Max-P

That base64 is so long, and doesn’t need to be. An IP address is 4 bytes so it could be represented as simply 8 hex digits (base64 also expands to 8 due to padding).

You can’t really easily locate where the last version of the file is located on an append-only media without writing the index in a footer somewhere, and even then if you’re trying to pull an older version you’d still need to traverse the whole media.

That said, you use ZFS, so you can literally just zfs send it. ZFS will already know everything that needs to be known, so it’ll be a perfect incremental. But you’d definitely need to restore the entire dataset to pull anything out of it, reapply every incremental one by one, and if just one is unreadable the whole pool is unrecoverable, but so would the tar incrementals. But it’ll be as perfect and efficient as possible, as ZFS knows the exact change set it needs to bundle up. It’s unidirectional, so that’s why you can just zfs send into a file and burn it to a CD.

Since ZFS can easily tell you the difference between two snapshots, it also wouldn’t be too hard to make a Python script that writes the full new version of changed files and catalogs what file and what version is on which disc, for a more random access pattern.

But really for Blurays I think I’d just do it the old fashioned way and classify it to fit on a disc and label it with what’s on it, and if I update it make a v2 of it on the next disc.

Both use Linux under the hood. You can even install LineageOS on some TVs.

The only reason AndroidTV is bullshit is the manufacturers because casual users want shit like Netflix and Prime preinstalled. Google TV in particular comes with a lot of crap and the ads, which believe it or not some users take as a feature.

But that’s not inherent to Android TV as an OS, it’s exactly like Android phones and manufacturers preloading a bunch of crap to make an extra buck. If your run AOSP you get none of that crap, and it’s fully open-source.

Yeah, that’s enough to not have it exposed directly. I understand why they did it that way but very good to know, thanks!

I keep hearing claims that it’s not secure enough to be exposed on the Internet, but I can’t seem to find anything about unauthenticated vulnerabilities. It’s got a fair amount of CVEs but they all seem to affect when you’re an already authenticated user, mainly to XSS an admin as a regular user or the likes.

It’s written in C#, and publicly all you can do is pretty much attempt to log in, this feels like it should be pretty sane compared to some other PHP crap I run.

Do you have any examples of previous exploits or anything else to be concerned about?

deleted by creator

Is it directly exposed over the Internet? If you only port forward the VPN on your router, I wouldn’t worry about it unless you’re worried about someone else already on your LAN.

And even then, it’s really more like an extra layer of security against accidentally running something exposed publicly that you didn’t intend to, or maybe you want some services to only be accessible via a particular private interface. You don’t need a firewall if you have nothing to filter in the first place.

A machine without a firewall that doesn’t have any open port behave practically the same from a security standpoint: nothing’s gonna happen. The only difference is the port showing as closed vs filtered in nmap, and the server refusing to send any response not even a rejection, but that’s it.

Proof of work is what those modern captchas tend to do I believe. Not useful to stop creating accounts and such, but very effective to stop crawlers.

Have the same problem at work, and Cloudflare does jack shit about it. Half that traffic uses user agents that have no chance to even support TLS1.3, I see some IE5, IE6, Opera with their old Presto engine, I’ve even seen Netscape. Complete and utter bullshit. At this point if you’re not on an allow list of known common user agents or logged in, you get a PoW captcha.

They have no business collecting any data in the first place. If I wanted my data collected I’d be using Chrome like everyone else. I’m not choosing to use their buggy ass inferior and slower browser for any of Mozilla’s services, I’m choosing it because I want to support non-Chromium browsers and regain my privacy.

There’s no point whatsoever to using Firefox if it’s just a worse Chrome.

You just put both in the server_name line and you’re good to go.

Yep, and I’d guess there’s probably a huge component of “it must be as easy as possible” because the primary target is selfhosters that don’t really even want to learn how to set up Docker containers properly.

The AIO Docker image is an abomination. The other ones are slightly more sane but they still fundamentally mix code and data in the same folder so it’s not trivial to just replace the app.

In Docker, the auto updater should be completely neutered, it’s the wrong way to update the app.

The packages in the Arch repo are legit saner than the Docker version.