“if I don’t have to”. and, is your jellyfin running as root? or are you running it a different way, e.g. from apt package (where I believe it’s sensible by default)? I smell doubt.

but in either case it does not matter how do you run jellyfin. what I care is how many other people are running jellyfin exposed to the internet because they think its safe, because people on forums told them so, with the popular docker image where it is being ran as root.

I’m not moving goalposts. I’m still firmly besides my point that for the general jellyfin admin exposing jellyfin to the wide internet is unsafe and irresponsible. and seeing all the downvotes but no one else telling their opinion, it seems no one knows better either and they are just angry I pointed this out.
again, I don’t care how are you running Jellyfin. I don’t want to convince you on that, you do whats best for you, it seems you might have done some precautions. what I care is to not recommend these practices to others (without the full picture), because they are unsafe, especially without further precautions like running a(n unofficial) rootless jellyfin docker image and an intrusion detection system, which I guarantee most people won’t have.

same as webm, yes

of course, but no root permission is needed for that. flatpak packages can be installed on the user level, but even if you somehow disable that, they could still just download firefox (or anything else) as a tarball, unpack it and run it traditionally

plenty of FOSS projects are safe to expose through a simple reverse proxy

I have my doubts about that. Personally I would never do that.

Talking about security… Have you heard of intrusion detection, process isolation, or principle of least privilege?

are you aware that the very popular official docker image for jellyfin still runs the jellyfin process as root? or that most people just mount their media libraries as a read-write volume because they don’t know better?

I would also be very interested about statistics on how many jellyfin admins run intrusion detection software on their system, if you have any.

mkv for the win

why do you think that? then all piefed users would be commenting with thorns

lol, what a bunch of liars. Americans don’t have any privacy protections to waive

I don’t understand how that is possible without installing its own kernel driver. afaik only the denuvo anticheat does that

it is quite obviously not scope creep, as the systemd init system does not contain a DNS resolver.

the systemd family of tools does contain one, because the creators decided to create one with functionality not existing in alternatives. but the init system does not have a built in DNS resolver.

resolved is not part of the init system.

I don’t understand why isn’t it talked about more that the new outlook uploads your email account login passwords to microsoft, and accesses your emails through microsoft servers. a gaping violation of privacy and security

shouldn’t fe80::1 always just work if IPv6 is enabled?

it would still the ISP router be the one that connects to the network outside the building, so chances are that if it comes again over tge network cable, it will still only fry the ISP router

yeah, it’s the operator’s job to help setting that up

wow not just totally unprofessional, but even downvoting the calling out the lack of credible security! you can be ashamed of yourself, and hope that your clients never find out you are a contrarian

I really doubt your work has anything to do with computers

would not ever use your services in that case

much of the internet is run on simpler software or by full time employees tasked to deal with all this. but sure, ignorance is bliss, what you don’t see does not exist, etc etc, keep running your Jellyfin exposed to the internet. you wouldnt even get to know when your system is compromised. but you know what? you could even remove your password for extra convenience. who would want to log in to a random jellyfin account anyway! surely no one! just don’t recommend these practices to anyone, because you are putting them at risk.

idk man, I wont keep my front gate unlocked just so my friends can come in without keys. either they accept having to carry an additional key, or they won’t have access without me, but I’m not going to compromise on reasonable security. oh the burden I know.

I’ll help them set it up if they want it, they are not on their own. but zero effort won’t work.

to be fair, Jellyfin had multiple unauthenticated vulnerabilities in the past so it makes sense to talk about it