While I sort of understand your point our society already contradicts that. If a person were to die under suspicious circumstances, an autopsy would be performed regardless of the dead or any relative’s wishes, and that would violate the integrity of the body as much as an organ donation would. Therefore we as a society understand that there are limits to one’s personal beliefs.

I also disagree with the person you’re replying to, I think the system should be opt out with the following conditions:

• You must opt out yearly, on the 366th day since you last opted out you become an organ donor again
• You must not have opted out of it over the past 5 years before you’re allowed to undergo any surgery that would jeopardize the integrity of your body, including organ transplants but also blood transfusions and potentially also any foreign object such as pins or bone grafts.
• You cannot opt out if you have ever received an organ.
• Your body cannot be autopsied, embalmed or cremated, as all of those would also violate the body. This includes police investigations.
• Any family of anyone senile/old/incapacitated enough not to be able to keep renewing it (or the person himself if possible in a moment of lucidity) can be added into the permanent no donation list.

Ah, didn’t knew that french also did the gn as ni, that makes a bit more sense, I found it weird that a French person was using an Italian phonem when writing English and was wondering if maybe there was a place with a similar name but google didn’t seemed to think so.

Catalogna, Spain:

I think that one was supposed to be Catalonia (or Catalunya or Cataluña), the gn as ni is an Italian thing, it’s not like that in Spanish nor in Catalan.

Lots of questions, let’s take it one step at a time. You have a domain, now you can point it to your public IP, so that whenever someone tries to access example.com they ask their DNS server and it replies with 10.172.172.172 (which btw is not a valid public IP). Now that request will hit your router, you need to configure your router to redirect ports 80 and 443 to 192.168.200.101, that way the request to example.com gets to your local machine.

Ok, so now you need your local machine to reply on that port, I recommend using Caddy it’s very easy to setup, but NGIX is the more traditional approach. A simple Caddy config would look like:

example.com {
    respond "Hello"
}


jellyfin.example.com {
    handle {
        reverse_proxy http://192.168.200.101:1020/
    }
}

So after the request reaches Caddy it will see that the person tried to access, example.com and respond with a “Hello”.

If instead you had tried jellyfin.example.com the DNS would have sent you to 10.172.172.172, your router would send that to 192.168.200.101, Caddy would then send it to 192.168.200.101:1020, which is Jellyfin so that would get returned.

There are some improvements that can be made, for example if both caddy and Jellyfin are docker you can share a network between them so Jellyfin is only exposed through caddy. Another possibly good idea is to add some authentication service like Authelia or Authentik to harden stuff a little bit. Also as you might have noticed Caddy can forward stuff to other computers, so you can have one machine on your network exposing multiple services on multiple machines.

If you’re using jellyfin as the url, that’s an easily guessable name, however if you use random words not related to what’s being hosted chances are less, e.g. salmon.example.com . Also ideally your server should reply with a 200 to * subdomains so scrappers can’t tell valid from invalid domains. Also also, ideally it also sends some random data on each of those so they don’t look exactly the same. But that’s approaching paranoid levels of security.

They did that with most of my subdomains

The stack might be anywhere, mine has DOCKGE_STACKS_DIR=/home/services because that’s where I keep my stack. That’s the only value, there aren’t 2, so not sure what you meant in the other comment with “they match 99% of the time”

You don’t need to, as long as our stack is all in one folder you just point it to that folder and it will work

I don’t want to give away too much, because some of the people I play with could find this (I don’t know if they use Lemmy but my nick is known and the details would be too unmistakable). But since they’re about to discover it anyways, the wonder does something, without charging the “proper” price for it, eventually they’ll start to lose control of it and it will start doing what it does to them. That should be subtle enough that even if my players find this they won’t know what’s coming but give you an idea. Hope that’s enough to satisfy your curiosity.

Who said I haven’t?

I started a campaign of Monster of the Week, one of the players created a paranoid character who thinks society is controlled by lizards and birds are spy robots for them. So of course I immediately switched my world around, to accommodate that, except it’s not lizard people, but actually Dragons that can take human form and control birds. The game only had a couple of sessions so the group never figured that one out.

And in my current Mage campaign with a different group, they were given this amazing powerful magical wonder, and they keep using it nilly-willy, which is exactly what I expect them to do. Little do they know that it has a price, the price is not part of the current campaign though, they’re worried about other stuff, namely an enemy who they already planned 4 things to happen together, each of which would be enough to defeat him, and to make that happen they used the wonder, over and over again.

