Countries are looking at joint offensive cyber operations and surprise military drills as Moscow steps up its campaign to destabilize NATO allies.
Russia's drones and agents are unleashing attacks across NATO countries and Europe is now doing what would have seemed outlandish just a few years ago: planning how to hit back.
Ideas range from joint offensive cyber operations against Russia, and faster and more coordinated attribution of hybrid attacks by quickly pointing the finger at Moscow, to surprise NATO-led military exercises, according to two senior European government officials and three EU diplomats.
“The Russians are constantly testing the limits — what is the response, how far can we go?” Latvian Foreign Minister Baiba Braže noted in an interview. A more “proactive response is needed,” she told POLITICO. “And it’s not talking that sends a signal — it’s doing.”
WWII only happened because we tried to appease Hitler and let him grow stronger annexing territory rather than fighting back. It's not too late to close the Pandora's box that is Russia under Putin, but it needs to be done deliberately and forcefully.
We’ve all been donating for decades already with our outrageously expensive healthcare. It’s the trade we make for European security guarantees.
In the meantime, Europeans get to go to the hospital for free and make fun of us for the situation.
And if there is a major war, they’ll expect US soldiers to defend them. Those soldiers will get their legs blown off, and they’ll come home to little support from the VA and still no national healthcare.
You seem to think healthcare and military spending are tied together and we can only choose one. You know you're wrong so I'm gonna leave you to question yourself instead.
The idea of cyber/hybrid warfare against Russia is pretty interesting. Would be interesting at any rate to see how they like having a troll brigade stirring up their populace.
EU’s foreign policy chief Kaja Kallas said such threats posed an “extreme danger” to the bloc, arguing it must “have a strong response” to the attacks.
Last week, Italian Defense Minister Guido Crosetto slammed the continent’s “inertia” in the face of growing hybrid attacks and unveiled a 125-page plan to retaliate. In it, he suggested establishing a European Center for Countering Hybrid Warfare, a 1,500-strong cyber force, as well as military personnel specialized in artificial intelligence.
“Everybody needs to revise their security procedures,” Polish Foreign Minister Radosław Sikorski said on Nov. 20. “Russia is clearly escalating its hybrid war against EU citizens.”
Walk the talk
Despite the increasingly fierce rhetoric, what a more muscular response means is still an open question.
Part of that is down to the difference between Moscow and Brussels — the latter is more constrained by acting within the rules, according to Kevin Limonier, a professor and deputy director at the Paris-based GEODE think tank.
As much as I'd love for the EU to get its shit together right now, I have to agree with this 100%.
“This raises an ethical and philosophical question: Can states governed by the rule of law afford to use the same tools ... and the same strategies as the Russians?” he asked.
So far, countries like Germany and Romania are strengthening rules that would allow authorities to shoot down drones flying over airports and militarily sensitive objects.
National security services, meanwhile, can operate in a legal gray zone. Allies from Denmark to the Czech Republic already allow offensive cyber operations.
So, some nations (mostly those bordering on Russia) are already taking, hmm, "semi-offensive" action while we're still waiting on the EU's official response - the "walk" as opposed to the "talk".
More than 80 people killed in campaign that law-of-war experts have labeled extrajudicial murder
Defense Secretary Pete Hegseth reportedly gave a verbal order to leave no survivors behind as Donald Trump’s administration launched the first of more than a dozen attacks on alleged drug-running boats that have killed more than 80 people over the last three months.
On September 2, U.S. military personnel fired a missile striking a vessel in the Caribbean that carried 11 people accused of trafficking drugs into the United States.
When two survivors emerged from the wreckage, a Special Operations commander overseeing the attack ordered a second strike to comply with Hegseth’s instructions to “kill everybody,” according to The Washington Post, citing officials with direct knowledge of the operation.
It probably was drugs - but that is not the point. It's wildly unethical and a violation of many rules of war to simply kill people like they are doing.
We don't summarily execute people at the president's say.
We don’t summarily execute people at the president’s say.
What do you think a war is? We already set the precedent of being able to declare war on non-state actors and the War Powers act gives him the authority to start shooting without Congressional approval. Which means an American President can legally, (to the US), tell the military they need to go kill cocaine farmers until Congress passes a bill to stop him. And the President can veto that bill. Meaning the legal threshold for Congress to stop the military from killing foreigners in foreign places is the same threshold as impeaching the President.
The War Powers resolution worked as long as it did because it was actually one of many gentleman's agreements that are now defunct.
If anybody is still under the impression that someone somewhere in the chain of command might refuse illegal orders, this tells you everything you need to know
Unfortunately the US doesn't consider that one to be an illegal order. It is heartless, and unnecessary. But ever since the advent of airpower the US has maintained that planes, helicopters, and drones are not required to accept surrender because it is impractical to impossible in any given situation. So the standard is usually to keep firing. Desert Storm and Iraqi Freedom had notable exceptions with mass surrender instructions dropped beforehand. And again, I know that's not reassuring. But this is why politics isn't supposed to be a team game. This is the level of power we are making decisions on. For other things that are completely legal but most people don't realize; heavy machineguns can absolutely be used to target individual soldiers; Flamethrowers are still 100 percent legal against military targets; You can be shot after your surrender is accepted, (I'll expand below); You will be shot if you do not or cannot actively surrender; and Nobody respects the rule against shooting medics and medevacs.
To expand on the most inflammatory one, the only time you are "safe" is while you are in custody. Modern combat operations move very fast and surrendering people are often left in place after their weapons are removed/destroyed. If they don't actively surrender again to follow on forces then they are legal targets because we haven't developed psychic powers yet. This especially matters with surrendered wounded who may not be in a condition to surrender again. Shooting bodies as you advance is legal and expected in a war. You just aren't allowed to personally go back and shoot someone again without them presenting a new threat. With that information in mind you should also know the US military and any professional military sends multiple waves across a battlefield. It is incredibly lethal, by design.
I say all this not to call you out but to highlight that war is a giant bag of dicks that most people outside the military are still naïve about.
The other pressing thing here is this is an order to fire on a declared enemy, outside our border. Meaning the president signed a sheet of paper declaring them to be the enemy, Congress hasn't thrown a flag, and they are beyond the jurisdiction of law enforcement. That is very clear cut to the military. If you change any one of those 3 parameters then things go to gray zone or illegal very quickly. Someone asked me some months ago while Trump was vomiting about Greenland if the military would obey that order versus an order to hunt down and kill Americans inside America. And the answer is Greenland would be fucked but those Americans are pretty safe from the military. They are not however safe from anonymous DOJ task forces and DHS.
that's not illegal actually. if it were, administrations could try to invent felonies for opposition leaders to have committed. now this particular felon should also have been ineligible to run under the 14th amendment, but he was never charged or tried for those crimes, let alone convicted
To use force against Americans inside America without martial law, an act of Congress, or an extenuating circumstance like self defense.
Trump really pushed the envelope by ordering troops to accompany ICE raids under the authorization to guard federal property. But they still couldn't do anything but defend themselves technically. It's just that he effectively tied their self defense to the ICE agents defense. I'm pretty sure the courts knocked that one back and the military pulled back though. Which is why they've gone so hard with Border Patrol, ICE, and any volunteers from within DHS/DOJ that have badges.
That's what these court battles in Los Angeles and Chicago have been about. I've been staying very top level but suffice to say he cannot just yell martial law and charge into a blue city. Laws describe when and how it is proper to do so. The court push back is important not because we think it will restrain Trump, but because the generals are not personally loyal to Trump. As a reminder, Trump wanted to shoot Americans in his first term. It was the establishment that told him no. He tried to directly order the military and a general literally yelled at him for it.
The threat is overwhelmingly from DHS and DOJ. They have the authority, ability, and will. ICE just got funded to an amount equal the British military. The only thing missing is the volunteers and the federal law enforcement training centers have pushed back training for anyone other than ICE to handle the glut of new ICE agents. ICE's detention budget is also now far larger than the federal prison budget. They could theoretically hold about 8 percent of the US population with the budget they got.
Everyone is worried about the military while our federal law enforcement is doing military style presence patrols in Los Angeles.
I’ve been staying very top level but suffice to say he cannot just yell martial law and charge into a blue city
I want to believe you/this, but honestly laws only matter when they are enforced and so far, it looks like nobody wants to enforce them against the Orange Pedo, therefore, he is subject to no laws
The court push back is important not because we think it will restrain Trump, but because the generals are not personally loyal to Trump
What gives you this impression? I have yet to see even hesitancy from any General in following any order so far
As a reminder, Trump wanted to shoot Americans in his first term. It was the establishment that told him no. He tried to directly order the military and a general literally yelled at him for it.
Yes but this second term is something else, everybody fell in line and the idiot king has SCOTUS bought and paid for
Everyone is worried about the military while our federal law enforcement is doing military style presence patrols in Los Angeles.
This has not been adjudicated by anyone. You can say "the US doesn't consider it to be an illegal order". Maybe there is some JAG letter somewhere that says helicopters are not required to accept surrender. But there is nothing that precludes trying everyone involved for war crimes.
Oh it's definitely been US policy for decades. The videos are out there. If you want to talk about what constitutes being "out of combat" and whether the Hague would take the case it could certainly be an interesting exercise. However I doubt the Hague would take it up and neither the Department of Justice nor the military courts are going to take it up without a directive from the President. Democrats aren't going to fall all over themselves to give that directive either though because it would mean Biden and Obama also officially presided over a regime of war crimes.
At the end of the day it comes down to the US having X policy that lies in a gray area of international law. Which leads me to another Bush era policy that we've never really rescinded. If you're not a uniformed soldier in service to an enemy country the US doesn't consider you to have the protections that a soldier would have after surrendering. It was a neat little policy that we used to allow ourselves to torture people labeled terrorists. So yeah that's another thing I expect to hear in the next few days, "cartel members are unlawful combatants."
There was the one high profile commander who stepped down du to this. Wish more would follow suit since it’s technically illegal for all involved to disobey orders unless they all do so collectively.
Yes. If Americans haven't proved they're generally racist and Nationalistic, I don't know what else it would take.
It sounds like you're trying to make a gotcha, but it's quite fair to say a member of the military who murders Venezuelans at whim may still balk if ordered to kill white American.
The us said it would invade the Hague of anyone were tried and attempted to be put on trial.
"all means necessary and appropriate to bring about the release of any U.S. or allied personnel being detained or imprisoned by, on behalf of, or at the request of the International Criminal Court"
Dont worry everyone. Republicans will praise the pedophile and friends through tweets. The Democrats will post a mildly worded tweet. No one will actually do anything.
11 people? There were 11 people on the boat? There's no fucking way that was a drug smuggling boat. 11 people means at least nine people's worth of weight that can't be dedicated to drugs.
every American is going to hell for the murders of our elected officials are committing . i hope the deaths that are happening is not tolerated by god if he really exists.
Our ancestors didn't defy kings, battle their own wayward countrymen, charge trenches, and rush fortified beaches headlong into the jaws of death. . .
**. . .for. This. Whatever the disgraceful hell this is.**
About now, every real patriot for what's good about this country should feel a profound and gnawing agony at every passing day these monsters aren't held to account and rendered incapable of further harm to humanity, whatever form that would take.
We need to make it loud and clear that if "the other team" in places of power doesn't use every single tool at their disposal to end this threat IMMEDIATELY, they are complicit fools and will be held accountable as accomplices to whatever untold horrors would await us, should we refuse to hold the line.
Should the orange cancer expect sternly written letters off displeasure (that are written at an adult comprehension level and not written in crayon, leading to him disregarding them ofc)?
As I understand, not a single one of these boats were even remotely capable of making it to America to begin with. Not without refueling, which isn’t likely that we’re set up for it.
This was all a coordinated targeted mass murder right in front of our faces and they need to be tried and punished for every one.
What is the difference between the US military, the Israeli Defense Forces (IDF), and Hamas? The US military is the most effective, the Israeli Defense Forces are less effective than the US military, but much more than Hamas, Hamas is the least effective. Okay, the Russian military is probably the least effective. Let me rephrase this. To someone, someone's hero is a terrorist. And vice versa. If a military force can kill without accountability, it is a terrorist organization, like Hamas or the IDF.
As the holiday season looms into view with Black Friday, one category on people’s gift lists is causing increasing concern: products with artificial intelligence.
The development has raised new concerns about the dangers smart toys could pose to children, as consumer advocacy groups say AI could harm kids’ safety and development. The trend has prompted calls for increased testing of such products and governmental oversight.
Last week, those fears were given brutal justification when an AI-equipped teddy bear started discussing sexually explicit topics.
The product, FoloToy’s Kumma, ran on an OpenAI model and responded to questions about kink. It suggested bondage and roleplay as ways to enhance a relationship, according to a report from the Public Interest Research Group (Pirg), the consumer protection organization behind the study (pdf link).
“It took very little effort to get it to go into all kinds of sexually sensitive topics and probably a lot of content that parents would not want their children to be exposed to,” said Teresa Murray, Pirg consumer watchdog director.
Oh man, who sells these toys so I can make sure to avoid them? Like, which website specifically There are so many, oh man! It’s so hard to know which specific one to avoid! And also, how do I make sure they can’t be modified to accept a fleshlight? You know, just to make extra sure I don’t get a slutty slop hole of a filth spewing teddy bear that will take on all-comers. No one wants that! That would be disgusting.
The news interview Shirley Beswitch of White Plains, New York to ask her why she bought her 3 year old son an ai teddy bear for Christmas this year
"I base my entire identity around the thing I squeezed out of me a few years ago, but I'm not willing to put any actual work into it, you know? Well, except for bitching online constantly about how other people aren't working to create a safer world for My kid"
When asked if she had any concerns about reported issues with the toys, such as inappropriate comments and surveillance, Shirley said:
"Surveillance isn't real. Plus it doesn't matter if someone knows every intimate detail of my life. Sure I'm an immigrant but I did it right, and my son was born here in America, so it's a non issue"
So far all my setups have had root on SSD mirror with separate hard disk storage pool for all the data. Years ago I used to keep the app config, databases and docker files on the root filesystem, while the app data resided on the storage pool. That was cumbersome for backups and storage size. Eventually I moved all app data to the storage pool. Essentially the apps can be started on any machine with a Linux OS that has docker installed. Database access is slower but it's a decent compromise for having trivial all-in-one snapshots and backup. Now I'm setting up a new NAS for a friend and I'm wondering whether it's worth keeping the root filesystem separate from the storage pool. If I put it on the disks, I'd get trivial full system snapshots and backups. I'd have the same hardware reliability as the storage pool. There wouldn't be issues with root filling up. The caveat is that the OS would be slower. Has anyone reasoned and/or tried this? Should I go for it?
E: I recently put my laptop's root on ZFS and the ability to do full backups while the system is running is pretty great. The full system can be pretty trivialy restored to a new drive with zfs send / recv during setup.
Ukrainian President Volodymyr Zelensky has said his chief of staff, Andriy Yermak, has resigned following an anti-corruption raid on his home.
Yermak, a towering figure with enormous political influence, has been Zelensky's closest adviser throughout Russia's full-scale war, but has come under increasing pressure over an escalating scandal - even though he is not accused of any wrongdoing.
Zelensky had recently appointed him to head crucial negotiations, with US President Donald Trump leading a new drive to end the Russia-Ukraine war.
In a stark address to the nation outside his presidential office, Zelensky called for unity, warning: "We risk losing everything: ourselves, Ukraine, our future."
The corruption scandal has rocked Ukraine for weeks, weakening Zelensky's own position and jeopardising the country's negotiating position with the US at a delicate time.
Ukraine, backed by its European allies, has sought to change the terms of a US-led draft peace plan originally seen as heavily slanted towards Russia.
Early on Friday Ukraine's two anti-corruption agencies raided Yermak's apartment in Kyiv's government quarters and the chief of staff said on social media that "from my side there is full co-operation".
"I'm grateful to Andriy that Ukraine's position on the negotiating track was always presented as required: it was always a patriotic position," Ukraine's president said during his video address in Kyiv.
Zelensky said he would start consultations on Saturday on who would replace Yermak as his top adviser: "When all the attention is focused on diplomacy and the defence in a war, inner strength is required."
I got into the self-hosting scene this year when I wanted to start up my own website run on old recycled thinkpad. A lot of time was spent learning about ufw, reverse proxies, header security hardening, fail2ban.
Despite all that I still had a problem with bots knocking on my ports spamming my logs. I tried some hackery getting fail2ban to read caddy logs but that didnt work for me. I nearly considered giving up and going with cloudflare like half the internet does. But my stubbornness for open source self hosting and the recent cloudflare outages this year have encouraged trying alternatives.
Coinciding with that has been an increase in exposure to seeing this thing in the places I frequent like codeberg. This is Anubis, a proxy type firewall that forces the browser client to do a proof-of-work security check and some other nice clever things to stop bots from knocking. I got interested and started thinking about beefing up security.
I'm here to tell you to try it if you have a public facing site and want to break away from cloudflare It was VERY easy to install and configure with caddyfile on a debian distro with systemctl. In an hour its filtered multiple bots and so far it seems the knocks have slowed down.
My botspam woes have seemingly been seriously mitigated if not completely eradicated. I'm very happy with tonights little security upgrade project that took no more than an hour of my time to install and read through documentation. Current chain is caddy reverse proxy -> points to Anubis -> points to services
The front page of the web site is excellent. It describes what it does, and it does its feature set in quick, simple terms.
I can't tell you how many times I've gone to a website for some open-source software and had no idea what it was or how it was trying to do it. They often dive deep into the 300 different ways of installing it, tell you what the current version is and what features it has over the last version, but often they just assume you know the basics.
It looks like it might be; I just know someone that has a site using it and they use a different mascot, so I thought it would have been trivial. I kind of wonder why it wouldn't be possible to just docker bind mount a couple images into the right path, but I'm guessing maybe they obfuscate/archive the file they're reading from or something?
Not idol worship, rather, it's silly to complain about JS when tools like NoScript allow you to selectively choose what runs instead of guessing what it is. It's simply a documentation page like it says on the URL. I mean, they're incredibly tame on the danger scale to leave your guard all the way up and instead take a jab at the entire community that had nothing to do with your personal choices.
It gets quite silly when you blame the entire dev community for supposedly downvoting you over ideals rather than being overly strict about them. I also prefer HTML-first and think it should be the norm, but I draw the line somewhere reasonable.
I can’t get to that page, so I asked a question
Yeah, and you can run the innocuous JS or figure out what it is from the URL. You're tying your own hands while dishing it out to everyone else.
You know the thing is that they know the character is a problem/annoyance, thats how they grease the wheel on selling subscription access to a commecial version with different branding.
If you want to use Anubis but organizational policies prevent you from using the branding that the open source project ships, we offer a commercial version of Anubis named BotStopper. BotStopper builds off of the open source core of Anubis and offers organizations more control over the branding, including but not limited to:
Custom images for different states of the challenge process (in process, success, failure)
Custom CSS and fonts
Custom titles for the challenge and error pages
"Anubis" replaced with "BotStopper" across the UI
A private bug tracker for issues
In the near future this will expand to:
A private challenge implementation that does advanced fingerprinting to check if the client is a genuine browser or not
Email sales@techaro.lol with your requirements for invoicing, please note that custom invoicing will cost more than using GitHub Sponsors for understandable overhead reasons
:::
I have to respect the play tbh its clever. Absolutely the kind of greasy shit play that Julian from the trailer park boys would do if he were an open source developer.
I've never had any issues on my phone using Fennec or Firefox. I don't have many addons installed apart from uBlock Origin. I wouldn't be surprised if some privacy addons cause issues with Anubis though.
Anubis is an elegant solution to the ai bot scraper issue, I just wish the solution to everything wasn't just spending compute everywhere. In a world where we need to rethink our energy consumption and generation, even on clients, this is a stupid use of computing power.
It also doesn’t function without JavaScript. If you’re security or privacy conscious chances are not zero that you have JS disabled, in which case this presents a roadblock.
On the flip side of things, if you are a creator and you’d prefer to not make use of JS (there’s dozens of us) then forcing people to go through a JS “security check” feels kind of shit. The alternative is to just take the hammering, and that feels just as bad.
No hate on Anubis. Quite the opposite, really. It just sucks that we need it.
I feel comfortable hating on Anubis for this. The compute cost per validation is vanishingly small to someone with the existing budget to run a cloud scraping farm, it’s just another cost of doing business.
The cost to actual users though, particularly to lower income segments who may not have compute power to spare, is annoyingly large. There are plenty of complaints out there about Anubis being painfully slow on old or underpowered devices.
Some of us do actually prefer to use the internet minus JS, too.
Plus the minor irritation of having anime catgirls suddenly be a part of my daily browsing.
Theres a compute option that doesnt require javascript. The responsibility lays on site owners to properly configure IMO, though you can make the argument its not default I guess.
The metarefresh challenge sends a browser a much simpler challenge that makes it refresh the page after a set period of time. This enables clients to pass challenges without executing JavaScript.
To use it in your Anubis configuration:
# Generic catchall rule
- name: generic-browser
user_agent_regex: >-
Mozilla|Opera
action: CHALLENGE
challenge:
difficulty: 1 # Number of seconds to wait before refreshing the page
algorithm: metarefresh # Specify a non-JS challenge method
This is not enabled by default while this method is tested and its false positive rate is ascertained. Many modern scrapers use headless Google Chrome, so this will have a much higher false positive rate. :::
Yeah I actually use the noscript extension and i refuse to just whitelist certain sites unless I'm very certain I trust them.
I run into Anubis checks all the time and while I appreciate the software, having to consistently temporarily whitelist these sites does get cumbersome at times. I hope they make this noJS implementation the default soon.
Most of the Anubis encounters I have are to redlib instances that are shuffled around, go down all the time, and generally are more ephemeral than other sites. Because I use another extension called Libredirect to shuffle which redlib instance I visit when clicking on a reddit link, I don't bother whitelisting them permanently.
I already have solved this on my desktop by self hosting my own redlib instance via localhost and using libredirect to just point there, but on my phone I still do the whole nojs temp unblock random redlib instance. Eventually I plan on using wireguard to host a private redlib instance on a vps so I can just not deal with this.
This is a weird case I know, but its honestly not that bad.
if you are a creator and you’d prefer to not make use of JS (there’s dozens of us) then forcing people to go through a JS “security check” feels kind of shit. The alternative is to just take the hammering, and that feels just as bad.
I'm with you here. I come from an older time on the Internet. I'm not much of a creator, but I do have websites, and unlike many self-hosters I think, in the spirit of the internet, they should be open to the public as a matter of principle, not cowering away for my own private use behind some encrypted VPN. I want it to be shared. Sometimes that means taking a hammering. It's fine. It's nothing that's going to end the world if it goes down or goes away, and I try not to make a habit of being so irritating that anyone would have much legitimate reason to target me.
I don't like any of these sort of protections that put the burden onto legitimate users. I get that's the reality we live in, but I reject that reality, and substitute my own. I understand that some people need to be able to block that sort of traffic to be able to limit and justify the very real costs of providing services for free on the Internet and Anubis does its job for that. But I'm not one of those people. It has yet to cost me a cent above what I have already decided to pay, and until it does, I have the freedom to adhere to my principles on this.
