fmstrat

Before you get too far, consider setting up users with a domain like Samba-Domain. This way you get centralized user management for anything you decide to host alongside it.

Also, ZFS is great for backups.

Are you using/going to use LibreOffice or OnlyOffice? Libre is more popular, but Only was built for web and has better MS compatibility.

I bet this could be used to load balance regional servers with a bit of tweaking. (I made Plex-sync a long time ago for a similar purpose)

Since OP didn’t mention, the pasted content is not the full article. Click through and read it if you like, as since it’s Medium, it helps the author out. 😉

This helps for context: https://techcrunch.com/2025/08/21/ecosia-has-offered-to-take-stewardship-of-chrome-and-its-not-a-bad-idea/

TLDR; If the lawsuit goes bad, and Google is forced to sell Chrome, it’s a way for them to retain ownership while working with an existing partner to overcome the monopoly ruling.

Still a win win in my book.

All fair. For me, their SSL direction is a good one. Most self-hosters use a central proxy, so why maintain one users just ask to disable.

I do run mine behind a VPN, always will and recommend others do the same.

Well, I wouldn’t say the media issues are worse than a full domain access issue, but despite my comment above, I agree with you.

The security split-issue feels reminiscent of when Plex didn’t use SSL and wouldn’t implement it until a white-hat POC token exploit was produced and provided to them (of which I was the author). If JF was my project, these would be top of my list.

I’ve tested the worst of these endpoints and they were already secured, just the issues haven’t been updated.

For instance, from the security split-out issue list: https://github.com/jellyfin/jellyfin/issues/5415#issuecomment-2825369811

I took the only one that could lead to admin/system infiltration (LDAP config escalation, others are about media access), and found it to have already been secured: https://github.com/jellyfin/jellyfin/issues/13989

I’d like to understand what this math was before accepting this as fact.

Kavita. It started for comics and moved on to books. It supports OPDS, the standard by which readers like KOReader and Mihon connect to fetch books.

I have tried so many, Calibre (not good for graphic novels), Komga (very dated in comparison to Kavita), and more, but for both graphic novels and books, it won’t be beat.

@4dpancake92@lemmy.world if you like Komga, take a look at Kavita. I was happy with my switch.

Ahhh. I put the wireguard client on the router, so it’s more of a site to site setup for TVs.

Yea the catch was we were asking for TLS for a long time, and this was pre- Let’s Encrypt, so those patching on their own didn’t have a free (minus work) way to handle it. It took a releasable POC to get action.

All out devices just have a permanent Wireguard client since it uses basically no battery, and then a allow rules for households. If you don’t want to run the client, and don’t want to take the time to learn, you don’t get access. But I totally get how that’s not for everyone.

I posted a while back, tested the biggest open endpoints and they were properly secured, the issues just weren’t updated.

Note: Plex didn’t have SSL, and refused to implement it, until ~6 weeks after I created a POC token exploit. Here’s the GitHub repo I posted as a patch before they got their system in order: https://github.com/Fmstrat/plex-ssl. In other words, don’t give them too much credit.