smiletolerantly
@smiletolerantly@awful.systems
- Comment on Haribo gummies are so hard you can use them instead of rubber bullets. 1 week ago:
Uhhhhhh
No? If they are hard, they are dried out. Chewy, sure, that’s the fun; but they should be soft to the touch.
- Comment on Infinite Monkey Theorem 2 weeks ago:
NO
DO NOT READ THIS
- Comment on Confused about the many ebook/manga management solutions 2 weeks ago:
For manga, I’ve found Mihon to be nicest, by far, and it supports the API. For books, I am currently “stuck” on koreader on Android (which “only” supports OPDS-PS). I do most of my reading on a reMarkable currently, and that has no supporting client. Writing one is on my to-do list, but it’s a bit daunting of a task…
- Comment on Confused about the many ebook/manga management solutions 2 weeks ago:
I think I have set Suwayomi to download / convert to CZB, not for Kavita specifically, but because a lot of reader apps cannot handle loose images
- Comment on Confused about the many ebook/manga management solutions 2 weeks ago:
Haven’t had any issues in that regard, so can’t really say, sorry. I have two folders (Mangas and ebooks) on my NAS, and in Kavita, created a library for each.
You absolutely can edit metadata, although I personally haven’t had the need yet. I use readarr and suwayomi for “obtaining” books and manga, respectively, and what they come up with is usually just fine.
- Comment on Confused about the many ebook/manga management solutions 2 weeks ago:
I went through essentially the same thing a couple months ago. Tried Calibre (and Calibre server) since everyone recommended it.
Really disliked it. Calibre is great for converting ebooks, but has shit management and webserving capabilities.
I ended up with Kavita and am super happy. On the web client, both management and actual reading are a pleasure. Any phone/tablet client supporting OPDS works perfectly to read/download your manga/books from the server.
And a select few clients go a step further, supporting Kavita’s API, which allows for 2-way sync (effectively, syncing reading progress between all your devices).
- Comment on conduwuit, “featureful fork of conduit” (Rust Matrix homeserver), is discontinued 2 weeks ago:
Yeah but conduit is so stale, it might as well be discontinued
- Comment on Do it 2 weeks ago:
- Comment on How do I securely host Jellyfin? (Part 2) 2 weeks ago:
I still find it hilarious that since dd-wrt and OpenWrt are just… Linux, you could install Super Mario Bros on there. I checked, nobody seems to have tried.
Oh, definitely, but there are varying degrees of difficulty, esp. with what kinds of packages / package management you have available :D
Ah, that make sense. Is Wireguard P2P?
Yes, in the sense that each node/device is a peer. But the way I’d suggest you configure it in your case is more akin to a client/server setup - your devices forward all traffic to the “server”, but it never takes initiative to talk “back” to them, and they do not attempt to communicate with each other. Unless you have a separate usecase for that, of course.
You both are perfect for each other, so don’t screw it up!
❤️
Closing in on 8 years
- Comment on How do I securely host Jellyfin? (Part 2) 2 weeks ago:
I’m actually surprised nobody suggested simply using the Pi with OpenWrt as my own router. Though, that would make it hard to host Jellyfin.
A brief internet search shows that surprisingly, hosting Jellyfin on OpenWRT should work… No idea how well though. Come to think of it, having OpenWRT on the pi might make it a lot easier to configure, with graphical settings available and so on.
Could you explain Wireguard vs. Tailscale in this scenario?
I’ve never used tailscale, I’m afraid. Normally I would say: just use whatever seems easier to set up on your device/network; however, note that tailscale needs a “coordinate server”. No actual traffic ever goes through it, it just facilitates key exchanges and the like (from what I understand), but regardless, it’s a server outside your control which is involved in some way. You can selfhost this server, but that is additional work, of course…
Thank you all so much for your help! This is likely the solution I will go with, combined with another one, so again thank you so much!
Glad I could help, after being so unhelpful yesterday :)
P.S. I don’t care if you wrap an ethernet cord around her finger, get going!
Eh… Marriage is not really common in either of our families. We agreed to go sign the papers if there ever is a tax reason, lol. Sorry if that’s a bit unromantic :D Nice rings though ^^
- Comment on How do I securely host Jellyfin? (Part 2) 2 weeks ago:
Hi again.
How about the following idea:
Set up ProtonVPN on the raspberry pi.
On all other devices (or at least those you want to use Jellyfin on), switch from using Proton to using Wireguard. Unlike your phone, the raspberry pi has no trouble running multiple VPNs. I think the ProtonVPN limitations in regard to not allowing split tunneling don’t apply here, since all outgoing traffic will still go via Proton.