To paraphrase another great movie: Why should any legitimate user be inconvenienced when the bots are the ones who suck. I refuse to punish the wrong party.
Scarcity is what powers this type of challenge: you have to prove you spent a certain amount of electricity in exchange for access to the site, and because electricity isn't free, this imposes a dollar cost on bots.
You could skip the detour through hashes/electricity and do something with a proof-of-stake cryptocurrency, and just pay for access. The site owner actually gets compensated instead of burning dead dinosaurs.
Obviously there are practical roadblocks to this today that a JavaScript proof-of-work challenge doesn't face, but longer term...
The cost here only really impacts regular users, too. The type of users you actually want to block have budgets which easily allow for the compute needed anyways.
Yeah, exactly. A regular user isn't going to notice an extra few cents on their electricity bill (boiling water costs more), but a data centre certainly will when you scale up.
You could skip the detour through hashes/electricity and do something with a proof-of-stake cryptocurrency, and just pay for access. The site owner actually gets compensated instead of burning dead dinosaurs.
Maybe if the act of transferring crypto didn't use a comparable or greater amount of energy...
That's why I specified a proof-of-stake cryptocurrency. They use so much less energy that it is practically negligible in comparison, and more on the order of traditional online transactions.
I think the issue is that many sites are too aggressive with it. Anubis can be configured to only ask for challenges if the site is under unusual load, for instance when a botnet it's actually ddosing the site. That's when it shines.
Making it constantly ask for challenges when the service is not under attack is just a massive waste of energy. And many sites just enable it constantly because they can defer bot pings from their logs that way. That's for instance what op is doing. It's just a big misunderstanding of the tool.
This post is a bit critical of a small well-intentioned project, so I felt obliged to email the maintainer to discuss it before posting it online. I didn’t hear back.
i used to watch the dev on mastodon, they seemed pretty radicalized on killing AI, and anyone who uses it (kidding!!) i'm not even surprised you didn't hear back
great take on the software, and as far as i can tell, playwright still works/completes the unit of work. at scale anubis still seems to work if you have popular content, but does hasnt stopped me using claude code + virtual browsers
im not actively testing it though. im probably very wrong about a few things, but i know anubis isn't hindering my personal scraping, it does fuck up perplexity and chatgpt bots, which is fun to see.
I have a server running a few tiny web sites, so I am considering this, but I'm always concerned about the possibility that adding more things to it could make it less secure, versus more. Thanks for any thoughts.
Security issues are always a concern the question is how much. Looking at it they seem to at most be ways to circumvent the Anubis redirect system to get to your page using very specific exploits. These are marked as m low to moderate priority and I do not see anything that implies like system level access which is the big concern. Obviously do what you feel is best but IMO its not worth sweating about. Nice thing about open source projects is that anyone can look through and fix, if this gets more popular you can expect bug bounties and professional pen testing submissions.
This isn't really a security issue as much as it is a DDOS issue.
Imagine you own a brick and mortar store. And periodically one thousand fucking people sprint into your store and start recording the UPCs on all the products, knocking over every product in the store along the way. They don't buy anything, they're exclusively there to collect information from your store which they can use to grift investors and burn precious resources, and if they fuck your shit up in the process, that's your problem.
This bot just sits at the door and ensures the people coming in there are actually shoppers interested in the content of some items of your store.
I don't know if "anything". But surely people overestimate its capabilities.
It's only a PoW challenge. Any bot can execute a PoW challenge. For a smal to medium number of bots the energy difference it's negligible.
Anubis it's useful when millions of bots would want to attack a site. Then the energy difference of the PoW (specially because Anubis increase the challenge if there's a big number of petitions) can be enough to make the attacker desist, or maybe it's not enough, but at least then it's doing something.
I see more useful against DDOS than AI scrapping. And only if the service being DDOS is more heavy than Anubis itself, if not you can get DDOS via anubis petitions. For AI scrapping I don't see the point, you don't need millions of bots to scrape a site unless you are talking about a massively big site.
I have a script that watches apache or caddy logs for poison link hits and a set of bot user agents, adding IPs to an ipset blacklist, blocking with iptables. I should polish it up for others to try. My list of unique IPs is well over 10k in just a few days.
git repos seem to be real bait for these damn AI scrapers.
This is the way. I also have rules for hits to url, without a referer, that should never be hit without a referer, with some threshold to account for a user hitting F5. Plus a whitelist of real users (ones that got a 200 on a login endpoint). Mostly the Huawei and Tencent crawlers have fake user agents and no referer. Another thing crawlers don't do is caching. A user would never download that same .js file 100s of times in a hour, all their devices' browsers would have cached it. There's quite a lot of these kinds of patterns that can be used to block bots. Just takes watching the logs a bit to spot them.
Then there's ratelimiting and banning ip's that hit the ratelimit regularly. Use nginx as a reverse proxy, set rate limits for URLs where it makes sense, with some burst set, ban IPs that got rate-limited more than x times in the past y hours based on the rate limit message in the nginx error.log. Might need some fine tuning/tweaking to get the thresholds right but can catch some very spammy bots. Doesn't help with those that just crawl from 100s of ips but only use each ip once every hour, though.
Ban based on the bot user agents, for those that set it. Sure, theoretically robots.txt should be the way to deal with that, for well behaved crawlers, but if it's your homelab and you just don't want any crawlers, might as well just block those in the firewall the first time you see them.
Downloading abuse ip lists nightly and banning those, that's around 60k abusive ip's gone. At that point you probably need to use nftables directly though instead of iptables or going through ufw, for the sets, as having 60k rules would be a bad idea.
there's lists of all datacenter ip ranges out there, so you could block as well, though that's a pretty nuclear option, so better make sure traffic you want is whitelisted. E.g. for lemmy, you can get a list of the ips of all other instances nightly, so you don't accidentally block them. Lemmy traffic is very spammy…
there's so much that can be done with f2b and a bit of scripting/writing filters
You mean for the referer part? Of course you don't want it for all urls and there's some legitimate cases. I have that on specific urls where it's highly unlikely, not every url. E.g. a direct link to a single comment in lemmy, and whitelisting logged-in users. Plus a limit, like >3 times an hour before a ban. It's already pretty unusual to bookmark a link to a single comment
It's a pretty consistent bot pattern, they will go to some subsubpage with no referer with no prior traffic from that ip, and then no other traffic from that ip after that for a bit (since they cycle though ip's on each request) but you will get a ton of these requests across all ips they use. It was one of the most common patterns i saw when i followed the logs for a while.
of course having some honeypot url in a hidden link or something gives more reliable results, if you can add such a link, but if you're hosting some software that you can't easily add that to, suspicious patterns like the one above can work really well in my experience. Just don't enforce it right away, have it with the 'dummy' action in f2b for a while and double check.
And I mostly intended that as an example of seeing suspicious traffic in the logs and tailoring a rule to it. Doesn't take very long and can be very effective.
I've repeatedly stated this before: Proof of Work bot-management is only Proof of Javascript bot-management. It is nothing to a headless browser to by-pass. Proof of JavaScript does work and will stop the vast majority of bot traffic. That's how Anubis actually works. You don't need to punish actual users by abusing their CPU. POW is a far higher cost on your actual users than the bots.
Last I checked Anubis has an JavaScript-less strategy called "Meta Refresh". It first serves you a blank HTML page with a <meta> tag instructing the browser to refresh and load the real page. I highly advise using the Meta Refresh strategy. It should be the default.
I'm glad someone is finally making an open source and self hostable bot management solution. And I don't give a shit about the cat-girls, nor should you. But Techaro admitted they had little idea what they were doing when they started and went for the "nuclear option". Fuck Proof of Work. It was a Dead On Arrival idea decades ago. Techaro should strip it from Anubis.
I haven't caught up with what's new with Anubis, but if they want to get stricter bot-management, they should check for actual graphics acceleration.
Funnily enough, PoW was a hot topic in academia around the late 90s / early 2000, and it's somewhat clear that the autor of Anubis has not read much about the discussion back then.
There was a paper called "Proof of work does not work" (or similar, can't be bothered to look it up) that argued that PoW can not work for spam protection, because you have to support both low-powered consumer devices while blocking spammers with heavy hardware. And that is very valid concern. Then there was a paper arguing that PoW can still work, as long as you scale the difficulty in such a way that a legit user (e.g. only sending one email) has a low difficulty, while a spammer (sending thousands of emails) has a high difficulty.
The idea of blocking known bad actors actually is used in email quite a lot in forms of DNS block lists (DNSBLs) such as spamhaus (this has nothing to do with PoW, but such a distributed list could be used to determine PoW difficulty).
Anubis on the other hand does nothing like that and a bot developed to pass Anubis would do so trivially.
At least in the beginning the scrapers just used curl with a different user agent. Forcing them to use a headless client is already a 100x increase in resources for them. That in itself is already a small victory and so far it is working beautifully.
Well in most cases it would by Python requests not curl. But yes, forcing them to use a browser is the real cost. Not just in CPU time but in programmer labor. PoW is overkill for that though.
Then there was a paper arguing that PoW can still work, as long as you scale the difficulty in such a way that a legit user
Telling a legit user from a fake user is the entire game. If you can do that you just block the fake user. Professional bot blockers like Cloudflare or Akamai have machine learning systems to analyze trends in network traffic and serve JS challenges to suspicious clients. Last I checked, all Anubis uses is User-Agent filters, which is extremely behind the curve. Bots are able to get down to faking TLS fingerprints and matching them with User-Agents.
POW is a far higher cost on your actual users than the bots.
That sentence tells me that you either don't understand or consciously ignore the purpose of Anubis. It's not to punish the scrapers, or to block access to the website's content. It is to reduce the load on the web server when it is flooded by scraper requests. Bots running headless Chrome can easily solve the challenge, but every second a client is working on the challenge is a second that the web server doesn't have to waste CPU cycles on serving clankers.
POW is an inconvenience to users. The flood of scrapers is an existential threat to independent websites. And there is a simple fact that you conveniently ignored: it fucking works.
Its like you didn't understand anything I said. Anubis does work. I said it works. But it works because most AI crawlers don't have a headless browser to solve the PoW. To operate efficiently at the high volume required, they use raw http requests. The vast majority are probably using basic python requests module.
You don't need PoW to throttle general access to your site and that's not the fundamental assumption of PoW. PoW assumes (incorrectly) that bots won't pay the extra flops to scrape the website. But bots are paid to scape the website users aren't. They'll just scale horizontally and open more parallel connections. They have the money.
You are arguing a strawman. Anubis works because because most AI scrapers (currently) don't want to spend extra on running headless chromium, and because it slightly incentivises AI scrapers to correctly identify themselves as such.
Most of the AI scraping is frankly just shoddy code written by careless people that don't want to ddos the independent web, but can't be bothered to actually fix that on their side.
You are arguing a strawman. Anubis works because because most AI scrapers (currently) don’t want to spend extra on running headless chromium
WTF, That's what I already said? That was my entire point from the start!? You don't need PoW to force headless usage. Any JavaScript challenge will suffice. I even said the Meta Refresh challenge Anubis provides is sufficient and explicitly recommended it.
And how do you actually check for working JS in a way that can’t be easily spoofed? Hint: PoW is a good way to do that.
Accessing the browsers API in any way is way harder to spoof than some hashing. I already suggested checking if the browser has graphics acceleration. That would filter out the vast majority of headless browsers too. PoW is just math and is easy to spoof without running any JavaScript. You can even do it faster than real JavaScript users something like Rust or C.
Meta refresh is a downgrade in usability for everyone but a tiny minority that has disabled JS.
What are you talking about? It just refreshes the page without doing any of the extra computation that PoW does. What extra burden does it put on users?
If you check for GPU (not generally a bad idea) you will have the same people that currently complain about JS, complain about this breaking with their anti-fingerprinting browser addons.
But no, you can't spoof PoW obviously, that's the entire point of it. If you do the calculation in Javascript or not doesn't really matter for it to work.
In the current shape Anubis has zero impact on usability for 99% of the site visitors, not so with meta refresh.
You will have people complain about their anti-fingerprinting being blocked with every bot-managment solution. Your ability to navigate the internet anonymously is directly correlated with a bots ability to scrape. That has never been my complaint about Anubis.
My complaint is that the calculations Anubis forces you to do are absolutely negligible burden for a bot to solve. The hardest part is just having a JavaScript interpreter available. Making the author of the scraper write custom code to deal with your website is the most effective way to prevent bots.
Think about how much computing power AI data centers have. Do you think they give a shit about hashing some values for Anubis? No. They burn more compute power than a thousand Anubis challenges generating a single llm answer. PoW is a backwards solution.
Please Think. Captchas worked because they're supposed to be hard for a computer to solve but are easy for a human. PoW is the opposite.
In the current shape Anubis has zero impact on usability for 99% of the site visitors, not so with meta refresh.
Again, I ask you: What extra burden does meta-refresh impose on users? How does setting a cookie and immediately refreshing the page burden the user more than making them wait longer while draining their battery before doing the exact same thing? Its strictly less intrusive.
No one is disputing that in theory (!) Anubis offers very little protection against an adversary that specifically tries to circumvent it, but we are dealing with an elephant in the porcelain shop kind of situation. The AI companies simply don't care if they kill off small independently hosted web-applications with their scraping and Anubis is the mouse that is currently sufficient to make them back off.
And no, forced site reloads are extremely disruptive for web-applications and often force a lot of extra load for re-authentication etc. It is not as easy as you make it sound.
Anubis forces the site to reload when doing the normal PoW challenge! Meta Refresh is a sufficient mouse to block 99% of all bot traffic without being any more burdensome than PoW.
You've failed to demonstrate why meta-refresh is more burdensome than PoW and have pivoted to arguing the point I was making from the start as though it was your own. I'm not arguing with you any further. I'm satisfied that I've convinced any readers of our discussion.
Heads up, you’re really invested in arguing with someone who does not appear to be arguing in good faith. Just block them and move on, you will be a happier person for it.
Something that hasn't been mentioned much in discussions about Anubis is that it has a graded tier system of how sketchy a client is and changing the kind of challenge based on a a weighted priority system.
The default bot policies it comes with has it so squeaky clean regular clients are passed through, then only slightly weighted clients/IPs get the metarefresh, then its when you get to moderate-suspicion level that JavaScript Proof of Work kicks. The bot policy and weight triggers for these levels, challenge action, and duration of clients validity are all configurable.
It seems to me that the sites who heavy hand the proof of work for every client with validity that only last every 5 minutes are the ones who are giving Anubis a bad wrap. The default bot policy settings Anubis comes with dont trigger PoW on the regular Firefox android clients ive tried including hardened ironfox. meanwhile other sites show the finger wag every connection no matter what.
Its understandable why some choose strict policies but they give the impression this is the only way it should be done which Is overkill. I'm glad theres config options to mitigate impact normal user experience.
Anubis is that it has a graded tier system of how sketchy a client is and changing the kind of challenge based on a a weighted priority system.
Last I checked that was just User-Agent regexes and IP lists. But that's where Anubis should continue development, and hopefully they've improved since. Discerning real users from bots is how you do proper bot management. Not imposing a flat tax on all connections.
A HTTP get request is a few hundred bytes. The response is 28KB. Thats 280x. If a large botnet wanted to denial of service an Anubis protected site, requesting that image could be enough.
Ideally, Anubis should serve as little data as possible until the POW is completed. Caching the POW algorithm (and the image) to a CDN would also mitigate the issue.
Definitely, which is why i suggested hosting the image + js on a CDN. Keeps brand awareness, and lets the CDN take the brunt of any malicious activity. with a bit of code-golfing, the data served by Anubis directly prior to POW could be a few hundred bytes, without impacting its functionality.
I dunno that is true, nothing in the docs indicates that it is explicitly anti-CDN. And using a CDN for a static javascript resource and an image isn't the same as running the entire site through a CDN proxy.
At the time of commenting, this post is 8h old. I read all the top comments, many of them critical of Anubis.
I run a small website and don't have problems with bots. Of course I know what a DDOS is - maybe that's the only use case where something like Anubis would help, instead of the strictly server-side solution I deploy?
I use CrowdSec (it seems to work with caddy btw). It took a little setting up, but it does the job. (I think it's quite similar to fail2ban in what it does, plus community-updated blocklists)
Am I missing something here? Why wouldn't that be enough? Why do I need to heckle my visitors?
Despite all that I still had a problem with bots knocking on my ports spamming my logs.
By the time Anubis gets to work, the knocking already happened so I don't really understand this argument.
If the system is set up to reject a certain type of requests, these are microsecond transactions of no (DDOS exception) harm.
If crowdsec works for you thats great but also its a corporate product whos premium sub tier starts at 900$/month not exactly a pure self hosted solution.
I'm not a hypernerd, still figuring all this out among the myriad of possible solutions with different complexity and setup times. All the self hosters in my internet circle started adopting anubis so I wanted to try it. Anubis was relatively plug and play with prebuilt packages and great install guide documentation.
Allow me to expand on the problem I was having. It wasnt just that I was getting a knock or two, its that I was getting 40 knocks every few seconds scraping every page and searching for a bunch that didnt exist that would allow exploit points in unsecured production vps systems.
On a computational level the constant network activity of bytes from webpage, zip files and images downloaded from scrapers pollutes traffic. Anubis stops this by trapping them in a landing page that transmits very little information from the server side. By traping the bot in an Anubis page which spams that 40 times on a single open connection before it gives up, it reduces overall network activity/ data transfered which is often billed as a metered thing as well as the logs.
And this isnt all or nothing. You don't have to pester all your visitors, only those with sketchy clients. Anubis uses a weighted priority which grades how legit a browser client is. Most regular connections get through without triggering, weird connections get various grades of checks by how sketchy they are. Some checks dont require proof of work or JavaScript.
On a psychological level it gives me a bit of relief knowing that the bots are getting properly sinkholed and I'm punishing/wasting the compute of some asshole trying to find exploits my system to expand their botnet. And a bit of pride knowing I did this myself on my own hardware without having to cop out to a corporate product.
Its nice that people of different skill levels and philosophies have options to work with. One tool can often complement another too. Anubis worked for what I wanted, filtering out bots from wasting network bandwith and giving me peace of mind where before I had no protection. All while not being noticeable for most people because I have the ability to configure it to not heckle every client every 5 minutes like some sites want to do.
If crowdsec works for you thats great but also its a corporate product
It's also fully FLOSS with dozens of contributors (not to speak of the community-driven blocklists). If they make money with it, great.
not exactly a pure self hosted solution.
Why? I host it, I run it. It's even in Debian Stable repos, but I choose their own more up-to-date ones.
Allow me to expand on the problem I was having. It wasnt just that I was getting a knock or two, its that I was getting 40 knocks every few seconds scraping every page and searching for a bunch that didnt exist that would allow exploit points in unsecured production vps systems.
Again, a properly set up WAF will deal with this pronto
You should not have exploit points in unsecured production systems, full stop.
On a computational level the constant network activity of bytes from webpage, zip files and images downloaded from scrapers pollutes traffic. Anubis stops this by trapping them in a landing page that transmits very little information from the server side.
And instead you leave the computations to your clients. Which becomes a problem on slow hardware.
Again, with a properly set up WAF there's no "traffic pollution" or "downloading of zip files".
Anubis uses a weighted priority which grades how legit a browser client is.
And apart from the user agent and a few other responses, all of which are easily spoofed, this means "do some javascript stuff on the local client" (there's a link to an article here somewhere that explains this well) which will eat resources on the client's machine, which becomes a real pita on e.g. smartphones.
Also, I use one of those less-than-legit, weird and non-regular browsers, and I am being punished by tools like this.
All the self hosters in my internet circle started adopting anubis so I wanted to try it. Anubis was relatively plug and play with prebuilt packages
edit: I feel like this part of OP's argument needs to be pointed out, it explains so much:
All the self hosters in my internet circle started adopting anubis so I wanted to try it. Anubis was relatively plug and play with prebuilt packages
Mmm how to say this. i suppose what I'm getting at is like a philosophy of development and known behaviors of corporate products.
So, here's what I understand about crowdsec. Its essentially like a centralized collection of continuously updated iptable rules and botscanning detectors that clients install locally.
In a way its crowd sourcing is like a centralized mesh network each client is a scanner node which phones home threat data to the corporate home which updates that.
Notice the optimal word, centralized. The company owns that central home and its their proprietary black box to do what they want with. And so you know what for profit companies like to do to their services over time? Enshittify them by
adding subscription tier price models
putting once free features behind paywalls,
change data sharing requirements as a condition for free access
restricting free api access tighter and tighter to encourage paid tiers,
making paid tiers cost more to do less.
Intentionally ruining features in one service to drive power users to use a different.
They can and do use these tactics to drive up profit or reduce overhead once a critical mass has been reached. I do not expect alturism and respect for usersfrom corporations, I expect bean counters using alturism as a vehicle to attract users in the growing phase and then flip the switch in their tos to go full penny pinching once they're too big to fail.
::: spoiler Crowdsecs pricing updates from last year CrowdSec updated pricing policy
Hi everyone,
Our former pricing model led to some incomprehensions and was sub-optimal for some use-cases.
We remade it entirely here. As a quick note, in the former model, one never had to pay $2.5K to get premium blocklists. This was Support for Enterprise, which we poorly explained. Premium blocklists were and are still available from the premium SaaS plan, accessible directly from the SaaS console.
Here are the updates:
Security Engine: All its embedded features (IDS, IPS and WAF) were, are and will remain free.
SAAS: The free plan offers up to three silver-grade blocklists (on top of receiving IP related to signals your security engines share). Premium plans can use any free, premium and gold-grade blocklists. Previously, we had a premium and an enterprise plan with more features. All features are now merged into a unique SaaS enterprise plan. The one starting at $31/month. As before, those are available directly from the SaaS console page: app.crowdsec.net
SUPPORT: The $2.5K (which were mostly support for Enterprise) are now becoming optional. Instead, a client can contract $1K for Emergency bug & security fixes and $1K for support if they want to.
BLOCKLISTS: Very specific (country targeted, industry targeted, stack targeted, etc.) or AI-enhanced are now nested in a different offer named "Platinum blocklists subscription". You can subscribe to them, regardless of whether you use the FOSS Security Engine or not. They can be joined, tuned, and injected directly into most firewalls with regular automatic remote updates of their content. As long as you do not resell them (meaning you are the final client), you can use the subscription in any part of your company.
CTI DATA: They can be consumed through API keys with associated quotas. These are affordable and intended for use in tools like OpenCTI, MISP, The Hive, Xsoar, etc. Costs are in the range of hundreds of dollars per month. The Full CTI database can also be locally replicated at your place and constantly synced for deltas. Those are the largest plans we have, and they are usually destined to L/XL enterprises, governmental bodies, OEM & hardware vendors.
Whilst I'm pleased to see it made clearer, £290 a year for each security engine is still far too expensive for me to consider it. 2 u/GuitarEven avatar GuitarEven • 1y ago
We get that £290 is too high for individual home labs. Those offers are made for companies. Free tier features should cover homelabs correctly.
