Not anything that I have found, but at least LL is pretty solid. It may actually help development if LL gets some more focus from the community; It sort of got overshadowed by Readarr, simply because people wanted to stay within the *arr ecosystem.
A honeypot is something that is intentionally left available, to alert you when it gets hit. In practice, they’re just a tool to tell security specialists when they need to start worrying; They wouldn’t be used by the average user at all.
The goal is to build your security like layers, and ideally have all of your services behind the secure walls. Between these layers, you have honeypots. If someone gets through your first layer of security but hits the honeypot, you know someone is sniffing around, or maybe has an exploit for your outer layer that you need to research. If they get through the second layer and hit your second honeypot, you know that someone is specifically targeting you (instead of simply running automated scans) and you need to pay closer attention. Etc…
Reinforcing the attack layer comes in two main forms, which work in tandem: Strengthening the actual layer, and reducing attack vectors. The first is focused on using strong passwords, keeping systems up to date, running something like Fail2Ban for services that are exposed, etc… The goal is for each layer of security to be robust, to reduce the chances of a bot attack actually working. Bots will simply sniff around and automatically throw shit at the wall to see if anything sticks.
The second part is focused on identifying and mitigating attack vectors. Essentially reducing the amount of holes in the wall. It doesn’t matter how strong the wall is if it’s full of holes for your server’s various services. The goal is typically to have each layer be as solid as possible, and grant access to the layers below it. So for instance, running a VPN. The VPN gets you access to the network, without exposing services externally. In order to access your services, they need to get through the VPN first, making the VPN the primary attack vector. So you can focus on ensuring that the VPN is secure, instead of trying to spread your focus amongst a dozen different services. If it’s exposed to the open internet, it is a new potential attack vector; The strength of the wall doesn’t actually matter, if one of those services has an exploit that someone can use to get inside your network.
Home users really only need to worry about things like compromised services, but corporate security specialists also focus on things like someone talking their way past the receptionist and into the server room, USB sticks getting “lost” around the building and plugged into random machines by curious employees, etc… All of these are attack vectors, even if they’re not digital. If you have three or four layers of security in a corporate setting and your third or fourth honeypot gets hit, you potentially have some corporate spy wrist-deep in your server room.
For an easy example, imagine having a default password on a service, and then exposing it to the internet via port forwarding. It doesn’t matter how strong your firewall is anymore. The bot will simply sniff the service’s port, try the default credentials, and now it has control of that service.
The better way to do it would be to reduce your attack vectors at each layer; Require the VPN to access the network via a secure connection, then have a strong password on the service so it can’t easily be compromised.
I don’t think he ever actually had a chance at the crown; He was born before his mother married the crown prince. His younger siblings would have a potential claim since they’re the prince’s kids, but he wouldn’t any claim since he’s not the prince’s child. He’s even excluded from some of the royal portraits.
Yup, the sad reality is that you don’t need to worry about the attacks you expect; You need to worry about the ones you don’t know anything about. Honeypots exist specifically to alert you that something has been breached.
Just nobody wants to scan all 65k ports.
Shodan has entered the chat.
People misunderstand the “no security through obscurity” phrase. If you build security as a chain, where the chain is only as good as the weakest link, then it’s bad. But if you build security in layers, like a castle, then it can only help. It’s OK for a layer to be weak when there are other layers behind it.
And this is what should be sung from the hills and mountaintops. There’s some old infosec advice that you should have two or three honeypots, buried successively deeper behind your security, and only start to worry when the second or third gets hit; The first one getting hit simply means they’re sniffing around with automated port scanners and bots. They’re just throwing common vulnerabilities at the wall to see if any of them stick. The first one is usually enough for them to go “ah shit I guess I hit a honeypot. They must be looking for me now. Never mind.” The second is when you know they’re actually targeting you specifically. And the third is when you need to start considering pulling plugs.
Apparently the title was supposed to be changed. “Snakes On A Plane” was just a project title so they could print scripts while they workshopped a better name. But when Samuel L. Jackson found out they were going to change it, he threw a fit; Apparently the funny title was a large part of why he had even agreed to the role at all. So the studio agreed to keep it.
“Wove. Twue wove…”
He’d need to be in a country willing to do that. And thus far, he has only visited countries that have refused to arrest him, because they want to keep Israel as an ally.
They can’t just invade another country to arrest the leader. That’s the kind of shit that starts nuclear wars.
It also helps filter out all of the people who simply sort by “Free” and shotgun requests to every single post. Best case scenario, they show up, are chill, and you have the opportunity to go “eh ya know what, just take it for free.” But at least that way it’s not listed as “free” and deters all of the people dedicated to spamming the free posts.
This is extremely common as a sort of all-or-nothing negotiation tactic. They’re hoping that you’ll just go “ah well, I don’t want to bother with getting someone else out here. Just go ahead and take it for $300.” Basically, they’re hoping you’ll fall for the Sunk Cost fallacy, and let them have it for cheap.
Jellyfin doesn’t have an app on every App Store. On some, you have to sideload it, by enabling developer mode and connecting to a PC that is running an App Store server. Then the TV downloads it from the PC.
Lots of those issues have been blown out of proportion, and would never be a real concern for the “just a dude running a server in his closet for his friends” setups. Which, to be clear, is the vast majority of setups.
For instance, virtually all of the worst issues require that the attacker already has a valid login token. So unless they stole your buddy’s credentials, the only one to truly worry about would be your buddy directly. But yes, Jellyfin has some gaping holes, and letting it touch the WAN at all is always a risk. You’re giving attackers a new potential vector of attack that didn’t exist before, so that’s worth noting.
I disagree; Self-hosting is for a variety of things, and plenty of people (in fact, I’d say probably the majority of Plex users) just want to be able to pirate Netflix without a ton of setup.
Is learning some networking inevitable? Yeah, probably. But I also think this xkcd is apt. The reality is that what may be simple for you and me actually requires a lot of studying for a complete novice. Plenty of people will need to google what a port is, let alone how to forward one. And that’s assuming they even know the word “port” to google. Plenty of people won’t even know where to start.
And true novices are hopefully going to be extremely wary of any info they find online. It’s easy to fuck something up without even realizing it, and leave your entire system exposed; especially when the braindead “lol just forward your Jellyfin port and use your public IP” advice is posted somewhere in every single advice thread.
To set it up “correctly”, yes. It’ll require owning your own domain, being able to configure it properly (with either a static IP, or DDNS to point to your server at home), knowing how to automate https certificate refreshes, and a few other things. Plex just requires forwarding a port in your router.
Yeah, but good luck proving that. My partner is disabled, and has learned to avoid disclosing her disability until after she gets hired. Because if she mentions it during the interview process, she’ll get ghosted every time.
Proving it usually requires proving a pattern of behavior. And as an individual applicant who isn’t in touch with the other applicants (both past and present), that’s basically impossible to do.
Yeah, the armed forces is overwhelmingly conservative. Even if you’re not conservative when you go in, being immersed in it for so long means you likely are when you get out. There are outliers, sure. But statistically, the people in the armed forces will only have the opinions that Fox News tells them to have.
Something something suitcases of cash
Genetics also plays a large part in greying. I started going grey in my early 20’s. Rather than fight it, I chose to embrace it. I’m in my mid 30’s now, probably ~40% grey, and consistently get “silver fox” and “salt and pepper” types of comments. Fighting against it often leads to people spotting when you need to touch up your roots. But embracing it and styling your hair to accentuate it will make it look much more natural and attractive.