this post was submitted on 26 Jun 2025
483 points (97.8% liked)

Selfhosted

60177 readers
1085 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

Detailed Rules Post

  1. Be civil.

  2. No spam.

  3. Posts are to be related to self-hosting.

  4. Don't duplicate the full text of your blog or readme if you're providing a link.

  5. Submission headline should match the article title.

  6. No trolling.

  7. Promotion posts require active participation, with an account that is at least 30 days old. F/LOSS without a paywall has exceptions, with requirements. See the rules link for details.

Resources:

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 3 years ago
MODERATORS
ruud@lemmy.world
Loki@lemmy.world
CannaVet@lemmy.world
devve@lemmy.world
ayyy@sh.itjust.works
curbstickle@anarchist.nexus
curbstickle_lw@lemmy.world
483
Jellyfin over the internet (startrek.website)
submitted 1 year ago by TribblesBestFriend@startrek.website to c/selfhosted@lemmy.world
286 comments fedilink hide all child comments
 

What’s your go too (secure) method for casting over the internet with a Jellyfin server.

I’m wondering what to use and I’m pretty beginner at this

you are viewing a single comment's thread
view the rest of the comments
[–] douglasg14b@lemmy.world 0 points 1 year ago* (last edited 1 year ago)

These are all holes in the Swiss cheese model.

Just because you and I cannot immediately consider ways of exploiting these vulnerabilities doesn't mean they don't exist or are not already in use (Including other endpoints of vulnerabilities not listed)

This is one of the biggest mindset gaps that exist in technology, which tends to result in a whole internet filled with exploitable services and devices. Which are more often than not used as proxies for crime or traffic, and not directly exploited.

Meaning that unless you have incredibly robust network traffic analysis, you won't notice a thing.

There are so many sonarr and similar instances out there with minor vulnerabilities being exploited in the wild because of the same"Well, what can someone do with these vulnerabilities anyways" mindset. Turns out all it takes is a common deployment misconfiguration in several seedbox providers to turn it into an RCE, which wouldn't have been possible if the vulnerability was patched.

Which is just holes in the swiss cheese model lining up. Something as simple as allowing an admin user access to their own password when they are logged in enables an entirely separate class of attacks. Excused because "If they're already logged in, they know the password". Well, not of there's another vulnerability with authentication....

See how that works?