this post was submitted on 26 Jun 2025
481 points (97.8% liked)

Selfhosted

52506 readers
2193 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

  1. Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.

  2. No spam posting.

  3. Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.

  4. Don't duplicate the full text of your blog or github here. Just post the link for folks to click.

  5. Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).

  6. No trolling.

Resources:

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 2 years ago
MODERATORS
 

What’s your go too (secure) method for casting over the internet with a Jellyfin server.

I’m wondering what to use and I’m pretty beginner at this

you are viewing a single comment's thread
view the rest of the comments
[–] Ptsf@lemmy.world -1 points 3 months ago (1 children)

🤔🤔🤔🤔🤔

https://arstechnica.com/information-technology/2022/02/after-lying-low-ssh-botnet-mushrooms-and-is-harder-than-ever-to-take-down/

Are we living in the same universe? In mine software doesn't get patched all the time, in fact it's usually a lack of patches that lead to any significant system compromise... Which happens time and time again. Also you're on a thread that is advising hobbiests on how to configure and maintain their personal server, not the engineering meeting for a fortune 500. Yes, you can make ssh very secure. Yes, it's very secure even by default. In the same regard, new vulnerabilities/exploits will be found, and it remains best practice not to expose ssh to raw internet unless absolutely necessary and with the considerations required to mitigate risk. Ssh isn't even implemented identically on every device, so you literally cannot talk about it like you are. Idk why you're arguing against the industry standard for best practices decided by people who have far more experience and engineering time than you or I.

[–] drkt@scribe.disroot.org 3 points 3 months ago* (last edited 3 months ago) (1 children)

it attempts to log in using a list of credentials.

Do you read what you post or do you just google "ssh vulnerability" and post the first result to waste my inbox space?

Software doesn’t get patched all the time,

SSH does, it is one of the codebases with the most eyeballs on it at any given time and patches to it get fast-tracked downstream.

advising hobbiests on how to configure and maintain their personal server, not the engineering meeting for a fortune 500

You don't need to be a genius to enable keys, disable root and install fail2ban.

it remains best practice not to expose ssh to raw internet unless absolutely necessary

This is correct, but we are arguing about a case in which it is necessary to expose something and it's better that it's one of the most secure and battle-tested pieces of software in the world as opposed to some open source hobby *arr stack.

arguing against the industry standard ... more experience and engineering time than you or I.

I work in this industry, ma'am.

Did you know that simply being connected to the internet puts you at risk? Your firewall could have a vulnerability! Your router's admin panel could be misconfiguration and exposed to the internet! The only way to be safe is to unplug your cable and stop replying to me. Also rip out your bluetooth modules and any LEDs in every device you own because they have been demonstrated to be attack vectors. In fact just stop using anything more complicated than a MOSFET.

[–] Ptsf@lemmy.world -2 points 3 months ago* (last edited 3 months ago)

People like you in this industry are legitimately the reason botnets and significant compromise still exists. "You don't need to be a genius to do all this additional config to make this thing I'm referring to as secure, secure." Do you even read your own writings before you hit post? Also your final argument is so slathered in whataboutism I can't even. Yes, any internet connectivity is going to be less secure than an air gap, but when you're advising implementations you should keep security posture and best practices in mind. What you're speaking on is more complex than any one person's understanding of it due to significant layers of abstraction. Exhibit a? Ssh is not a codebase. It's a network protocol. The codebase is literally different depending on implementation yet you continue to talk about it as if it's a single piece of software that has been reviewed and like all ssh shares the same vulns but the software is entirely different depending on who implemented it so you have no real clue what you're talking about and it's actually sad people will be misled by your nonsense and false bravado. (https://en.wikipedia.org/wiki/Secure_Shell)