You either set the DNS settings per device to the system running PiHole / AdGuard Home, or if your router allows, set the DNS there. It’s ideal to set it on the router.
Any time a device makes a DNS request to a domain, it’s checked against the list. If found, it’s stopped. If not found, it gets sent upstream to your choice of a public DNS configured during setup. I use Cloudflare (1.1.1.1, 1.0.0.1).
The evidence you want to see is literally something you can do or search the Internet yourself. There’s thousands of results. CPU is better than a GPU no matter codec you use. This hasn’t changed for decades. Here’s one of many direct from a software developer.
https://handbrake.fr/docs/en/latest/technical/performance.html
It’s not odd at all. It’s well known this is actually the truth. Ask any video editor in the professional field. You can search the Internet yourself. Better yet, do a test run with ffmpeg, the software that does encoding and decoding. It’s available to download by anyone as it’s open source.
Hardware accelerated processing is faster because it takes shortcuts. It’s handled by the dedicated hardware found in GPUs. By default, there are parameters out of your control that you cannot change allowing hardware accelerated video to be faster. These are defined at the firmware level of the GPU. This comes at the cost of quality and file size (larger) for faster processing and less power consumption. If quality is your concern, you never use a GPU. No matter which one you use (AMD AMF, Intel QSV or Nvidia NVENC/DEC/CUDA), you’re going to end up with a video that appears more blocky or grainy at the same bitrate. These are called “artifacts” and make videos look bad.
Software processing uses the CPU entirely. You have granular control over the entire process. There are preset parameters programmed if you don’t define them, but every single one of them can be overridden. Because it’s inherently limited by the power of your CPU, it’s slower and consumes more power.
I can go a lot more in depth but I’m choosing to stop here because this can comment can get absurdly long.
If it found a way, then your server configuration is inadequate. Are you using old ciphers or protocols? Missing headers? Wrong headers? Something doesn’t add up here.
You always will. Welcome to the Internet. The difference is whether or not you’ve taken steps to secure your stuff. You need to understand what this malware is looking for. It’s explicitly looking for unsecured services. Such as WordPress, SQL, etc. There are inexperienced users out there that inadvertently expose themselves. I see this type of probing at work and at home. Don’t overly stress it. My home server has been running for a decade without issues. Just keep it updated and read before you make any changes if you don’t fully understand the implications.
My home based server is behind a pfsense firewall. Runs Arch. Everything is in a non-root docker container. SELinux is enforced. All domains are routed through Cloudflare. Some use Cloudflare Zero Trust.
Oh my. You’re doing it wrong. Exposing the unencrypted connection without the proper security measures is putting yourself at risk. Regardless of how strong you set the password, the connection can still be abused in all manner of ways. If you read the jellyfin documentation, you’d see the developers clearly state you should never do this. You need to put Jellyfin behind server software. Specifically a reverse proxy. I use NGINX. You can setup your connection to be secure this way. You can now also use Cloudflare if you have cache turned off. And if you really wanna go the extra mile, route it behind a VPN. Though this makes it harder for those you share it with or some devices that don’t support VPN.
Please revise your connection. If you need help, feel free to reach out.
Doubtful. Load it up in a VM. Windows guest, Linux host. Use a network monitor to see what it does with and without a firewall on.
Jellyfin gives you 100% control. You’re responsible for setting up remote access. Which actually isn’t that hard. Several IT and network admins of the community (myself included) hand out documentation on how to do this. Without completely ruining your security.
With Plex, some of the application communication is routed through their network. It requires an active internet connection and you must create an account with them. They have third party analytics embedded, use tracking pixels, beacons and device fingerprinting. Whatever personal data you have supplied is used to serve ads. This being their promoted content that isn’t part of your library.
Third party AV just becomes malware itself by hooking into nearly every function at the kernel level. Of course this adds overhead and why historically Windows updates and third party AV have clashed leading to disaster. Blue screens, failed updates or failure to boot.
