5 years.

Nothing too complicated, tons of idiots have it, but still quite a process.

Removed by mod

Removed by mod

Jamf doesn’t do anything for this problem, besides costing you a fortune in both license and maintenance/operation. Especially if you are not a Mac shop.

MDM at most can be used as a reactive tool to do something on the machine - as long as the one with the machine in their hand leaves the network connection on.

There are much cheaper solution to do that for 1 machine, and -as others correctly pointed out- the only solution (partial) here is not storing the data on a machine you don’t control. Period.

Removed by mod

Disk encryption is a control against lost or stolen device and malicious physical access (kinda). Storing the data elsewhere is more a control (or the basis for controls) against malicious insiders.

Removed by mod

Removed by mod

Removed by mod

For browser, there is a webapp that can be selfhosted. See here https://github.com/logseq/logseq/blob/master/docs/docker-web-app-guide.md

I think you need chromium browsers due to the API they use, but it should work.

No, 670k from 42 investors means less than 20k of investment per investor. 670k is already a number ridiculously small for VC funding, but 20k is basically nothing.

Also, after just a few years, 37 employees and 30k users the company became profitable, which is an insanely low period/scale for usual VC funded tech companies.

I am not a fan of some of his ideas either, especially the ones tending towards libertarianism. Some other ideas instead are quite decent, like how he thinks companies should give back to the community. He also built a tech company without VC funding and with a good share of ownership for workers (which I think is nice), without any marketing (which I despise as industry) and generally without the predatory nature that 98% of tech companies have nowadays.

I am sure you are referring to the Brave debacle of months back, and FWIW, I agree with his position on that particular issue. Anyway, considering that I have no ideas about the positions for the CEOs/founders of the alternatives, I think it’s still a very worthy compromise to have a good product (incl. nonfunctional qualities like privacy, ecological impact etc.).

Completely agree, I started seeing business hours popping up lately, I know that they know it’s an area of improvement.

It’s a premium service but it has very nice features and is a good product overall.