Don’t get short with me, buddy!

Setting up fail2ban to block people trying to brute force the admin panel is a good start.

PlexAmp is an amazing bit of software for a phone. It doesn’t translate well to the desktop, but it’s still pretty good.

Your flacs will play lossless on wifi, and transcode to 128kbps opus on mobile. You can tweak those settings too.

Most smart TVs have a native plex app available too.

My company has a 6 month probation period. It also has a 6 month password expiry. Because of all the SSO nonsense, it’s quite possible for it to lapse without warning.

It’s now a running joke that get locked out on the last day of probation, and you’re expecting a call from HR any minute.

I know about that one. The 800MB “fix” for it has been crashing machines quite hard.

I don’t have that problem because I don’t run Windows.

Windows is shit.

IPv6 should not be disabled under any circumstances.

In fact, many devices in my house have IPv4 disabled. Disabling IPv4 on my public-facing SSH reduced the attack traffic to zero.

IPv4 is shit.

Public-facing: Password generator, stored in a password manager.

Internal LAN: Everything gets the same re-used, low-effort password.

Nobody is going to hack my CUPS server.

Ahh. Approving every piece of software would make them… Apple.

You did say “driver”, and Microsoft typically approves every single driver on the majority of PCs.

What do you think WHQL is?

The problem with CrowdStrike’s solution is that they got csagent.sys driver signed by WHQL, and the driver will download p-code from the internet and execute it. This allows them to push out changes without waiting for Microsoft approval.

The biggest problem occurs when you don’t sanitize your inputs and someone accidentally uploads a blank file padded with zeroes. The driver dereferences a null value, and crashes your system. Hard.

Thanks! I’m going through a DisplayPort to HDMI adapter because it was the only way to get 4K video. Pipewire is a bit flaky and applies filters that I don’t want. It’s a 3.1 channel setup. The goal is for the AV receiver to do all the decoding.

I’m on the new HTPC version installed as a snap. I can see that it’s meant to work with passthrough, but I find that it… doesn’t.

I haven’t tried in a few versions. Maybe I should give it another crack.

I used MythTV for decades. I really loved the “raw” digital output of the music player. It would casually hop from 44/16/2.0 to 96/24/5.1 between songs and my amp would decode it. I even contributed a small patch to make the visualizer work with 24bit audio.

The live TV hardware accelerated deinterlacing was really good too. TV recording was super reliable.

The TVDb lookup was a tad glitchy. It turns out that it didn’t include the year in the lookup. I wrote a patch that did it (and improved my metadata lookups heaps) but never made a PR.

I jumped to Plex around 2020. Mostly for things like streaming to my phone so I can have my music on the train. I believe Myth was better for HTPC, but Plex isn’t too far off.

I’m not a fan of Plex audio. Every time I try to make it do AC3 passthrough or skip the OS mixers, the whole thing breaks.

The longest outage I’ve had in a decade is when my primary SSD died a 2 months ago and I had to reinstall using config backups. It was down for around a day.

I’ve thrown a UPS on it and flown overseas for a week or two. It’s basically just email for me and the kids.

I’ve had longer outages on hosted services, TBH.

I host my own mail. When it’s down, the mail just gets delivered after I get online again. Almost all mail servers are configured to retry over a period of several days before giving up.

Once my health insurer sent me mail by post to tell me that my mail server was down. That was kinda funny.

TightVNC. Use TightVNC.

I did have LUKS and a USB flash drive with a key to be inserted on boot. It was definitely difficult and caused performance issues. It was particularly difficult to add/remove drives from the array. These days I only encrypt my off-site backups that sit at the office where my coworkers potentially have physical access.

There have been recent advancements in TPM so disk encryption is easier to maintain and doesn’t affect performance. I’ll need to investigate this one day. My server/NAS is a 4th-gen i5, so it may not support the functions I would need. Full disk encryption will land in Ubuntu soon. I’m hanging out for that.

I personally would flick through the OpenWRT supported devices and pick the best supported device with 802.11ax.

> 176 shots returned.

Everything exposed except NFS, CUPS and Samba. They absolutely cannot be exposed.

Like, even my DNS server is public because I use DoT for AdBlock on my phone.

Nextcloud, IMAP, SMTP, Plex, SSH, NTP, WordPress, ZoneMinder are all public facing (and mostly passworded).

A fun note: All of it is dual-stacked except SSH. Fail2Ban comparatively picks up almost zero activity on IPv6.

Testdisk and photorec? It’s saved me heaps of times.