And again - if you put those behind a fail2ban; and you 404 5x in an hour, which is likely - you’ve solved that issue. Had my jellyfin instance publicly available for 2 years on its own VM with passthrough GPU, and haven’t had any issues. People poke around quite often, and get blackholed via the firewall for 30d.

It wouldn’t stop a dedicated attacker, but I doubt anyone’s threat model here is that intense. Most compromised servers happen from automated attacks probing for vulnerabilities in order to get RCE; not probing for what movies you have – Because having movies on a media server doesn’t prove that you didn’t rip them all off of blu-ray…it just means you have movies.

You’re not going to have 100% privacy when you put up ANY service on your network. Everything leaves a trace somehow; but I’m starting to think half of you are Chinese spies or something with the amount of paranoia people here show sometimes. :P

Hmm, that’s a good point. I just checked my Jellyfin, and I don’t put any of the cert data into its config, I’m using caddy as my reverse proxy to serve it and I didn’t even think about this. No reason it has to be a self-signed cert, it could technically be local only and still be a Let’s Encrypt cert.

If they need SSL certs, they’ve got to. Jellyfin doesn’t accept self-signed certs, which means DNS entries in a domain, and access from the internet.

Really, honestly - what they need to do is just install Jellyfin on the Raspberry Pi and ditch the encryption requirement altogether. There’s no reason to have it on a LAN-only environment. They aren’t going to need it, nobody is going to MITM their lan environment, and VPNs will regularly allow LAN passthrough.

If ProntonVPNs own client doesn’t allow LAN connections, they either need to swap to the Wireguard vanilla client (if that’s allowed on free tier), or upgrade their VPN service.

OR switch VPNs altogether.

There isn’t a way to do this without breaking one of their requirements

Only options here are to publicly host with real SSL certs, on a domain and tunnel out – Or swap VPN providers/software so that you can achieve LAN access and forego HTTPS altogether.

Edit: And sorry – the previous post is gone regarding their only needing access within the home, there’s no way I could have known that.

There’s a bit of paranoia going on here to begin with - There’s no reason they need this level of “security” within their home network on the LAN side anyhow. They could possibly buy a managed switch and make the jellyfin server only visible to a specific vlan that didn’t include the router, but that doesn’t quite match up with what it sounds like they’re needing.

Yeah, this whole thread feels like a “but I can’t do that, work around it for me”

Do. And make sure your logs are piped through fail2ban.

All of these “vulnerabilities”, require already having knowledge of the ItemIDs, and anyone without it poking around will get banned.

The rest of them require a user be authenticated, but allows horizontal information gathering. These are not RCEs or anything serious. The ones which allowed cross-user information editing have been fixed.

Tailscale is only for the server/host. You’re not changing all of your VPN services over to this, you’re using it in a ‘reverse’ fashion. You’re VPN-ing the server out to the world so it’s reachable and you have port forwarding options, etc.

From there, it can be reached by any client on the internet as a service. From there though, I don’t know how you’d get to it securely without a domain and SSL (Let’s Encrypt/Caddy) certs.

A domain is only like $16/year. So it’s not prohibitively expensive.

Ah, so this is why all land in the US extends to a body of water center.

Someone explain to me how this tax loophole works…I need to know.

Honestly, I say anyone who listens to any kind of broadcast-anything at this point is an unfortunate part of the system.

Even your typical “left leaning” news conglomerates have failed to report and make people as outraged as they should be. Nobody understands the depth of the situation we’re in, except - it seems - academics, and people who are paying attention to multiple non-US sources.

I like the stuff Threat Interactive did about Digital Foundry and calling out UE5 bullshit temporal smearing and all the performance-robbing bullshit. Our games looked better 10 years ago than they do now, and performed better to boot.

Digg is excited about “AI” moderation. So, they’re gonna be going the route of banning users for wrongthink just as Reddit did. I don’t think it’s going to be that popular.

If that’s the case, then why do all security professionals use Signal instead?

This is the part that makes you a bad person no one wants to be around.

Again. Wrong. Plenty of family and friends, and a whole region of my state who come to me for advice on cnc related shit, so you missed the mark there too.

Only people who avoid me are well…people like you, who think you need to “display” how good of a person you are. Most normal people understand humor and aren’t perpetually offended. Go touch some grass and meet some people outside for once. The majority of people on Lemmy and Reddit are not what the world would consider ‘normal’.

Fuck that. Why do I need to be better? I don’t give 2 shits about virtue signalling. I don’t have to convince the world that I’m a good person, I know my own virtues and I know that I am; so I’m allowed to joke about horrific shit all the fuck I want.

All of this performative outrage from people is silly. You’re not a bad person just because you like dark humor or shitposting.

Pandora; I use the terminal client Pianobar in Linux.

But I’m not a music nerd like you seem to be. I want RADIO, without ads. I pick a song, Pandora picks other music like it to play. I don’t have time to dick with “albums being in order” kinda shit.

The first people who “wanted to help” when my family bought a hotel to renovate, were the ones who robbed us blind. 2 of them were homeless, and we gave them a place to live. Still stole everything we owned.

I’d say it’s still normal to be wary of people’s true intentions.

Yes, it’s very common to be wary of people you don’t know.

So shitposters were shitposting. Don’t be bitches and act surprised when people are offended. Own that shit. It was meant to offend, that’s what makes it funny. I’ll join their discord and shitpost too. Call me a “bad person” all you want. idgaf.

If you think me pointing out that therapy isn’t designed around how men operate somehow makes ME sexist, you need to step back and evaluate yourself.

Welcome to my world, friend. It’s not as if I don’t have friends because I couldn’t put on the societal mask and make them; I just simply hate humans that much. Only people I can stand being around are philosophers. People who take a step back and think about the world from a unburdened point of view, and people who talk about what the solutions might one day be.

Only thing that ended up saving me is my wife and children. I would have clocked out long ago. Find someone that hates humanity with you, and cherish them. Or find someone who loves humanity to balance you.