I use Plex for my music, which has a lot of mechanisms that help me process new stuff.

For example, I have a smart playlist that only plays things I haven’t heard in a year. This is my “Frontier” playlist to hear new things. As I listen, I rate stuff with stars.
From there, I then have smart playlists that only play highly rated things I haven’t heard in a week or two. Depending on my mood, I’ll either listen to my frontier playlist, or my liked playlist… with other playlists further scoping on genre as desired.

All these playlists filter out things that are lowly rated if I’ve heard them more than X times.

I generally shove anything/everything anyone recommends into the pot, which then naturally folds into my frontier playlist which then fold naturally into my liked playlists. I’ve discovered quite a lot of stuff I never would’ve predicted I’d like this way. From there, I’ll look at recommended artists from the bands I have and like and add those as well.

It’s set up on the same box as my caddy install. I believe it’s getting passed the real IP because that’s what gets banned, and what I type in to unban it.

It just sees normal operations as http probing. Like if some other service goes down, my GetHomepage will then 404 and that’s seen as probing. It bans surprisingly quick. Even after just one or two events (normal for someone just visiting the homepage) it’ll just kick em right out

I’ve been having to inspect every alert and hand write whitelist parsers to whitelist 404s or whatever it may be for that app. Slowly accumulating a workable collection… but seems like I’m missing something as no one else seems to complain about this in threads like these

Another example is my brother got banned for normal audiobookshelf usage. He just thought the server was buggy. It was just blocking him without us really noticing or thinking much of it at the time. Not great

I’ve been using crowdsec … but I’ve yet to see anyone banned but myself so far. Is everyone else having to write tons of whitelist parsers? I could whitelist my IP but I feel like that’s sidestepping the issue and doesn’t address friends/family also getting banned, coffeeshops, etc.

Feels like I’m missing something as so far it’s been quite a pain to configure

It has a git repository option that I use. So every compose file I add to define a service goes into the repo as a commit.

I’ve only tried Komodo, but I like that it’s open source and not trying to squeeze money for extra features

Yeah, it’s an alt to portainer

Check out Komodo for doing docker UI work. Pretty new, but already awesome and making lots of progress

Ah! I’ll blame it on being filling into sleep checking on my phone. Coulda swore GitHub didn’t load any comments, but I see it now!

Been trying to get involved as I’ve been wanting to work on a recommendation engine for music for a while.

~~I made a discussion pitching ideas, since that was the listed recommendation for getting involved… which just got closed with no comment https://github.com/MediaWolfOrg/MediaWolf/discussions/17~~

joined the discord and there seems to be zero channels or chatter besides the welcome feed

Where is the active discussion happening for this project? I must be missing something

Huge fan of the cathedral view. It’s the only thing that makes modding amazing.

In the parlor view, everyone is holding their secrets close to their chest and hiding the tricks, which means the community can’t learn from each other nearly as well.

Cathedral is what allows tons of tiny contributions to add up to a vast amazing experience. Each person’s work can be built upon by the next or used as inspiration and guidance for something new.

For an ecosystem built on people working after hours, this collaboration and knowledge exchange is fundamental.

Thanks for the insight! Does running this in a docker container help limit the damage at all? Seems like they’d only be able to access the few folders I have the container access to?

Gotcha. Thanks for the insight!

It’s annoying, as I’d like to expose things for other people in my family (like Overseerr or whatever) without hassling them to also start a VPN or other stumbling block steps.

I was hoping that reverse proxy to overseerrs login screen would be safe enough. 8(

Does docker help limit things at all? I’m running my services through docker, which seems to limit the folders the container can hit. Feels like that would limit the damage someone could do even if they bypassed the login page of Overseerr or whatever app it is?

Edit: thanks for all the replies! Always more to learn and do, haha

Just out of curiosity, is the tail scale part of this required? If i just reverse proxy things and have them only protected from there by the login screen of the app being shown, that’s obviously less safe. But the attackers would still need to brute force my passwords to get any access? If they did, then they could do nasty things within the app, but limited to that app. Are there other vulnerabilities I’m not thinking about?