Selfhosted

54513 readers

871 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.
No spam posting.
Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.
Don't duplicate the full text of your blog or github here. Just post the link for folks to click.
Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).
No trolling.
No low-effort posts. This is subjective and will largely be determined by the community member reports.

Resources:

selfh.st Newsletter and index of selfhosted software and apps
awesome-selfhosted software
awesome-sysadmin resources
Self-Hosted Podcast from Jupiter Broadcasting

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 2 years ago

MODERATORS

HybridSarcasm@lemmy.world

HybridSarcasm@lemmy.hybridsarcasm.xyz

This Looks kinda cool, but does anyone have any experience at vetting a project like this? (github.com)

submitted 1 week ago by fleem@piefed.zeromedia.vip to c/selfhosted@lemmy.world

27 comments fedilink hide all child comments

Ive been looking for something to help the navidrome server do its thing, and this looks awesome, but there is one issue that was just opened and closed yesterday, it looks a little sus?

how does one go about digging through and discovering if this is malicious or not?

you are viewing a single comment's thread
view the rest of the comments

[–] i_stole_ur_taco@lemmy.ca 5 points 1 week ago (1 children)

Ohh that’s suspicious. I’m going to kill mine for now and take a look later tonight. I’ll report back if I find anything interesting!

[–] i_stole_ur_taco@lemmy.ca 3 points 1 week ago (1 children)

Ok, so I ran the repo through an LLM to look for any suspicious requests, and it came back clean.

But it’s hella suspicious that the repo owner edited away the issue and closed it without a response.

It’s also hella suspicious that the user that reported that issue created their account yesterday.

I think I need to go the nuclear option: pop a gummy and monitor the network traffic of the container and see what it’s doing.

[–] fleem@piefed.zeromedia.vip 5 points 1 week ago (1 children)

o7 godspeed! i appreciate you your effort. the spirit of this project does sound so cool so i was a little heartbroken.

enjoy the edible!

[–] i_stole_ur_taco@lemmy.ca 2 points 1 week ago

Well that was fun! I'm confident this project isn't malicious. It's for sure coded using AI, and I think that's what triggered a smear campaign. This removed Reddit post looks like there is just a downvote brigade out to get the project because the author admitted to using AI.

The only network traffic it's made when I monitored it was local. Certainly nothing went to Asia.

I think it tries to solve a neat problem. There's so many features packed in that it's obviously vibe coded. That's probably a huge turn off for AI detractors. If you don't care about that, I think you're safe to give it a try.