Essentially, the Pi would function as a proxy for all of your traffic, “and also” host Jellyfin. You would still connect to 192.168.20.10:8096 (or whatever) on your devices, but that address would only resolve to anything when you are connected to the pi via Wireguard. No HTTPs, but “HTTP over Wireguard”, if you will.
Nots that this requires you trusting the pi to the same degree that you trust your phone.
For your static devices (PC, TV) this should solve the problem. Devices which you take with you, like your phone, unfortunately will loose internet connectivity when you leave your home until you switch off Wireguard, and switch on Proton, and not be able to connect to Jellyfin when you return home, until you switch them back.
Essentially, you would have a “home” VPN and a “on the go” VPN, though you never need to connect to both. There might be ways to automate this based on WiFi SSID on Android, but I have not looked into it.
The Pros:
- this should meet all your requirements. No additional expenses, no domain, no dynDNS; no selfsigned certificate or custom CA; traffic is never unencrypted; works on all common devices.
- Wireguard is sufficiently lightweight to not bog down the pi, normally
- this is actually well within the intended use-cases for Wireguard, so no “black magic” required in configuring it
- if you ever do decide to get a domain, you can configure everything to always be connected to your pi via Wireguard, even on the go! Not required though.
The Cons:
- when you are new to selfhosting, Wireguard is a bit daunting to set up. It is not the easiest to debug (don’t worry, it’s easy to tell IF it is working, but not always WHY it isn’t working). Some manual route handling is probably also required on the pi. It should definitely be doable though, but might turn this Jellyfin thing from a weekend project to a 2 week project…
- I have no experience with how well the pi runs Jellyfin. If the answer is “barely”, then adding multiple concurrent Wireguard sessions might be a bad experience. Though in this case, you could only switch Proton to Wireguard whenever you want to watch Jellyfin.
- the manual switching might be annoying, but that is the price to pay here, so to speak
- Comment on How do I host Jellyfin in the most secure manner possible? 2 weeks ago:
Hi again. Sorry for being so rude yesterday. Your new post actually clears the situation up a lot.
We might have an idea for you, will comment on the new post.
- Comment on How do I host Jellyfin in the most secure manner possible? 2 weeks ago:
Hi. I am a software engineer with a background in IT security. My girlfriend is a literal network security engineer.
I showed her this thread and she said: don’t bother, just use http on your local network.
Anyways, I am going to disengage from this thread now. Skepticism against things one doesn’t fully understand can be healthy, but this is an insane mix of paranoia and naïveté.
You are not a target; the things you are afraid of will never happen; and if they did, they would not have the consequences you think they would.
Your router will NOT magically expose your traffic to the internet (what would that even mean?? Like, if it spontaneously started port forwarding to your Jellyfin server (how? By just randomly guessing the port and IP???), someone would still need to actively request that traffic, AND know your login credentials, AND CARE).
Your ISP does not give a shit about you owning or streaming copyrighted material over your local network. It has no stake in that.
Graphene is not an ultimate arbiter of IT security, but the reason it “distrusts networks” is because you take your phone with you, constantly moving into actual untrusted networks (i.e. ones you do not own).
Hosting Jellyfin on Graphene will not make it more secure, whatsoever.
If every device is assumed compromised, and compromising devices with knowledge that you watch media is a threat in your model, then even putting an SD card with media in your phone and clicking play is dangerous. Which is stupid.
The way I see it, you have two options:
- educate yourself on network security to the point of being able to trust your network setup; or
- forget about hosting anything
- Comment on How do I host Jellyfin in the most secure manner possible? 2 weeks ago:
This isn’t really true. Even IF your router would fail catastrophically in the right way to expose your Server to the internet, or of it actually “ratted your traffic out” to the ISP and the ISP cared (which it does not), it’s not illegal to hist Jellyfin, or put media on it which you own (which is not discernible from just… Media being streamed).
Also your ISP has no part in your local network traffic.
- Comment on How do I host Jellyfin in the most secure manner possible? 2 weeks ago:
Smh. I get wanting to be connected to a wifi, but being locked out of your own local network is just stupid.
- Comment on How do I host Jellyfin in the most secure manner possible? 2 weeks ago:
This does not encrypt during transit, and my network is not a trusted party.
Then honestly, you have other problems than setting up Jellyfin.
For real though, if you think someone is (or might be) listening in on your local network, i.e. have physical access or compromised one of your machines, then the Jellyfin traffic is the least of your problems. Pick your battles. What’s the worst that could happen here - someone gets to know your favorite show?
They do, because if ProtonVPN blocks LAN connections then the only other option is exposing the server to the WAN
Ah, I see. On your PC you should just be able to set a static route over the physical interface for 192.168.0.0/24 (or whatever your local network is) which takes precedence over the VPN. For android… Oof, no idea. Probably need root.
