smiletolerantly

joined 1 year ago
[–] smiletolerantly@awful.systems 31 points 5 days ago (2 children)

I host it publicly accessible behind a proper firewall and reverse proxy setup.

If you are only ever using Jellyfin from your own, wireguard configured phone, then that's great; but there's nothing wrong with hosting Jellyfin publicly.

I think one of these days I need to make a "myth-busting" post about this topic.

Matrix fits the bill.

Unless you don't like the federated nature.

OK, add step above: use wildcard certificate for your domain.

Terminating the TLS connection at your perimeter firewall is standard practice, there's no reason your jellyfin host needs to obtain the certificate.

[–] smiletolerantly@awful.systems 1 points 2 weeks ago (2 children)

Actual answer for 3:

  • put jellyfin behind a proper reverse proxy. Ideally on a separate host / hardware firewall, but nginx on the same host works fine as well.
  • create subdomain, let's say sub.yourdomain.com
  • forward traffic, for that subdomain ONLY, to jellyfin in your reverse proxy config
  • tell your relatives to put sub.yourdomain.com into their jellyfin app

All the fear-mongering about exposing jellyfin to the internet I have seen on here boils down to either

  • "port forwarding is a bad idea!!", which yes, don't do that. The above is not that. Or
  • "people / bots who know your IP can get jellyfin to work as a 1-bit oracle, telling you if a specific media file exists on your disk" which is a) not an indication for something illegal, and b) prevented by the described reverse proxy setup insofar as the bot needs to know the exact subdomain (and any worthwhile domain-provider will not let bots walk your DNS zone).

(Not saying YOU say that; just preempting the usual folklore typically commented whenever someone suggests hosting jellyfin publicly accessible)

Neovim, because I wanted something that would not just disappear.

I never really got along with VSCode, opting for Atom instead. Microsoft bought GitHub, which owned Atom, and promptly discontinued it.

Nvim has such an active community (and no "owner") that I'm certain that this won't happen again. At the same time, the plugin system is so flexible that I'm also certain that I will never miss out on any shiny new features.

Over the years, my config has matured, and is mine. The thought of going back to an editor, any editor, less flexible in its configuration than nvim is just... an absolute "no".

It's a steep learning curve, but well worth it.

[–] smiletolerantly@awful.systems 10 points 4 weeks ago

I dream of a pure information protocol. Kinda like RSS, but... More.

  • allow any piece of information (news article, DM, sensor reading,...) to be wrapped in a standard format
  • subscribe to any number of source directly or indirectly (e.g. through a self-hosted relay server)
  • allow networks to define default data sources (e.g. get sensor data from machines as soon as you are connected to corporate networks
  • make the data declare what UI elements are required,
  • but allow clients to display them however the fuck they want
  • allow user to assign priorities statically or programmatically to any source, and to filter, sort, categorize based on it

Essentially: I want "the feed" from universes like The Expanse

[–] smiletolerantly@awful.systems 22 points 1 month ago (9 children)

No, mate. I don't need a guide, or a tour. Just a single clarifying sentence.

"My product does x". Right now, x could be:

  • help you scam people
  • provide a meditation partner
  • help you learn how to code in Cobol
  • give travel tips
  • ...

What does your product DO? And dong you dare answer "it helps you make money", that does not explain anything.

[–] smiletolerantly@awful.systems 25 points 1 month ago (12 children)

I have clicked every link on that site and I still have exactly zero clue wtf this is.

[–] smiletolerantly@awful.systems 5 points 1 month ago (4 children)

FWIW, I have no issues sending mails/having them be received from my self-hosted to Google mail

[–] smiletolerantly@awful.systems 35 points 1 month ago (1 children)

On many trackers, you get "paid" for time seeded. Usually in the forms of bonus points or the like. You can then exchange these for improving your ratio (or a freeleech token, or an invite,...).

It's a system that also rewards keeping media available even if you are not uploading to anyone.

Also, keep in mind that often, a large part of the available content is freeleech (meaning leeching it doesn't affect your ratio), but seeding those torrents usually still does improve your ratio.

Pimsleur. It's very different than Duolingo, in that it is almost entirely audio-based. However, at least in my experience, it actually gets you to the point of speaking and understanding a language much more rapidly than Duolingo. Way, way less gamified though. It expects you to put in half an hour a day where you just concentrate on the lesson.

