icedterminal

From their own privacy policy they outline what they do:

For research and development purposes, we may use datasets such as those that contain images, voices or other data that could be associated with an identifiable person.

To provide location-based services on Apple products, Apple and our partners and licensees, such as maps data providers, may collect, use, and share precise location data, including the real-time geographic location of your Apple computer or device.

Apple’s websites, online services, interactive applications, email messages, and advertisements may use “cookies” and other technologies such as pixel tags and web beacons.

We also use personal information to help us create, develop, operate, deliver, and improve our products, services, content and advertising

At times Apple may provide third parties with certain personal information to provide or improve our products and services, including to deliver products at your request, or to help Apple market to consumers.

Apple may collect location, IP Address, network information, Bluetooth information, connected devices, accessories, personal demographics, browsing history, browser fingerprint, device fingerprint, search history, app data, usage data, performance, diagnostics, product interaction, transaction information, payment information, purchasing records, contacts, social graph, watch history, listening interests, reading list, call metadata, device information, messaging metadata, email addresses, salary, income, assets, health data, ad interaction, in-app purchases, in-app subscriptions, app downloads, music downloads, movie downloads, TV show downloads, Apple ID, IDFA, Random Unique ID, UUID, IMEI, Hardware serial number, SIM serial number, phone number, telemetry, cookies, Nearby WiFi MAC, Siri request history, Web sign-in, songs played, play and pause times, playlists, engagement and library.

Literally all of this is what Google does. The only thing Apple does differently is hinder 3rd party apps to a greater degree, whereas Google is more permissive. But to be fair, Google has been improving the Privacy features of Android with each version.

https://tosdr.org/en/service/158

Generally, big releases bring bugs that may not have been caught during development. And sometimes a change or fix was planned but deferred until later.

Security cameras are everywhere in and around buildings/homes. Dash cams are pretty common these days and some even record when the car is off and alone. Someone is filming a vlog or some snap/insta/tiktok clip in the area.

The evidence you want to see is literally something you can do or search the Internet yourself. There’s thousands of results. CPU is better than a GPU no matter codec you use. This hasn’t changed for decades. Here’s one of many direct from a software developer.

https://handbrake.fr/docs/en/latest/technical/performance.html

It’s not odd at all. It’s well known this is actually the truth. Ask any video editor in the professional field. You can search the Internet yourself. Better yet, do a test run with ffmpeg, the software that does encoding and decoding. It’s available to download by anyone as it’s open source.

Hardware accelerated processing is faster because it takes shortcuts. It’s handled by the dedicated hardware found in GPUs. By default, there are parameters out of your control that you cannot change allowing hardware accelerated video to be faster. These are defined at the firmware level of the GPU. This comes at the cost of quality and file size (larger) for faster processing and less power consumption. If quality is your concern, you never use a GPU. No matter which one you use (AMD AMF, Intel QSV or Nvidia NVENC/DEC/CUDA), you’re going to end up with a video that appears more blocky or grainy at the same bitrate. These are called “artifacts” and make videos look bad.

Software processing uses the CPU entirely. You have granular control over the entire process. There are preset parameters programmed if you don’t define them, but every single one of them can be overridden. Because it’s inherently limited by the power of your CPU, it’s slower and consumes more power.

I can go a lot more in depth but I’m choosing to stop here because this can comment can get absurdly long.

Think outside the box. Get a previous generation. Pixel 8 was about to be released. To move inventory, Google discounted the 7 series by like 30-40%. I got the 256GB 7 Pro for $600. Without the sale, $600 is the same price as the 128GB 7. I got a top of the range flagship phone for the cost of a midrange. My mom did something similar with a Samsung phone. She got an S20 when the S22 released. Huge discount when Verizon offered it for $449.

The default power plan Asus setup is doing this. You change power plan settings.

If it found a way, then your server configuration is inadequate. Are you using old ciphers or protocols? Missing headers? Wrong headers? Something doesn’t add up here.

You always will. Welcome to the Internet. The difference is whether or not you’ve taken steps to secure your stuff. You need to understand what this malware is looking for. It’s explicitly looking for unsecured services. Such as WordPress, SQL, etc. There are inexperienced users out there that inadvertently expose themselves. I see this type of probing at work and at home. Don’t overly stress it. My home server has been running for a decade without issues. Just keep it updated and read before you make any changes if you don’t fully understand the implications.

My home based server is behind a pfsense firewall. Runs Arch. Everything is in a non-root docker container. SELinux is enforced. All domains are routed through Cloudflare. Some use Cloudflare Zero Trust.