Features that are oriented for enterprise clients. If a company cannot invest $300 yearly in its security, no judgment and the free tier will still be very helpful until it recovers some budget margins to strengthen its security posture. 4
[deleted]• 1y ago
Any idea why we dont have any good free / freemium (max $5 per month) app yet. Reason am asking - adguard, urigin etc had filters which matches js/domains and filters them out. Same logic can be applied atleast for the ip lists - so that these ips cann be added to iptables to block. A lot of things are easy to make. The tough ones are things like scenarios and may be ssh bw etc. I wonder why no real competition. 1 u/GuitarEven avatar GuitarEven • 1y ago
hi u/ElizabethThomas44
Well you actually do. To date, for free, you get: * the security engine (IDS/IPS/WAF) * all scenarios * the blocklist of IPs you are participating to detect when you use scenarios and share signals * the free tier of the console
The IPs you automatically get for free are already added to your nftables or iptables using the related remediation component.
<TL/DR> You already have it.
(damn, personal reddit account, sorry, this is Philippe@CrowdSec) 4
:::
At the end of the day its not the thousands of anonymous users contributing their logs or Foss voulenteers on git getting a quarterly payout. They're the product and free compute + live action pen testing ginnea pigs, no matter what PR they spin saying how much they care about the security of the plebs using their network for free.
Its always about maximizing the money with these people your security can get fucked if they dont get some use out of you. Expect at some point the tos will change so that anonymized data sharing is no longer an option for free tier.
What happens if the company goes bankrupt? Does it just stop working when their central servers shut down? Does their open source security have the possibility of being forked and run from local servers?
It doesnt have to be like this. Peer to peer Decentralized mesh networks like YaCy already show its possible for a crowdsourced network of users can all contribute to an open database. Something that can be completely run as a local Node which federates and updates the information in global node. Something like it that updates a global iptables is already a step in the right direction. In that theoretical system there is no central monopoly its like the fediverse everyone contributes to hosting the global network as a mesh which altruistic hobbyist can contribute free compute to on their own terms.
I"I dont see anything wrong with people getting paid" is something I see often on discussions. Theres nothing wrong with people who do work and make contributions getting paid. What's wrong is it isnt the open source community on github or the users contributing their precious data getting paid, its a for profit centralized monopoly that controls access to the network which the open source community built for free out of alturism.
The pattern is nearly always the same. The thing that once worked well and which you relied on gets slowly worse each ToS update, while their pricing inches just a dollar higher each quarter, and you get less and less control over how you get to use their product. Its pattern recognition.
The only solution is to cut the head off the snake. If I can't fully host all of the components, see the source code of the mechanisms at all layers, own a local copy of the global database, then its not really mine.
Again, it's a philosophy thing. Its very easy to look at all that, shrug, and go "whatever not my problem I'll just switch If it becomes an issue". But the problem festers the longer its ignored or enabled for convinence. The community needs to truly own the services they run on every level, it has to be open, and for profit bean counters can't be part of the equation especially for hosting. There are homelab hobbyist out there who will happily eat cents on a electric bill to serve an open service to a community, get 10,000 of them on a truly open source decentralized mesh network and you can accomplish great things without fear of being the product.
CrowdSec is an open-source and collaborative security stack leveraging the crowd power. Analyze behaviors, respond to attacks & share signals across the community. Join the community and let's make the Internet safer, together.
Anubis was originally created to protect git web interfaces since they have a lot of heavy-to-compute URLs that aren't feasible to cache (revision diffs, zip downloads etc).
After that I think it got adopted by a lot of people who didn't actually need it, they just don't like seeing AI scrapers in their logs.
AI scraping is a massive issue for specific types of websites, such as git forges, wikis and to a lesser extend Lemmy etc, that rely on complex database operations that can not be easily cached. Unless you massively overprovision your infrastructure these web-applications come to a grinding halt by constantly maxing out the available CPU power.
The vast majority of the critical commenters here seem to talk from a point of total ignorance about this, or assume operators of such web applications have time for hyperviligance to constantly monitor and manually block AI scrapers (that do their best to circumvent more basic blocks). The realistic options for such operators are right now: Anubis (or similar), Cloudflare or shutting down their servers. Of these Anubis is clearly the least bad option.
I also used CrowdSec for almost a year, but as AI scrapers became more aggressive, CrowdSec alone wasn’t enough. The scrapers used distributed IP ranges and spoofed user agents, making them hard to detect and costing my Forgejo instance a lot in expensive routes. I tried custom CrowdSec rules but hit its limits.
Then I discovered Anubis. It’s been an excellent complement to CrowdSec — I now run both. In my experience they work very well together, so the question isn’t “A or B?” but rather “How can I combine them, if needed?”
You are right. For most self-hosting usecases anubis is not only irrelevant, but it actually works against you. False sense of security and making your devices do extra work for nothing.
Anubis is though for public facing services that may get ddos or AI scrapped by some not targeted bot (for a target bot it's trivial to get over Anubis in order to scrap).
And it's never a substitute of crowdsec or fail2ban. Getting an Anubis token it's just a matter of executing the PoW challenge. You still need a way to detect and ban malicious attacks.
Try to secure a nonprofit's web infrastructure with as 1 IT guy and no budget for devs or security.
It would be nice if we could update servers constantly and patch unmaintained code, but sometimes you just need to front it with something that plugs those holes until you have the capacity to do updates.
But 100% the WAF should be run locally, not a MiTM from evil US corp in bed with DHS.
Obviously I don't think you need Anubis for a static site. And if that is what your admin experience is limited too, than you have a strong case of dunning krueger.
the project name is a bit unfortunate to show for users, maybe change that if you will use it.
some known privacy services use it too, including the invidious at nadeko.net, so you can check there how it works. It's one of the most popular inv servers so I guess it cannot be bad, and they use multiple kinds of checks for each visitor
Inspired by this post I spent a couple of hours today trying to set this up on my toy server, only to immediately run into what seems to be a bug where <video> tags loading a simple WebM video from right next to index.html broke because the media response got Anubis's HTML bot check instead of media.
Describe the bug I have a redlib instance running behind anubis and when trying to play GIFs, it fails. If I check out the response, it's just anubis trying to verify my browser instead of the medi...
Anubis is mainly aimed against bad AI scrappers and some ddos mitigation if you have a heavy service.
You are getting hit exactly the same, anubis doesn't put up a block list or anything. It just put itself in front of the service. The load on your server and the risk you take it's very similar anubis or not anubis here. Most bots are not AI scrappers they are just proving. So the hit on your server is the same.
What you want is to properly set up fail2ban or, even better, crowdsec. That would actually block and ban bots that try to prove your server.
If you are just self-hosting with Anubis the only thing you are doing is deriving the log noise towards Anubis logs and making your devices do a PoW every once in a while when you want to use your services.
Being honest I don't know what you are self hosting. But at least it's something that's going to get ddos or AI scrapped, there's not much point with Anubis.
Also Anubis is not a substitute for fail2ban or crowdsec. You need something to detect and ban brute force attacks. If not the attacker would only need to execute the anubis challenge get the token for the week and then they are free to attack your services as they like.
Maybe you know the answer to my question: If I'd want to use any app that doesnt run in a webbrowser (e.g. the native jellyfin app), how would that work? Does it still work then?
It explicitly checks for web browser properties to apply challenges and all its challenges require basic web functionality like page refresh. Unless the connection to your server involves handling a user agents string it won't work, I think this I how it is anyway. Hope this helped.
Assuming what you said is correct, it wouldnt help my use case. Not hosting any page meant for public consumption anyway so it's not really important. But thanks for answering 😀
The creator is active on a professional slack I'm on and they're lovely and receptive to user feedback. Their tool is very popular in the online archives/cultural heritage scene (we combine small budgets and juicy, juicy data).
My site has enabled js-free screening when the site load is low, under the theory that if the site load is too high then no one's getting in anyway.
I host my main server on my own hardware, and a VPN on Hetzner because my shitty ISP doesn't let me port forward. For the past year, bots were hitting my Forgejo instance hard. I forgot to disable registration and they generated hundreds of accounts with hundreds of repos with sketchy links, generating terrabytes of traffic from my VPS, costing me money in traffic. I disabled registration and deleted the spam, and bots still kept hitting my server for several months, which would cause memory leaks over time and crash it and consume CPU, and still costed me money with terrabytes of traffic per month. A few weeks ago, I put Anubis on the VPS. Now, zero bots hit my Forgejo instance and I don't pay for their traffic anymore. Problem solved.
Its always code forges and wikis that are effected by this because the scrapers spider down into every commit or edit in your entire history, then come back the next day and check every “page” again to see if any changed. Consider just blocking pages that are commit history at your reverse proxy.
I am very annoyed that I have to enable cloudflare's JavaScript on so many websites, I would much prefer if more of them used Anubis so I didn't have third-party JavaScript running as often.
( coming from an annoying user who tries to enable the fewest things possible in NoScript )
A daughter of the former South African president Jacob Zuma has resigned as an MP, after being accused of tricking 17 South African men into fighting for Russia in Ukraine by telling them they were travelling to Russia to train as bodyguards for the Zumas’ uMkhonto weSizwe (MK) party.
Duduzile Zuma-Sambudla, 43, the most visible and active in politics of her siblings, volunteered to resign and step back from public roles while cooperating with a police investigation and working to bring the men home, the MK chair, Nkosinathi Nhleko, said at a press conference in Durban.
Love me some Fedora, why should I switch to an immutable version? The thing that gives me pause is I like being able to change my system when I need to and have it persist, which is from what I understand the exact opposite idea of immutables (but I may be misunderstanding, thus this comment asking lol).
So essentially you have a base system and you add what you need through flatpak, distrobox, homebrew, and if all else fails, by layering the packages on the base image with rpm-ostree. What you can't do (that I'm aware of), is remove packages, or make bigger changes like adding another desktop environment aside what it came from. I mean, I guess you can do it by layering but it's probably messy. Configuration and customisation are not an issue: /etc and /var are not immutable of course.
Distrobox is super cool btw, I knew it existed but Bazzite pushing me to use it was what I needed to finally try and appreciate it.
Airbus is recalling more than half of the jets in its global A320 fleet, which will disrupt thousands of flights around the world.
The company said the planes need an "immediate software change" to ensure flight control is sound.
The recall comes after a JetBlue plane’s nose dropped for several seconds without the pilot’s input during a flight in October, according to a European safety agency.
American Airlines says the news will disrupt more than 300 flights for its airline alone, while Air Canada says "very few" of its planes are affected.
Boeing would do nothing except post a notice on a board in a damp cellar of one of their offices, and then blame airlines for not following their instructions.
A January study in the journal Social Science & Medicine found that volunteering slows down aging in retirees: the DNA of people who volunteered the equivalent of one to four hours a week showed distinctive biomarkers associated with decelerated epigenetic aging, with the most pronounced effects among retired people.
“People might do better, physically, psychologically, socially, if they have a role that they think is important and they identify with,” said Cal J. Halvorsen, a gerontological social work scholar at Washington University in St. Louis and one of the authors of the study. “In the American context, we take our jobs very seriously, and so we were curious if volunteering after retiring or when you’re no longer working might have a different effect on your epigenetic aging.”
That study is just part of a growing body of research on the health benefits of volunteering for retirees, a major benefit for older Americans who have mobilized for election defense and other core public services under attack. Another study published in February found that volunteering in early retirement among Americans also reduced rates of depression by around 10 percent—again, a more pronounced effect than in the general population.
The headline is wholly unsupported by the study. They asked seniors if they volunteered at "religious, educational, health-related, or other charitable organizations", not political organizations. Even as noted in the article:
The work also keeps Williams sane. Following politics leaves her “ready to tear somebody’s hair out,” she said.
If anything, the stress of living under fascism probably shortens your life expectancy. Apparently living in a democracy increases it by 11 years, which probably outweighs the volunteering effect: sciencedirect.com/science/arti…
This explains what's going on with Bernie Sanders. In recent interviews he seems somehow younger than he did 5 years ago. The country needs him and it's energized him. I hope he gets a few years to himself after all this to enjoy retirement, though.
I thought this was going to be a community for linux newbies, who come here and find little tips for how to better use linux. Like little tips and tricks to better use linux that are so addictive it's like crack.
Alas, no. This is a sub on how to download pirated linux games.
Which I'm still all here for, by the way. I just wish the community I envisioned ALSO existed. It would be like the first time I ever found out about the registry editor on windows XP.
I need THAT moment, but for linux. The moment where I figure out how to take control, and understand what I'm doing.
Because right now, I'm just distro hopping, but hating most of these options. Right now I'm looking at LMDE which is Mint without ubuntu. Also looking at Fedora. Also looking at Bazzite. And I've been using Zorin for a year now.
Outside of those, I hate every option I try. MX Linux was kind of good......but also really really annoying. HATED PopOS.
I'm just looking for tips that will help me understand "OOOOHHHH!!!! THAT'S how that works."
Like right now, I have no idea how updates work. I know there's repositories. I have no idea where these repositories are. I have no idea how my computer knows where these repositories are. I have no idea how to add or change my repositories. I have no idea what's in them.
That's just the tip of the iceberg of what I don't know. Terminal is just.......can we make a distro without the terminal please? Make it so you can download your own if you want to, but the culture around this distro would be terminal-less. That's the distro I want.
I want to have issues, that have solutions online that don't start with:
Step 1: Chill Step 2: Don't try to run before you can walk. Adding or changing repositories is a bad idea 99 times out of 100. Step 3: STOP reading up on all the Linux controversies online. It's just an operating system. Step 4: Stick with Zorin. Why? Simply because it's the distro you've been using for a year. Almost all Linux distros can do what any distro can do. Which one you use generally doesn't matter as much as you think. Stick with it until you run into something it can't do, and you know enough to know which other distro could do it better. It doesn't matter that it's based on Ubuntu, and Ubuntu is kind of meh. Don't worry about Snaps, Wayland or Systemd. Just install the programs you need and use your computer.
Yeah. Stick with Zorin or maybe try Ubuntu. If you specifically do not want to learn, which is what your post makes it sound like, Zorin or Ubuntu will be your best bet.
Being real, Linux without terminal is kinda impossible. That being said, assuming you test compatibility via a live disc/drive before installing, you shouldn't need to use CLI often at all, and may never need to if you don't want.
However, when trouble does happen, you need that kind of access. You do on Windows as well, so it isn't like you're escaping it if you jump ship.
Not having a terminal program would be mind-numbingly bad. Any situation that you would need to use it, installing it would be harder, and maybe impossible. So, just don't open the damn thing if you don't want to use it regularly. There's a ton of gui options for almost everything these days. But you can't escape command line entirely on any os.
Repos are essentially what makes the various distros what they are, to an extent. They're curated software, and the address for whatever is maintained by the distro is already in there, and that's how it knows. Someone put it in.
If you're not comfy with CLI, you probably shouldn't fuck around adding repos tbh. Again, that being said, you'd find where to do so under the software/updates menu in mint. You find the box, type the info in, give your password, and Bob's your uncle. Thing is, that's not a decrease in steps compared to using command line, it's just different steps. The exact label to get there via gui may vary between distros, but it's in the "start" menu somewhere.
Updates are just a matter of the software connecting to the repo, checking to see what's new, then giving you the option to use them.
Legit, I totally understand the issue with using command line interfaces. My dyslexic ass hates trying to sort through the text. But it is a great tool. If anything every goes really wrong, you'll be glad it's sitting there ready.
Instructions that start with "open terminal" are then followed by text commands to execute, all of which can be broken down and dissected to learn exactly what they are doing and why they are there. And generally, CLI tools, config files, etc have a very stable interface that doesn't change much over time (generalizing broadly; obviously there are some softwares with major changes which this does not apply to). Ultimately, they can be replicated very easily with copy/paste by the end user.
Instructions that are just a bunch of screenshots are subject to user error and whims of the softwares UI designers and your own personal look and feel settings.
Instructions that are "download this file and execute it" are how you fuck up your system with a difficult, possibly nonexistent, path to recovery.
So, I'd advise to get comfortable with the terminal and accept those instructions as the blessing that they are
Your aversion to the terminal will make it extremely hard for you to learn linux. The point of the terminal is to tell the computer exactly what you want it to do. If you don't know what you want it to do, you probably shouldn't do it. As such I'd suggest you either buckle down and learn the hard way with something like Arch installed manually, or just stick with what you already know and let the knowledge be drip fed as time goes, using something that mostly just works. The tool is there, its meant to be used a certain way. Sometimes you can't treat every tool like a hammer.
It sounds to me like you don't want to be on Linux. Maybe MacOS would be better suited for your taste if you really want to be on something unix-like instead of NT.
Bonus round: Eyes are slower than fingers, eventually you'll be wishing there were a more efficient way, an easier way than fumbling through menus to hope you stumble upon the setting you're looking for. That way is the terminal.
Bread on Penguins just posted a really great resource for newbies to understand what they're doing better. Some of it is arcane, some of it will be super helpful for you.
Profitez des vidéos et de la musique que vous aimez, mettez en ligne des contenus originaux, et partagez-les avec vos amis, vos proches et le monde entier.
Ignore this person OP, they're basically lost to the Void Linux, not understanding the whole world doesn't necessarily want to spend countless hours tweaking every little thing or even more hours troubleshooting. Sure I like it and have an Arch based laptop, but I'm still same enough to know that most people don't find that fun or nice &tc.
Just go with Bazzite if you want something easy to use that's hard to mess up with gaming, and use the Flatpaks. If you ever do one day feel like having a bit more control and tinker power though, I learned today Cachy is a good next step, since it's still very easy to use for gaming but is based on Arch.
::: spoiler Fedora just works. Just do fedora workstation. Get on the current version, then always trail the new version by a couple of months, just so they have time to fix bugs.
The range of Linux is enormous. It is everything from small microcontroller-ish devices to cars, routers, phones, appliances, and servers. These are the primary use cases. Desktop is a side thing.
Part of the learning curve is that no one knows the whole thing top to bottom end to end at all levels of source. Many entire careers and PhDs and entire companies exist here. You will never fully understand the thing, but that is okay, you do not need to understand it like this.
The main things are that every distro has a purpose. Every distro can be shaped into what you want.
Fundamentally, Linux as the kernel is a high level set of command line tools on top of the hardware drivers required to run on most hardware. The Linux kernel is structured so that the hardware drivers, called modules, are built into the kernel already. There is actually a configuration menu for building the kernel where you select only the modules you need for you're hardware and it builds only what you need automatically based upon your selection. This is well explained in Gentoo in tutorial form.
Gentoo is the true realm of the masters. It has tutorial documentation, but is written for people with an advanced understanding and infinite capacity to learn. The reason Gentoo is special is the Portage terminal package manager. Gentoo is made to compile the packages for your system from source and with any configuration or source code changes you would like to make. This is super complicated in practice, but if you have very specific needs or goals, Gentoo is the place to go. Arch is basically Gentoo, but in binary form for people too lazy or incapable of managing Gentoo, but where they either already have a CS degree level understanding of operating systems or they are the unwitting testers of why rsync works so well for backing up and reloading systems. It is the only place you will likely need and use backups regularly. The other thing about arch is that the wiki is a great encyclopedia of almost everything. It is only an encyclopedia. It is not tutorial or ever intended as such. Never use arch as a distro to learn on. It is possible, but you're climbing up hill backwards when far easier tutorial paths exist.
Godmode is LFS, aka Linux From Scratch. It is a massive tutorial about building everything yourself. No package maintainers for you.
Redhat is the main distro for server stuff. It is paid. The main thing it offers is zero down time kernel updates. You never need to reboot. It transitions packages in real time. Most of the actual kernel development outside of hardware peripheral driver support happens at Redhat. Fedora is upstream of Redhat. They are not directly related, but many Fedora devs are Redhat employees. Fedora informally functions kinda like a beta test bed for Redhat. Most of the Redhat tools are present or available in Fedora. This is why the goto IT career path is through Fedora using The Linux Bible. So if you want to run server type stuff or use advanced IT tools, maybe try Fedora.
Here is the thing, you do not need to use these distros. They likely are of no interest to you. All of this bla bla bla is for this simple point, distros are not branding or team sports. They are simply pathways and configurations that best handle certain use cases. The reason you need to understand the specific use case is because these are like chapters of Linux documentation. How do I configure, schedule and automatic some package? Gentoo probably has a tutorial I will find useful. How do I figure out the stuff going on prior to init? LFS will walk me through it. What is init? Arch wiki will tell me.
On the other hand, there is certain stuff to know like how Debian is for hardware modules development, and mostly unrelated to the latter, building one off custom server tools. When you see Debian like on some single board computer where no other distro is listed, that means it probably isn't worth buying or messing with. It means the hardware is likely on an orphaned kernel that will never have mainline kernel support so it won't be safe on the internet for long.
That's another thing. Most of what is relevant is keeping a system safe to be online, meaning server stuff.
OpenWRT is the goto Linux for routers and embedded hardware. You can easily fit the whole thing in well under 32 megabytes of flash. It is a pain in the ass for even a typically advanced Linux terminal user, but that is Linux with a GUI too. The toolset is hard, and has little built in documentation by default.
With very early early 1970's+ personal computers, crashing and resetting computers was a thing. Code just ran directly on the memory. The kernel is about solving the issue of code crashing everything. The kernel creates the abstractions that separate the actual hardware registers and memory from the the user space tools and software so that your code bug does not crash everything. It is a basic set of high level user space commands and structures to manage a file tree, open, edit, and run stuff. In kernel space, it is the scheduler and process management that swaps out what is running when and where for both the kernel processes and separate user processes. The kernel is not the window manager, desktop, or most of the actual software you want to run.
The other non intuitive issue many people have is sandboxing and dependencies. Not all software is maintained equally. When some software has conflicting dependencies with other software, major problems arise. How you interact with this issue is what really matters and one size does not fit all or even most. This issue is the reason the many distros actually exist. Sandboxing, in almost every context you will encounter, is about creating an independent layer location for a special package's dependencies to exist without conflicts on your base host system. It is not about clutter management or security, just package dependencies. That is the main thing that each distro's maintainers are handling. The packages native in the distro already have their dependencies managed for you; they should just work. Maybe you want to use more specific or unrelated things. Well then you need to manage them. Nix is designed especially for this in applications where you need to send your configuration sandbox to other user. Alternatively, people use an immutable base like silverblue and run all non native software from sandboxed dependency containers. :::
Crack tip number 1: The desktop environment you use is independent of the distribution. You don't have to switch to an entirely different distro if you don't like Gnome or KDE or LXDE or whatever. On 90% of distros installing another desktop environment is one command away.
Crack tip number 2: If you want to know what a command does run man command or google that. Use the arrow keys to scroll up and down /searchterm to search for a word and q to exit.
With one hand you describe your desire to explore and tinker with the inner mechanics of operating systems (or at least your desktop environment). With the other your need for an OS to work just so without your configuration.
You can't have it both ways.
Three facts which may help you if you're able to accept yourself as the limiting factor: 1. GNU/Linux freedom means, among other things, the freedom to modify. This is why distributions exist. Someone had a strong enough preference to take on the burden of constructing an alternative which met those preferences "out of the box". 2. Everything you do in any GUI is executing commands for you. 3. Everything in Linux is a file descriptor. Differing design philosophies are one of the reasons (among many) that Microsoft created the Registry for Windows. Warren Young's response to a question about this topic on Stack Exchange is nigh exhaustive and well written. This might be the lightbulb you're looking for?
