smiletolerantly

@smiletolerantly@awful.systems

This is a remote user, information on this page may be incomplete. View at Source ↗

⁨Comment⁩ on ⁨How do I host Jellyfin in the most secure manner possible?⁩ ⁨⁨3⁩ ⁨hours⁩ ago⁩:
Hi. I am a software engineer with a background in IT security. My girlfriend is a literal network security engineer.

I showed her this thread and she said: don’t bother, just use http on your local network.

Anyways, I am going to disengage from this thread now. Skepticism against things one doesn’t fully understand can be healthy, but this is an insane mix of paranoia and naïveté.

You are not a target; the things you are afraid of will never happen; and if they did, they would not have the consequences you think they would.

Your router will NOT magically expose your traffic to the internet (what would that even mean?? Like, if it spontaneously started port forwarding to your Jellyfin server (how? By just randomly guessing the port and IP???), someone would still need to actively request that traffic, AND know your login credentials, AND CARE).

Your ISP does not give a shit about you owning or streaming copyrighted material over your local network. It has no stake in that.

Graphene is not an ultimate arbiter of IT security, but the reason it “distrusts networks” is because you take your phone with you, constantly moving into actual untrusted networks (i.e. ones you do not own).

Hosting Jellyfin on Graphene will not make it more secure, whatsoever.

If every device is assumed compromised, and compromising devices with knowledge that you watch media is a threat in your model, then even putting an SD card with media in your phone and clicking play is dangerous. Which is stupid.

The way I see it, you have two options:
1. educate yourself on network security to the point of being able to trust your network setup; or
2. forget about hosting anything
⁨Comment⁩ on ⁨How do I host Jellyfin in the most secure manner possible?⁩ ⁨⁨3⁩ ⁨hours⁩ ago⁩:
This isn’t really true. Even IF your router would fail catastrophically in the right way to expose your Server to the internet, or of it actually “ratted your traffic out” to the ISP and the ISP cared (which it does not), it’s not illegal to hist Jellyfin, or put media on it which you own (which is not discernible from just… Media being streamed).

Also your ISP has no part in your local network traffic.
⁨Comment⁩ on ⁨How do I host Jellyfin in the most secure manner possible?⁩ ⁨⁨4⁩ ⁨hours⁩ ago⁩:
Smh. I get wanting to be connected to a wifi, but being locked out of your own local network is just stupid.
⁨Comment⁩ on ⁨How do I host Jellyfin in the most secure manner possible?⁩ ⁨⁨4⁩ ⁨hours⁩ ago⁩:

This does not encrypt during transit, and my network is not a trusted party.

Then honestly, you have other problems than setting up Jellyfin.

For real though, if you think someone is (or might be) listening in on your local network, i.e. have physical access or compromised one of your machines, then the Jellyfin traffic is the least of your problems. Pick your battles. What’s the worst that could happen here - someone gets to know your favorite show?

They do, because if ProtonVPN blocks LAN connections then the only other option is exposing the server to the WAN

Ah, I see. On your PC you should just be able to set a static route over the physical interface for 192.168.0.0/24 (or whatever your local network is) which takes precedence over the VPN. For android… Oof, no idea. Probably need root.
⁨Comment⁩ on ⁨How do I host Jellyfin in the most secure manner possible?⁩ ⁨⁨5⁩ ⁨hours⁩ ago⁩:
What are you talking about. Please clarify if this is actually true:

I don’t plan to access it anywhere but home.

This would mean that you only want to access Jellyfin when you, and the device you are watching your show/movie on, are at home, where the Pi/server also is.

Is this correct?

If so, then questions about VPN, Certificates, DNS,… do not matter.
1. host Jellyfin on the Pi, e.g. with IP 192.168.10.20 on your local network
2. open the Jellyfin app on your TV/Phone/PC, connect to 192.168.10.20:8096
3. done
Now you can access it at home, and only at home. I honestly fail to see where a VPN would even come into the equation here (again, if you wish to ONLY watch when you are at home, as you’ve said).
⁨Comment⁩ on ⁨Recommend EU webhosting provider to replace DreamHost?⁩ ⁨⁨2⁩ ⁨days⁩ ago⁩:
Huh, didn’t know. Thanks. I guess Hetzner is the right answer in both cases then 😄
⁨Comment⁩ on ⁨Recommend EU webhosting provider to replace DreamHost?⁩ ⁨⁨2⁩ ⁨days⁩ ago⁩:
Do you want all of that to be managed (DB, mailboxes, web-hosting,…) or just reliable hardware in “the cloud”?

