None. Dashy’s authentication was famously literally security theatre even with Keycloak. You could just pause the load in browser and have full access to the config. Because it let you iframe whatever you could now do so with local services to enum. Somehow Jellyfin is unbustable though. So it’s a bit of a crapshoot. Look at past vulnerabilities. Stuff like XSS unless stored you don’t need to worry about, clickjacking, tab nabbing etc. On the other hand anything that’s arbitrary file read, SQLI, RCE, LFI, RFI, SSRF etc. I would look at seriously. E.g. don’t make your 13ft public because it can be used to literally enumerate your entire private network.

Yes I host everything public with cloudflare tunnels. Everything more heavy is VPN with DDNS on invite basis to friends and fam. For the former it’s Hassle-free HTTPS, no reverse proxy, no firewall, no nonsense.

I feel like even the prefix -tan is very uncommon to hear these days.

I don’t like middle grounds in my packages, what can I say.

Docker containers are treated as immutable and disposable to me, like a boot CD, for each, I write a shell script to generate both a .conf if needed, a docker-compose.yml and run the container.

They’re plug’n’play separate parts to the rest of the OS, while packages are about integrating nicely with the rest of the OS, in a non-snowflakey, non-disruptive manner.

I also hate .conf.d folders and always deleted them. One program, one .conf.

No, that’s not what is meant by shared dependencies, and I don’t use Gentoo, I use Debian.

1. Compile from source
2. Find alternative
3. Deploy in VM/Docker

If I wanted snap, flatpak or appimages, I would use windows. Shared dependencies or death.

That’s awesome. Glad we’re finally automating the most important things in life - internet arguments.

No idea what you mean, usually on Jerboa alt text is below the image.

You wouldn’t be messing with us would you? :)

EDIT: I see you added the alt-text. Haha I genuinely thought maybe you were yanking our chains

So basically you’re using Unix sockets on your LAN level between nginx and internal machines for finer grained access control and because you’re running out of ports. That’s really cool! I’ll have to read into this myself.

Compatible with Unix sockets?

Did not know that! Thanks for the tip!

VT?

Hah that’s what I always had on Debian on my laptop back in the version 9 days (buster?). Nothing’s stopping you from doing it now with runlevels. I think with systemd it’s just systemctl set-default multiuser.target

You can then always get the full boot with systemctl isolate graphical.target

Might not be the exact command but it’s something like that for sure.

I’ve seen this image pop up now and then for like 10+ years as a meme in the Linux community and never not once did I think this.

Obviously if that’s a confirmed intention behind it, then it’s not okay, but I think you’re overthinking it, it’s just how anime designs are, the characters often look agelessly young.

These look like pretty average anime characters to me and don’t strike me as implying something problematic in the slightest.

Idk I’m an outside observer to weeb shit, but that’s how I always interpreted it at least.

It’s a meme, ya dunce. I don’t think anyone is furiously jerking it to the Debian logo just because it has some poorly drawn animeys next to it.

True

Nah, I think it predates trans culture memes becoming so mainstream.

That’s a lot of work. Thanks though.

Is there a way to do reverse tunnels, or something like it, so not opening any ports at all on the network, without cloudflare?

Closest to that XP I got was generating VPN keys and distributing them to close friends, running DDNS (no-ip) on my Pi with a pivpn server and then accessing JellyFin that way.