I don't disagree with the advice (especially for long lived tokens), but query parameters are encrypted during transit with https. You still need to worry about server access logs, browser history, etc that might expose the full request url.
With regards to keeping the service behind a VPN, I have a few questions:
1. How do you deal with various devices (Roku, Smart TVs, ...), as most don't seem to have VPN apps for them?
2. How do you deal with airplay? My ipad can VPN to my home network and access jellyfin when I am away, but Airplay doesn't work, as the stream isn't available to the device I am streaming to.
My jellyfin (and navidrome) on my home server has me very happy with the basic set up. Both are internal only, as the only service I expose is wireguard. But I haven't solved the two issues above, which also keeps me from being able to share my jellyfin with my family.
Android TV can run Tailscale or Wireguard natively. AppleTV has a native Tailscale app, and I think you can also use Passeportout for Wireguard on AppleTV but I haven't used it. Alternatively if you're on the go a lot and want to use a streaming stick in your hotel you can use a travel router that supports VPNs like GL.inet.
Airplay and Chromecast are a different story. Maybe someone else here knows different, but while it's not literally impossible it doesn't really work because of mDNS. A layer2 VPN might, but not so much on Tailscale/Wireguard.
I already have a server at home server. I used a MZ32 motherboard with a bunch of disks 3.5" in it as it's mostly a storage server.
My HTPC is an old ATX desktop computer on its side in a Phanteks P400A case. On it's side it just looks like a black speaker grill front to back cooling it has three Noctua NF-A12x25 fans that are barely even visible.
The good thing about using standard parts is if the GPU died I could buy another cheap one to replace it.
But I guess that case is a cool idea if you didn't have those things.
I have an intel framework running fedora. I have found that intels s0 sleep just uses way too much battery. I’d expect that in sleep mode, it should last a week and still be above 50% power but that is definitely not the case.
I ended up moving to hybrid, where it suspends for an hour allowing immediate wake up then hibernates completely. It’s a decent compromise and I’ve never once had an issue with resume from suspend or hibernate, nor have I ever had an issue with it randomly waking up and frying itself in a backpack or unexpectedly having a dead battery.
My work M1 is still superior in this regard but it is an acceptable compromise.
Allowing every drive by commentator is a huge mistake in building an actual community. Communities are built by people invested in the platform.
In the early to mid aughts I was part of couch surfing. It had a lot of purpose built in friction and it created an amazing tight knit group of people that I still consider my best friends. Once the pressure from Airbnb and investment money caused them to remove that, it became terrible.
Sometime never growing a community over a small group of invested people is the right choice.
The same thing happened with NextDoor. When it was small and just involved a few hundred people in your immediate neighborhood there was a real community on there. Then the kept expanding the size and now you have people that live no where in your community ruining the experience for everyone.
This is why I miss RSS so much. It is such a great way to keep up with people over a wide variety of platforms with your own powerful user agent.
I still use a self hosted FreshRSS heavily and fortunately many sites still accidentally support it, but it could be so much easier for non tech people.
This is where tech family and friends need to play a role. Host these services for them!
My family just thinks Jellyfin and Navidrome is another Netflix or Spotify they have access to. And most of them prefer Jellyfin as content doesn’t disappear and is much more curated.
reply