“conman.org” falls for basic misdirection.

Automatic Mapping

If a user already exists on one or more connected servers, they can log in directly with their existing Jellyfin credentials. Jellyswarrm will automatically create a local user and set up the necessary server mappings.

If the same username and password exist on multiple servers, Jellyswarrm will link those accounts together automatically. This provides a smooth experience, giving the user unified access to all linked servers.

Really should audit the implementation of that feature. So when you first log in it automatically sends you’re credentials to every connected server?

I always thought this would make more sense to implement client side in the media player. But its probably easier to implement this way.

Not much for open source solutions. A simple captcha however would cost scrapers more to crack than Anubis.

But when it comes to “real” bot management solutions: The least invasive solutions will try to match User-Agent and other headers against the TLS fingerprint and block if they don’t match. More invasive solutions will fingerprint your browser and even your GPU, then either block you or issue you a tracking cookie which is often pinned to your IP and user-agent. Both of those solutions require a large base of data to know what real and fake traffic actually looks like. Only large hosting providers like CloudFlare and Akamai have that data and can provide those sorts of solutions.

Costs of solving PoW for Anubis is absolutely not a factor in any AI companies budget. Just the costs of answering one question is millions of times more expensive than running sha256sum for Anubis.

Just in case you’re being glib and mean the businesses will go under regardless of Anubis: most of these are coming from China. China absolutely will keep running these companies at a loss for the sake of strategic development.

Places like cloudflare and akamai are already using machine learning algorithms to detect bot traffic at a network level. You need to use similar machine learning to evade them. And since most of these scrapers are for AI companies I’d expect a lot of the scrapers to be LLM generated.

Here’s one example of a proxy provider offering to pay developers to inject their proxies into their apps. (“100% ethical proxies” because they signed a ToS). Another is BrightData proxies traffic through users of their free HolaVPN.

IOT and smart TVs are also obvious suspects.

Or your TV or IOT devices. Residential proxies are extremely shady businesses.

The problem is primarily the resource drain on the server and tarpitting tactics usually increase that resource burden by maintaining the open connections.

This is what I’ve kept saying about POW being a shit bot management tactic. Its a flat tax across all users, real or fake. The fake users are making money to access your site and will just eat the added expense. You can raise the tax to cost more than what your data is worth to them, but that also affects your real users. Nothing about Anubis even attempts to differentiate between bots and real users.

If the bots take the time, they can set up a pipeline to solve Anubis tokens outside of the browser more efficiently than real users.

Just letting AI take the wheel and hitting git commit -am 'Update project files' every few minutes.

Ya’ll gotta read the whole thing because its genuinely desperate.

How is limited wayland support security issue?

I’m mostly just lost at the concept of “provided Dotfiles”.

Also “No paid features,” but somehow premium customization options.

Free desktop experience: Dotfiles provided by us, with one-click installs and updates.

Premium desktop experience: Same as above, but with more customization options. (dotfile customizations, e.g. “bar on what side”, “what button where”, etc, not Hyprland features)

What the fuck am I reading

Sounds like you don’t need the VPS then. Add a subdomain to your home IP. Port forward 443 and 80 to the sever. Run caddy to route the subdomain to localhost:8096. You will also need to tell jellyfin to accept on the new domain.

5 actually because you can use minimal hardware. You can probably just port forward your router and run caddy on the same jellyfin server but then expose your home IP address.

Obscuring home IP is the big one. You also don’t have to fiddle with opening ports on your router and maybe getting ISP attention for hosting on a residential network. But really obscuring home IP address would work.

Dirt simplest solution is caddy on the same jellyfin server and port forward 443 and 80 on your router to that host. Hopefully letsencrypt will work without a domain but I’m not sure.

But I ran into challenges getting my server safely accessible for users outside my LAN

FWIW:

1. vps + domain (optional?)
2. connect vps to home server with wireguard (eg Tailscale)
3. reverse proxy on the VPS forwarding to jellyfin (eg Caddy)

Obviously not as trivial or seamless as Plex. Also I wouldn’t try to complicate this setup by using docker for everything. But once its up you can basically host whatever you want on the WAN from your LAN.

Also Fedora and “well-built” - it’s glossy and smooth-looking, but not “well-built”.

Example from experience: dnf requires more than 1G to do a system update. Try to run in on a minimal VPS and dnf will keep getting OOM killed.