I bike (more carrying capacity) about 9km each direction. (Belgium to Germany, funnily enough.) That being said, not wanting to do so under the burning sun is absolutely valid.

Better open a package request (or pull request :D) then 😄

I host it publicly accessible behind a proper firewall and reverse proxy setup.

If you are only ever using Jellyfin from your own, wireguard configured phone, then that’s great; but there’s nothing wrong with hosting Jellyfin publicly.

I think one of these days I need to make a “myth-busting” post about this topic.

Consider this me asking

Fair, maybe remove the question altogether, and have dedicated GOV endpoints for specific attestations?

While that’s true from a technical perspective…

How/where do you keep the certificate? If you either need an app for it, or need to manually install it on your device, most users would probably be out. The benefit of my suggestion is that you need absolutely nothing except a way to authenticate with GOV.

2. is a Problem with all of these, that’s for sure.

I fjnt get the part about the info service tbh

As long as your browser saves an auth token or something for GOV somewhere, all of that can happen without user interaction.

I think that at the bare minumum, the PORN<->GOV connection must not occur. How about this (simplified):

• USER visits porn site
• PORN site encrypts random nonce + “is this user 18?” with GOV pubkey
• PORN forwards that to USER
• USER forwards that to GOV, together with something authenticating themselves (need to have GOV account)
• GOV knows user is requesting, but not what for
• GOV checks: is user 18?, concats answer with random nonce from PORN, hashes that with known algo, signs the entire thing with its private signing key
• GOV returns that to USER
• USER forwards that to PORN
• PORN is able to verify that whoever made the request to visit PORN is verified as older than 18 by singing key holder / GOV, by checking certificate chain, and gets freshness guarantee from random nonce
• but PORN does not know anything about the user

There’s probably glaring issues with this, this is just from the top of my head to solve the problem of “GOV should know nothing”.

Not sure. How about this (simplified):

• USER visits porn site
• PORN site encrypts random nonce + “is this user 18?” with GOV pubkey
• PORN forwards that to USER
• USER forwards that to GOV, together with something authenticating themselves (need to have GOV account)
• GOV knows user is requesting, but not what for
• GOV checks: is user 18?, concats answer with random nonce from PORN, hashes that with known algo, signs the entire thing with its private signing key
• GOV returns that to USER
• USER forwards that to PORN
• PORN is able to verify that whoever made the request to visit PORN is verified as older than 18 by singing key holder / GOV, by checking certificate chain, and gets freshness guarantee from random nonce
• but PORN does not know anything about the user

There’s probably glaring issues with this, this is just from the top of my head to solve the problem of “GOV should know nothing”.

I mean, yea. But it is also easy to buy them, they’re everywhere and fairly cheap. The Galbani one is also just 1€ or so more expensive.

To be clear, making your own is fantastic, it’s just not anything I’d want to do 2x/week

Mozzarella (talking about the balls of fresh mozzarella you get sealed in with their brine).

Can’t do store brand anymore after having tried Galbani.

Arrival

OK, add step above: use wildcard certificate for your domain.

Terminating the TLS connection at your perimeter firewall is standard practice, there’s no reason your jellyfin host needs to obtain the certificate.

Actual answer for 3:

• put jellyfin behind a proper reverse proxy. Ideally on a separate host / hardware firewall, but nginx on the same host works fine as well.
• create subdomain, let’s say sub.yourdomain.com
• forward traffic, for that subdomain ONLY, to jellyfin in your reverse proxy config
• tell your relatives to put sub.yourdomain.com into their jellyfin app

All the fear-mongering about exposing jellyfin to the internet I have seen on here boils down to either

• “port forwarding is a bad idea!!”, which yes, don’t do that. The above is not that. Or
• “people / bots who know your IP can get jellyfin to work as a 1-bit oracle, telling you if a specific media file exists on your disk” which is a) not an indication for something illegal, and b) prevented by the described reverse proxy setup insofar as the bot needs to know the exact subdomain (and any worthwhile domain-provider will not let bots walk your DNS zone).

(Not saying YOU say that; just preempting the usual folklore typically commented whenever someone suggests hosting jellyfin publicly accessible)

No.

Apart from everything else, also consider that it’s just respectful to at least try and learn the local language of wherever it is you are going. Doesn’t matter if it’s on vacation or long term company deployment.

Also, LLMs are absolute garbage at picking up on things like subtle language-based jokes, for example.

A photo of yourself, naked, in that very shower. With your dick enlarged to a comical size. (Or shrunk.) (Yes this is a gender neutral suggestion.)

Yes. No case. Why would I? I specifically got the phone because it’s quite small, and feels nice in the hand. A case would ruin that.

I also have not dropped any of my phones once in the past ~10 years.

Interesting. I always loved how they fit the musical entries into the story in a way that it makes sense that everyone is singing all of the sudden, lol

Iain M. Banks’ Culture.

I’m deathly afraid of the day some big studio manages to buy the rights and produce a Hollywood version of the Culture. Mostly because it is very easy to flip through the Wikipedia entries and then take the superficial aesthetic of the Culture and misunderstand or ignore the rest.

For an example on how easy it is to do this: I remember vividly when the German translations of the later books came out, and they all had some variation of

The Culture is the galaxy-spanning empire of mankind. Unbeknownst to its citizens however, their supposedly benevolent machine gods are about to dispense with the needs for humans at all"

in the blurb. Someone scanned the wiki page until they read something about “superhuman AI” or the like, then went “ah, got it, I’ve seen Terminator”.

In a similar vein, I cannot imagine that Hollywood would portray the Culture as an unquestionably good Utopia. They’d not be able to resist to paint the luxury gay space communists as “…with a dark secret / actually dystopian /…” tones.

It has to have the same energy though. Dong have to be the same characters, doesn’t have to feature Brakebills for Fillory, but needs the same “we’re broken and magic doesn’t make it better, but hey, here’s a canonical musical” feeling