I recently had a weird bug with Jellyfin, are you by chance using a domain name? Try accessing Jellyfin using direct IP, e.g. http://192.168.1.123:8096/

There are great apps that provides a way of organizing such libraries which you should do to have stuff organized regardless of problems with JF. They’re called Sonarr for tv shows and Radarr for movies, they also provide other features, but their media organization is great

First past the post, the winner take all voting system seen in most countries

And by most you mean a dozen or so. Of which the big names are USA, Canada, UK and India, so essentially the UK and their colonies.

I don’t hate it, I think it has its uses, just like text generation. They’re great for brainstorming ideas or quick unimportant stuff like RPG campaigns, so for example an in-game fake company logo or a poem to contain hints for the players.

However trying to use it for anything serious and final is stupid and dangerous. IMO any artist that had their art used to train a model should be able to claim royalties on anything created with that model, regardless of whether they can prove their art was used for the piece. And if the data used to train the model is not made public or can’t be verified, then ANY artist can. Maybe just 1% of the profits direct or indirect of that art, so for example you used AI to generate part of an invitation for a party, 100 artists could start a lawsuit and take every single cent you earned from the party. After all you indirectly hired them, it’s only fair they get paid, had you hired a single artist you could negotiate the price with them.

Ook

I mean, yes, but there are ways around it. Windows could have a public key embebed somewhere and the private counterpart gives access, the command could depend on the time it’s received, so it’s never the same and without the private key it’s impossible to reproduce, and the Killswitch could be non-instantaneous, combine all of that and you have a Killswitch that:

• It’s very hard for you to realize something happened, because by the time it happens the trigger is lost in a sea of other requests
• Even if you were to fine comb through all of that and spot it, it’s encrypted
• Even if you were to resend it it would do nothing, because the time has changed
• Even if you managed to find the public key and decrypt it the actual content could be inocuos, like a random looking string
• As long as the private key is secure enough it would be impossible to crack
• Even if you somehow managed to crack it and send anything you want to the PC you don’t know the protocol to generate the random strings and you only have the one example of the message (which no longer works)
• Even if several people did this the content could truly be random (in the common sense of the word, i.e. pseudo-random), since Microsoft controls the RNG on Windows they can use that to ensure that random data gets generated equally

And I’m not even a cryptographer, people who come up with new encryption protocols can surely do a lot better than my naive example above which would make it almost impossible for someone to figure out.

No need to apologize, it’s a weird choice from Plex, I would have never guessed that this is how it works if I hadn’t suffered outages myself, and I’m amazed that not many people call them out on this, it seems completely against what most self-hosting people are looking for, but they seem to defend Plex with teeth and nails.

First of all I agree with most of your a, b and c points, just would like to point out that while it’s true that Docker containers provide an extra level of security they’re not as closed down as people sometimes believe, but as a general rule I agree with everything you said.

But you’re wrong about the way Plex works, this is a quote from their documentation:

So, your Plex Media Server basically “relays” the media stream through our server so that your app can access it since the app can’t connect with your server directly.

If that’s not clear enough:

Your security and privacy is important to us. When you have enabled secure connections on your Plex Media Server, then your streaming will continue to be secure and encrypted even when using our Relay feature. (When using secure connections, the content is encrypted end-to-end and tunneled through our Relay. The connection is not terminated on our servers and only your Plex Media Server has the certificate.)

So it’s very clear data is streaming through their relay server, which goes back to my original point of I expect that to be a paid feature, it’s using bandwidth from their relay servers.

As for the security again you’re wrong, authentication happens on the Plex remote server, not on your local one, which is why you can’t use Plex without internet (part of my dislike for them). So you connect to Plex remote server and authenticate there, you then get a client that’s talking to the remote server, even if someone was able to bypass that login they would be inside a Plex owned server, not yours, they would need to then exploit whatever API exists between your home server and that one to jump to your machine, so it’s an extra jump needed, again similarly to having Authelia/Authentik in front of Jellyfin.

You are, authentication on the VPS, you’re relying on Jellyfin authentication against the internet. Correct me if I’m wrong, but this is your suggested setup: [home server] Jellyfin -> [remote server] Reverse Proxy -> [remote machine] users. Let’s imagine a scenario where Jellyfin has a bug that if you leave the password empty it logs you in (I know, it’s an exaggeration but just for the sake of argument, an SQL injection or other similar attacks would be more plausible but I’m trying to keep things simple), on your setup now anyone can log into your Jellyfin and from there it’s one jump to your home server. On Plex’s solution even if Plex authentication gets compromised the attacker only got access to the remote server, and would now need to find another vulnerability to jump to your Plex at home.

Putting something like Authelia/Authentik on a VPS in front of Jellyfin is a similar approach, but the Jellyfin client can’t handle third party authentication AFAIK