For the latter, Hetzner.
⁨Comment⁩ on ⁨At least Quark had some integrity.⁩ ⁨⁨5⁩ ⁨days⁩ ago⁩:
Clyden!!!
⁨Comment⁩ on ⁨It is deeply bad that a moderator can remove any post or reply.⁩ ⁨⁨6⁩ ⁨days⁩ ago⁩:
Hm? I have never been a mod of anything :)
⁨Comment⁩ on ⁨It is deeply bad that a moderator can remove any post or reply.⁩ ⁨⁨1⁩ ⁨week⁩ ago⁩:
I mean… “To fear”? No. But There are plenty legitimate to remove comments and posts that have nothing, and I mean absolutely nothing, to do with mod overreach or censorship.
- removing derailing threads from heated discussions
- removing the annoying “just asking questions” people from LGBTQ+ safe spaces
- removing posts accidentally posted into the wrong community
- removing troll posts
- banning repeat troublemakers not willing to follow the rules
- removing aggressive, sexist, racist,… posts
On the other hand, anti-moderation people only ever seem to come up with “but I want to be able to post whatever I want!”

“Free speech” in this context means: you can go create your own instance or community, with blackjack and hookers! And mods can use the tools at their disposal to enable the rest of us to not have to deal with bullshit.
⁨Comment⁩ on ⁨It is deeply bad that a moderator can remove any post or reply.⁩ ⁨⁨1⁩ ⁨week⁩ ago⁩:
“We don’t need moderators!” shouts the Troll*, in the wrong community.

* either a troll or just an idiot, doesn’t matter imo
⁨Comment⁩ on ⁨In the latest Windows 11 preview build, Microsoft removed the “bypassnro” command, which let users skip signing into a Microsoft Account when installing Windows.⁩ ⁨⁨1⁩ ⁨week⁩ ago⁩:
Yeah OK, that’s fair. It’s really a shame how dependent notifications are on Google. ALl the other things - Mail, Photos, Drive,… - are a lot easier to replace.
⁨Comment⁩ on ⁨Selfhosting Sunday - What's up?⁩ ⁨⁨1⁩ ⁨week⁩ ago⁩:
Alright, thank you!
⁨Comment⁩ on ⁨Selfhosting Sunday - What's up?⁩ ⁨⁨1⁩ ⁨week⁩ ago⁩:
Hey, we’re also thinking about setting up authentik. Could you answer the following, where I haven’t found answers to yet: does introducing SSO impede logging into Jellyfin on a TV / phone app at all?
⁨Comment⁩ on ⁨In the latest Windows 11 preview build, Microsoft removed the “bypassnro” command, which let users skip signing into a Microsoft Account when installing Windows.⁩ ⁨⁨1⁩ ⁨week⁩ ago⁩:
Android without a Google account is great though
⁨Comment⁩ on ⁨Split Keyboards Are Superior And The Reason I’m The Writer I Am Today.⁩ ⁨⁨1⁩ ⁨week⁩ ago⁩:
As a fellow Futo user: it’s not great out of the box. My biggest recommendations are:
- under Languages and models, download all the voice models (if you use those), transformers, and wordlists you can for your languages
- if you use multiple languages, set the check on “multilingual typing” for ALL of those languages
- this is probably the biggest one: in text prediction -> Advanced Parameters, DRASTICALLY change the values. The original ones are 3.4 and 4.0 for LLM strength and autocorrect threshold, mine are currently set at 28.5 and 0.8, respectively. This takes the autocorrect from “occasionally working” to “as good as SwiftKey” for me.
- Keyboard and Typing -> Long Press -> Show hints. Could not find that for ages so thought I’d add it here.
Also, two super useful shortcuts: you can press the space-bar and move your finger around to move the pointer; and the same for backspace to fine-control what to delete.