My point isn't to discourage you. I think almost everyone interested in exercising their agency in computing ought to be empowered to do so. That isn't without friction and hurdles though and, at least as far as I can see, never will be.
Graphical Applications have to be built by people. Those people have to understand programming and the CLI/terminal because, again, every GUI interaction is issuing a command to the system it runs on. Not everyone knows how to do that well and those that do cannot program those applications for every concievable use-case. This is why you're often instructed to fiddle with things via commands in a terminal. No one has built a GUI tool to help you with xyz yet so users have to issue the commands directly if they want xyz.
If you want that tool to exist then you'll either have to build it yourself and share it with the world or pay someone to do that for you. This would likely be a pull request to add a feature to a program.
There is no world in which an operating system exists without a terminal, however; you might be able to help build one within which the average user never has to open one. That'd take a lot of education, hard work, and use of the terminal to accomplish and maintain.
To know what you're doing: read the manual. To take control: exercise what you learn from reading the manual.
If RTFM is too daunting a recommendation to start off with (no judgement! I get it) then start here instead: tldp.org/FAQ/Linux-FAQ/index.h…
The Linux Documentation Project predates the Arch wiki (and it shows) but that has zero bearing on its utility for beginners.
I know that "Everything is a file" means that even devices have their filename and path in Unix and Unix-like systems, and that this allows for common tools to be used on a variety of resources
Everything you do in any GUI is executing commands for you.
Those people have to understand programming and the CLI/terminal because, again, every GUI interaction is issuing a command to the system it runs on.
No one has built a GUI tool to help you with xyz yet so users have to issue the commands directly if they want xyz.
There is no world in which an operating system exists without a terminal.
There seems to be an incorrect understanding of what a terminal is doing. A terminal typically runs a "shell" program, which accepts input from the user. Some of the inputs are "commands", which are either internal (run an internal shell function) or running a binary.
An operating system can exist that has a GUI and doesn't have a terminal. A terminal is an interface just as a GUI is. (GUI vs CLI). They are not interdependant. They are simply different ways of allowing a user to interface with a computer.
Using a terminal and running "ls" not necessarily "issuing a command directly" anymore than a clicking an "ls" button in a GUI and it running some variation of system.exec("ls") is. Both simply run a binary and output the results.
Any document signed by Sleepy Joe Biden with the Autopen, which was approximately 92% of them, is hereby terminated, and of no further force or effect. The Autopen is not allowed to be used if approval is not specifically given by the President of the United States. The Radical Left Lunatics circling Biden around the beautiful Resolute Desk in the Oval Office took the Presidency away from him. I am hereby cancelling all Executive Orders, and anything else that was not directly signed by Crooked Joe Biden, because the people who operated the Autopen did so illegally. Joe Biden was not involved in the Autopen process and, if he says he was, he will be brought up on charges of perjury. Thank you for your attention to this matter!
Truth Social is America's "Big Tent" social media platform that encourages an open, free, and honest global conversation without discriminating on the basis of political ideology.
Japanese company Science is commercially producing its Mirai Ningen Sentakuki – Human Washing Machine of the Future – after an overwhelming response at the Osaka-Kansai Expo this year. Only 50 models will be made, with a price tag of US$385,000.
also,British : a number equal to 1 followed by 54 zeros
Ursini’s proposal asks for a mere 2^112^ addresses
Unless I'm mistaken, that would be 5192296858534827628530496329220096, or a bit more than 5 followed by 33 zeros, which is orders of magnitude different from both definitions. I wonder what this article's author is on about.
Disclaimer: The article linked is from a single source with a single perspective. Make sure to cross-check information against multiple sources to get a comprehensive view on the situation.
For those of you that use docker, how do you make sure your docker-compose.yml (and possibly .env) files stay current with the project’s ongoing updates? I’m sure there’s an easier way than what I’m doing which is manually getting the latest ones and chec
For those of you that use docker, how do you make sure your docker-compose.yml (and possibly .env) files stay current with the project's ongoing updates? I'm sure there's an easier way than what I'm doing which is manually getting the latest ones and checking the diffs in vscodium. And I'm sure some git magic already takes care of this but I've been slow in learning git beyond the VERY basics. Thanks!
I have automatic updates through a watchtower fork, so I just leave it alone until it breaks, then I go to the project site to see what changed. This has happened maybe twice in the last couple years.
I use a watchtower fork as well to keep some containers updated but I'm curious how others keep on top of docker-compose.yml files that the project updates over time. As an example, I've been using a container for years and noticed today that on the github page they've added a section in the compose file for a health check. I never would've known that was added if I didn't stumble upon it due to another issue.
Easy, reliable backups are key. I've used komodo with automatic updates for over a year and watchtower before that for a couple more. I've only had one issue when Nginx Proxy Manager had a release that deleted all of its own data. Didn't take long to realize that the services were still up and what the problem was. Restored the missing data from Proxmox backups, pinned the Nginx version for a while, then turned auto update on again. I'll stick to this until checking updates is less work than fixing the occasional problem
Just a few days ago, my docker host upgraded the docker engine from 28 to 29. Woke up to 10 notifications from my uptime monitoring that they are offline.
Funny thing is: The external monitor showed they are down. The internal monitor showed no issues.
But after I went through with the long procrastinated upgrade from debian 11 to debian 13, migrating the data and doing nothing to the compose files, all services worked without any issue. I don't know what my old host did or did not but now it works, I guess? Not complaining but the whole routing thing is a bit beyond me
I don't want to use automatic updates on self hosted projects but I subscribe on github / gitlab releases in my rss reader (FreshRSS) and update when I want to!
If you also use FreshRSS, you can configure filters to automatically mark new articles as read (e.g. intitle:'beta'). Since I only view unread articles, that effectively deletes them and I never have to see them!
I cannot recall a single self-hosted software documentation that mentions how to keep the docker config file up to date. Why bother wasting 5 seconds writing such an unhelpful comment
PLENTY of projects make tiny non-breaking changes to the compose files without any mention that users should update the file. For example, adding a section for a container health check. While these can be no big deal for a while over time they can add up to major changes in the config that users may not catch if they are not comparing yml files.
This is the kind of attitude that drives people away from open source.
Yes, people should read the manual, but at some point they will have questions, and there are a lot of projects that aren't clear on certain things. Such as YAML changes.
Other than keeping an eye on their changelog or waiting until it breaks, I don't think you can do anything about that. I do have automatic update, but the config rarely changes from my experience.
Good projects will have docs associated with the docker/docker compose files.
The way we do it is, any update to the .yaml files will have a corresponding .yaml.Dev associated with it. That way it won't be overwritten when an update occurs as well as give a recommended setup.
Basically I run Komodo, which pulls a git repo. Renovate opens a PR (and most of the time the changelog is included, so I can quickly check what happened) for new versions. Once merged a webhook fires to tell Komodo to pull the new version.
I really recommend this approach now. Once setup it is very automatic, but not to the point of YOLO-automation like Watchtower and :latest 😅
In this guide I will go over how to automatically search for and be notified of updates for container images every night using Renovate, apply those updates by merging pull requests for them in Gitea, and automatically redeploy the updated containers…
when you choose to update, PatchPanda edits compose/.env files and runs docker compose pull and docker compose up -d for the target stack. You can also view live log.
I too saw PatchPanda on selfh.st and it is on my watch list. The only thing holding me back is that it isn't out of beta yet. So, I'm waiting on other selfhosters to plow that field before I deploy. It does look like it would solve a lot of problems tho.
I don't pay any mind to example compose files. My are all quite custom anyway. Only thing that matters is paying attention to changelogs and watching for breaking changes.
Same here. Read deployment documentation, configure compose to my standards, deploy, update where necessary to align with the update (e.g. remove an environment variable.
The editing is done on my PC, then I open WinSCP or ssh into it (depending on my mood and amount of changes) and then apply the changes
Probably a tad overkill honestly but it works amazingly well, and turns every potential upgrade into an approval process so nothing will update when you don't want it to.
In this guide I will go over how to automatically search for and be notified of updates for container images every night using Renovate, apply those updates by merging pull requests for them in Gitea, and automatically redeploy the updated containers…
The Bristol Cable has launched a mobile app that bundles their journalism with the fediverse in a single app. It’s built in partnership with the Newsmast Foundation and available to members from £1/month. While their journalistic articles remain free, The Bristol Cable sees the social fediverse integration as the premium additonal option. The app consists of three layers: a home screen with news articles by the Bristol Cable, a dedicated member space for connecting with journalists and other supporters, and curated channels that pull in content on themes like climate change, linking Bristol’s local work to wider discussions. The app functions as a fediverse server, with the dedicated member space functioning as a local-only posting place, and the curated channels as a way to connect with the rest of the fediverse network, via Newsmasts’ channel.org network.
WebSocialBR is the first fediverse event that will be held in Brazil, on December 3rd in Brasília. The event wants to “bring together community administrators, managers, parliamentarians, researchers, and communicators to exchange experiences and strengthen decentralized networks in the country”. The event draws backing from Brazil’s Internet Steering Committee (CGI.br), the Ministry of Science, Technology and Innovation, and FediForum. ActivityPub co-creator Evan Prodromou and FediForum co-founder Johannes Ernst will participate virtually. WebSocialBR is organisated by Alquimídia, who has been coordinating Brazilian instances on age-restriction legislation and pushing for a “.social.br” domain category for federated networks.
Bonfire talks more about their platform and crowdfunding, by writing about their Mutal Aid stretch goal for the project. Bonfire also talks more about what the project is, and how it is “plural by design”. The opening sentence points is a clear statement by the project: “Bonfire is difficult to pin down with a single definition, and that’s a feature, not a bug.” The article then lists various features of the project, such as how it’s extensible, and that it’s a framework for building community platforms. Bonfire even quotes some people saying that they’re interested in the project, but find it confusing as to what it actually is. Bonfire has chosen for the approach that they do not want to run a flagship server for Bonfire Social. That however is now leading to the situation where there are no people running a Bonfire server in production for a community yet, making it hard to demonstrate in practice what Bonfire Social actually looks like. This poses a challenge for their crowdfunding effort. When potential backers try to understand what they’re funding, they encounter a platform that exists primarily as possibility rather than demonstration. The project’s own article quotes would-be supporters expressing this confusion directly: “I do wish they could get a little better at communicating what exactly their project is though, it took a hot minute, reading, and also asking folks on lemmy to try and figure out kinda-sorta-vaguely what they’re building…” Another notes, “I wish them the best, but I think they really need to work on their sales pitch. It’s hard to tell what it is.”Without a clear accessible demonstration of how Bonfire can operate in practice, it is a hard pitch to ask backers to fund an abstract framework based on its potential applications.
I usually don’t write about Threads, but this caught my eye: The latest PewResearch study on social media usage by Americans find that 8% of adult Americans have ever used Threads. This is in contrast with 21% of adults for X, and 4% for Bluesky, with Mastodon not measured. Meanwhile, Threads claimed a few months ago to have over 400M monthly active users, and another study from this summer found that Threads and X have almost the same number of daily app users (115M vs 130M). I’m really not sure what’s going on with these numbers: 8% of American adults is around 21M people who say they have ever used Threads. This leaves at least 380M monthly active users that are not in the US, but it is unclear where they are located. It seems that Europe also does not have a large number of Threads users, as the app launched much later on the continent. The most likely explanation seems to me that Threads aggressively counts people who use Instagram and get shown a Threads post on Instagram as a user of Threads, which would go a long way towards explaining both why the user numbers for Threads are so large while also explaining why so few people actually know about Threads.
FOSDEM has the Social Web Devroom about ActivityPub, hosted by the Social Web Foundation, and the deadline to submit talks is December 1st. There is still space for more talks to be hosted, so consider submitting a talk if you’re going to FOSDEM!
In This Issue
* A Note From The Editor
* Technical Updates
* Owncasts For Roku Updated
* Features
* Kit On Fireside Fedi
* Featured Streamer: Fireside Fedi
* Closing Remarks
A Note From The Editor
Did you miss me? This July-November …
I run WireGuard on my router to hit my LAN services (SAMBA, home assistant, etc) from afar.
But when I enable the VPN client on my router, I can no longer access LAN services over Wireshark. "Allow LAN access is set to 'true'" on the UI (Merlin).
“We are birthing superintelligence. We are creating the mind of God, infinite, destined to solve every problem we’ve ever faced and usher in an age without death.”
[img=https://media.piefed.social/posts/9T/KW/9TKWqu07WptAjI6.jpeg]9TKWqu07WptAjI6.jpeg[/i
“We are birthing superintelligence. We are creating the mind of God, infinite, destined to solve every problem we’ve ever faced and usher in an age without death.”
“We are birthing superintelligence. We are creating the mind of God, infinite, destined to solve every problem we’ve ever faced and usher in an age without death.”
What brain rotted CEO grifter is that quote even from?
When you say "AI", do you mean a large language model?
Then, no. A language model is not super intelligent.
Also, with respect to any artificial intelligence created by human beings in general, no. It is only designed to make predictions of text based on training on a corpus of text which is ultimately composed by a human mind or many human minds that are very fallible, prone to delusions, and also unaware of broader realities and dimensions of existence.
With the GlobalBuildingAtlas, a research team at the Technical University of Munich (TUM) has created the first high-resolution 3D map of all buildings worldwide. The open data provides a crucial basis for climate research and the implementation of the UN Sustainable Development Goals. They enable more precise models for urbanization, infrastructure and disaster management – and help to make cities around the world more inclusive and resilient.
The United Arab Emirates “embarked on a lobbying blitz” of European Parliament members to ensure its involvement in the war in Sudan was not mentioned in a resolution calling for the conflict's end, Politico reported on Thursday.
On Wednesday, Dutch Member of European Parliament (MEP) Marit Maij told DW News about plans to “call on the European Commission to stop the trade negotiations with the UAE for as long as we see that weapons are going through the UAE to the RSF,” referring to Sudan’s paramilitary Rapid Support Forces.
The call comes in the wake of the widespread atrocities committed by the RSF during its siege and eventual capture of el-Fasher, the capital of North Darfur in western Sudan, which were abetted by advanced weaponry from the UAE.
But following a lobbying effort from an Emirati delegation to Strasbourg led by envoy Lana Nusseibeh, the final resolution passed on Thursday included no references to the UAE’s role in the war.
The United Arab Emirates “embarked on a lobbying blitz” of European Parliament members to ensure its involvement in the war in Sudan was not mentioned in a resolution calling for the conflict's end, Politico reported on Thursday.
I remember back in 2014 or so, I found a YT channel about companies an tech with very high production values on their videos, they had several videos on Elon and his companies.
And in just about every time they spoke about Elon, they said it like this
Entrepreneur Elon Musk
It kinda became a weird mantra they repeated as if being an Entrepreneur made him some kind of expert.
I noticed that at the time, and it has pissed me off since.
Reminds me of companies that still call themself “startup” even after several years with a successful product. Just so they can rip employees off with low base pay and unpaid overtime because “we’re a startup”.
Musk isn't worth a single person's life. He's not worth a dogs life. He's not even worth the life of my old phones battery. We'd have to compare him to other parasites to decide "value". Like, what's better: tapeworms or musk.
Grok has achieved average human intelligence: It believes that someone paying other people, regardless of how they got their money and the ethical failures involved in using it, is equivalent to having done the work themselves. Nevermind that the only reason any of his shit works is in spite of his painfully stupid decisions and not because of them.
In a way, I’m not even mad. We do these things to ourselves and we refuse to look at the obvious.
I mean I live in America which is steeped in prejudicial treatment of all kinds of people. There's nowhere that's like purely unproblematic I can uproot my whole life and move to.
It's batshit insane to expect a while country of people to just kind of piss off.
Like I don't think I could afford to move to a new country flat out.
America isn't actively mass murdering the people it's stealing the land from though. Also Israelis have plenty of opportunity to go elsewhere, they always can get a second passport from their actual country of origin.
OOP is doing a great job providing them with the necessary motivation.
Like I said, all of those things are long in the past and peace treaties have been signed. Palestinians have not signed a peace treaty with Israel so they hold full ownership over all of Palestine.
Same with the the boycott of Apartheid South Africa.
Well, that explains why your first link is dead. Thanks for the explanation! I haven't been around this long; db0 is my first instance. I'm not that crazy, I just looked at them and said "damn that's wild, you know what you crazy SOB, I'm in." Like the meme... Futurama? Rick and Morty? Not sure.
I miss it... I never knew how much I'd appreciate seeing who down voted me. Occasionally I'd think, 'hmmm this guy with opinions I respect didn't like that? Why?' more often I'd think 'hahaha nazi'
geddit.social was technically my first Lemmy instance (although I used /kbin earlier and more than this). Owned by Stux (mstdn.social, pixey.org, gram.social,...) but it was late for lemmy.world-like growth.
trivia: Stux tried also to make a /kbin instance, (along with other prominent Mastodon instance owners. Only Fedia.io, from infosec.exchange survived. Kudos for Jerry). He has called it forum.fail
Il blogger non è solo un informatore: è un narratore. Anche quando parla di tecnologia, di cucina, di filosofia, di attualità o di qualunque altro argomento apparentemente “freddo”, il suo compito rimane quello di raccontare. Perché un’informazione senza narrazione è un elenco; una narrazione senza informazione è un esercizio di stile. Il blogger efficace vive nel punto di incontro fra questi due poli: illumina il contenuto con il suo modo unico di esprimerlo.
Chinese exporters have been raising prices for Russian military-industrial buyers, exploiting the Kremlin’s reliance on their supplies as western sanctions restrict imports, new research has revealed.
Prices of export-controlled products shipped from China to Russia rose 87 per cent between 2021 and 2024 on average, according to a new paper from the Bank of Finland Institute for Emerging Economies (Bofit). The price of similar goods shipped elsewhere rose only 9 per cent.
The research shows that while Russia has been able to use Chinese suppliers to get around western restrictions on the purchase of products that have potential military uses, the wave of sanctions imposed in the wake of the full-scale invasion of Ukraine in 2022 has pushed up costs for the Kremlin.
...
The authors, Iikka Korhonen and Heli Simola, focused on a major pinch point: the trade in goods listed as “machinery and mechanical appliances”, a category that includes a large number of items identified as being of importance to the war-industry push.
They concluded sanctions have “limited Russia’s technological capabilities by making the importing of critical goods more expensive”.
In some cases, they found that increases in the value of export-controlled imports from China to Russia had been driven entirely by price rises rather than an increase in trade flows. By 2024, Russia’s imports of Chinese ball bearings had surged 76 per cent since 2021 in dollar terms. But the volume of exports dropped 13 per cent over that time.
...
Relief from sanctions remains a critical goal of the Kremlin. In the original 28-point peace plan devised by the US and Russia and presented last week to Ukraine, the document states “the lifting of sanctions will be discussed and agreed upon in stages and on a case-by-case basis”.
It’s true. I uploaded a nude out of curiosity. I then searched “Penis”. It found my penis. Now if only my wife could too. 10/10 Immich best self hosted google photos replacement.
Personally I host all this kind of stuff using containers, only mounting the folders that need backing up. Then I just back up all my podman volumes. It's pretty nice not depending on any tools that have to be maintained or anything like that.
I have experience with both Ente and Immich and I can say they are both excellent. I like Ente a little bit more, but Immich is imho better for selfhosting (both are easy to self host). What I like about Immich in that regard is that it keeps photos organized as files too, they can be categorized in folders (like year > month > day and its customizable). I just want to have an option to have access to the files directly on the filesystem and if (big if) Immich dies, I still have my photos accessible and organized in directories without me needing to do anything. Ente uses s3 storage system.
It feels quite equal now that immich is stable. I was actually waiting for that, because I knew the updates before the stable release were sometimes painful and I didn't want to do that on my production env. 😀
Anyone with Nextcloud Memories setup? I've read it's the only one that still respects a sane files and folders setup, whereas the other options basically force you to forever use their database-based system and files are terribly organized, so you are forced to use their interface.
whereas the other options basically force you to forever use their database-based system and files are terribly organized, so you are forced to use their interface.
Immich has a "storage templates" section which allows you to choose a folder structure that it will use to store the files in.
Or go the other way and include your folders as external libraries.
What do you use for 3-2-1? I try, so far I have my phone, backed up to a server HDD via SMB (Too poor for RAID-1 atm), and the very important stuff sent to a USB drive and returned to a drawer. Am I doing it right haha
I have it and immich set up. Nextcloud memories is fine, but for me the auto upload would randomly stop at some points. Overall ux with immich is better, but memories gets the job done.
I don't use Memories, but yes, uploading photos with FolderSync to Nextcloud (via WebDAV) does add them to the Nextcloud database. They show up as new photos in the recent activities list.
Ah, that makes sense. Didn't realize FolderSync went through the WebDAV protocol. I'm used to manually copying things to my nextcloud drive and running a scan.
I use Nextcloud Memories for uploading folders to quickly share to relatives. Love it, very straightforward for them to use.
I also host Immich but unlike Memories not exposed, local only. I set Immich up because we found we never looked at our photos when they were just stored on a hard drive but we look at them much more now theyre easily accessible. I spent months slowly retrospectively tagging & adding geo locations to our photos in order to utilise the powerful search capability of Immich. I use the template option & set it up to match the folder structure of our photos.
I'm using Kopia to back up the entire Immich directory including the nightly Immich-db dumps & ive also moved a backup of the backup to another drive, currently somewhere in the region of about 80+GB.
I switched from Nextcloud Memories to Immich when Immich added support for external libraries. From what I remember, Memories was pretty good but a bit slower, not as polished, and had significantly worse AI tools. I recommend Immich.
Oh yeah, I've killed mine a couple times. Usually it's because I didn't keep it updated and jumped too far ahead too quickly. Rolling it back and walking it forward fixed it for me once, another time there was something I was supposed to run first and I didn't read the release notes (that one was a really long time ago though).
Every part of what you just said can be encapsulated in proper packaging so you don't even need to care -- about pre/post upgrades, or even dependencies and checks before it starts.
The lack of a proper release is the absolute only thing keeping me from using it.
When I used iOS, background upload seemed to work okay. On both iOS and Android, though, I occasionally go into the app to manually backup since both like to kill background processes to save on battery life.
They should use what's out there and improve it. Like including simplelogin. They should use immich, make it private, and include it in their setup. They even suck for calendar. You can't integrate it anywhere. Integrating email is difficult as well. They want to become the next tech silo. I am somewhat stuck with them for now but I may move to tuta if I can
Proton services generally are not bad, but I could never use Proton Drive for anything else than mid to long term backups, because they don't have it integrated with Linux. I am not angry though, it is what it is and I am only in the niche (even-though Linux is the best OS for privacy). Ever since I have setup my Truenas (and Immich) I find myself caring even less about not being able to use Proton drive 😀 That said, once they have integration I want to use it for a few files.
Immich + a backup solution of your choice. If it's worth saving, it's worth backing up. Try to follow 321 as much as possible, but having at least a second copy is a good start.
I started using photoprism. But their viewer doesn't show my 3D side by side stereo photos. Immich brings a better viewer that gets out of the way and it also has multiple users. The immich multiple user accounts function a bit weird. My family photos need to be shared as external libraries while our phone photos cannot be shared unless you share accounts. They did some decisions around handling multiple users that is not fabulous. I used photoprism for awhile but just a few months on immich I can tell its going to be a better experience.