Eh. Adobe puts more effort into making it harder or tedious.
With the introduction of Creative Cloud, the notorious “amtlib.dll” that houses Adobe licensing, was bundled into the respective applications binary (exe). It didn’t stop pirates. In 24 hours they found the licensing mechanism and patched it.
You could create a CC account, install the desktop manager, install any app(s) you wanted, then crack them. When an update arrived, you could simply update the app(s) and apply the crack again.
Occasionally the licensing mechanism would update and an updated crack would be needed. As usual, pirates had this worked out the day of or a day later.
Adobe would later patch the desktop manager and break functionality to update software if it wasn’t genuine. People could still get the latest versions by uninstalling and reinstalling through the desktop manager. Since it would retain user settings by default.
Later, a mechanism was built into each application that would throw a warning message that the application isn’t genuine. For example, Photoshop would soft lock and the genuine check would display with the only option to close. This too was eventually patched out by pirates.
The latest attempt from Adobe now forces users to input and have a credit or debit card saved before activating a trial. This removed the ability for users to easily install software anonymously.
You can literally make a steam deck last 30 mins at minimum. Lol. I would say most users are getting 2 to 3 hours with reasonable settings. So many variables at play. Your best bet is to go in with realistic expectations.
but the containers are still running as root, as the daemon itself raises the access to root.
No. The daemon can run without root, as such the containers don’t have root. My docker install doesn’t have root access. None of my stacks / containers need any root access tbh. I don’t have any troubles with deplyong stuff.
Pg has significantly better performance in a smaller self hosted environment. Notably because you’re doing a balance of reading and writing, or mostly writing since data changes regularly. For large scale operations where reading data is the primary use, MariaDB/MySQL is faster.
You should for sure move away from a proprietary OS. There are many ways to go about it. I personally use Arch minimal with hardened kernel. Everything runs in non-root docker containers. Commonly used distros are Ubuntu and Fedora. But there are many more to choose from. https://distrowatch.com/search.php?category=Server
To bypass their CDN (referred to caching) you need to setup a Page Rule for the entire Plex domain.
Cache Level set to Bypass for https://plex.mydomain.me/*
Thanks for the information. Although Argo still greatly reduces latency if a user cares to reduce communication time.
Once you agree to letting friends and family access your hosted services, you become the tech support for any problems. Whether that be your fault, user error, etc. You should absolutely limit who you give access to. In my case, only three people can and that’s immediate family. No friends, no extended family. I don’t wanna deal with all that mess when I deal with it at work. Don’t over extend yourself by being nice.
Using Cloudflare is against the ToS when used for services like Jellyfin. Your account can be limited, closed, or find yourself getting a several hundred dollar bill for data usage because you’ve breached the terms of service. Additionally, streaming content on free accounts incurs higher latency which I’ve confirmed myself Argo smart routing massively reduces. https://github.com/jellyfin/jellyfin/issues/9295 - Don’t abuse what’s free or you may lose it.
Google shouldn’t be indexing your domains anyway. If it’s flagged your domain, it’s been indexed and scanned. Alternatively, it could indicate you have a weak point somewhere on your server and you’ve been breached. Google’s scan picked up whatever it was. Though I doubt this is the case and just a false positive. Double check your robots.txt files and disallow everything. Most index bots respect this. You can use a community sourced bot blocker. https://github.com/mitchellkrogza/nginx-ultimate-bad-bot-blocker
I’ve been running my own self hosted services for almost a decade. Though I have a background in IT directly doing this kind of stuff daily at work. As long as you have a strong firewall, modern TLS, relevant security headers, automatic tools like fail2ban, and have a strong grasp on permissions, you should be fine. Before I moved everything to non-root docker, it was given its own service user and SELinux policy. Using direct DNS isn’t so much of a problem. You shouldn’t have any issues. Feel free to reach out if you have any questions.
This is definitely meant to make it less painful for the players of those games.