🇨🇦

  • 16 Posts
  • 574 Comments
Joined 2 years ago
cake
Cake day: July 1st, 2023

help-circle

  • Decided to do some more reading on this topic. TIL:

    TCP, the more common protocol; requires at least one side to have a port forwarded through their NAT to the client, so the other side can make a connection to that open port.

    uTP on the other hand, can ‘holepunch’ by sending a packet to a known IP, which opens a port through the sending clients NAT, specifically for that IP. That port can then be used to send and receive by either side until it closes due to inactivity.

    So, torrent clients can use uTP holepunching to open a port without requiring manual forwarding, then advertise that open port to public trackers. Client ‘A’ will try to connect to an IP+port it got from the tracker and get ignored (because the recipient NAT isn’t expecting data from that IP and drops the packets). Then when client ‘B’ decides to connect to client ‘A’, 'A’s port will now be open and allowing data from 'B’s IP, thus establishing a connection.

    This is slower than a direct connection because both clients need to be made aware of each other and decide to attempt to connect at reasonably similar times. It also requires public trackers with peerexchange enabled and the torrents cannot be flagged as private.




  • FolderSync selectively syncs files/folders from my phone back to my server via ssh. Some folders are on a schedule, some monitor for changes and sync immediately; most are just one-way, some are two-way (files added to the server will sync back to the phone as well as uploading data to the server). There’s even one that automatically drops files into paperless-ngx’ consume folder for automatic document importing.

    From there BorgBackup makes a daily backup of the data, keeping historical backups for years with absolutely incredible efficiency. I currently have 21 backups of about ~550gb each. Borg stores this in 447gb of total disc space.






  • Without authentication; it’s possible to randomly generate UUIDs and use them to retrieve media from a jellyfin server. That’s about the only actually concerning issue on that list, and it’s incredibly minor IMO.

    With authentication, users (ie, the people you have trusted to access your server) can potentially attack each other, by changing each others settings and viewing each other’s watch history/favorites/etc.

    That’s it. These issues aren’t even worth talking about for 99.9% of jellyfin users.

    Should they be fixed? Sure, eventually. But these issues aren’t cause to yell about how insecure jellyfin is in every single conversation, and to go trying to scare everyone off of hosting it publicly. Stop spreading FUD.





  • Yeah; Emby was originally called MediaBrowser and was a free open source project. ‘MediaBrowsers’ developers decided to move to a closed source paid model to establish some more consistent income and support the dedicated developers they have. Thus Emby was born.

    Some users were really unhappy with this decision and forked MediaBrowsers last release to create Jellyfin. Their development has been quite a bit slower, but they’ve made some significant strides in recent years. It’s a more and more attractive option.

    One of my biggest reasons for sticking with Emby (besides already having a lifetime premier license) is the dedicated clients available on more platforms. Xbone is my primary streaming device, besides android: Emby has a dedicated xbox client you can install that will take full advantage of the the hardware(more content direct plays, HEVC video for example), where as Jellyfin you’ve gotta use the web browser which is cumbersome and forces the server to transcode media a lot more.


  • In the case of plex, it’s not 100% selfhosted. There’s a dependence on plexs public infrastructure for user management/authentication. They also help bypass NAT by proxying connections through their servers so you don’t have to setup port forwarding and can even easily escape double NAT situations.

    I can understand paying for that convenience, but cost keeps rising while previously free features continue to get locked behind paywalls.

    Tbh, having users required to authenticate with plex.tv was enough for me to look elsewhere. The biggest reason to self host for me is to remove dependency on public services.






  • Most of my web services are behind my vpn, but there are a couple I expose publicly for friends/family to use. Things like emby, ombi, and some generic file sharing with file browser.

    One of these has a long custom path setup in nginx which, instead of proxying to the named service, will ask for http basic auth credentials. Use the correct host+path, then provide the correct user+pass, and you’ll be served an openvpn configuration file which includes an encrypted private key. Decrypt that and you’ve got backdoor vpn access.