Hi. I am a software engineer with a background in IT security. My girlfriend is a literal network security engineer.

I showed her this thread and she said: don't bother, just use http on your local network.

Anyways, I am going to disengage from this thread now. Skepticism against things one doesn't fully understand can be healthy, but this is an insane mix of paranoia and naïveté.

You are not a target; the things you are afraid of will never happen; and if they did, they would not have the consequences you think they would.

Your router will NOT magically expose your traffic to the internet (what would that even mean?? Like, if it spontaneously started port forwarding to your Jellyfin server (how? By just randomly guessing the port and IP???), someone would still need to actively request that traffic, AND know your login credentials, AND CARE).

Your ISP does not give a shit about you owning or streaming copyrighted material over your local network. It has no stake in that.

Graphene is not an ultimate arbiter of IT security, but the reason it "distrusts networks" is because you take your phone with you, constantly moving into actual untrusted networks (i.e. ones you do not own).

Hosting Jellyfin on Graphene will not make it more secure, whatsoever.

If every device is assumed compromised, and compromising devices with knowledge that you watch media is a threat in your model, then even putting an SD card with media in your phone and clicking play is dangerous. Which is stupid.

If you actually assume your router is malicious, then please assume that when you initially downloaded your VPN client, it was also compromised and your VPN is not trustworthy.

The way I see it, you have two options:

1. educate yourself on network security to the point of being able to trust your network setup; or
2. forget about hosting anything

What are you talking about. Please clarify if this is actually true:

I don’t plan to access it anywhere but home.

This would mean that you only want to access Jellyfin when you, and the device you are watching your show/movie on, are at home, where the Pi/server also is.

Is this correct?

If so, then questions about VPN, Certificates, DNS,.... do not matter.

1. host Jellyfin on the Pi, e.g. with IP 192.168.10.20 on your local network
2. open the Jellyfin app on your TV/Phone/PC, connect to http://192.168.10.20:8096/
3. done

Now you can access it at home, and only at home. I honestly fail to see where a VPN would even come into the equation here (again, if you wish to ONLY watch when you are at home, as you've said).

Real question is, why Jackett instead of Prowlarr? 😄

For a very long time, I was one of the people who kep saying:

"I used to pirate until Netflix came along; now I pirate because of the fragmentation of services; should a good service become available at a reasonable price again, I will be happy to switch back."

But at some point, that stopped being true. More precisely, my *arr-Stack + Jellyfin setup become so stable, I do no longer really think about it, while also getting better quality content, and often faster than I would due to global licensing shennanigans.

Another factor also is that at some point, we crossed the "enough content to mindlessly scroll until we find something to watch" barrier, which my GF actually kinda missed from Netflix.

The crazy thing though, is that we pay actual money for this: hardware cost; electricity; access to usenet trackers and two usenet backbones. All in all, I do not think it's cheaper than getting Netflix+Prime+Disney.

It's just better. And we will not be switching back, ever.

I'm about to graduate with an M.Sc. in Computer Science - can't wait to be hired as a Senior Engineer!

Lmao.

No, you are right. In your situation, Linux is just not an option - yet.

I think these posts are meant for the 95% of people that use a browser, and maaaaybe a mail client on their PC.

Photoshop/Illustrator will only ever get ported if enough people have already made the move that Adobe can't afford to ignore Linux any longer.

That being said, if those requirements are just for work, what's keeping you on Windows on your private devices?

"Confused Jellyfin / Subsonic noises"

Sure!