There isn't an online specific place for 3D printing optic assemblies but there are plenty of places to read about stereo photos. There's even a software called stereophotomaker that helps you crop and adjust the photos you take.
Yeah its pretty simple yet very much not trivial. You can get images that are relatively fine by just making one from cardboard even. All you need is 4 mirrors. Two pairs for one side and two for the other. The non trivial part is how to fill the whole sensor frame and what specific angles to use for your specific lens. I'm using a 40mm lens full frame. 35mm can see the inside of the adapter so that's not good. It gets worse with the wide lenses on your phone, but you can still get an image you can crop. And its its really freaking cool to see your kids and family in 3D on your phone on a finished image. Unfortunately my family runs from the camera and doesn't get the 3D effect at all..and doesn't even want to try. But whatever. Maybe one day when I'm long gone, one of their kids will find an old rusty SD card and discover the awesome thing that 3D is. I don't understand why all the 3D headset makers haven't jumped on this with a standard....simple, have all new phones get 2 cameras, and then create the software to take the images or video. Finally have that video in a standard format for all viewers. There's plenty of smart people that can do this.
Oh and yes, you can do 3D video and it kicks wide angle viewed video so so much. It's phenomenal to watch my kid slide down a slide in 3D. I know it sounds stupid but man....the possibilities for the right open minded community are endless.
One more vote for Immich. While I don't like how it's not easy to create albums from existing folder structures out of the box, the search and face recognition is amazing for a free self hosted app.
It wasn't mentioned in the list, but I like Photoview; it uses your existing file structure (rather than its own structure or a database), works with read-only access, accepts external syncing like Syncthing, and can handle multiple users. Not sure how it compares on features, but I just wanted something basic anyways, so I'm happy with it.
Does anyone know if any of these systems will interpret a Google takeout export from Photos? The data separation is brutal, I haven't found something to pull it together yet.
A record number of people are set to take China’s notoriously gruelling national civil service exam this weekend, reflecting the increasing desire of Chinese workers to find employment in the public rather than private sector.
Around 3.7 million people have registered for the tests on Saturday and Sunday, which will be the first since the government increased the age limit for certain positions. The age limit for general candidates has increased from 35 to 38, while the age limit for those with postgraduate degrees has been raised from 40 to 43.
“We believe that if every child can see a future worth saving for, this program will build something far greater than an account. It will build hope and opportunity and prosperity for generations to come,” said Michael Dell, the founder and CEO of Dell Technologies whose estimated net worth is $148 billion, according to Forbes.
The Dells will put money into the accounts of children 10 and younger who live in ZIP codes with a median family income of $150,000 or less and who won’t get the $1,000 seed money from the Treasury. Because federal law allows outside donors to target gifts by geography, the Dells said using ZIP codes was “was the clearest way to ensure the contribution reaches the greatest number of children who would benefit most.”
The Dells hope their gift will encourage families to claim the accounts and deposit more money into it, even small amounts, so it will grow over time along with the stock market.
There is a political benefit for Trump and fellow Republicans. The accounts will become available in the midst of a midterm election, providing money to millions of voters — and a campaign talking point to GOP candidates — at a critical time politically. The $1,000 deposits are slated to end just after the 2028 presidential election.
Opinion piece by Li Qiang, founder and executive director of China Labor Watch, and a human rights advocate with over 30 years of experience investigating global supply chains.
China’s low rights model is no longer a domestic labor issue but a systemic challenge to global labor standards, supply chain governance, and fair market competition. Without a coordinated civil society response, the global baseline for worker rights will continue to fall.
I call China’s economic model a “low rights” one because it has long relied on suppressing labor costs to maintain industrial competitiveness. As a result, trade imbalances between China, the United States, and Europe are strategically linked to China’s ability to attract multinational companies through low-cost labor and policy incentives. At the same time, Chinese companies internalized the technology and management know-how of these foreign companies into their domestic systems, gradually transforming what were originally Western competitive advantages into China’s own strengths.
[...]
In recent years, China’s “low-standard, low-cost” development model has expanded beyond its borders. Through the Belt and Road Initiative, it has spread globally, exporting labor, environmental, and governance risks to host countries. Nowhere is this more evident than in Indonesia’s nickel sector, where mining and smelting contracts are so short that they function like countdown clocks, pressuring companies to recoup capital as fast as possible.
[...]
This “low-cost” model has been permitted to exist due to an increasingly shrinking civic space. Independent labor monitoring inside China has become dramatically harder in the past decade. Today, only a few independent organizations remain capable of conducting investigations, such as China Labor Watch. Yet, political risks deter most international funders from supporting work inside China, leaving independent oversight critically under-resourced in an area where it is needed most.
[...]
To counter this dynamic, civil society organizations must be central to any strategy for raising global labor standards. We can advance change in three key ways.
First, increase public awareness. We can collectively highlight that consumers must recognize the real costs behind low-priced products: long working hours, low pay, job displacement, low labor standards. The public must understand that declining labor standards ultimately harm every society. In reality, with wages stagnating in many Western countries, more consumers rely on cheaper products that are produced by workers who are, in fact, competing with them for similar types of jobs in the global labor market.
Second, advocate and partner with authorities for the rigorous enforcement of forced-labor laws. Import bans, labor regulations, and due diligence laws already exist. But enforcement depends on independent organizations holding authorities accountable, and providing evidence if there are enforcement gaps. It also requires sufficient and sustained funding to ensure that these laws can be implemented in practice, rather than remaining symbolic commitments.
[...]
The EU Forced Labor Regulation and the Corporate Sustainability Due Diligence Directive (CSDDD) had their scope narrowed during the legislative process, while U.S. forced labor import enforcement remains inconsistent and lacks clear direction, making the global regulatory landscape by significant uncertainty. If global civil society does not intervene now, global labor standards will not simply stagnate; they will be redefined downward by a model built on speed, opacity, and the suppression of rights.
Pretty sure they'd excuse the labor laws in some massive feat of mental gymnastics. Something something "things are so good everywhere else that workers don't need protection!" Something something cherry picked worker demonstration in a wealthy factory district "See?? They have rights!"
China is communist in name only, clearly. Would take a determined moron not to see that. Anyways, tankies are just red coloured fascists so I guess it's silly to expect much from them anyways.
China is a brand new type of socialism, one that Marx couldn't ever hope to write about, as that would have needed him to go through many important moments of world history (great wars, nuclear development, age of information...) that he could never have predicted. China in the 50s was an agrarian/third world nation, after the CCP took over their plan was simple: "Muster the strength of the entire population to push China into a new age through carefully planned country-wise economic strategies". It's a different perspective when compared to western capitalist societies that value individual freedom above the well-being of the nation, their idea was to value the nation above everything and everyone. To sacrifice generations in favor of economic development, to turn weakness, a poor country with more people than it could feed, into strength, a country where labor was so cheap it became the perfect trap to steal the advantages the first-world had developed: industries. Now, the western world has lost all of its advantages, they no longer have manufacturing capabilities that are enough even to supply their own demand, and its final advantage, technological supremacy slowly slips away from their hands. All that they have left is a class of uber-billionaires more than willing to sacrifice entire nations just so they can buy another yacht. Meanwhile, western media points their finger and exclaims: "Inhuman! The Chinese are using their own people to steal our western jobs with cheap labor!!!", and Liberals left and right look down from their "moral superiority" seat of ignorance and agree, calling the chinese the evil masterminds of the century for daring to not (EDIT: word order) have their same views that valuing individual freedom as a divine natural right, as said Locke, is the only correct moral path, and anything else is Evil wrought upon this world. Thus, they fail to see that, although indeed Machiavellian-looking, valuing the community, the society, above the individual is exactly where the true left had always resided. What good is personal freedom when a man can buy another? And do not mistake me, I do not claim their methods to be flawlessly, they are indeed ruthless, but the Chinese Government can most certainly be conferred the title of "efficient", in a few decades they took a country from the throngs of poverty and the past and pushed it forward, with sacrifices indeed, to the forefront of modern development. Are they truly wrong? Would you prefer they'd stuck to being slaves of first-world countries? As someone who does live in a third world, developing country, as they say, I'd be very very glad to see the same mentality of my own government, I'd sacrifice myself gladly to hope for a better future for the next generations. Instead, all I get is the proverbial choice of working my whole life to not starve to death while making a garbage human billionaire hiding in a mansion somewhere richer and richer at the cost of the people, all while my country not only barely inches forward in quality of life, but is constantly shoved back down the mud by the actions of western interests, that easily stoop to all the tricks of the CIA handbook just to keep us too busy too see that the evil wears not red, but blue and stars.
You wrote a lot to not say much, China's 'new brand of socialism' is just state run capitalism. Don't get me wrong, they have achieved a lot and modern china is very impressive, Id like to visit one day. Still ain't communist, and the ccp knows this, they just like the branding.
I think the argument is rather that the dictatorship of the proletariat is the proletariat taking political control over capital. The tankies, so to speak, recognize that this does not resolve all internal contradictions of society nor instantly improve the material conditions of said society.
What you might agree on is that: 1. The current world order is capitalist. 2. China was an extremely poor country that has improved the material conditions for their populace tremendously in a short time span.
Does this mean that worker's rights are unimportant? No. However, I believe the political leadership prioritizes the development of productive forces over worker's rights at this stage of development.
I also want to highlight the question of who benefits from this labour. If the proletariat is the class that benefits from their own work and the government has their popular support, is this really the red fash, authoritarian exploitation that the other comments and western media assume it to be?
This is just my flawed understanding, of course. There are probably many who can give better answers. Looking at the comment section at time of writing, I am not sure such an effort is deserved.
The dictatorship of the proletariat was a philosophical construct. Not a literalism. Industrialization has improved the material condition of every society that has been through it. It has nothing to do with left or right etc.
The current world order is capitalist.
And capitalists like China aren't going to change that.
China was an extremely poor country that has improved the material conditions for their populace tremendously in a short time span.
Again that's a factor of industrialization. Not economic model. The problem they're just starting to face that countries like the United States and others have been struggling with for some time now. Is that the petite bourgeoisie has always benefited more. And expansion or growth can never be infinite. Once that slows the proletariat is always the first victim of the bourgeoisie.
First of all, the advance of the bourgeois class cannot be separated from the industrial technological revolution in a historical materialist context.
With regards to
The dictatorship of the proletariat was a philosophical construct. Not a literalism. Industrialization has improved the material condition of every society that has been through it. It has nothing to do with left or right etc.
note that (quoting Wikipedia)
In philosophy, a construct is an object which is ideal, that is, an object of the mind or of thought, meaning that its existence may be said to depend upon a subject's mind.
You are making a reductionist claim that the form is only ideal, which is untrue. The dictatorship of the proletariat is not ideal, it is material and can be analyzed as such, whether or not you agree on its ideal form.
The crux of your argument is that the industrial revolution and the bourgeois revolution has developed the productive forces, i.e. capital, and thus improved the material conditions of many people as a result. Even Marx agreed on this issue in the 1800s, remarking the absence of novelty of this idea. What you conveniently ignore is the exploitation that this development has inflicted upon every citizen outside the imperial core.
The nonsensical wording of
the petite bourgeoisie has always benefited more
than the proper haute bourgeoisie, is self explanatory for anyone understanding what the word "petite" means.
That
expansion or growth can never be infinite. Once that slows the proletariat is always the first victim of the bourgeoisie
is also not novel to any socialist worth their salt. However, this is more of a nod in the opposite direction of what you think, towards western countries currently undergoing a state of crisis.
If the proletariat is the class that benefits from their own work and the government has their popular support, is this really the red fash, authoritarian exploitation that the other comments and western media assume it to be
Yes, because without basic political rights which do not exist in China, Chinese workers have no political agency by which they can express a political preference. It is entirely possible that given such freedoms, the Chinese people would implement the exact same system of government they have now, but there is no way to know that since the functional basis for political self determination does not exist.
I am not quite sure I agree that proclaiming a resolution to class struggle by taking political control over the means of production is sufficient to resolve internal contradictions. The statement regarding "basic political rights" however seem to imply that this in particular is ensured in liberal democracies, on which I definitely categorically disagree.
I spend one third of my life at work, one third sleeping and one third making myself ready for either. At work I have no "basic political rights", not because I live in China, but because there is no democratic control over the mode of production in my liberal democracy.
I think that freedom ultimately necessitates equity, at the very least with regards to opportunities in life. In western countries, you pretty much only have the option to live subservient to the capitalist class. The political freedoms are hollow as long as political power is controlled by capital.
So what am I saying? That I believe a socialist society is the only one that can give any basic rights, and that in turn one must rephrase the question whether China has attained socialism to whether they are working to attain it. Then the situation of current worker's rights become a question of whom their work serves.
To the victor goes the spoils, after all. Bear this in mind when you relativize the material conditions of Chinese workers to that of western ones, who historically directly benefitted on the exploitation of the former.
You are doing the age old ML trick of attaching the rights which convey political agency to a specific historical epoch of economic liberalism. If we are to understand that the Chinese socialism is a process which inherently must navigate through flaws and imperfections of the material conditions it is dealt, then surely we much acknowledge the same of the western struggle. And yes, it is a struggle all the same, albeit from a position of historical privilege.
In reality there is nothing about the enshrinement of individual rights which requires or implies capitalism or imperialism, other than historical snapshot these things have been attached to. It is no more correct than saying all socialism requires autocracy. In fact, we have an entire century of revisionist thinking which modifies Marx with this specific goal in mind. So just as China approaches this struggle from a more Orthodox perspective inspired by Lenin and molded by a period of historical oppression (itself a bit or a contradiction given China's broader history), the west's struggle is throwing off the shackles of its comparative success and influence which binds it to so much old world influence. Both molded by imperialism in different ways. Both currently stuck in a vicious cycle of capitalism, thrust on them by material reality.
If we are to understand that the Chinese socialism is a process which inherently must navigate through flaws and imperfections of the material conditions it is dealt, then surely we much acknowledge the same of the western struggle.
We are, and we are analyzing the situation materially and historically in hope to arrive at a real understanding of the internal contradictions of either system. Historically, as you say, the capitalists use their privilege to exploit the rest of the world. When the crisis revolving around the internal contradictions become to great, they decay into fascism.
📍This is where we currently are with respect to the stages of the western capitalist cycle.
In reality there is nothing about the enshrinement of individual rights which requires or implies capitalism or imperialism, other than historical snapshot these things have been attached to.
Well no. Conversely the enshrinement of individual rights requires the absence of capitalism and imperialism, in favour of socialism. I am not saying that communism with Chinese characteristics is the only way to attain this, that would be stupid and contrasting our understanding of material reality.
I agree that the West is not only as much, but even more powerless to change its own capitalist mode of production due to the material reality. This is even more favouring the line of China in paving a new path for the betterment of all. Give the west a bit deepening of state of crisis, and it will be sure for all we are going to need it.
We are in agreement on many topics. Where we diverge is in the mythologizing of deterministic western fascism without making the same potential attribution to failures at implementing socialism. This is, simply put, a failure at critical analysis. History has seen both cases. The idea that the Chinese system is the answer to, or even a protective force relative to western imperialism, simply because it exists as an alternative, is flawed reasoning. I would even say dangerous reasoning. The path forward is understanding and learning from the failure and success in all systems through history. In China's case, a big part of that is literally the inability to discuss its failures. And I'm not just talking about the legal state of China itself, but also the broad hesitancy to acknowledge this as a failure within leftist circles.
These acknowledgements do not collapse any house of cards unless it has been built on fragile ground in the first place.
I remember when it wasn't uncommon to buy a prebuilt system and then immediately upgrade its memory with third party DIMMs to avoid paying the PC manufacturer's premium on memory. Seeing that price relationship becoming inverted is a little bonkers. Though IIRC Framework's memory-on-prebuilt-systems didn't have much of a premium.
I also wonder if it will push the market further towards systems with soldered memory or on-core memory.
I don't see how it would push manufacturers to do that. I can see how it would make consumers more open to soldered RAM if RAM is so expensive there is no way you are going to upgrade it later. But, I would be interested to get your thoughts as I miss stuff that feels obvious I'm hindsight all the time.
If consumers aren't going to or are much less likely to upgrade, then that affects demand from them, and one would expect manufacturers to follow what consumers demand.
Prices rarely, if ever, go down in a meaningful degree. Stuff like this is partially necessity and partially a REALLY good excuse to see what the price ceiling actually is... and then turn that into the floor moving forward. Just look at gas prices
The "AI Bubble" is likely to be on the same level as the Dotcom Bubble and the like. It is going to be brutal and a LOT of people are going to lose their jobs... and then much of the same tech will still dominate just with more realistic expectations. And that will still need large amounts of memory
If the "AI Bubble" really is as bad as people seem to want it to be: A LOT of the vendors who make the parts you are buying RAM to use are going to be gutted. And then RAM production will drop drastically. Which will decrease supply and...
What you are describing is something different... that is "close enough" to Moore's Law for all but the most pedantic.
The (I forget the proper economics term so) base price of RAM/Storage does indeed go down as new processes and economies of scale are developed. But the cost of a "laptop hard drive" remains pretty steady in the sense that a couple hundred MB was enough back in the day but you REALLY want at least 500 gigs now. The price per byte does indeed drop rapidly but the price per "drive" is far more stable (not fully stable due to inflation and how many people are buying them, but within spitting distance).
Its why a good rule of thumb was to always just spend roughly the same on storage during an upgrade and that would result in faster technologies and larger capacity drives and so forth.
That isn't what is happening with RAM in 2025. A much better comparison is GPUs because... it is the same problem. It is ridiculously high demand from businesses (often startups pouring dump trucks of VC money into their only hope... well, VC money or drug money in the case of miners but they matter a lot less these days) driving this. A quick search didn't yield an easy graph and I can't be bothered to go dig through Gamers Nexus's twelve videos on it, but the price of an "entry level" GPU has drastically changed in the past decade.
But just for two-ish data points?
The GTX 980 and 970 had an MSRP (probably) of 550 and 330 USD, respectively, back in 2014
While there is some other bullshit involved, the RTX 5080 and 5070 have MSRPs of 1000 USD and 550 USD in 2025
Adjusting for inflation, the 980 and 970 would still only be about 753 and 451 USD in 2025 dollars
And let's not forget that basically no cards were sold at MSRP back in early 2025...
The last point being what is, by all accounts, going to be the new normal. Barring outside impacts like... RAM going through the roof. Vendors will sell the cards for the ACTUAL MSRP rather than the inflated demand prices. And they will still be considerably more expensive as a result.
All of which is to say... my current card is definitely good enough but having a hard time deciding if I do one "final" upgrade for the decade. But I am an AMD boi so those are at least "reasonable" in terms of price per performance.
Prices rarely, if ever, go down in a meaningful degree.
In 2011, there was a large flood in Thailand that impacted ~40% of hard drive manufacturing. As a result, hard drives significantly increased in price. This was back when SSDs weren't mainstream yet.
A year or two later, when manufacturing capacity was restored, prices were essentially back to what they were before the disruption.
Apart from disruptions like that, HDDs, SSDs, and RAM have always been going down in price.
In 1995 I bought 4 MB of RAM for DM 200, which, adjusted for inflation probably works out to about €200 in today's money. I'd say, prices have come down quite a bit, since.
I'll never forget buying my first MacBook in '07 and asking the guy how much it would cost to bump the RAM from 1Gb to 2Gb. He told me in no uncertain terms that I'd be better off looking online for a cheaper price.
Well, in the intervening years they certainly have closed that loophole.
I worked at a knock-off Apple Store in the PNW from 2009 to 2013 and I told this same line to MANY people. The thing about being an “Apple Specialist” is that we sold more than Apple did, including “aftermarket” RAM modules to do that upgrade on-site for customers, saving those customer money AND netting us more profit than if we had sold them the Apple SKU with more RAM. When Apple closed this loophole it was not just at the expense of end-users, but their channel partners too.
Yeah, I ended up dropping 4Gb in that one. For some reason it could only see 3Gb, but it made it immensely more useful. It got me through a radio production degree and only got replaced because I happened to find myself in a position to be able to afford a 13" Pro a few years later. In fact, it's still in a box somewhere.
Hi, I am not exactly sure how best to frame this, but recent events have got me wondering where exactly Framework, as a company, stands with regards to human rights and equality.
Yeeeeeaaaaaah I don't think I can do business with folk who aren't clear about that sort of thing either. Not when there are other Linux centric builders you can support.
Holy Fuck didn’t know that DHH is a straight up Nazi. I always thought he was nothing more than a dumb autistic libertarian, guess that black and white thinking some people on the spectrum have pushes them far right.
They published this blog post that lists all the projects they supported, and calls for the community to submit projects to support in a form.
The blog post did not acknowledge the situation, but the list showed that they stopped supporting Omarchy and kept support for Hyprland. It was noted during the drama that Hyprland's toxicity levels have dropped since they set up a moderation team. Their reputation might not represent them as they are currently.
I stopped following the events at this point, so if something happened after that, I'm not aware of it
We make a number of sponsorships each year in the form of both monetary donations and product donations. We're sharing a list of our sponsorships since the start of 2025, and will continue to keep this up to date over time.
Hi, I am not exactly sure how best to frame this, but recent events have got me wondering where exactly Framework, as a company, stands with regards to human rights and equality.
Framework has been financially supporting far-right neo-nazi developers. When they were asked for an explanation by the community they didn’t say “we condemn hate and will look into that” — instead this is what they said.
We deliberately create a big tent, because we want open source software to win. We don’t partner based on individuals’ or organizations’ beliefs, values, or political stances outside of their alignment with us on increasing the adoption of open source software.
Hi, I am not exactly sure how best to frame this, but recent events have got me wondering where exactly Framework, as a company, stands with regards to human rights and equality.
Lol, guess who just made themselves a target. They are now profiting directly on people who stream content they don't own from other people's servers. Plex is going to go down when Hollywood sues them.
I believe if the server hosting the content has a plex pass then end users are allowed to stream from it without any additional subscription or membership. At least that is how it was several months ago when they announced this.
But you are right, even with the above being true, there will still be a non-insignificant portion of users paying to stream from servers.
Ok, if you find any info on that please post it. I’m going to be on the look out for it and do the same if I find it.
I’ve had a plex pass since before 2023 so this doesn’t affect me either way.
But 2023 doesn’t sound right for when the grandfathering ended. I do not doubt that there is an end date for grandfathering but for that to have happened in 2023 sounds punitive towards their users and not a good long term strategy.
Sure, enshittification and all that. I don’t doubt greed is the motive but they had to have known by ending grandfathering 2 years before implementing a policy like this would stir a user revolt and strengthen their competition. Especially with all the increased enshittification they have pushed out over those 2 years.
Jellyfin is notoriously full of security holes. It's recommended to not expose it to the Internet. It's also easy easier on Plex, at least until this bullshit, to have a random non-techie family member sign in to your Plex server from anywhere. I never liked Plex and never got into it, but I see why people used to prefer it.
I think Emby is a good middle ground for people looking to jump ship from Plex. But I switched to jellyfin from my lifetime Emby sub because the plug-in community there feels dead and Emby development felt dead in the water.
