Frezik

Client data absolutely is encrypted in TLS. You might be thinking of a few fields sent in the clear, like SNI, but generally, it’s all encrypted.

Asymmetric crypto is used to encrypt a symmetric key, which is used for encrypting everything else (for the performance reasons you mentioned). As long as that key was transferred securely and uses a good mode like CBC, an attacker ain’t messing with what’s in there.

I think you’re confusing the limitations of each building block with how they’re actually implemented together in TLS. The whole suite together is what matters for this thread.

Public key crypto, properly implemented, does prevent MITM attacks. TLS does do this, and that’s all that matters here

The connections aren’t. This didn’t matter much for spinning platters, but it does for SSDs.

Everyone forgets about WebDAV.

It’s a little jank, but it does work on Windows. If you copy a file in, it doesn’t show up in the file manager until you refresh. But it works.

It’s also multithreaded, which isn’t the case for SMB. This is especially good if you host it on SSDs.

Fast Mail DNS because I moved my domain over there for email. Problem is that it doesn’t have an API for DNS updates, and that makes it bad for DynDNS. There are some web scraping libraries out there that can work for it, but those can easily break any time FastMail changes their interface.

For now, I’m just using the fact that my IP doesn’t change that often, and living with the fact that I’ll have to manually update it at some point.

Dynamic DNS is the usual way. Your ISP assigns the IP, so they’re the only ones who can make it static.

You might be able to do it with some VPN shenanigans, but generally dynamic DNS is what you want. It’s basically a script that runs on your server that will periodically update the IP on the DNS entries.

DnD tends to be balanced between the levels of 5 through 12. Most modules sit in there.

But I’m not saying anything controversial when I note that 5e CR is a bad way to do encounters.

If anything, I feel like Pf2e is more streamlined than DnD5e overall. At the very least, everything is in just one book.

The way critical success/fail works is better, too. Rolling a nat 20 doesn’t automatically make an unskilled character super good at something, and rolling a nat 1 doesn’t make a super skilled character fumble it completely.

5e needs a better way to balance encounters than Challenge Rating. It also has important rules for players in the DM book. Both of which are problems you can work around.

Yeah, it’s basically fine. It got a lot of new people interested in RPGs (and Critical Role certainly helped, too). If they’re all now looking for other systems to play, that’s fine, too.

Specifically these issues: https://github.com/jellyfin/jellyfin/issues/5415

The big one is that video/audio playing endpoints can be used without authentication. However, you have to guess a UUID. If Jellyfin is using UUIDv4 (fully random), then this shouldn’t be an issue; the search space is too big. However, many of the other types of UUIDs could hypothetically be enumerated through brute force. I’m not sure what Jellyfin uses for UUIDs.

Nah, setting non-standard ports is sound advice in security circles.

People misunderstand the “no security through obscurity” phrase. If you build security as a chain, where the chain is only as good as the weakest link, then it’s bad. But if you build security in layers, like a castle, then it can only help. It’s OK for a layer to be weak when there are other layers behind it.

Even better, non-standard ports will make 99% of threats go away. They automate scans that are just looking for anything they can break. If they don’t see the open ports, they move on. Won’t stop a determined attacker, of course, but that’s what other layers are for.

As long as there’s real security otherwise (TLS, good passwords, etc), it’s fine.

If anyone says “that’s a false sense of security”, ignore them. They’ve replaced thinking with a cliche.