I have a Jellyfin instance on my local server which I forward to the public web via a cloudflare tunnel. I’m not sure how secure it is, and I keep getting random requests from all over the world. It’s my first experience maintaining something on a public domain so I may be worrying about something obvious, but some advice...
You can reduce doorknob turning dramatically by running on a non-standard port.
Scanners love 80 and 443, and they really love 20, but not so much 4263.
I used to run a landing page on my domain with buttons to either the request system / jellyfin viva la reverse proxy. If you’re paranoid about it, tie nginx to a waf. If you’re extra paranoid, you’ll need some kind of vpn / ip allow-listing
Other comments here do a great job pointing to DH key exchange; I’d like to try explaining it with the paint analogy.
You and Youtube need to agree on a “color of paint” (encryption key) without ever sending it over the network.
You and Youtube agree on a common “yellow” in the clear, and you each pick a secret color. Youtube mixes yellow and their secret and sends it to you. This is okay, because un-mixing paint (factoring large prime numbers) is really hard. You add your secret to the mixture, and now you have yellow+Youtube’s secret+your secret.
You mix yellow and your secret and send it to youtube. Youtube adds their secret; now they’ve got yellow+Youtube’s secret+your secret. You both have the final color!
An eavesdropper can’t reconstruct this - everything sent over the network had yellow mixed in, and un-mixing paint can be really hard. Maybe you can guess that green minus yellow is probably blue, but you can’t get close enough to decrypt anything. And what if it’s brown? Is that blue + orange, or is it red + green?
Cryptographers have worked very hard to make the communications secure. I would be more worried about the other end ratting you out - using a relay / proxy / vpn that you trust is a good idea :)
Make sure to use the “important” modifier, the “Yes Really” modifier, and adjust character by character until you realize you’re missing yet another modifier 🙃
This is probably a ridiculous question, but I usually stream from my laptop to my LG tv or my phone to any other tv, and I find that using my VPN keeps the casting output option from working. Like in Popcorntime, the Watch Now doesn’t show my tv, only the laptop app or VLC. On my daughter’s fire stick I can’t even cast to...
So i’m helping my best friend to try instaling nvidia gtx 1050 mobile drivers on his laptop, we genualy don’t know what to do and i can figure out how to make it work, so it would be very helpfull if someone could explain me what to do or provive me with a guide to make it work
Before I forget here’s the server flow for my 64tb sever. Supports Anime and all the works, never could get manga working with torrent/usenet well enough on ubuntu though....
The first thing I would do is learn the 5-layer OSI model for networking. (The 7-layer is more common, but wrong). Start thinking of things in terms of services and layers. Make a diagram for each layer (or just the important layers. Layers 3 and up.)
If you can stomach it, learn network namespaces. It lets you partition services between network stacks without container overhead.
Using a vm or docker for isolation is perfectly fine, but don’t use both. Either throw docker on your host or put them all in as systemd services on a vm.
Should I be concerned before I share a video I downloaded from a site I needed to log in to with a username and password? Does the file I have include data that references my account? If so is there away to remove it before I share it?...
Streaming sites can embed an unhearable data stream into audio signal. It’s possible
That being said, it’s extremely improbable, given the costs to do it at scale.
If you’re part of a large company’s beta program and have access to some unreleased product, maybe worry.
If you grabbed a file from some mega host updown whatever site, don’t worry.
And if you’re still worried, take a sha256 hash and put it into google search. If you get any results that even mention your file’s title, then you’re good.
Spread-spectrum audio watermarks will survive multiple re-encodings and are extremely difficult to detect.
Iirc google widevine will embed a device code, and if a pirated copy of some content is found, they will blacklist the gpu’s device code so it can’t receive 4k content anymore. That’s video, but it’s the same idea.
Go a level deeper, beyond this news about news, and read the moat memo.
The third faction is the open source community.
The memo has an entire timeline section, dedicated to showing the speed at which the open source community absorbed and iterated on the leaked facebook model, LaMMa.
The memo puts a lot of emphasis on how google and co are building new models from scratch, over months, with millions of dollars - and yet open source is building patches, in days, with only a few hundred dollars - and the patches stack, and are easily shareable.
The open source models, through these patches, are getting better faster than google can re-architect and re-train new models from scratch.
The main point of the memo is that google needs to change their strategy, if they want to stay “ahead” (some would argue they’re already behind) of the competition.
I’ll start. Did you know you can run a headless version of JD2 on a raspberry pi? It’s not the greatest thing in the world, but sometimes its nice to throw a bunch of links in there and go to sleep.
Wireguard creates a new network interface that accepts, encrypts, wraps, and ships packets out your typical network interface.
If you were to create a kernel network namespace and move the wireguard interface into that new namespace, the connection to your existing nic is not broken.
You can then use some custom systemd units to start your *rr software of choice in said namespace, rendering you immune to dns leaks, and any other such vpn failures.
If you throw bridge interfaces into the mix, you can create gateways to tor / i2p / ipfs / Yggdrasil / etc as desired. You’ll need a bridge anyway to get your requester software interface exposed to your reverse proxy.
Wireguard also allows multiple peers, so you could multi-nic a portable personal device, and access all your admin interfaces while traveling, with the same vpn-failure-free peace of mind.
Random requests to my private Jellyfin instance
I have a Jellyfin instance on my local server which I forward to the public web via a cloudflare tunnel. I’m not sure how secure it is, and I keep getting random requests from all over the world. It’s my first experience maintaining something on a public domain so I may be worrying about something obvious, but some advice...
the encryption keys, why can't the government just sneak on them?
disclaimer: I’m just asking to get understanding of the theory behind network traffic encryption, I know this doesn’t happen irl most likely....
is a hot dog a sandwich (lemmy.ml)
How do you use your tiling window manager?
Tiling window manager users: how exactly do you use yours?...
Your typesetting will look professional, they said (mander.xyz)
Newbie tech (lemmy.dbzer0.com)
This is probably a ridiculous question, but I usually stream from my laptop to my LG tv or my phone to any other tv, and I find that using my VPN keeps the casting output option from working. Like in Popcorntime, the Watch Now doesn’t show my tv, only the laptop app or VLC. On my daughter’s fire stick I can’t even cast to...
How do I get Nviddia drivers to work in arch?
So i’m helping my best friend to try instaling nvidia gtx 1050 mobile drivers on his laptop, we genualy don’t know what to do and i can figure out how to make it work, so it would be very helpfull if someone could explain me what to do or provive me with a guide to make it work
My server Flow Comics/Games/Movies/Shows (discuss.tchncs.de)
Before I forget here’s the server flow for my 64tb sever. Supports Anime and all the works, never could get manga working with torrent/usenet well enough on ubuntu though....
Arrs Feedback (lemmus.org)
Context...
That many people need old Ubuntu installations? (lemmy.ml)
I’ve been seeding many Foss things for years but for some reason, people keep downloading Ubuntu versions that are more than 3 years old....
Sharing files from authenticated sites
Should I be concerned before I share a video I downloaded from a site I needed to log in to with a username and password? Does the file I have include data that references my account? If so is there away to remove it before I share it?...
How safe it is to use I2P for torrenting? (geti2p.net)
Your Brain Is Not an Onion With a Tiny Reptile Inside (journals.sagepub.com)
Who is the third faction in the leaked Google memo about AI? (lemmy.dbzer0.com)
theverge.com/…/google-memo-moat-ai-leak-demis-has…...
Advanced pirates, whats a tip others might not know?
I’ll start. Did you know you can run a headless version of JD2 on a raspberry pi? It’s not the greatest thing in the world, but sometimes its nice to throw a bunch of links in there and go to sleep.