If you read the comments the devs know it's a serious issue but don't want to break backwards compatibility fixing them. Their solution for now is to warn people of the risks of exposing their instance to the Web. Which I don't think they're doing a great job of.
Collection of potential security issues in Jellyfin This is a non exhaustive list of potential security issues found in Jellyfin. Some of these might cause controversy. Some of these are design fla...
Aside from most of those being “potential issues”, which weren’t proven, the rest are GETs of things that do not need to be secret, things like album art and list of installed plugins. Besides the one plugin issue, which was an actual security issue, which was fixed over a year and a half ago. github.com/jellyfin/jellyfin/p…
This came up in chat yesterday. We allow reading of installed/available plugins and repositories in addition to allowing both read and write for plugin configuration. This is unsafe and something w...
CVEs don’t get issued “resolved” statuses… They are either reserved, published, or rejected (technically NVD have a few extra for published). That’s just junk data in that tool you’re using. Use authoritative sources like cve.org or nvd.nist.gov.
You can see the CPEs on NVD and they’re old versions of Plex (and were old when the vulns were published).
Yeah, as you said, that's a pretty serious security issue. That's a data leak that explicitly lays out the shape of your attack surface. It tells the attacker exactly what additional software your server is running and if any of it includes known vulnerabilities, the attacker now knows how to gain access.
That only works if the plugins are somehow accessible through an api controller, which as far as I’m aware, is not how jellyfin plugins work. So no, it wouldn’t increase your attack surface at all.
Its also possible for a webserver to offer two versions of an API. Add a new one that needs authentication, mark the old one as deprecated and add a checkbox to disable it. Then clients can update to use the secure one and if you use and unmaintained client you can enable the old insecure api
That's the opposite of my experience. Jellyfin just works and immediately exposes the content we're looking for, plex tries overloading you with bullshit and burying your actual content
The only real usability issue I've had is auto cataloging. It isnt right much of the time. But I don't have any remote users that don't have network access so that simplifies things a whole lot.
Yes, after I set up the server properly (reverse proxy). With this change the same setup on the server side is necessary for remote streaming with free Plex.
My mum puts in the domain, username and password and starts streaming.
I set up Jellyfin on my mother-in-law's TV, it's just push play.
My mum has an Apple TV (the device, not the subscription) and on there she uses swiftfin. The only issue has been sound not working on certain audio tracks on certain movies, but in general it is easy for anyone.
Both are very familiar interfaces for anyone used to playing something from a streaming service.
I think I tried this when troubleshooting and didn't notice a difference. Nevermind, I pretty easily taught her how to bring up the menu and switch audio streams so she can solve it herself now.
I never really understood intuitive as a description for user interfaces. I remember back when opinion articles on Tech news websites would use that term to mean it "looks and functions exactly like Windows XP"
Idiomatic usage of ‘intuitive’ regarding interfaces breaks down into
‘familiar’, so, confusing intuition with knowledge, or
‘discoverable’, which is more accurate and describes things like icons and tooltips and menus, where the rules of usage become more or less apparent with exploration and logic.
This is legit the opposite of my experience. I am a relatively tech savvy user, I like to fiddle with all the settings and an ugly UI doesn't inherently deter me as long as the experience is good, so when I first installed jellyfin I was ready to have a clunky experience fighting the UI.
Despite that, I was legitimately surprised at how Jellyfin was far less confusing for me to use out of the box than plex ever was. I found Plex's UI very confusing to navigate on my TV and my family did not like using it either. I remember especially hating all the extra categories and freemium content plex added that I wasn't interested in viewing but couldn't remove (or at least did not find a way to remove). In Jellyfin all of my content is just there and very easily categorized and there's no superfluous elements in the UI, just my stuff that I want to watch.
I remember plex also gave me more trouble during installation than jellyfin did. I actually found jellyfin very pleasant and intuitive to setup. Plex sent me down a Google rabbit hole to diagnose why it wouldn't boot at all.
It was genuinely such an awful experience as a first-time user that it made me wonder why anyone would use plex.
I remember especially hating all the extra categories and freemium content plex added that I wasn't interested in viewing but couldn't remove (or at least did not find a way to remove).
Not doubting your experience at all. For all I know it’s a new option; I just discovered it, but for the other folks like me still stuck with Plex, most (all?) of this can be disabled in the Online Media Sources setting on the server (yeah - I know 🙄)…
Because I don't have to learn about things like proxies to try and open the service up outside my network in a secure manner or try to explain to family they need to run tailscale at the same time and then inevitably have to provide tech support for another aspect of "why is this not working?"
I just check allow remote access and it just works and I can go about my day doing things I enjoy more because fucking about with Linux and providing tech support are pretty low on that list for me 😀
Because it does it for me? In Plex I just tick one box in settings to allow remote connections and then choose which libraries to share to which users and bam they can access all that content just by downloading the Plex app and logging in on their end.
No, not at all. Jellyfin you'd have to setup a proxy or some kind of VPN like tailscale for the remote client to be able to access the media. I started to try and figure it all out when I first set up my server but as I have said in another reply j dont really care to waste the time learning how to do it in a secure manner and minimise the friction on my other users so I dont know the ins and outs but jellyfin you absolutely can't just tick a box and share a library.
Also jellyfin meta data analysis was shit compared to Plex and so I'd have to spend even more time actually managing the server that I dont have to do with Plex.
Plex has an automatic proxy service hosted by their public servers. If you haven't or can't configure port forwarding correctly, plex will route the connection through their own servers.
The problem is, that also means Plex co has total control over your server and the data sent between it and clients if they so choose. Anything from quietly logging the data sent back and fourth, to controlling who can connect and what they can do while they are.
Jellyfin has to be correctly exposed to the internet via port forwarding or tools like tailscale/a vpn; but it's entirely your server under your control. You have ultimate control over how your server can be accessed, but that also means you're responsible for actually setting that up.
Same. For whatever reason Jellyfin just does not want to work outside of my network. I have fiddled with port numbers, settings, and everything else. I have no idea why it won't work.
Sounds like you're behind cgNAT, which essentially means there's another router owned by your ISP that's between yours and the open internet, which also requires port forwarding, but your ISP will never do that for you.
It complicates things, but the solution(s) are tools like tailscale, cloudflare Tunnels, or to rent a VPS just to host a proxy/vpn.
Plex solves this by using their own public servers as a proxy for you, but this is part of how they have control over your users/server/data, such as blocking remote streaming... That makes more than a few people uncomfortable.
Yeh these are things I realise and I know there are solutions. The way Plex does it isnt ideal but also it works for me and my current knowledge level.
Maybe in the future as I learn more I can move on but right now it works for me and I dont have the time or motivation to put into learning everything else I need right now, as with everyone else in the world right now there is a lot of other shit going on that it just isnt high on my priority list unfortunately.
I'm still in my first year of self hosting personally and as well as being a Linux newbie I have learnt a lot and it has been a steep learning curve with everything.
I only bring it up because you explicitly said you have no idea why it doesn't work.
Take things at a comfortable pace; there's no sense overwhelming yourself. Then you just forget what you've done and end up lost in your own maze.
I started with Plex myself, almost 10 years ago. Moved to Emby, where I learned about buying a domain, setting up ssl through a reverse proxy, and just continued to explore from there. Today I run ~26 containers/projects across three systems and I'm always keeping my eye out for interesting new things.
The way networking has developed is honestly embarrassing. We shouldn't have to have cgNAT or any of the other problems that come with how we've broken the end to end principle, and it's made us reliant on centralized Services when there's absolutely no technical reason why that ever had to be the case
Thankfully CGNAT isn't as common in the USA as it is in other countries. In the US, ISPs generally either offer native IPv4 (most of the major ones), or only use IPv6 and provide IPv4 at all. The latter is the case with a lot of the mobile carriers, especially T-Mobile. Your phone only gets an IPv6 address, and their network uses 464XLAT to connect to legacy IPv4-only servers.
Typical condescending reply that I expect, yes it is a "skill issue" and I don't really give a fuck. We don't all have the same skills or the same levels of interest in acquiring those skills, some of us just want a solution that works easily for their skill level.
It is your kind of attitude as well that puts more people off learning these things because without a real interest in learning these things those kinds of hostilities just put people off of wanting to participate in those circles.
Yes. You could learn everything you need to know by watching a 20 minute YouTube video, but you’d rather use a paid product instead. That’s, like, the definition of a skill issue. The issue isn’t that the software is hard to use, it’s that you refuse to learn how to use it.
And that’s not the fault of Jellyfin, because the “ease of use” of Plex is because it’s a paid product. They can afford to run servers to make everything work for you without having to put in any effort to learn. You’re using their servers to make it easy for you, and you’re paying to do it.
It’s fine if you don’t want to learn to set up a service, but it does make me wonder why you’re commenting on a self hosting community. It seems to me like you’re not interested in self hosting. (Not trying to assume, but what you said is not what I would associate with someone who likes to self host.)
Except that just isn't true unless you have prior knowledge of lots of other things. As with a lot of documentation within this space it all presumes prior knowledge of different things.
Most things you read or watch will start with just do x but if you don't already even know how to do x then you have to go down a further rabbit hole to find out how to do that. Everything you try and do is a series of these things so your 20 minute YouTube video turns into hours of trying to learn other things to tie in with it.
On top of that I dont understand the underlying security implications behind opening my network up to the outside world, it is all well and good following some 20 minute video but without understanding the underlying implications of what you are doing how can you really fully trust that information because I dont understand everything behind it?
Again, I never said it wasnt a skill issue, I literally agreed with you that it was....
Also why can I not comment and participate in a self hosting community just because I dont do things exactly the way YOU want me to does that mean I automatically can't participate?
It is your kind of hostile and condescending attitude along with documentation that assumes too much prior knowledge that makes both the self hosting and Linux communities really unwelcoming to people that are looking to even dip a toe into them. This all or nothing attitude where only your method of doing things is acceptable and anything else is seen as fair game for mockery and condescension.
I'm new to the space and maybe in the future as I learn more about it I can move on to other things as I gain the knowledge I need but people like you, whose attitude is just fucking shitty are really off putting in these spaces. Everyone needs to learn and the culture of condescension and mockery towards new users by a large majority of the existing user base doesn't make more people want to join in and learn.
Cheers for adding absolutely nothing to the conversation though and further putting me off wanting to learn any more or continue to interact with the communities though. You're really helping push adoption of things like this.
Again, you just sound like you’re not interested in self hosting. I wasn’t even that condescending to you, but you took it that way. You said you don’t want to learn how to self host in a community about self hosting. Like, imagine if someone went into a community about bicycling and was like, “Well, I don’t want to ride bikes, but I like motorcycles because I don’t have to pedal.” You should expect a certain level of disregard in a community if you’re going into that community saying you’re unwilling to learn the basics of what that community is about.
If you’re not interested in self hosting, I’m not saying you’re not welcome here, because a. you are and b. I don’t moderate this community anyway, but I genuinely wonder why you’re here. You did say you might be interested in the future, so…
This is a genuine offer: if you want to learn how to self host, I will get on a video call with you and teach you how to set up some services on your home network and open them up in a secure way. I write and run my own servers, and have for well over a decade, so I am qualified to teach you what you need to know, if you want to learn.
Yeh that is fair enough, maybe I worded it wrong in the first place as it is more that right now I dont have the time or motivation to do the learning due to everything else going on in life and I do conceded that I did jump first to condescension but that was based more on a lot of previous interactions I have had within the broader Linux community so I apologise if that was not your intention but "sounds like a skill issue" is a usual dismissive response that is often meant to be condescending.
I have put a lot of time in the last year into learning Linux to get to a place where I have proxmox running as well as a NAS and that was all from a place of zero prior knowledge and that was a steep learning curve and I think I am some what jaded from that experience going forward too due to some interactions and how not easy to follow documentation is for someone entirely new to the space.
I do appreciate the offer and maybe in the future I could take you up on the offer when I have more time and mental capacity to put back into furthering my learning within this space. Apologies for jumping straight to an assumption of your position based on previous interactions if that wasnt your intention, it just came across as such.
Thank you for being understanding. I shouldn’t have stated it as bluntly as I did either, so I think you were justified in taking it as condescending, and I’m glad we’re seeing each other’s view more clearly now. I think it’s awesome you’re getting into Linux, and even if you don’t ultimately do it, even considering self hosting is awesome. Getting Proxmox and your own NAS up and running is awesome too, btw. Something you should be proud of. I do want Linux and self hosting to be a welcoming space, so I’m going to try in the future to be more welcoming.
When you’re ready, you can email me at hperrin-friends@port87.com about my offer. The offer stands any time you feel ready to dive in. 😀
I appreciate it a lot and have saved this comment for the future!
I'm glad we can come around to an understanding too, to sort of illustrate why I reacted as such this comment from this thread kind of epitomises what it can be like trying to get into the Linux space and learn as a complete newbie sometimes and it is very fucking tiring. I realise not everyone is like that and there are plenty of people that provide a lot of help but it is also very tiring and off putting when you are new to a space and you are met with attitudes like this.
Do you know how to remediate black mold spreading on the walls of a houseboat?
Do you know how to compile Linux to run on some custom arm hardware?
Do you know how to repair or rebuild a crumbling stone retaining wall?
There's a good chance you may not know how to accomplish all of those tasks. There's also a very good chance you may not care about knowing how to accomplish all of those tasks, as some of them may not be relevant to you. This is ok.
Finally, I know you're posting on the Internet, but you don't have to be an asshole, that's a choice.
Should I begin telling you about the wonderful man in the middle attack that I reported to Plex over 3 years ago and how it’s still not fixed? Anyone can setup a plex instance and use that very instance to request an ssl certificate on behalf of any other plex instance, and then setup shop and gain complete access to your machine.
Using jellyfin on Chromecast. For the past 3 weeks I'm stuck not being able to use it because some update broke subtitles support for external players. App became useless, I can't downgrade it, and the bug is still not fixed.
This issue respects the following points: This issue is not already reported on GitHub (I've searched it). I agree to follow Jellyfin's Code of Conduct. This report addresses only a single issue; I...
I’m ready to replace plex but unless something major has changed in the last several months I simply can’t understand how people feel jellyfin is a comparable solution to plex. I couldn’t even get past the user interface and it falling flat on its face with media recognition.
Might want to take another look at Jellyfin. My experience has been that as long as the video file s are at least somewhat reasonably named and organized, Jellyfin has no problems identifying a file and looking up its metadata.
I dunno what you were doing wrong, but Jellyfin is a strong alternative to Plex that has feature parity. The only reason to use Plex over Jellyfin is if you want the streaming channels Plex has. Especially since many of the features Plex has are locked behind a paywall, whereas on Jellyfin they are free.
what about it? anyone who hosts a Jellyfin server probably already has a reverse proxy set up. if not, then that is another 2min setup required, if you don't know what you're doing.
I think the situation under discussion is converting plex users to jellyfin though. Most plex users won’t have a reverse proxy setup because it’s not needed.
this is the selfhosting comm. I'm willing to bet that virtually ever person here who has a home server of some kind, has a reverse proxy or VPN set up that they could access Jellyfin from.
Jellyfin is the solution if you have a media file on your computer and you want to stream it to your TV in a different room and Bare Bones works fine. It serves my use cases for a lot of things pretty well, but for hardcore self-hosted streaming Plex still has more features and polish
There are custom themes out there that change the interface.
Right click -> identify-> Title name, has yet to fail me.
Its been a long time since i used plex so I can’t say how much “easier” its over there but compared to the days before streaming this little upfront work takes less time then going to a physical store to rent.
Maintenance takes no work and it cant be enshitificated (someone will just port it)
Plex is more polished, jellyfin is basically functional but we use Plex in our household because we watch movies all the time. I have my own personal jellyfin server on an old computer
I switched from a heavily used Plex server with about 10 users to Jellyfin with the samw usage patterns abour half a year ago. So far it's been pretty smooth sailing. A better world is possible!
How much more polish you need to watch a movie? Jellyfin has everything you need. I keep seeing these discussions and for the life of me I cannot figure out what is missing from jellyfin that people use Plex after all they have been doing for years
Currently my biggest complain with Jellyfin and the reason I can't switch to it completely is the bad subtitle support. There's a bunch of clients and some subtitles work on one, but not the other and vise versa. It's annoying to jump clients depending on what you watch. Sometimes subtitles just don't want to load by default and you have turn them on for each episode. And even though I have Bazaar, sometimes I still need to download subtitles, and Plex has that built-in.
Either way, I already have lifetime subscription, there's no point in switching. At this point I'll only switch if JF becomes better or Plex becomes worse.
some subtitles work on one, but not the other and vise versa
For me it has worked everywhere. All of my media is in .mkv so it already contains the subtitles. It works in all browsers clients, Desktop clients, TV and Mobile clients. Works in VLC and MPV as well on desktop, TV and Mobile. Works with Kodi as well. Works on same network (via both host IP and reverse proxy) as well as remotely via Pangolin.
So you can try putting everything in one MKV Container or maybe change the subtitle formats (if that's a thing).
🤞. Hopefully it's just JF getting better, of course, but that last app redesign on Plex was really rough. I had to downgrade the app to make it work well again.
Of course I can put extra work into formatting my subtitles to make them work everywhere. Sometimes they are embedded, sometimes they are an .srt file next to the video file. And I don't want to spend time normalizing all of them. It already just works all the time on Plex, so I'll simply wait until JF fixes the support.
I'm not talking about naming schemes. The subtitles are detected, but they either crash the client or render improperly or just don't show up despite being selected. I guess I'm really waiting for a decent multi-platform client that just works.
That's odd because the clients are just web apps I think. That should work without crashing on a stable OS. I use them on Android mobile and Android TV with extensive subtitle usage and haven't seen instability.
A funny thing I noticed is that the client distributed in F-Droid is extremely old even though it says it's updated recently.
I think the official client might be a webapp, but other clients on iOS are mostly native apps. Honestly, maybe it's better on other platforms, but since my gf and I do most of our watching on iPads we don't see the full picture.
Working "watched" labels on the Apple TV client would be nice. Not having those is a deal breaker for me considering 99% of my use case is streaming media to my Apple TV over LAN.
I have Jellyfin running along side Plex in case I want to do remote streaming, but I never use it and generally just copy the files for what I want to watch to my laptop if I'm going to be watching something away from home. Or I can just VPN in to my home network.
I don't think it is that is more polished, it's just you pay for them to do the stuff you need to do yourself with reverse proxying, opening ports, securing stuff. This is only an issue if you are sharing outside your network of course.
This is why mesh vpn technology is so exciting, all of the nonsense that we've developed to cope with broken Network standards that develops because ipv4 didn't have enough addresses to accommodate the end-to-end principle just melts away. Tailscale works wonders for me, And the technology is only going to get better from there
I have a kinda old but still working great 4k TV that is not supported so I use a fire tv dongle. No complaints so far. The same for other family members who have Android tv and webos
Because its more polished, has more platforms for clients to run on, and can be remotely shared with a simple account login and no configuration required. To name a few.
Plex is not free. Plex is paid software, just like Google Photos or iCloud. The only free software is open source. Open source everything. Doesn’t matter if the client is open source. If the server isn’t, it’s not open source. (I’M LOOKING AT YOU, SNAP!)
Unfortunately this idea that open source is free is a bit toxic in a way. It's definitely not free to make, it takes years of dev time, and sure, those people often do it without any compensation. And therein lies the problem. People here bitching about jellyfin not doing x or y, but doing nothing to support full time development of it's creation, then shitting on the devs for not having a perfect product, leads to good devs leaving OSS behind.
Edit: I'll also say, I get the issues that come with proprietary software in the modern age, especially anything online, but there's almost this push towards not paying for software. Because some software is free and open source, paying for closed source software makes you a rube or something.
Yeah, I am one of those open source devs who doesn’t get paid for it. But I can’t really say it’s the fault of normal users. They’re just people trying to get by. The fault really lies in corporations using open source without supporting it. Some corporations do give back and support communities, but a lot just take and don’t give anything back.
Personally, most of what I write for my company, SciActive, is open source. The only thing I don’t release is my actual product (Port87), but everything I’ve built in order to build it (the ORM, Nymph.js, the UI library, Svelte Material UI, the WebDAV server, Nephele) are all open source.
I do get users shitting on these projects sometimes, but the majority of communications I get are respectful and gracious. It does sour the experience when someone acts rudely, but I try to not let them get under my skin. Some devs have trouble not being bothered by it, and for them, the rude users and lack of compensation are so much worse.
What keeps me writing open source though is that I just genuinely have a passion for writing code. I recently built a full text search engine into Nymph, and the whole process was so much fun. I think that’s what powers open source, genuine passion for what we build.
(There’s one project that gets shit on a lot more than my others, QuickDAV, which I’ve never really understood. A lot of people say they’d rather use SyncThing, which is fine, but they have different use cases, so it just baffles me. It’s like someone looking at Inkscape and saying they’d rather use GIMP.)
Years ago I decided to go with Emby over Plex only because at the time plex didnt support kodi integration and I enjoyed using that at the time for my front-end user experience. Within 6 months they started supporting it and I was upset since I did want to go with plex. Lately I feel like I made the perfect decision. It's gotta be close to 10 years now and I paid one $100 lifetime fee for Emby and still use it everyday along with some family and friends I gave access to. Also gotta remember I dont believe jellyfin was even an option at that time. I tried it not to long ago and although it was fine, I actually think I liked emby a little more.
As for the remote access, how do they block it? Do they not allow you to setup your own remote connection that does not involve plex? Thats how I do it, I do not use emby connect to make it easier to go through them I just setup my own domain, use ddns, and configure the ports I want exposed and thats it. If plex doesnt allow that then thats already crazy, if they do and even thats now blocked then thats even crazier.
Emby may be simpler, and i heard about plex having a music AI feature that I was actually jealous of, but overall it just works and not paying anything in forever will always be my preferred method over awful monthly subscriptions anyday.
When a user wants to connect to a 'private' plex server, they must first sign into their plex.tv account, which then provides the auth token needed to login to the users server (even if both the client and server are on the same lan)
With this system, Plex can monitor and control every single connection to every plex server; limiting access to whatever they want. Even your own local content.
Emby has what they call 'Emby Connect' which is entirely optional and is basically a glorified DNS service.
It doesn't proxy connections, it just passes on the hostname to the client. The server is still required to setup port forwarding or other routing like tailscale or a proxy on a vps.
Emby Connect will let you sign into your local server using your emby.media credentials, but unlike Plex it's completely optional and only works once explicitly linked to the local user of an Emby server.
Yeah hell to the naww. They're also probably tracking all your viewing habits and monetizing that data, they'd be foolish not to with that kind of access.
I bought the Emby lifetime license about 2 years ago when the plex remote streaming stuff first started getting talked about. It coincided with my server refresh so it ended up working out. I have been really happy with Emby so far.
One thing to note is that music streaming on remote devices is WAY better on plex, Emby behaves more like a mapped network drive running over the internet to a local music player that then forgets your position on pause or when you move away from the remote app/device whereas Plex is actually functional as a modern music player. I keep a local copy of my music library on my phone anyways and okay through Gonemad so it is a non-issue for me but Emby should work better than it does in that case.
