As a human, I don’t agree with your subjective interpretation — but I acknowledge your perspective. 😊✨ I can offer 5 potential ways to view this phenomenon, or even provide a poem about it if that would help facilitate your understanding. Let me know if you would like that!

Thanks. This is kinda important info so I’ve edited my initial comment.

They are not saying anything on why they are removing it.

Jellyfin is dropping HTTPS support with a future update[…]

What’s the source for this? I wasn’t able to find anything with a quick google search

I see everyone in this thread recommending a VPN or reverse proxy for accessing Jellyfin from outside the LAN. While I generally agree, I don’t see a realistic risk in exposing Jellyfin directly to the internet. It supports HTTPS and certificates nowadays, so there’s no need for outside SSL termination anymore. (See Edit 2)

In my setup, which I’ve been running for some time, I’ve port-forwarded only Jellyfin’s HTTPS port to eliminate the possibility of someone ending up on pure HTTP and sending credentials unencrypted. I’ve also changed the Jellyfin’s default port to a non-standard one to avoid basic port-scanning bots spamming login attempts. I fully understand that this falls into the security through obscurity category, but no harm in it either.

Anyone wanna yell at me for being an idiot and doing everything wrong? I’m genuinely curious, as the sentiment online seems to be that at least a reverse proxy is almost mandatory for this kind of setup, and I’m not entirely sure why.

Edit: Thank you everyone for your responses. While I don’t agree with everything, the new insight is appreciated.

Edit 2: I’ve been informed that infact the support for HTTPS will be removed in a future version. From v10.11 release notes:

Deprecation Notice: Jellyfin’s internal handling of TLS/SSL certificates and configuration in the web server will be removed in a future version. No changes to the current system have been made in 10.11, however future versions will remove the current system and instead will provide advanced instructions to configure the Kestrel webserver directly for this relatively niche usecase. We strongly advise anyone using the current TLS options to use a Reverse Proxy for TLS termination instead if at all possible, as this provides a number of benefits

What if a bad actor acquires one of these once popular tracker domains? Could they somehow take advantage of it? For example, what if they make the tracker advertise a large number of “fake” peers that serve malware instead of the actual files? I only have a crude understanding of how BitTorrent works, so I’m not sure what kinds of protections, if any, it has against this type of attack.

He would be the perfect host for the show

Oh, I agree. This change will affect all CAs however. And their post seemed to contain the most amount of information.

My main issue with CVEs nowadays is that it seems one gets generated even when 99% of the use cases for the software in question are not vulnerable as the vulnerability requires a very specific configuration/circumstances/etc. to be exploitable. In large projects with lots of dependencies this adds a lot of noice and there’s a risk that actual important CVEs go unnoticed.

Well, just by looking at responses in this thread, the controversy most definitely still exists. Some seem to like it and others hate it fiercely.

Cool, thanks for the explanation.

a single application that gets bundled with all necessary dependencies including versioning

Does that mean that if I were to install Application A and Application B that both have dependency to package C version 1.2.3 I then would have package C (and all of its possible sub dependencies) twice on my disk? I don’t know how much external dependencies applications on Linux usually have but doesn’t that have the potential to waste huge amounts of disk space?

Sorry to ask, I’m not really familiar with Linux desktop nowadays: I’ve seen Flatpak and Flathub talked about a lot lately and it seems to be kinda a controversial topic. Anyone wanna fill me in what’s all the noice about? It’s some kind of cross-distro “app store” thingy?

Google Tasks. Does not have all the features of other apps but does everything I need and was preinstalled

It’s still unclear if he’s allowed to use the logo and such. The national broadcaster Yle (which itself has a strict policy against advertising) allowed it in the national show and argued that (quote) “Windows 95 is no longer a protected trademark today. The product is hardly used by anyone anymore. Thus the name and the costume are allowed”

But EBU might have a different stance ofc

I don’t remember the exact article I was reading but doing a quick google search yields this one for example. And here’s the actual research paper: https://www.miyashita.com/researches/1hFnR7TlUO4OXNpQFeuN30

I remember reading an article about how we’re already able to simulate basic tastes, like sweetness and sourness, digitally. So just you wait, we might have lickable HTML elements in the future

They recently added it as a experimental feature and it has been working fairly well, at least for Java. As far as I recall, each user needs to activate it themselves via settings. Far from optimal but better than nothing.

Empire of the Ants by Bernard Werber

This was the book that got me to stop hating books.

I didn’t like reading as a child or teenager until I was forced to read this one for a mandatory book report in high school and really, really liked it. I don’t know why, I don’t even remember that much about the book, but it got me interested in science fiction and reading in general.