Except the comment is absolute horseshit. Vrt is the public broadcasting and news service and absolutely not a tabloid, furthermore this story is well documented and has been all over Belgian news for a week so it’s absolutely uncalled for to call the veracity of this story into question.

If you want a source, here is a direct link to the verdict: https://rechtbanken-tribunaux.be/sites/default/files/media/reatpi/leuven/files/correctioneel-vonnis-leuven-1-april-2025.pdf

Feel free to cross reference with the article and point out inaccuracies. As far as I can tell, the article is factual but perhaps a bit short on details and context. Nevertheless, this story has been covered extensively and much more in depth in Dutch on the same website. In fact, I retrieved the link to the verdict from an article on vrt.be.

Because he can read news sources in Dutch?

https://www.vrt.be/vrtnws/nl/2025/04/01/student-geneeskunde-verkrachting-geen-straf/

vrt.be is a very reputable site and not a tabloid. It belongs to the Flemish public broadcasting service, and they mostly write articles in Dutch. They do have an English section as well, though obviously it’s not as thorough as their Dutch site. After all, we are a Dutch speaking region.

I can assure you that this case is very real, and has been all over the Belgian media the past week. Just google “verkrachter leuven”, and you’ll literally find hundreds of news articles about this case.

decided to literally figure out how to search Dutch google in Dutch just to find something more reputable

Looks like you didn’t do a very good job then.

That reminds me … another annoying thing Google did was list my private jellyfin instance as a “deceptive site”, after it had uninvitedly crawled it.

A common issue it seems.

cgnat

Ew

What I used to do was: I put jellyfin behind an nginx reverse proxy, on a separate vhost (so on a unique domain). Then I added basic authentication (a htpasswd file) with an unguessable password on the whole domain. Then I added geoip firewall rules so that port 443 was only reachable from the country I was in. I live in small country, so this significantly limits exposure.

Downside of this approach: basic auth is annoying. The jellyfin client doesn’t like it … so I had to use a browser to stream.

Nowadays, I put all my services behind a wireguard VPN and I expose nothing else. Only issue I’ve had is when I was on vacation in a bnb and they used the same IP range as my home network :-|

This is how I found out Google harvests the URLs I visit through Chrome.

Got google bots trying to crawl deep links into a domain that I hadn’t published anywhere.

all you need is to get a static IP for your home network

Don’t even need a static IP. Dyndns is enough.

Seeing the Brussels Times, I thought it was going to be about this guy: https://nl.wikipedia.org/wiki/Marcel_Vervloesem (sorry no english link).

PC gamer no longer means tech savvy. My zoomer stepson is a hardcore gamer but can’t figure out shit when something’s wrong with his computer, and does not understand basic concepts regarding hardware, operating systems, networking, … and he doesn’t seem to care about any of it either.

Never mind developers who, in 2025, still think their project is special enough for a $HOME dotfile/dotdir

Well, Firefox is pretty special 🤡

You’re thinking of Netscape Navigator Gold 3.0

Yes, we had social media back then, just not with Nazis, bots, and ads.

We did have plenty of usenet trolls and usenet wars.

I haven’t had to compile a kernel in 20 years.

You’ll be lucky if there are actual VMs.

Mods should ban any account that has external links meant to sell something

There is r/nofans

I think cars peaked ca. 2010. Anything added after that are annoyances or things being taken away.

If I could get a brand new facelift E90, that would probably be my next car.

Do not allow username/password login for ssh

This is disabled by default for the root user.

$ man sshd_config

...
       PermitRootLogin
               Specifies whether root  can  log  in  using  ssh(1).   The  argument  must  be  yes,  prohibit-password,
               forced-commands-only, or no.  The default is prohibit-password.
...

If it is your single purpose to create a blocklist of suspect IP addresses, I guess this could be a honeypot strategy.

If it’s to secure your own servers, you’re only playing whack-a-mole using this method. For every IP you block, ten more will pop up.

Instead of blacklisting, it’s better to whitelist the IP addresses or ranges that have a legitimate reason to connect to your server, or alternatively use someting like geoip firewall rules to limit the scope of your exposure.

Yeah I don’t do security via obscurity

Another one who misunderstands that phrase… Yes, obscurity shouldn’t be your only line of defense, but limiting discoverability of your systems should be an integral part of your security strategy.