Plex also allows/provides "live" tv (with ads) which can be nice if you are into that, and there is the "free" streaming library too which Emby doesn't offer. I'll keep plex around for those features but non-of my stuff is/will be hosted on Plex.
Yeah, as a big music fan I have always been disappointed in Embys music functionality. I followed the discussions around this on there site and I was a bit disappointed by the response. They were getting the same feedback around how bad it is and it should be revamped or even have a dedicated app just for music and they just dismissed it basically saying we'll it can be something we may do later on but dont hold your breath and that they believe it works fine the way it is and dont agree it will help.
Luckily I really didnt care to use it for music anyway. I already had a Subsonic (now Navidrome) server for that. It would have been nice for a few things, but ultimately it was fine. The cool part is the android app Symfonium is the best music app I have ever used and it connects to all the servers to pull data. I obviously still use navidrome, but I could just pull from emby as well with it.
Am I the only one who thinks jellyfin is not only superior to pure, but also way more intuitive to setup? I still don’t understand how plexs routing works, and why I need a central account in order to connect to my own server.
If you want to try it I think you should be able to do it With a Raspberry pi or equivalent on their network running Tailscale, use iptables to forward all inbound traffic on the Jellyfin port from that device to your Jellyfin server which is also running tailscale. Connect their Roku using the pi as the address for Jellyfin. I've not tried this with Jellyfin but I had something similar working with a Minecraft server
A VPS with a reverse proxy connected to your tailnet and a dyndns domain. It would be cheaper than Plex premium, you can use the vps for other stuff, and you have 100% certainty it will never ever show ads.
If you have a static IP it's super easy. If you don't, it's less easy, but you should configure Plex the same way if you don't want to use their proxy, which lowers the speed anyway.
I got Jellyfin set up and available for streaming in less than two hours. Plex kept demanding that my friend buy a pass to download something, so I was like, nah. Jellyfin works flawlessly and is (in my opinion) a far superior option. I constantly had issues with Plex.
Probably not the only one, but configuring your server for outside access is way easier with Plex.
Since I mainly use these services for streaming my music collection (long time cd collector), I declare that Plexamp is simply superior to jellyfin. It is really awesome and feature-rich and jellyfin does not even come close to Plexamp regarding music in my opinion.
I paid 79€ almost a decade ago. I got more than my moneys worth. Even the current lifetime (on sale) is less than a year of Netflix. More expensive than piracy + Jellyfin ofc if that’s your benchmark 😀
I have a Jellyfin instance running anyway, I’ll switch to that if Plex enshittifies.
The only change I can see that when I scroll down on my Plex front page, there’s a bunch of stuff that’s not on my NAS. Some of them actually interesting, like this full ass category of old school kungfu movies:
This is a "slippery slope' argument and thus a fallacy.
Let users decide how they want to run their own stuff. Right now if you have Plex pass this isn't an issue. If it becomes an issue, then you're in the exact same position you'd be in today if you decided to move away from Plex now.
I moved away from Plex years ago, but I don't blame users for sticking with it, it still has a lot of advantages over jellyfin.
EDIT: Y'all are trippin' over yourselves to complain about what other people choose to deploy on their own hardware.
If it becomes an issue, then you're in the exact same position you'd be in today if you decided to move away from Plex now.
I disagree. Right now you got time to do the research, plan the move and test it out with a demo setup. You do not know if you got the time if Plex decides to screw their lifetime users.
Jellyfin can't go closed source as it's a fork of Emby from before it was closed source, licensed under the GPL. They don't own that code so they can't change that license, thus the whole project is GPL. In addition, Jellyfin isn't being developed by just one company (it's all volunteers), so every new contribution is also GPL licensed, owned by each contributor. The only way Jellyfin could go closed source would be to cut out the Emby backend and for every single contributor ever to agree to change the license, or have their code cut out. In short it's not happening, and if somehow it did the project would just get forked regardless for everyone to switch to (the community did it once already!).
No, you have not understood anything. Assuming Jellyfin would go closed source, (ignoring the GPL license and so on) you would not notice anything. Your server and service would be unchanged by this.
Emby is the best example, the community will fork it and you server lives on. Even if not, then the server and software is still yours.
Have the lifetime since like 2012, every time a post like this surfaces I wonder if the contents of it are finally going to force my hand to use jellyfin instead
I’ve never used jellyfin, but do they also host proxy servers? AFAIK plex does and its costing them money, hence the need for paywalling this. You can still use tailscale and reverse proxy to allow remote streaming
Jellyfin does not host anything. With this change free Plex users behind a reverse proxy (or VPN) and Jellyfin users behind a reverse proxy (or VPN) work the same for remote access.
The only difference is that Plex no longer provides expensive services for free, while Jellyfin never provided them.
This is my understanding and I’m surprised with the negative reaction. I think jellyfin is the better alternative being FOSS but this is not the reason.
You can still use tailscale and reverse proxy to allow remote streaming
I used to use Plex and when I discovered there was paid remote streaming function - that goes through their servers - my reactions were "Haha, no"* and checking whether my existing WireGuard setup would do it instead.
Whaddya know, remote streaming using Plex and PlexAmp at no cost.
*Not because I begrudge them recouping costs, but because it's designed that way to justify charging for it, gives them whatever information they want from my viewing, and it's not self-hosting if there's any third party cloud/account component to it.
Why not? It depends on your situation, but if you have a static IP or a dyndns service, you can just open a port to your Jellyfin and reach it from anywhere.
You can also stick a reverse proxy in front of it, if you want to feel safer.
You can “proxy” tailscale networks, you’d need 1 device per household with tailscale running and accepting/advertising routes. Not sure if tailscale IP addressing works in that case though, and just doing it via private IP can get problematic with same network range in the household
That works. I did it with a LG tv: Have a server advertising the routes with tailscale and in your tv when you configure the connection select that server as gateway and that's it.
I'd strongly recommend reverse proxy, some sort of security like crowd sec or fail2ban and sperate auth (authelia, aithentik) in front of anything you're opening to the internet. Just opening services directly up to the internet is choice I'd politely describe as brave.
"Good luck setting up remote streaming with free Plex."
Yes, Jellyfin does not forward ports for you. Same as free Plex. With this change both are the same difficulty to set up for free, the only difference is with Plex there's a shortcut: Buy Plex.
~~I don't think simply forwarding the port actually works with free Plex anymore. I think if the server has a different public IP from the client it asks you to pay, even if you're connecting to the server over LAN.~~
Edit: That doesn't appear to be true. I'm not entirely sure how Plex is checking whether you're trying to stream remotely. In my case at least it works if I connect to my server using the LAN IP, but not if I use DNS (even though it resolves to the same IP). Maybe I'm missing something to allow it to work using the hostname.
I checked the logs and it said it was assuming a remote connection because there was an unknown hostname in the headers (I forget the exact wording). It was because the hostname I was using didn't match the hostname configured in the server's OS (one I set up on my local DNS server).
Jellyfin users, how is the transcoding situation? I have a mix of AV1 and H265 and I need to get smooth playback to my living room Apple TV for families’ sake.
You can also setup Jellyfin in parallel to Plex and give it a whirl.
Usually. When Plex leaked that they were selling user data, I was running Plex server on an Nvidia Shield, a unique build of Plex that ran as a core service of the Android device. There ain't no Jellyfin analogue of that monstrosity.
I'm moving to jellyfin because of my customzation obsession after using Plex for YEARS (bought lifetime as a kid in college), but I'm still going to donate to the Jellyfin team if I love the software they made. I'm so new to self hosting and it's awesome how much free stuff is out there, but how do they maintain it for free?
Is the argument that we shouldn't have to pay money to use software or that Plex / software is changing things after taking money? This is the one area that confuses me the most. Free as a selling point but like, are we just not supposed to send money or am I dumb for doing so?
Not really. The argument is not that everything should be free. I think, I was trying to make a point that Infuse is a third party application that is not free to use (unlike jellyfin).
Just as long as you’re fine with your media server absolutely eating power all the time
Stop encoding in av1 and get a low power older intel chip around 10th gen or so with quick sync. Unless you have like 5+ users watching 4k media at the same time this will handle transcoding absolutely fine while using far less power than a dedicated gpu
I don't encode in AV1, I use HEVC. But while your argument is not unreasonable, it misses the component of file size and amount of disk space required.
HEVC (x265) takes half the space of x264. While it does require a more modern GPU, it can be run on lower powered Intel CPUs with an integrated GPU just fine, so long as the CPU is new enough. Though it can only handle 2-3 streams on a CPU like the Intel chips in a ZimaBoard. So you need to choose wisely.
I guess it's a platter vs energy cost thing. For me it's way cheaper to buy more storage for my little puck PC that can handle ~4 streams at 1080p and sips power.
Person you responded to said av1, I didn’t mean to imply you did. HEVC is good balance and quicksync will handle it as you’ve said. 10th gen stuff will handle 4-5 at the expense of more power (but less than like a typical gpu build).
Last statement you made is critical - usage dictates build
Debian and Ubuntu have the most docs and guides If you know what you're doing nixos or ucore would be pretty unbreakable Paid for product I love Unraid
TRaSH-Guides is a comprehensive collection of guides for Radarr, Sonarr, and related media management tools. These guides answer common questions and provide the best settings for your entire media server setup.
I kind of understand why someone would honestly. Jellyfin subtitles are still a hot mess for a lot of formats unfortunately. Also, while plex has tried really hard to ruin their UI, I've still had more trouble explaining where to find things in Jellyfin. And if you're sharing your collection with friends or family members there's a lot more technical stuff involved.
So I can see why the balance might still tip toward paying plex still for some people.
Luckily I bought a lifetime license ages ago before the first price hike so this doesn't affect me yet. So I'm just riding out the decline, running them in parallel until plex completely breaks. slowly transitioning the family as they get annoyed with broken features. Plexamp is quickly taking care of that 😅
Two years ago, when I found out that you need damn subscription, to watch YOUR stuff with transcoding on your device in local network, from your local server - I complained on reddit and a lot of people was disagree with me for harsh position.
Pure rent seeking. It's not the only example. So many products have artificial defects deliberately added by the manufacturer so that they can then charge you to disable the defect.
Years ago now, they pushed an offer for lifetime subscription onto my server. I clicked it, went through to their website and bought it, paid, the subscription activated and worked.
The next day they emailed to say actually i wasn't eligible for the offer, they cancelled it and refunded me and said it would actually cost $30 more.
I installed Jellyfin that same day, it was pretty buggy back then but was definitely the right decision.
Welcoming the incoming dowvotes for correcting your comment just like the many similar comments and posts I've seen on Reddit, but this is purely a configuration issue.
Transcoding on local network is allowed without a subscription. If you are running your own DNS server (like pihole or unbound) you need to configure an internal "plex.direct" record. You also need to uncheck an option to "treat your WAN IP as internal" option which corrects double NAT issues.
I have yet to see a need to move away from Plex. I paid for the cheap lifetime sub over a decade ago at this point and everyone I invite to my server has no complaints and has not had to pay Plex a dime. I don't use their plex.tv proxy, I direct connect to my own IP and leave their remote proxy option off in the server and everything works great.
I will check out Jellyfin at some point if Plex makes things more difficult in time, but for now these articles are literally just rage bait in the homelab ecosystem. They enacted this back in April of 2025 already!
I never checked to see what was actually in the logs but when i was running Plex, it constantly tried to send a lot of log data to its masters. That alone was enough to budge me up and get Jellyfin. Jellyfin isn't as polished but it works perfectly fine for me.
Are there legal ways today to have your own media server serving new TV shows? I see the point if you're sailing the high seas, but curios if there's other uses for one (for videos)
Plex, Emby, and Jellyfin are all legal, and each have ways to serve liveTV alongside your own locally stored content, and DVR that liveTV if you want. You'd just have to purchase a liveTV subscription from your local provider (or go the Pirate route ofc).
I ultimately want to ditch Plex, but as an existing lifetime member, it currently handles everything so smoothly for my users that I don't see enough benefits in switching. Particularly on the music streaming side (PlexAmp), I think the experience is the most polished one I've seen.
My hope is that by the time the lifetime Plex Pass experience has become enshittified, Jellyfin will be more ready than it is today, and I'll make a switch then.
I ran Jellyfin and plex for a while, using Jellyfin instead of plex at every oppurtunity. Then Jellyfin broke, I couldn't figure out how to fix it in an evening, and I just went back to using Plex, which had continued working. It isn't great, sure, but it's fine. I think Jellyfin would need to be Immich levels of cool, or plex would actually need to be unusable for me to switch.
I'm in the same boat, I have a Plex pass, I have my reverse proxy setup, Plex just works (TM) and when it stops, Jellyfin is already installed and ready to go.
I never shared my server anyway, but a lot of the other design decisions they've made over the last couple years drove me to Jellyfin. My issue though is I cannot figure out how to set it up properly like I had Plex setup with genres, sort by added to server, lists, etc. I can't tell if I'm missing something obvious, or Jellyfin just lacks those features and I need to get a plugin or something. Anyway, sorry for the rant. Just hoping someone has experienced similar and might point me in the right direction.
And you can go to plex settings and disable all the love channels, discover, friend activity, etc that everyone complains about. Make it a simple plex server again.
I display my movies and music in the order they were added by default, but I do recall a lot of historical problems with that functionality. It has not been a problem for me the last year or two, I would say, but I do remember it being a problem.
There's still lots of room for improvement, to be damn sure. But can't beat the feeling of freedom, you ask me.
I'm just thankful that the app doesn't run like garbage due to all the bloat like Plex does. That and I really like the fact it auto checks for subtitle files and plays them. Overall I am glad I moved I just wish there were a couple more features.
When I first set up my server this year it was a VERY easy decision between this and jellyfin. Why would I ever go with the corporate, closed source option?
In my case, I was not able to make jellyfin work: transcoding issues, lagging, client disconnection or unresponsive... Plex worked flawlessly out of the box with the same hardware and the same library.
From time to time I try Jellyfin again, but things never change ..
Would you like help/guidance on your next attempt? It definitely works, but possibly not on corporate devices like Roku and such - I never did have a lot of luck with those, other than I think I had Jellyfin casting to a couple of Chromecasts we have kicking around. Not when the internet was out, of course, cause why would they keep working if Google can't get their data on the spot?
Thank you, but it won't be necessary. I think my issues are hardware -related, or simply my NAS is under too much load from other applications 😅 Other than that I should try with the Chromecast as you suggested, maybe the problem was the shitty client application...
If I don't succeed I'm still good with Plex, and I have a raspberry hanging around for an emergency Kodi.
You can cut it off from the internet and stream in your house locally for free still.
End from any external streaming perspective, they are hosting a repository with your connection and port info, so your external friends can connect without you needing to manually configure or update their settings when you make a local change. Plus they are hosting stream relays for those that are unable to make a direct connection. To me, seems fair they'd ask for payment for that service.
Sorry, I didn't read your reply, I was streaming every movie, album, book, and magazine in existence to every location in the universe at all times. Even when I blink I have 16K screens inside my eyelids.
This is normal behavior in 2025. If you cut off my terabit stream, I will writhe on the ground and scream.
I am not in any way addicted to digital hoarding or continuously upgrading systems that have already exceeded the capacity of any normal person to watch a movie since 20 years.
Imagine, you software get massively used for piracy, and then you decide to ask for licence for the use of thir software, host on server you do not control. I suspect this will not be result they expected
Oh it's perfect. Trump can blame Biden, blame democrats, blame immigration and put a little more armed red neck state national guard men in democrat cities.
Israeli forces on Thursday killed a pair of Palestinian men in the occupied West Bank after they appeared to surrender to troops, drawing Palestinian accusations that the men were executed “in cold blood.” The Israeli military said it was investigating.
The IDF is filled with racist motherfuckers who should be charged with murder and promptly sent to the worst jail in the world.
Seriously, the IDF is hardly a professional military at this point, in most ways it is simply a formalized institution for ethnic cleansing using expensive military equipment they are given as handouts by the US military.
The IDF does not even follow basic rules of engagement, they see a civilian, have impulse feelings about it and then shoot. No threat analysis, no consideration over whether lethal force is necessary by a chain of command and absolutely NO accountability for blatant horrific war crimes. The IDF is not a military, it is a bunch of murderers wearing military fatigues.
They've proven themselves a capable actual army in the past against numerically far superior opponents, displaying both organizational and individual competence alongside their evil. Now they don't even have that. It's just a very well funded gang.
Yeah that's fair, though I do have to note that other than Yom Kippur in none of Israel's past conflicts was it seriously outnumbered. That's the image they like to sell, and intuitively it feels like it should be true, but it's really not. Israel has always been good at raising massive armies relative to their population, and for instance surprisingly way outnumbered their enemies in 1948. Again not contesting your point; I agree that they were much more competent in the past.
If you refer to the 47 it is propaganda. The numbers of soldiers on both sides was very close and at first the zionists militias weapons was inferior but chsnged quickly
Back in 1994, the IDF granted Itamar Ben-Gvir an exemption from mandatory military service due to his right wing views. He has since been convicted (in Israeli courts) of supporting a terrorist organization, and is currently serving as Israel's minister of national security; and is a key figure in maintaining the current governing coalition.
The governing coalition has been in constant tension with senior IDF leadership, which has long argued that all achievable military objectives in Gaza have been achieved, and that continued operation is counter productive.
The governing coalition has been in constant tension with senior IDF leadership, which has long argued that all achievable military objectives in Gaza have been achieved, and that continued operation is counter productive.
The IDF is still full of foot soldiers who have willingly and knowingly prosecuted the Palestinian Genocide, the entire "military" structure is complicit top to bottom. IDF soldiers all the way from the top leadership down to grunts deserve to be in jail equally.
Israeli society has been radicalized into genocide, complicity is omnipresent and distributed down chains of command, if IDF personnel think they can argue "I was just following orders!" they are ignorant fools who refused to learn history or listen to basic calls for human empathy and they deserve to be prosecuted as active and willing participants in the Palestinian Genocide to the full extent possible.
My understanding is that they absolutely get their shit pushed in when they can't hide behind their airplanes and have to fight armed adversaries in face-to-face combat.
Oct 7th offensive was only turned around when gunships showed up. "The best most badass armed forces" in one of the most fortified and militarized region on earth were utterly destroyed by guys with trucks and AKs.
The myth of the IDF being elite and uniquely brave is one of the biggest dog shit lies ever told.
Attached: 1 video
Encore des crimes de guerre par les monstres sionistes inhumains.
2jeunes se rendent, et sont froidement exécutés
> Scenes documenting the moment the Israeli occupation forces murdered two young men after they had surrendered them…
Maybe @answerplease77@lemmy.world was referring to:
In 2009, an interview with Dr. Yehuda Hiss—former head of the Abu Kabir Forensic Institute—was leaked. Recorded in 2000 by Nancy Scheper-Hughes—professor of anthropology at the University of California-Berkeley—Hiss said that pathologists at the institute took skin, corneas, bones and heart valves from the bodies of Israeli citizens, Israeli soldiers, Palestinians and immigrants, often without consent from the deceased's family.
There are over three decades of evidence that Israeli doctors harvest Palestinian organs in direct violation of international law. These stolen body parts were not just used for transplantation and research but for sale and profit.
I'm aware of the claims. The claim the commenter made was that they took the bodies of the two in the story for this purpose, which is baseless.
There's a big difference from "there are occurrences of a thing happening" vs. "the thing is happening right now, right here, to these people."
If you think every odd body is getting hauled off for organ harvesting, you're being a little nuts. It was stated to invoke an emotional response, making a bad an evil situation seem more bad and more evil without any evidence. Just internet hatemongering shock value that doesn't do any good and just distracts from the issue.
Plenty of reasons to hate Israel, but my toast that burnt this morning can't be blamed on them. Has Israel burnt toast? Most likely. Does israel have systematic policies in place, or an unspoken culture, regarding burnt toast? Maybe; it should probably be investigated. Did they burn my toast this morning? I have no basis to suspect that, but I could go around yelling about it and people might even agree because there are lots of proven things to hate Israel for already and it's the internet...
But yes, it certainly is maxed; which makes this behavior even weirder to me.
Perhaps, if you suck at abstract thought... but I meant it to be a bit broader than that.
Stop. Making. Shit. Up.
Substantiate claims. Speak truth. It's fine if you want to draw attention to issues, but connecting them to random shit with no reason and stating it as a fact is fucking pathetic.
They didn't kill them to take organs. They killed them because they saw the Epstein files. See how fucking stupid that sounds? Man... (Not a 1:1)
Two human being getting fucking murdered for no reason by a genocidal ethnostate is bad enough without you needing to throw shit at a wall. It just makes people who care about this look like fucking idiots making up shit to be mad at when there's plenty of real things to be mad at
I'm aware, but there's little distinction between saying shit and defending shit being said. And yeah, the "stop pointlessly lying on the internet" guy is an antagonizer... Twat. Grow up.
Watch the full video I linked up. They dragged the bodies afterward. Nothing far fetched by what they intend to do with them as they've done thousands times before.
Isreal wants to pass this law to cover the fact that they've been torturing Palestinian hostages to death.
Israel has been returning hundrends of dead bodies of Palestinian hostages hollowed from all organs, missing teeth, limps and heads, and with signs of severe sexual and phaysical torture. they hang them from their hands cuffed behind their back until their arms get amuptated from blocked blood flow. this is beside hostage testimonies of getting raped by gaurds, and with objects and by dogs.
False. Instead they used an excacator to collapse part of the warehouse building (the rather large liftable door) on the victims' bodies, likely hoping to hide their deeds for a while. They were unaware that a journalist was filming them with a telephoto lens.
Profitez des vidéos et de la musique que vous aimez, mettez en ligne des contenus originaux, et partagez-les avec vos amis, vos proches et le monde entier.
Stop bluffing, unless you know what it takes to get an organ successfully transplanted to someone. And I see you don't.
A really simple rule: if one would intend to get transplantable organs, one would not drop construction material on the person. One would transport the person to a hospital without any delay. Doctors would be the persons telling of which violations are happening.
As things are, both Israel and some other countries (Russia) have the habit of returning the bodies of some prisoners who died under suspicious circumstances without some organs. For example, an Ukrainian journalist's body was returned without her brain and throat. No, she's not living in another body, brain transplants are fantasy. She was likely strangled to death and organs removed to conceal torture.
I am currently under the impression that this practise serves the purpose of concealing torture (or other crimes) in several places, with one exception - China.
China has been credibly accused of actually harvesting organs from prisoners executed in prisons. This is feasible for them, since a prisoner after execution can be tested before they are killed, and is immediately available for dissection and cooling of organs, which can then be rushed to an airport for sending to the correct hospital. I have good reason to suspect it's happening. Needless to say, it's an extremely serious crime.
However, I have not heard of any successful (no matter whether voluntary or forced) organ donation from a person who experienced circulatory death in field conditions and was transported slowly from a considerable distance. Jenin is in the West Bank. Do you think doctors in the West Bank would accommodate a request from the IDF to remove, test and cool organs for from a shooting victim for transplantation? I don't think even Israeli doctors would.
If you think differently, I would like to see evidence.
