You can actually fix this in the settings there’s an option for permanent prompt tunings and you can add things like “focus on concise answers” or my favorite " i don’t need to be glazed , I don’t need to be told that it’s an insightful question or reaches the heart of the matter. Just focus on answering the question"

Greatly depends on the question being asked. Some questions actually talking to someone would like to yield better information but there are a lot of subjects where I’m going to get vastly better information from Google.

It’s because people lack the ability to subjectively look at all possible aspects of life. They latch on to one thing that’s better and say that means the entire country is better. For example China objectively has better public transportation and infrastructure around things like internet and cellular despite also being an absolutely massive land mass. Pretty much anywhere has objectively better health care than the USA. So if those things have been causing them grief lately in their life they are going to latch on to that and declare that the country that has the better that is better in general even if there are other aspects not related to those subjects that would ultimately make life much worse

Eh, i just use pubkey only Auth config (so password entirely disabled as an option) and put ssh on a non standard port to reduce script kid noise. (and no 2222 is not non-standard it may as well be the default)

Fail2ban triggers false too often for my taste in a high traffic environment.

If you ran nginx as a non privileged user it wouldn’t be able to bind to 80/443 as those are privileged ports. So you would need to use iptables to forward them to an unprivlaged port

I mean it WOULD work you would just need a von on every device you wanted to use.

The REAL answer is never host them DIRECTLY, always use a reverse proxy like nginx. Many projects (i believe jellyfin is one of them) explicitly recommend this for better security. Which it looks like you did so congrats

For extra bonus points you can setup nginx to run as a non privileged user and use iptables to forward the lower ports (80/443). A pain but closes out a large chunk of nginx as a risk.

I wonder if a high flow rate hepa filter right above the toilet would help lol

That was part of the test, there was essentially no difference. The particles that can become airborne are small Enough they floating around everywhere regardless of how they get out. The real problem is how huge the gap is between the seat and rim. Needs a rubber skirt or something

Only female bees have stingers tho

https://spartanhost.org/ owner is super chill will make custom spec deployments and they actually have a really nice management panels with nice easy custom iso support

One end is a local VPS with insanely good peering pretty much round the damn world, other end is my opnsense router. I actually pass a block of ipv6 through the vpn and my router hands it out to devices which is a nice little bonus

That sounds like a lack of port forwarding on at least one side. Ensure the vpn port is properly open on both sides. There is also an option you can add to the wireguard config for keepalive set it to something like 1min

I feel like im missing something here. This is pretty trivial and the comments i see are over complicating the hell outta everything. All you need is your VPN tunnel working. Personally i use wireguard for this. Then you just use nginx as the reverse proxy it talks to services on the other side of the VPN.

The nginx server config looks like

server { listen 443 quic; listen [::]:443 quic; listen 443 ssl; listen [::]:443 ssl; server_name my.domain.tld; http2 on; http3 on; quic_gso on; tcp_nodelay on; error_log /var/log/nginx/jellyfin.access.log; ssl_certificate /path/to/ssl/fullchain.pem; ssl_certificate_key /path/to/ssl/privkey.pem; ssl_protocols TLSv1.2 TLSv1.3; add_header Alt-Svc ‘h3=“:$server_port”; ma=86400’; add_header x-quic ‘h3’; add_header Alt-Svc ‘h3-29=“:$server_port”’;

location / {
    proxy_pass http://10.159.4.12:8096/;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection "upgrade";
    proxy_set_header Host $http_host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header X-Forward-Proto http;
    proxy_set_header X-Nginx-Proxy true;
}

}

I have no idea how to do the proper code block i guess so have a paste from my reverse proxy hosted pastebin lol https://paste.kitsuna.net/upload/snail-seal-pig

Imagine not having an opnsense firewall deployed as an IT professional

Can you not just setup an nginx reverse proxy at the network edge to handle the ssl for the domain(s) and not have to worry about the app itself being setup for it? That’s how I’ve always managed all software personal or professional

No but there is a semi work around.

When using the app if you select all images one of your options will be delete from device when you click on that it will say hey some of these might not be backed up and one of your option is to only delete the things that have been backed up. It’s not automatic but it is a way you can kind of just Mass do it to everything

It requires neither of those upgrades though? Unless you’re still using Windows XP I guess for some reason. It’s just an update to the image decoder

That will be a very welcome change. Having the entire comment section disappear with the opening post is a little annoying

That’s not exactly accessible, I have several threads in my history that appear to be gone. Supposedly they exist somewhere in the verse but I really don’t feel like hunting them down. To be honest I’m not even sure how I’d start going about trying to hunt them down even if i wanted too

In its default state i think thats fair. Example docker bypasses most firewalls as it runs before iptables rules process. So if you don’t either use 127.0.0.1:port:port (many compose files offered by projects do not do this) or add specialized iptables rules to fix that up you can end up directly exposing services with meaning to or even realizing.

And yeah privilege escalation etc. There are solutions like what you mentioned but it can be a lot of work to set all that up so most people won’t