The two sensors and apps of the same name I'm complaining about are the Freestyle Libre 3 and Dexcom G7. IMO, absolute bare minimum for what is required in an app of this kind is:

• get the glucose level from the sensor and show it in the app, incl. a history graph (even the old dedicated handhelds did this)
• play an alarm when that value is below/above a low/high glucose threshold

The Freestyle Libre 3 does this, and absolutely nothing more. They ported the software from their dedicated device to Android and called it a day. Frustratingly, this means that you don't even get your current glucose in the notification area, or the lockscreen, or anywhere else. You have to open the app. You can set the alarm thresholds arbitrarily, but only get 1 high and 1 low alarm setting. Disabling these means you need to go two levels deep into the settings menu. And you WILL be doing that, constantly. Why? Imagine this: You get woken by an alarm for high glucose. You check the app, and see that you've just barely crossed the threshold, but have been hovering below it for the past hour. You take insulin, but of course, that takes time to act. Since sensor measurements are a bit jittery, you can count on the glucose level to dip back below, then back above, below, above,... the threshold for the next 1-2 hours. The app will blare an alarm at the highest volume your phone is capable of every. single. time. Your (and potentially your partner's) sleep will be interrupted IDK how many times, unless you completely disable the alarm. Be sure to remember switching it back on in the morning, though! :) The fix would be incredibly simple: either allow muting alarms for a set period of time, or don't play an alarm if it has recently been played and the amplitude of glucose measurements is small.

On the flipside, if you miss an alarm - say you are speaking in a meeting so you swipe away the blaring alarm - you will not be reminded again. My high glucose alert is/was set rather low (150 mg/dl) because that's the point where it makes sense for me to take additional insulin. If that alarm goes off and you dismiss it, it will not go off again (unless you first dip below, as discussed). Doesn't matter if two hours later you are at 160 or 380. Sure, it is also my responsibility, I am not denying that. But again, adding this feature would have been hugely helpful and so, so easy to implement.

Let's take a quick sidebar and talk about hardware. The Freestyle Libre 3 is an AMAZING piece of hardware. It's incredibly tiny - about two pennies stacked, both in diameter and height. Still, it sticks to your skin very well, and measures and sends your blood glucose to your phone via Bluetooth every minute for two weeks straight before the battery gives out. As if that weren't enough, it's also so well-made that in the almost two years I was using it, I did not have a single unit that was defective or ran out of battery in less than the promised two weeks. It's fantastic.

...but sending glucose info every 60 seconds is also a drain on your phone's battery, especially if your app isn't, uh, made well. Take a guess as to where this is going. Ready? Wrong, it's worse. If I would go to bed with 100% battery, I would wake up with 40% left. I needed to charge my phone 4 times a day. Since switching to the Dexcom G7 (imperfect as it is - we will get to it, I promise), that is back down to once a day.

Apart from draining the battery, the app is also slow, and gets really slow the longer you have it installed. This mainly shows itself in the glucose graph being slower to render over time. Deleting the apps data, i.e. starting fresh, makes everything run reasonably fast again. Over the course of a couple of months, a couple hundreds of megabytes of app data accrues, and the app starts to crawl instead of run.

The next part is pure conjecture on my part, but I am still going to share it. My theory is that every time you open the app, the entire graph history is computed from scratch. That would explain the amount of data <-> slowness relation, and probably at least partially account for the battery drain.

In short: Freestyle Libre 3 (the hardware) is fantastic, Freestyle Libre 3 (the app) does the bare minimum and sucks at it.

You can not use it with xdrip+, except by installing a cracked version of the original which exposes the current glucose level through a webserver on your phone, and an additional app which grabs the values from there and passes them on to xdrip+. This is error-prone and does not exactly help with the battery drain.

On to the Dexcom G7. In the next comment, because apparently there's a 10k character limit on comments.

Laughs in nixpkgs

tar -xzf

(read with German accent:) extract the files

OK im starting to have doubts that this is legit. Looks like OP (or OOP, idk) just found a classifier which misclassified that image. Nothing I'm seeing indicates that it's the classifier used for her stupid app.

In no way do I intend to justify or defend the attacker here, but I do feel the need to point out that "anti-islamist activist" is a thin veil for "right-wing nationalist".

Same goes for Pax Europa. They may describe themselves as "informing the public", but they're a a right-wing extremist group who are under observation from the "Bavarian Office for the Protection of the Constitution", which, if you know anything about German politics, could be described as "a little bit blind in the right eye", i.e. it takes quite a bit for them to even start observing threats from the right.

(Only reason I'm adding this as context is because in the comment above, only the heavily euphemised descriptions were cited.)