Sorry, I should have mentioned: liking bare-metal does not mean disliking abstraction.

I would absolutely go insane if I had to go back to installing and managing each and every services in their preferred way/config file/config language, and to diy backup solutions, and so on.

I'm currently managing all of that through a single nix config, which doesn't only take care of 90% of the overhead, it also contains all config in a single, self-documenting, language.

 

Five years ago, I bought a Supernote A5. It was (and mostly still is) a great device for reading and writing on an eInk display, and it runs plain old linux.

The deciding reason I went for this device instead of the competition is that I was "under the impression" that they were about to enable full SSH access to the device! Awesome!

"Why were you under that impression?", I hear the skeptics ask. Well, their spokesperson has stated that they would do so. Via mail, and on reddit, publicly, multiple times. I was still torn, so sent them a DM, asking if this was ineed factual. "Yes", they said, "the next quarterly update will enable SSH access!".

Great!

Well, it's been 5 years. They did not follow through. A couple updates were published, none contained the promised functionality, the spokesperson stopped answering questions about SSH. The last software update I received is from 2.5yrs ago. Mentions of the original Supernote A5 have largely been scrubbed from their website.

Let me be clear, the device still functions perfectly. But it is in danger of becoming e-waste because it is so needlessly complicated to get stuff on the device. I'm currently in need of an ebook reader with (ideally) OPDS capability, and I am pretty confident I'd be able to get something like koreader running on this, or at least just run a script to sync files over SSH. Also, I frankly feel wounded in my pride having a Linux device in my possession which refuses to do my bidding (I'm joking of course, but also I am 100% serious).

Here's all I know:

  • plugging it in via USB, the device reads as an MTP device, with access only to the documents/books/... stored on it
  • you can place an update.zip file (obtained from the SN website) into the root of that MTP directory, and upon reboot, the device will update. To me, this appears to be the most promising route of gaining access.
  • unfortunately, the zip file is encrypted. The decryption key clearly has to be known to the device, but since I have no access to it,...

I'm a software engineer, but I have zero knowledge of the "dark arts", so to speak. If anyone could help me (or point me into the right direction!), I would really be grateful. I don't want this (generally nice) product to turn into a paperweight instead of a paper replacement :(

 

Basically, the title. After years of inactivty, I'll be taking music (cello) lessons again, with my teacher of yesteryear, from whom I've moved half a country away.

She has suggested Zoom but is open to alternatives. I don't particularly like Zoom, plus I have a feeling better quality can be had through a custom solution - but I'm at a bit of a loss as to what exactly would be a good fit for this project.

Maybe Jitsi? Does someone here have experience with it and could tell me if it's possible to set something like a "target" audio quality?

For hardware, I basically have two options. Both are already in use, for different things, and have sufficient processing capabilities - albeit no GPU:

  • host everything at home. Plus: lowest possible latency from me to the server. Not sure how much that is worth though.
  • root server in the Hetzner cloud: much faster network speed. Again though, not sure how beneficial that is, the ultimate bottleneck will always be my upload speed (40Mbit)

OK, I realize that this post is a but of a random assortment of thoughts. I'd be really happy about suggestions and / or hearing about other's experiences with similar use-cases!

 

Hi,

not sure where else to post this. For a while now, I've unsuccessfully been trying to get WireGuard to work with Crunchyroll.

Setup is as follows:

  • dedicated server hosts a wg-quick instance in [neighboring country]
  • OPNSense acts as peer on a single IP
  • I have a rule for routing the entire traffic of some source device via that IP

This works just fine. Handshake successful, traffic is routed via the server. traceroute shows the server as the hop immediately after my device's local gateway. The connection is stable, and fast.

...except for Crunchyroll. The site / app itself is fine, but I can not, for the life of me, get a video to play. It just keeps loading forever.

I don't think this is an issue with CR recognizing that I'm not where I say I am - looking online, it seems pretty easy to use CR with a VPN. I've also tried from multiple other devices, all with the same symptom.

If anyone has suggestions, I'd love to hear them 😅

EDIT: ~~It was MTU. Had to manually set it to 1500 on both devices.~~

Nope, still the same issues. I was using the fallback interface there briefly.

EDIT: It WAS MTU related, I had to enable MSS clamping on the OPNSense.

view more: next ›