The scraping/bandwidth abuse problem can easily be worked around.

how?

anubis does not protect the APIs, and it cannot protect against bot traffic coming from many different residential proxies

are you sure that is a good link?

for anyone reading this, Codeberg/Forgejo can migrate issues too! use the “new migration” function in the menu where you create new repositories, and tick the box for copying issues and wiki. it is a one time copy only, though, so if you are dedicated you should restrict issues on the github repo to collaborators only, so that people can’t open new issues (which won’t be able to be synced anymore), but old ones are still readable in their original form.

syncing issues cannot be done later, it’s for new repos only

for a very long time it was not only possible for experts. like, I would say the last 10-15 years, maybe even more. It’s very harmful that people can now create things they don’t even know how to check what it does, and they just assume this “sentient thing” actually produced what you wanted with no major flaws. thing is, you (or anyone else vibecoding things) won’t be able to determine what is good or bad without taking the time and learning the building blocks, learning how they work and how they are supposed to be used.

also your comments look like AI generated comments, fake enthusiasm and all the rest. it does not inspire much confidence

“if I don’t have to”. and, is your jellyfin running as root? or are you running it a different way, e.g. from apt package (where I believe it’s sensible by default)? I smell doubt.

but in either case it does not matter how do you run jellyfin. what I care is how many other people are running jellyfin exposed to the internet because they think its safe, because people on forums told them so, with the popular docker image where it is being ran as root.

I’m not moving goalposts. I’m still firmly besides my point that for the general jellyfin admin exposing jellyfin to the wide internet is unsafe and irresponsible. and seeing all the downvotes but no one else telling their opinion, it seems no one knows better either and they are just angry I pointed this out.
again, I don’t care how are you running Jellyfin. I don’t want to convince you on that, you do whats best for you, it seems you might have done some precautions. what I care is to not recommend these practices to others (without the full picture), because they are unsafe, especially without further precautions like running a(n unofficial) rootless jellyfin docker image and an intrusion detection system, which I guarantee most people won’t have.

same as webm, yes

of course, but no root permission is needed for that. flatpak packages can be installed on the user level, but even if you somehow disable that, they could still just download firefox (or anything else) as a tarball, unpack it and run it traditionally

plenty of FOSS projects are safe to expose through a simple reverse proxy

I have my doubts about that. Personally I would never do that.

Talking about security… Have you heard of intrusion detection, process isolation, or principle of least privilege?

are you aware that the very popular official docker image for jellyfin still runs the jellyfin process as root? or that most people just mount their media libraries as a read-write volume because they don’t know better?

I would also be very interested about statistics on how many jellyfin admins run intrusion detection software on their system, if you have any.

mkv for the win

why do you think that? then all piefed users would be commenting with thorns

lol, what a bunch of liars. Americans don’t have any privacy protections to waive

I don’t understand how that is possible without installing its own kernel driver. afaik only the denuvo anticheat does that

it is quite obviously not scope creep, as the systemd init system does not contain a DNS resolver.

the systemd family of tools does contain one, because the creators decided to create one with functionality not existing in alternatives. but the init system does not have a built in DNS resolver.

resolved is not part of the init system.

I don’t understand why isn’t it talked about more that the new outlook uploads your email account login passwords to microsoft, and accesses your emails through microsoft servers. a gaping violation of privacy and security

shouldn’t fe80::1 always just work if IPv6 is enabled?

it would still the ISP router be the one that connects to the network outside the building, so chances are that if it comes again over tge network cable, it will still only fry the ISP router

yeah, it’s the operator’s job to help setting that up

wow not just totally unprofessional, but even downvoting the calling out the lack of credible security! you can be ashamed of yourself, and hope that your clients never find out you are a contrarian

I really doubt your work has anything to do with computers