Aussie living in the San Francisco Bay Area.
Coding since 1998.
.NET Foundation member. C# fan
https://d.sb/
Mastodon: @dan@d.sb

  • 1 Post
  • 501 Comments
Joined 3 years ago
cake
Cake day: June 14th, 2023

help-circle

  • Try set up the stream directly on an IPTV app on your TV, instead of using Dispatcharr. If you have a device with Android TV (either built-in to the TV or a steaming box like the Nvidia Shield or Onn one), try Tivimate.

    The IPTV apps on non-Android platforms aren’t as good. On your computer, you can try tuning in to a channel using VLC or a web UI (if your provider has one) and see if it works better.

    The best IPTV providers are hidden from the public (no public website or social media presence), and you need to be invited by an existing user. Unfortunately the one I use closed signups a few years ago, otherwise I’d invite you.


  • And I don’t ever know if it’ll get better because you need to know why you want to build something someway.

    The major issue I’m seeing with junior (and even intermediate) developers is that they trust that the AI will always do things the correct way and don’t question its approach, and they don’t develop proper debugging skills and just rely on the AI to attempt it.

    To get decent quality output out of an AI model, you need to have critical thinking skills, at least basic knowledge of the overall architecture for whatever you’re trying to build, and enough knowledge to question the model when it does something wrong.

    Blindly trusting AI is why so many old security issues are coming back - stored/reflected XSS, SQL injection, exposing databases directly to the internet with no password, things like that. Newer frameworks mostly got rid of them, and now AI is bringing them back. It’s a fun time for red teams at least.







  • This is good to know. I haven’t had issues with using a USB drive though, since it doesn’t receive many reads or writes - the system is copied to a RAM drive on boot and runs off that rather than the USB.

    I assume this means I’d need another drive to boot it from? My current setup is that I have 2 x 22TB drives in a ZFS mirror for data storage, and 2 x 2TB NVMe SSDs in a ZFS mirror for things like VMs, Docker containers, documents, etc.




  • Claude is very good at figuring out how to work around limitations (which is probably one reason why it’s also good at finding security issues).

    At work, the monorepo is enormous and files are loaded on-demand as needed. This isn’t uncommon with huge repos - Microsoft have VFS for Git (although I hear that’s deprecated now), Meta have EdenFS, and Google has some proprietary solution.

    We have a hook that blocks find and grep because they can be extremely slow, and tells it to instead use some significantly faster MCP tools to search the codebase, powered by a search index with local changes overlaid.

    GPT-5.5 has no problem with this. Claude Opus mostly does it, but sometimes it loves to find workarounds rather than following the instructions. Things like: Try alternative commands like egrep. Create a symlink to grep and run that to see if it bypasses the filtering. Run it with a different shell like zsh. Write a Python script that execs grep. Write a Python script to reimplement grep.

    I’m trying Hermes Agent at home, but I have it in its own VM with restricted permissions.




  • I never said anything about using the VPN as an ACL. All I said was to only expose the service over the VPN. That doesn’t necessarily mean that the app doesn’t have authentication or authorization.

    I’m also only talking about residential use cases, where it’s a common practice (when not using a VPN) to just expose everything via port forwarding. Businesses aren’t setting up Jellyfin on their servers.

    true, fun fact a VPN is also an application with an auth layer. dun dun dun!

    Sure, but someone would have to first get on the VPN, and then find vulnerable apps once on the internal network, as opposed to just scanning the internet for public-facing vulnerable systems. Wireguard (and thus Tailscale) doesn’t respond to port scans at all - it only responds to packets that are signed with a known key.

    Admittedly, networking and network security isn’t my specialty so I’m absolutely sure you’ve got more knowledge in this area.


  • If a service is publicly accessible, anyone can access it. Even if it’s secured, there can be security issues in the auth layer of the app, improperly secured endpoints, etc.

    If a service is only available over VPN, nobody can access it unless they’re on the VPN. The service isn’t visible over the public internet and other people won’t even know it exists. You can require two factor auth to connect to the VPN.

    I’m not sure why you seem to think that a private network isn’t more secure than a public network. There’s a reason why practically every company requires people working remotely to connect to a VPN to access company resources.