Do you even open source?
…
Let me rephrase it like this instead: “If we allow manufacturers to just take public domain software and not give back their changes …” maybe it rings some bells?
troed
HW/FW security researcher & Demoscene elder.
I started having arguments online back on Fidonet and Usenet. I’m too tired to care now.
- 0 Posts
- 147 Comments
Joined 2 years ago
Cake day: June 12th, 2023
You are not logged in. If you use a Fediverse account that is able to follow users, you can follow this user.
32·15 days agoMy extended family use Matrix - including my elderly parents. It’s no more difficult to understand than any other service.
That’s all FUD. Matrix is as secure as Signal if you - like Signal - rely on a single centralized server. Actually, since you can host it yourself, it would be even more secure since you don’t need to trust Signal.
(I defend infrastructure and perform hacks against cryptograph & protocols for a living)
Matrix
Especially in coding?
Actually, that’s where they are the least suited. Companies will spend more money on cleaning up bad code bases (not least from a security point of view) than is gained from “vibe coding”.
Audio, art - anything that doesn’t need “bit perfect” output is another thing though.
1·1 month agoI can see this work as a cab service. Pick me up at home and drop me off at my destination hotel/office. Within a single country this will shorten travel time enormously and for those paid enough by the hour that might come out to be cheaper than wasting time on travel.
Waydroid is pretty nice, integrating the Android apps as regular apps in the Linux UI.
9·2 months agoI went from Seafile to Nextcloud with family file sharing as the primary usage. I’m using the AIO docker installation without issues.
This might not help, but I never experienced the issues you had.
(I moved away from Seafile due to - in my opinion - it dying a slow death with less and less support)
22·2 months agoI think you forgot commenting the part about your “never be able to” statement being a flat out lie.
They can be archived without being playable - and many of them are definitely still sold today and playable through commercial emulation. Playing PSX (Playstation 1) games is part of Sony’s Playstation Premium subscription as an example - and Nintendo has the same.
Completely unnecessary, and puts the actual archiving arguments at risk meaning we might see court action that makes it impossible for other “real” archives to exist.
They lost that argument when they implemented the possibility to play games they host in the browser.
I’m all for an archive. I’m not sure IA are doing this right.
Had a Tesla Model 3 before, have a VW ID.7 now. They’re driven the same and it looks like they both agree about the distances driven.
FWIW
Yeah I’m with you. I’m more pissed with Proton for disengaging via Mastodon than at the stupid CEO - but none if it is a good reason enough to opt for lesser services. Proton’s doing good stuff.
Still no. Here’s the reasoning: A well known SSHd is the most secure codebase you’ll find out there. With key-based login only, it’s not possible to brute force entry. Thus, changing port or running fail2ban doesn’t add anything to the security of your system, it just gets rid of bot login log entries and some - very minimal - resource usage.
If there’s a public SSHd exploit out, attackers will portscan and and find your SSHd anyway. If there’s a 0-day out it’s the same.
(your points 4 and 5 are outside the scope of the SSH discussion)
Feel free to argue with facts. Hardening systems is my job.
This is not “the correct answer”. There’s absolutely nothing wrong with “exposing” SSH.
A few replies here give the correct advice. Others are just way off.
To those of you who wrote anything else than “disable passwords, use key based login only and you’re good” - please spend more time learning the subject before offering up advice to others.
(fail2ban is nice to run in addition, I do so myself, but it’s more for to stop wasting resources than having to do with security since no one is bruteforcing keys)
It’s a list from 2021 and as a cybersec researcher and Jellyfin user I didn’t see anything that would make me say “do not expose Jellyfin to the Internet”.
That’s not to say there might be something not listed, or some exploit chain using parts of this list, but at least it’s not something that has been abused over the last four years if so.
31·3 months agoThere are still server softwares our there that are going to be exposing people’s private Mastodon posts.
You could’ve saved yourself a lot of typing there by just admitting to claiming things you actually didn’t know.
it’s … not … a simple messenger, if that helps?