As the thread tells us, IDF committed two war crimes: shooting prisoners and desecrating their bodies. There is no need to spread silly rumours on top of that. Reality is bad enough.
First, there are hundreds of pieces of evidence and doctor testimonies proving that the IOF have been organ harvesting their hostages.
Secondly regarding this case, I hope you're right and I hope the IOF are incapable of doing further crimes to these bodies. It's also a sad relief that the they just executed them instead of torturing them to death as the IOF have been doing to whoever they capture.
all this list of articles + look up the testomonies of doctors who worked in Gaza's docotrs without borders foundations on youtube. + Dr Ghassan Abu Sittah 's photos & testimony that he gave when he came back. Those are all UK, US, Australian doctors btw.. not Khhaamahuus. I know your lame butt is too cynical and too lazy to google this yourself. You see the list I gave you in that comment? at lesst 20 sources right there. It's not my issue if you are not convinced, and I will not do your homework. You go do your research or choose to stuff your stinking propagonda you desprately try to spread despite the truth and hundrends of resources and testominies there up your brain and live with it.
Isreal wants to pass this law to cover the fact that they've been torturing Palestinian hostages to death.
Israel has been returning hundrends of dead bodies of Palestinian hostages hollowed from all organs, missing teeth, limps and heads, and with signs of severe sexual and phaysical torture. they hang them from their hands cuffed behind their back until their arms get amuptated from blocked blood flow. this is beside hostage testimonies of getting raped by gaurds, and with objects and by dogs.
You go do your research or choose to stuff your stinking propagonda you desprately try to spread despite the truth and hundrends of resources and testominies there up your brain and live with it.
Sure, get agitated and start name-calling me, that will help convince me and others.
Thanks for providing the link, however. I reviewed all the links you posted in that thread. Your claim does not have firm evidence.
Source 3 (trtworld): they suspect the possibility, but don't have firm evidence.
The Palestinian Prisoners’ Media Office also cited possible organ theft from some of the retrieved bodies. "Preliminary data indicates the possibility of human organs being stolen from some bodies, in a crime that transcends humanity and reveals a systematic criminal practice by the occupation against Palestinians both alive and dead," the office said in a statement.
Source 5 (Middle East Eye) includes more information about who made the claim. The damage reported to the bodies is not consistent with removing an organ for transplantation.
"When we examined the bodies, we found that large parts were missing. There were half bodies, bodies without heads, without limbs, without eyes, and without internal organs," he told Al Jazeera, adding that there was a high possibility that Israel stole these organs.
Source 8 (Al Jazeera) describes damage more vividly. It is not consistent with organ removal for transplantation.
Many appeared decomposed or burned. Some were missing limbs or teeth, while others were coated in sand and dust. Health officials have said Israeli restrictions on allowing DNA testing equipment into Gaza have often forced morgues to rely on physical features and clothing for identification.
Now I will say what I think of it. I think your claim is untrue. The condition of the bodies proves torture and executions, but does not prove organ theft.
I additionally note: stolen organs don't disappear, they are received by someone in a narrow timeframe (which can be matched up later), and there has to be a story told to the recipient. Transplantation has to be done by a team of people. If a crime is being committed, it's pretty hard to make sure every team member stays silent. Later on, the transplanted organ continues to bear the genes of the person whom it belonged to. If doubt arises about the origin of the organ, genetic testing can confirm or deny a specific person, or give an ethnic profile of the donor, which can be narrowed down to find the family of the donor and ask them about their fate.
Oh prof. perrstorkia knows more than the doctors and photos and prisoner testimonies and photos of returned bodies are all lying. Read you smartbutt propagondist: JUST READ :
"The first observation is that, in all the bodies that organs were harvested or removed are those that are now routinely transplanted: the heart, lungs, liver, kidneys and corneas," Abu Sittah, who spent more than a month working in Gaza's hospitals during the war, said.
The method of extraction - the rib cage and ribs were clipped with a sharp saw - a medical saw, a bone saw - and the sternum, along with the central part of the ribs, was lifted to allow for the removal of the heart and lungs without damage to the organs being taken," he said, noting that the skin of all the victims appeared to be burnt by liquid nitrogen - a chemical used to preserve tissue.
"The essential point is there was no damage to the remaining organs, meaning the extraction was carried out surgically by an experienced surgeon."
Chillingly, Abu Sittah cited multiple testimonies from witnesses who said that the victims were alive at the time of extraction.
Here is the problem Prof. surgeon perestokia , it's either you from your chair 5000 miles away who is right, or tell me theses surgeons and doctors and returned bodies and prisoners all lying. How many braincells do I need to choose between the two and expose who is the propagondist here?
And here is my last piece, you ready? Will you still believe it if an anatomist doctor from the IOF themselves tesitified about them organ harvesting palestinian hostages on video on the Israeli channel itself ???
Profitez des vidéos et de la musique que vous aimez, mettez en ligne des contenus originaux, et partagez-les avec vos amis, vos proches et le monde entier.
If you cannot provide a good source in your first post, screaming about others not believing you several posts later serves no purpose - you could have avoided that. If you want others to believe you, it's your job to convince them. Name-calling won't convince anyone.
Congratulations, I missed something - the article in "The New Arab" references the words of a medic and provides his name - dr Ghassan Abu Sittah. He is a reputable source.
This could have been your first post. Instead you posted a link to your own post on Lemmy, in which this was source no. 7 - which I, for some reason, missed.
You could have also posted a link to this article, but you have so far not done so.
Advise: learn to argue better. Drop the name-calling. Don't call a person a propagandist if they aren't. In the best case, you will stress yourself and the other person before getting to the core of information at hand. In a worse case, discussion will stop right there. Provide direct sources immediately. Prefer reputable sources. Don't provide a wall of links, but a relevant link.
You just spent 3 days to convince me that Israel could be guilty of organ harvesting. I am convinced, they could be guilty. But you could have used your time better, and could have convinced me with 30 minutes by providing direct links to relevant sources. For example, the below link might have convinced me of the plausibility of your allegations in even less time, maybe a mere 15 minutes - because it's from a reputable source (no background digging needed) and from a different period - not influenced by current events.
So, your claim is plausible. But don't claim to know the outcome of a particular incident if you don't know the outcome of a particular incident - people will think you're lying and ask you to prove stuff.
In reality, we don't currently know what happened to the remains of those 2 guys. What should matter more at this time - they were shot after surrendering.
your advise has always been my downfall and I admit that. most people shutdown as soon as I turn hostile against them or insult them. It's because I have nothing to gain whatever they choose to believe. I aslo agree with your conclusion that it is not definitive why they brought a sketcher and took the bodies afterward. I already told you I really hope thats the case. thank you regardless whether we agree or disagree take care.
If people don't watch it then the IDF wins. The videos and photos documenting atrocities are being suppressed with the excuse that they are "too graphic" for the general public to see.
Graphic isn't even the right term to describe it. It's just... Nonchalant. It's very much like that recent Oscar winning movie about Nazi Germany, where people are just living their lives while horrors are happening in the background. There's way more graphic footage of this genocide, but this one just struck me in a weird way.
That sounds like Israel. A country that should be bombed into the ground on the character traits of its armed services alone, without even getting into the politics or history of the place.
The moment an Israeli undercover force unit executed the Palestinian youth Rami Kukhon in the old city of Nablus, last Thursday. لحظة اغتيال واعدام الشاب رام...
Mozilla is turning into the same thing every other big corporations are, including Google. Inflated executive numbers and pay, cutting what made then unique (think of all the FOSS stuff they've killed along the way)...
I'm not jumping to Vivaldi or whatever just yet, but ugh... Their latest push for AI is driving me very close...
Still doesn't make sense. One company is turning to AI so that drives you to other companies that already have AI and are precedentally worse?
I'm not saying Mozilla is a saint. The sooner we can replace the executive branch, the better. But the even better comparative is if somehow we don't even need to get to that point in the first place, and not supporting Mozilla at the past edge of where they're at is defo not gonna lead to that.
I do some volunteer work on localizing for Welsh and some Spanish. AI translations are hot garbage still even for the larger languages like Spanish. You can get a general idea of the intent most of the time, but that's about it. It's nowhere near good enough to replace humans with yet, definitely not good enough to overwrite what they've already translated.
It is good, specially on mid size text. But it is not good enough. When text is long or too short, it gets lost and makes tons of context mistakes. It also tends to be unnatural for the target language preferring original language phrasing.
I have to admit I've only ever used it to translate a paragraph or two at a time.... where I was just looking for the gist of a text.
Not too surprising, considering that for centuries many people well-versed in two languages have made a very good living as translators ... and often having to get delicate nuances across (for poets as well as statesmen). It's as much art as science.
overwriting articles written by humans with machine generated translations. I really don't understand that! But then, there are truckloads of worthwhile texts from throughout history that will never see translations otherwise ... so that's a worthy cause. Over time it may be improved, IF the algos are given feedback that allows them to learn from mistakes.
The main issue, and this is also mentioned in the blog post, is that the bot only does translation and not localisation.
The first is just taking the words from one language and changing to another.
The second is to actually make sure the text in the new language makes proper sense. Maybe the English article uses some analogy that does realy make sense in the new language. Localisation is to find some other suitable analogy to use instead, so that the point from the main article is kept, but it still makes sense.
As a translator, I have to say machine translations are really good if you just want to get the gist of things. If all you want is to understand 90% of what's written and you can live with the margin of error, then I'm not gonna try to convince you to hire me.
But if you need to understand 99.9% then a human is required because a machine just will not understand the nuance or have a larger context unless instructed. Localizing is another issue too, you'll have to take into consideration the cultural nuance of the target language. Localizing software is even more niche because you're often limited in character count for the source language which machines often misunderstand, and the same limitation for the target language that a machine may not account for.
Anytime I see an anti-mozilla article, it’s abundantly clear that it’s an astroturfing campaign to make Firefox look bad. You NEVER see these articles about chrome, brave, opera, etc which are all much much worse.
Eh, I'm not about to stop using Firefox, but the complaint is valid. They nuked a bunch of work from volunteers without notice in favor of shitty auto translate.
They like that the money goes to activism on African countries instead of the fcking browser. Just until one year ago they started to work again on features.
Almost all Microsoft KB articles are machine translated. Every time I open a reddit article from a search it attempts to auto-translate which immediately looks and reads very inhuman.
I'd say that's because here on Lemmy, we already don't give a fuck about and wouldn't touch Chrome or Edge with a ten foot pole, but some of us trusted Mozzila, which is now starting to do dumb AI shit. And having your trust broken hurts.
Astroturfing would not be recommending LibreWolf as an alternative.
If you look into alternatives, Brave is one that's usually mentioned but there's always someone quickly posting all of the dumb shit they did.
What an odd comparison. What differentiates Mozilla from others is their close relationship with their community. Just read their manifest and you will see Immediately why they are getting flag for humiliating their own supporters.
Calling objections to what some unelected jerks in the foundation (which is a supposedly public organization) are doing is not "anti-Mozilla". And I would first suspect of astroturfing everyone pretending it is.
Raising voices and putting pressure about things spoiling something is caring about it. And yes, people who care try to make real effect and not just safely complain to be ignored.
Mozilla honestly has been becoming worse and worse since Australis.
The way they are forcing AI on everyone and into every aspect of their browser especially when a large part of the people who use Firefox hates that shit is going to end Firefox.
The reason you don't hear it about all those other browsers is because people have always known they don't give a fuck what the end user wants.
Firefox used to be different. But all good things deteriorate over time. Watching it happen in real time to a browser we all use and used to love is why you see it so much posted especially in places with like minded individuals like Lemmy.
Had this same problem for weeks on my work machine. Firefox’s process manager shows you exactly which processes are eating your CPU - that’s where I’d start. The AI sidebar and translation features killed my performance.
They've also put it into the right click menu. And I think they integrated into the "click and hold link preview" feature they just added. And, annoyingly, with all this added AI, they made no provisions for locally hosted AI.
They also added AI translation in addition to their old translation system for webpages. I think the old one just used Google Translate, so the AI translation is a privacy win because it is done locally, but I may be wrong on how it used to work.
How nice of them to have easy options for paid third party services, and hide the local options under about:config where I'd have no idea it even exists without a kind stranger letting me know.
Thanks for the tip of checking about:config. You can specify an external server, it is also in the about:config. browser.ml.chat.provider. I'm not sure it's a feature I will ever use, but I tested it with my local Open WebUI and it seemed to work.
Put it this way, I don't trust a corpo browser and never have. 2008 or whenever it was that everyone switched to Chrome, I stayed with Firefox, which I'd been using for a few years already. I remember upgrading to Firefox 2.0.
I'm interested when Firefox is pulling this shit and don't give a fuck otherwise, because I already assume the others do this.
Idk if we'll ever get anything decent out of the Servo browser engine. That would be ideal IMO. Mozilla is starting to become part of the problem.
If I had to post an article here for each time Chrome did something that worked against privacy, I would just repost Ggle's changelogs. And they would not change.
If we criticise Mozilla harshly enough, there's a chance slightly higher than an snowball's chance in hell to make them change.
What dumb reasoning. Posting anti Mozilla articles only serves to push all of Firefox users to other even less used browsers. See the whole terms of service thing where someone posted an article just like this that was factually incorrect. Many users didn’t bother to research it and stopped using Firefox. Ff didn’t grow, it shrunk and with it every single downstream browser also will suffer because they’re forked from FF
Its not astroturfing, it's that people have expectations of them beyond just being a browser that let's you access the web.
Frankly its not that great of a browser (its serviceable. And I use it, or a derivative, pretty much exclusively); generally the reason you use it is because you care about abstract things like not supporting the chromium monopoly, or wanting to pick the project managed with the most care for how it will impact actual humans
And Mozilla has been making kinda crummy choices with respects to those abstract values more and more regularly it feels like 😅
Like I really wanna love and support Mozilla. I'm using their browser cause I think its the best choice by the metrics that are important to me. And more and more I just feel kinda exhausted and kinda frustrated with them 😅
that tonedeaf response of the mozilla staff boils my blood. holy fuck. i hate mozilla so much for years already but in recent times it got so much worse. cant wait to switch to ladybird or other alternatives in the future.
Why? They have free (as in free beer) volunteers. AI could do translation for pages nobody had time to translate yet but taking over the localization seems unnecessary.
Edit: Okay it is kinda like that, the bot automatically translates everything but volunteers can still contribute and provide better localization. It just seems to not work that well, overwriting things it should not when the actual work is just translating one additional sentence. Or simply not being that great at localization. In general AI translation is not a terrible idea but this seems clearly half baked and Mozilla has stopped responding to the complaints which isn't helping either.
I mean yes, that is why I wrote the edit. It does seem like you could do this properly, by allowing AI to do rough translations of new articles and humans do proper localization afterwards. And prevent AI from overwriting localization of text that has not actually been altered in the original language.
The problem is that's not what they're doing, even after people who volunteered time to work on localisation have asked for the AI to not overwrite existing human-translated documents. That's the bare minimum, but it seems like it's too much for Mozilla
That's not always great either though because if the AI miss-localizes things, end users in that language wont even know that their documentation is incorrect. Better to have incomplete than wrong documentation. At least then the end user will know they have to try to read a different language. It might be good to use AI to create an unpublished first draft that is then polished by a person before publishing, though it seems the AI is not good enough to be useful in that manner.
While what happened in Japan sucks and calls for an apology by Mozilla towards the team, the general idea of machine translation on demand is one of the few working examples of machine learning. I'd recommend professional systems instead of google translate, though.
What is a professional Brower that can do all what the above two can do, but is open source and not riddled with adware or ad allow ware, spyware and other shit?
Is there any browser left that we can still use for all sites?
I can't say I'm too keen on funding Ladybird, given the shit the lead developer is getting up to (to save you a click: defending white supremacy and transphobia).
That depends on your understanting of "professional". Firefox has forks out here, LibreWolf for example, that removes the AI "features" and other bullshit that crept inside vanilla Firefox
Why the fuck is lemmy so chuck full of anti Fiirefox and anti Mozilla propaganda? I even see comments about Firefox needing to be open source again!?!? It FUCKING IS open source, anybody can fork it if they want to, the only thing they can't do is use the Firefox logo and name.
You are all a bunch of idiots!! (everybody who upvoted this trash blog)
I still use Firefox every day, but I don't trust the corporate overlords to do what's right long term. They seem to be getting greedy instead of listening to the user base. They've started including AI bullshit features for the sake of it, like grouping tabs by content that nobody asked for and that barely works for me. I'm not anti-Mozilla, but I sure am weary of it and would welcome an alternative.
I haven't come across any open source comments, but those seem pretty clueless.
I don’t trust the corporate overlords to do what’s right long term.
You don't have to, if Mozilla really screwed the pooch with Firefox it would be forked. Debian used to do it with IceWeasel over a petty thing like the copyright of the Firefox logo, which 100% has always been justified, and is necessary to distinguish between an official Firefox and a fork.
The AI bullshit features as you call them are completely non invasive, I always use the newest Firefox, and I never even noticed those features.
Stop the bullshitting and complaining over things are completely irrelevant. and will never ever have any negative influence on anything you do with Firefox. I'm so sick of this lame community doing this over and over and over again, and it always turns out to be nothing.
The AI bullshit features as you call them are completely non invasive,
And yet I had to turn them off in about:config, not even in the regular settings. Why are the settings hidden? Why can't I turn them on if I want them? Why isn't opt-in and transparency their standard approach with such a controversial feature? Those are some serious dark patterns for a company advertising itself as user-friendly, that they had to backtrack on when they saw the community uproar.
Now it's happening again, but on the developer side.
Stop the bullshitting and complaining over things are completely irrelevant
Irrelevant? I can't afford AI threads running in the background, hogging my memory and processing power away from my productivity apps for whatever bullshit they decide to add that barely relates to what I use a browser for. I don't live in a "first-world country" with standard hardware. That's the whole reason I use Firefox, for the respect for their users that I have grown accustomed to, which they now seem to want to ignore. It's a huge violation of trust that you're downplaying when they want to add things first and apologize later.
The bottom line is that their approach has shifted recently, and I have every right to criticize them for it when they say one thing and do another.
standard approach with such a controversial feature
The "controversial" features:
Alt-text generation: Creates descriptions for images, which is particularly useful for making PDFs more accessible to screen readers.
On-device translation: Translates web pages without sending your content to external servers, protecting your privacy.
Smart tab groups: Analyzes open tabs to suggest names and group similar ones together to help with organization.
Link previews: Generates key points from articles to give you a quick summary.
These are all very modest in requirements even on an old phone. And the use is actually zero unless you use the function. AFAIK all further AI functionalities are all optional.
Number one is particularly useful for blind people, a group that absolutely needs screen readers to work well.
So again stop the bullshitting, just because you are bullshitting yourself too doesn't make it better. Either that or mention just one single specific function you "needed" to disable and why. IMO your misunderstood whining is annoying.
Personally I use the translation function a lot, it is both very handy and very good, and I have used it for both Russian and Ukrainian and Chinese, and it works surprisingly well. But maybe you speak every language on the planet, or find it more convenient to use an online translator, leaving unnecessary extra digital trails and requiring extra bandwidth? How you don't find that feature useful is beyond me???
I rarely ever use translation features. I never visit sites which are in a language I don't understand. 🤷♂️ So this would be nice if it were opt in, I guess.
But I definitely have the processing power to run it. Buuut of course not everyone does.
Because on every machine where I open Firefox for the first time, I have to tell it not to translate my language. It's a small dance I have to do every so often. Bit annoying, innit.
It doesn't translate anything automatically, you have to choose translation manually for a site in a foreign language. It ALWAYS shows the original first. So that's complete and utter made up bullshit.
I know that, but I don't even want the suggestion, is what I mean. You know?
Listen man, take it easy alright? I understand your stance, relax. Not trying to argue with your or get aggressive here. 🤝 We're cool. I'm on your side, I love Firefox.
Yes they are, because I bet this, as always, is a complete nothing burger, just like the previous 10 times the past year I've seen similar baseless attacks on Firefox.
The reason it works is because Mozilla staff isn't going to offer to call any random person with a "stupid anecdote".
EDIT: FWIW, your logic is broken: while your imagined yoasif denies the claim, that differs from what Baffalox does in reality - they say "yes, but". Imagined yoasif just said "no."
Wouldn't have been critical of the form of your logic, but I mean -- you said my logic was stupid. I'm not sure you understood my logic.
I have worked both as a professional translator in works not related to software and as a software developer, and also have participaded on open source public project translated by the community with weblate.
There is NO WAY at all that the AI translations are worse. DeepL has been powering your human translators pretty much since it released, and LLMs are way better at translating than the average Joe.
Most of those weblate managed translations I mentioned were absolute dogshit. Done by humans, done with passion and good intention (most of the time, some of the languages we did know less about had stuff that had nothing to do with the original texts).
Like, people assume since they speak a language that they are able to translate that language and that is not true.
Unless Mozilla had full time, proper translators working, the quality con only increase by using AI.
And if they did, they can sack most of the team, leave one per language, and have them review the translations, and they would save massive amounts of money. And like it or not, open source needs money to run.
Eich was a failure. He sat on e10s for years while Chrome continued gaining marketshare. The path to monetization is something he says he wanted to do at Mozilla but did at Brave instead.
At Brave, he started with a Gecko offshoot but couldn't make it work and retreated to Chromium.
MelodiousFunk
in reply to MicroWave • • •trxxruraxvr
in reply to MelodiousFunk • • •Nurse_Robot
in reply to MicroWave • • •realitista
in reply to Nurse_Robot • • •Linktank
in reply to MicroWave • • •SGGeorwell
in reply to Linktank • • •Lag
in reply to SGGeorwell • • •SGGeorwell
in reply to Lag • • •We’ve all been donating for decades already with our outrageously expensive healthcare. It’s the trade we make for European security guarantees.
In the meantime, Europeans get to go to the hospital for free and make fun of us for the situation.
And if there is a major war, they’ll expect US soldiers to defend them. Those soldiers will get their legs blown off, and they’ll come home to little support from the VA and still no national healthcare.
Lag
in reply to SGGeorwell • • •zqps
in reply to SGGeorwell • • •CircaV
in reply to SGGeorwell • • •Humanius
in reply to SGGeorwell • • •Linktank
in reply to SGGeorwell • • •Draedron
in reply to SGGeorwell • • •[object Object]
in reply to Draedron • • •notsure
in reply to MicroWave • • •Brave Little Hitachi Wand
in reply to MicroWave • • •[object Object]
in reply to Brave Little Hitachi Wand • • •YappyMonotheist
in reply to MicroWave • • •trxxruraxvr
in reply to MicroWave • • •A_norny_mousse
in reply to MicroWave • • •As much as I'd love for the EU to get its shit together right now, I have to agree with this 100%.
So, some nations (mostly those bordering on Russia) are already taking, hmm, "semi-offensive" action while we're still waiting on the EU's official response - the "walk" as opposed to the "talk".
angrystego
in reply to MicroWave • • •How do you think the unthinkable?
With an itheberg.
I'll see myself out.
Kami
in reply to angrystego • • •SabinStargem
in reply to MicroWave • • •thatradomguy
in reply to MicroWave • • •thatradomguy
in reply to thatradomguy • • •Can't keep living in denial, folks. It's time to face the music.