Oh my. You’re doing it wrong. Exposing the unencrypted connection without the proper security measures is putting yourself at risk. Regardless of how strong you set the password, the connection can still be abused in all manner of ways. If you read the jellyfin documentation, you’d see the developers clearly state you should never do this. You need to put Jellyfin behind server software. Specifically a reverse proxy. I use NGINX. You can setup your connection to be secure this way. You can now also use Cloudflare if you have cache turned off. And if you really wanna go the extra mile, route it behind a VPN. Though this makes it harder for those you share it with or some devices that don’t support VPN.

Please revise your connection. If you need help, feel free to reach out.

Doubtful. Load it up in a VM. Windows guest, Linux host. Use a network monitor to see what it does with and without a firewall on.

Jellyfin gives you 100% control. You’re responsible for setting up remote access. Which actually isn’t that hard. Several IT and network admins of the community (myself included) hand out documentation on how to do this. Without completely ruining your security.

With Plex, some of the application communication is routed through their network. It requires an active internet connection and you must create an account with them. They have third party analytics embedded, use tracking pixels, beacons and device fingerprinting. Whatever personal data you have supplied is used to serve ads. This being their promoted content that isn’t part of your library.

Third party AV just becomes malware itself by hooking into nearly every function at the kernel level. Of course this adds overhead and why historically Windows updates and third party AV have clashed leading to disaster. Blue screens, failed updates or failure to boot.

Eh. Adobe puts more effort into making it harder or tedious.

With the introduction of Creative Cloud, the notorious “amtlib.dll” that houses Adobe licensing, was bundled into the respective applications binary (exe). It didn’t stop pirates. In 24 hours they found the licensing mechanism and patched it.

You could create a CC account, install the desktop manager, install any app(s) you wanted, then crack them. When an update arrived, you could simply update the app(s) and apply the crack again.

Occasionally the licensing mechanism would update and an updated crack would be needed. As usual, pirates had this worked out the day of or a day later.

Adobe would later patch the desktop manager and break functionality to update software if it wasn’t genuine. People could still get the latest versions by uninstalling and reinstalling through the desktop manager. Since it would retain user settings by default.

Later, a mechanism was built into each application that would throw a warning message that the application isn’t genuine. For example, Photoshop would soft lock and the genuine check would display with the only option to close. This too was eventually patched out by pirates.

The latest attempt from Adobe now forces users to input and have a credit or debit card saved before activating a trial. This removed the ability for users to easily install software anonymously.

I’m finding it hard to believe this statement.

System wide DNS over TLS (DoT) as it’s called “Private DNS” was introduced in Android 9. Which was released in 2018. I’d genuinely like to know what Android device today ships with 8 or older, or, ships with 9 and later but has it intentionally removed. If you’re still using an Android device running 8… Why?? It has not received security updates since 2021 and is officially unsupported.

iOS devices can import certificates to enable system wide DoT. This was introduced in iOS 14. Which was released in 2020. Given how Apple has a 7 year track record for device support, the oldest Apple device to get 14 was the iPhone 6. Which shipped with iOS 9 on release.

but the containers are still running as root, as the daemon itself raises the access to root.

No. The daemon can run without root, as such the containers don’t have root. My docker install doesn’t have root access. None of my stacks / containers need any root access tbh. I don’t have any troubles with deplyong stuff.

https://docs.docker.com/engine/security/rootless/

As of 2020, Chromium was made more permissive in accepting additional code. Before this, Chromium rejected a lot of outside code. Microsoft is now the biggest contributor outside of Google. Samsung, Intel, ARM and Apple are other notable contributors. There are several features found in the code that aren’t used by Google at all. Chrome is 100% Google’s agenda. Chromium does include Google services that Google rejects the removal of. Of course Google would rather you use them. Microsoft just removes them. As do others. But the features others have submitted to the Chromium code are of course used in their forks and possibly others. I would say Chromium is less of Google’s agenda than it used to be. As it’s not entirely neutral, there is still Google influence behind it.

If you’re interested at all:

Google Chrome is a fork of the open source Chromium with several Google proprietary features. Chromium uses the Blink engine. Blink is a fork of a large component of WebKit called WebCore. Apple primarily develops WebKit (and by proxy WebCore), itself being a fork of KHTML and KJS which were actually discontinued this year.

Pg has significantly better performance in a smaller self hosted environment. Notably because you’re doing a balance of reading and writing, or mostly writing since data changes regularly. For large scale operations where reading data is the primary use, MariaDB/MySQL is faster.

Alternatively, put it across a doorway. I did this to some devious children (6 and 12). They eventually got me back.