- Comment on How do I host Jellyfin in the most secure manner possible? 2 weeks ago:
What are you talking about. Please clarify if this is actually true:
I don’t plan to access it anywhere but home.
This would mean that you only want to access Jellyfin when you, and the device you are watching your show/movie on, are at home, where the Pi/server also is.
Is this correct?
If so, then questions about VPN, Certificates, DNS,… do not matter.
- host Jellyfin on the Pi, e.g. with IP 192.168.10.20 on your local network
- open the Jellyfin app on your TV/Phone/PC, connect to 192.168.10.20:8096
- done
Now you can access it at home, and only at home. I honestly fail to see where a VPN would even come into the equation here (again, if you wish to ONLY watch when you are at home, as you’ve said).
- Comment on Recommend EU webhosting provider to replace DreamHost? 3 weeks ago:
Huh, didn’t know. Thanks. I guess Hetzner is the right answer in both cases then 😄
- Comment on Recommend EU webhosting provider to replace DreamHost? 3 weeks ago:
Do you want all of that to be managed (DB, mailboxes, web-hosting,…) or just reliable hardware in “the cloud”?
For the latter, Hetzner.
- Comment on At least Quark had some integrity. 3 weeks ago:
Clyden!!!
- Comment on It is deeply bad that a moderator can remove any post or reply. 3 weeks ago:
Hm? I have never been a mod of anything :)
- Comment on It is deeply bad that a moderator can remove any post or reply. 3 weeks ago:
I mean… “To fear”? No. But There are plenty legitimate to remove comments and posts that have nothing, and I mean absolutely nothing, to do with mod overreach or censorship.
- removing derailing threads from heated discussions
- removing the annoying “just asking questions” people from LGBTQ+ safe spaces
- removing posts accidentally posted into the wrong community
- removing troll posts
- banning repeat troublemakers not willing to follow the rules
- removing aggressive, sexist, racist,… posts
On the other hand, anti-moderation people only ever seem to come up with “but I want to be able to post whatever I want!”
“Free speech” in this context means: you can go create your own instance or community, with blackjack and hookers! And mods can use the tools at their disposal to enable the rest of us to not have to deal with bullshit.
- Comment on It is deeply bad that a moderator can remove any post or reply. 3 weeks ago:
“We don’t need moderators!” shouts the Troll*, in the wrong community.
* either a troll or just an idiot, doesn’t matter imo
- Comment on In the latest Windows 11 preview build, Microsoft removed the “bypassnro” command, which let users skip signing into a Microsoft Account when installing Windows. 4 weeks ago:
Yeah OK, that’s fair. It’s really a shame how dependent notifications are on Google. ALl the other things - Mail, Photos, Drive,… - are a lot easier to replace.
- Comment on Selfhosting Sunday - What's up? 4 weeks ago:
Alright, thank you!
- Comment on Selfhosting Sunday - What's up? 4 weeks ago:
Hey, we’re also thinking about setting up authentik. Could you answer the following, where I haven’t found answers to yet: does introducing SSO impede logging into Jellyfin on a TV / phone app at all?
- Comment on In the latest Windows 11 preview build, Microsoft removed the “bypassnro” command, which let users skip signing into a Microsoft Account when installing Windows. 4 weeks ago:
Android without a Google account is great though
- Comment on Split Keyboards Are Superior And The Reason I’m The Writer I Am Today. 4 weeks ago:
As a fellow Futo user: it’s not great out of the box. My biggest recommendations are:
- under Languages and models, download all the voice models (if you use those), transformers, and wordlists you can for your languages
- if you use multiple languages, set the check on “multilingual typing” for ALL of those languages
- this is probably the biggest one: in text prediction -> Advanced Parameters, DRASTICALLY change the values. The original ones are 3.4 and 4.0 for LLM strength and autocorrect threshold, mine are currently set at 28.5 and 0.8, respectively. This takes the autocorrect from “occasionally working” to “as good as SwiftKey” for me.
- Keyboard and Typing -> Long Press -> Show hints. Could not find that for ages so thought I’d add it here.
Also, two super useful shortcuts: you can press the space-bar and move your finger around to move the pointer; and the same for backspace to fine-control what to delete.
Hope this helps, but if not… What additional gripes do you habe with it?
- Comment on Split Keyboards Are Superior And The Reason I’m The Writer I Am Today. 4 weeks ago:
Will do! Thank you!
- Comment on Split Keyboards Are Superior And The Reason I’m The Writer I Am Today. 4 weeks ago:
That sounds great. I think I’ve given it more than a month overall, but probably never longer than a week at a time. Guess I’ll have to have my SO hide my normal keyboard lol