Hope this helps, but if not… What additional gripes do you habe with it?
⁨Comment⁩ on ⁨Split Keyboards Are Superior And The Reason I’m The Writer I Am Today.⁩ ⁨⁨1⁩ ⁨week⁩ ago⁩:
Will do! Thank you!
⁨Comment⁩ on ⁨Split Keyboards Are Superior And The Reason I’m The Writer I Am Today.⁩ ⁨⁨1⁩ ⁨week⁩ ago⁩:
That sounds great. I think I’ve given it more than a month overall, but probably never longer than a week at a time. Guess I’ll have to have my SO hide my normal keyboard lol
⁨Comment⁩ on ⁨Split Keyboards Are Superior And The Reason I’m The Writer I Am Today.⁩ ⁨⁨1⁩ ⁨week⁩ ago⁩:
I built and configured an Arkenswoop some time in 2023. It’s really nice. However… I have gotten quite fast on a conventional keyboard just by using it over the years, and re-learning that is just so tedious. Every time I try, something with a deadline comes up, and I switch back “temporarily”.

Anyone have experience overcoming this?
⁨Comment⁩ on ⁨Gmail Is Now Using AI to Sort 'More Relevant' Results, But You Can Turn It Off⁩ ⁨⁨2⁩ ⁨weeks⁩ ago⁩:
Fair… Sorry, I always forget how prominent Apple devices are in the US.
⁨Comment⁩ on ⁨Gmail Is Now Using AI to Sort 'More Relevant' Results, But You Can Turn It Off⁩ ⁨⁨2⁩ ⁨weeks⁩ ago⁩:
Thunderbird for mobile is great! And in contrast to the gmail app, search actually works, lol
⁨Comment⁩ on ⁨Multiple Tesla vehicles were set on fire in Las Vegas and Kansas City⁩ ⁨⁨3⁩ ⁨weeks⁩ ago⁩:
They blamed it on the communist party, yes. There were 8 parties represented in the Reichstag at the time though.
⁨Comment⁩ on ⁨[deleted]⁩ ⁨⁨3⁩ ⁨weeks⁩ ago⁩:
If you feel Luke everyibe else is crazy… I gut news for you Buddy!
⁨Comment⁩ on ⁨Kagi search engine now has a Fediverse search option.⁩ ⁨⁨4⁩ ⁨weeks⁩ ago⁩:
Kagi lenses “focus” the search. So normal web search definitely can contain fediverse results, but with the lens switched on, you ONLY get fediverse results.
⁨Comment⁩ on ⁨What host names do you use?⁩ ⁨⁨4⁩ ⁨weeks⁩ ago⁩:
Named mine after “objects” from Iain M. Banks’ Culture Novels.

Currently I have:
- gsv
- hub
- excession
- drone
Nice and short, and map roughly to the “power level” of the hardware, so to speak.

And my Yubikeys are named after Special Circumstances agents 😄
⁨Comment⁩ on ⁨What are some of the things someone permanently relocating away from the US should be aware of?⁩ ⁨⁨4⁩ ⁨weeks⁩ ago⁩:
Damn you sound envious
⁨Comment⁩ on ⁨Facebook Cybertruck Owners Group Copes With Relentless Mockery⁩ ⁨⁨5⁩ ⁨weeks⁩ ago⁩:
I’m sorry, but have you never had actual Cheddar?
⁨Comment⁩ on ⁨i took an iq test and it was nice and i took my time doing it but the answer was 86, is that bad??⁩ ⁨⁨5⁩ ⁨weeks⁩ ago⁩:
Lol
⁨Comment⁩ on ⁨i took an iq test and it was nice and i took my time doing it but the answer was 86, is that bad??⁩ ⁨⁨5⁩ ⁨weeks⁩ ago⁩:
If an employer wants to see your IQ, you probably do not want to work there regardless.
⁨Comment⁩ on ⁨i took an iq test and it was nice and i took my time doing it but the answer was 86, is that bad??⁩ ⁨⁨5⁩ ⁨weeks⁩ ago⁩:
Verified by whom?