I disagree on the junk part: I see it so that if the output of the program are working, the logic must be flawless (just maybe not optimized when it comes to efficiency). Of course in our case the inputs are highly structured and it is easy for humans to spot errors in the output files so this ”iterate until outputs are perfect” has worked great, and yield huge savings in workhours. In our case none of the tools are exposed outside so in very worst case user may just crash the app.

But yeah I agree building any public frontend or anything business critical is likely the way to doom.

How is it not correct if the code successfully does the very thing that was prompted?

F.ex. in my company we don’t have any real programmers but have built handful of useful tools (approx. 400-1600 LOC, mainly Python) to do some data analysis, regex stuff to cleanup some output files, index some files and analyze/check their contents for certain mistakes, dashboards to display certain data, etc.

Of course the apps may not have been perfect after the very first prompt, or even compiled, but after iterating an error or two, and explaining an edge case or two, they’ve started to perform flawlessly, saving tons of work hours per week. So how is this not useful? If the code creates results that are correct, doesn’t that make the app itself technically ”correct” too, albeit likely not nearly as optimized as equivalent human code would be.

Can’t read ”Linspire” without this starting to play in my head, dammit:

https://youtu.be/IIYtKHnU4mQ

We had a few good Linux phones back in the day but Nokia / Microsoft killed them trying to compete with iPhone OS and Android: Maemo / Meego were great but did not get a proper chance.

Jolla continued the legacy and Sailfish OS is still something worth checking out if you can find suitable hardware, or idk how complex it is to port it.

Seems to be new Jolla phone coming up at some point too: https://forum.sailfishos.org/t/next-gen-jolla-phone/23882

Also, aren’t some critical apps like banking apps starting to ban unlocked / non-stock systems? Heard someone complaining about this a while ago.

Exactly. Same with Opera GX whatever, which is just a weird chinese spying chrome, with nothing to do with Opera from the good old days when it was still Norwegian (Vivaldi is made by those guys still).

Why exactly would they ever need to turn VPN off again? It’s not like all their traffic will go through it if it’s on, unless you specifically configure stuff that way (exit node, routes).

And one option to do the VPN stuff is on their router too, so it’s totally transparent to them. More stuff to configure though, unless running owrt or some other router software compatible with Tailscale.

Have zero knowledge of Roku but for example with AppleTV boxes it is totally fire and forget, Tailscale is always on in the background and apps will find my media servers through it.

And I’ve noticed even tech illiterate people will learn to become literate when there is some motivation, like a huge movie archive :) Flipping a preference like VPN on if they want to use certain app is certainly within realm of possibility.

If you don’t trust nginx or caddy or etc security, just install Tailscale to the jellyfin node and share the node with friends. All they need is Tailscale client then, and you dont have to open any ports.

Tailscale and share the jellyfin node with friends. No need to have ports open or any DNS stuff. Clients are available for all systems.

** for Android (and Windows/macOS/Linux) but not iOS.

And apparently never going to be as some key component is written in Java. Other technical obstacles should be solvable (like f.ex. getting continuous running in bg by exploiting location services like iSH can do)

Or maybe it pops the link out of the browser into a dedicated media player which has decent codec support.

I think this is exactly what it does.

With iDevices no luck with mkv’s if I remember right, but not sure if I have even tested one. Most my files are mp4 x264.

Mostly using the ”browser” (so shitty that you can barely call it one) on my LG smart TV, and sometimes some iDevices, but I’ll consider myself lucky with codecs then. Even mkv’s play on LG without hiccups. Only small thing I miss are subtitles which these devices do not seem to support, even if I’d mux them in as a track.

Someone should explain me why transcoding is even needed (other than in case bandwidth is an issue)? My ”media server” at the moment is a custom ffmpeg script to edit all x264 mp4 files it finds by moving the moov atom to the beginning of the file (and what ever the similar thing for x265 was), and then lighttpd to serve them via dir listing. No file has yet had playback issues even over the internet…

Use a reverse proxy (caddy or nginx proxy manager) with a subdomain, like myservice.mydomain.com (maybe even configure a subdir too, so …domain.com/guessthis/). Don’t put anything on the main domain / root dir / the IP address.

If you’re still unsure setup Knockd to whitelist only IP addresses that touch certain one or two random ports first.

So security through obscurity :) But good luck for the bots to figure all that out.

VPN is of course the actually secure option, I’d vote for Tailscale.

Don’t know why exactly are you downvoted but this is exactly what is going on as cars get more ”connected”, following Tesla & BYD lead. Just like with phones at the moment, everything tries to spy on you a little to tap into that sweeet targeted ad revenue, or something else.

For example I bet the insurance companies love to have some driver behaviour data about you, and the big retail likes to know where/what time you are on the move (though they already get it from the dozens of apps on your phone that have access to location data, like Google Maps).

UTM is the way to go on modern Macs, and even iOS/iPadOS too! Free, built on QEMU and super easy to spin up virtual machines with any architecture.

https://mac.getutm.app/

Could be indeed. Looking at the nginx logs, setting a permaban on trying to access /git and a couple of others might catch 99% of bots too. And ssh port ban trigger (using knockd for example) is also pretty powerful yet safe.

I have wrestled with the same thing as you and I think nginx reverse proxy and subdomains are reasonably good solution:

• nothing answers from www.mydomain.com or mydomain.com or ip:port.
• I have subdomains like service.mydomain.com and letsencrypt gives them certs.
• some services even use a dir, so only service.mydomain.com/something will get you there but nothing else.
• keep the services updated and using good passwords & non-default usernames.
• Planned: instant IP ban to anything that touches port 80/443 without using proper subdomain (whitelisting letsencrypt ofc), same with ssh port and other commonly scanner ones. Using fail2ban reading nginx logs for example.
• Planned: geofencing some ip ranges, auto-updating from public botnet lists.
• Planned: wildcard TLS cert (*.mydomain.com) so that the subdomains are not listed anywhere maybe even Cloudflare tunnel with this.

Only fault I’ve discovered are some public ledgers of TLS certs, where the certs given by letsencrypt spill out those semi-secret subdomains to the world. I seem to get very little to no bots knocking my services though so maybe those are not being scraped that much.

You recon the copyright mafia cares much about what’s illegal or not? Google has played ball with them for years and slowly sided with them more and more. It’s all about the ad money and google wanting to keep the big players happy. All things related to ”owning content” in this era of just renting is going to get flagged. Ripping, selfhosting, torrenting, data hoarding…whatever undermines the content monopoly.