Hi. I am a software engineer with a background in IT security. My girlfriend is a literal network security engineer.

I showed her this thread and she said: don't bother, just use http on your local network.

Anyways, I am going to disengage from this thread now. Skepticism against things one doesn't fully understand can be healthy, but this is an insane mix of paranoia and naïveté.

You are not a target; the things you are afraid of will never happen; and if they did, they would not have the consequences you think they would.

Your router will NOT magically expose your traffic to the internet (what would that even mean?? Like, if it spontaneously started port forwarding to your Jellyfin server (how? By just randomly guessing the port and IP???), someone would still need to actively request that traffic, AND know your login credentials, AND CARE).

Your ISP does not give a shit about you owning or streaming copyrighted material over your local network. It has no stake in that.

Graphene is not an ultimate arbiter of IT security, but the reason it "distrusts networks" is because you take your phone with you, constantly moving into actual untrusted networks (i.e. ones you do not own).

Hosting Jellyfin on Graphene will not make it more secure, whatsoever.

If every device is assumed compromised, and compromising devices with knowledge that you watch media is a threat in your model, then even putting an SD card with media in your phone and clicking play is dangerous. Which is stupid.

If you actually assume your router is malicious, then please assume that when you initially downloaded your VPN client, it was also compromised and your VPN is not trustworthy.

The way I see it, you have two options:

1. educate yourself on network security to the point of being able to trust your network setup; or
2. forget about hosting anything

What are you talking about. Please clarify if this is actually true:

I don’t plan to access it anywhere but home.

This would mean that you only want to access Jellyfin when you, and the device you are watching your show/movie on, are at home, where the Pi/server also is.

Is this correct?

If so, then questions about VPN, Certificates, DNS,.... do not matter.

1. host Jellyfin on the Pi, e.g. with IP 192.168.10.20 on your local network
2. open the Jellyfin app on your TV/Phone/PC, connect to http://192.168.10.20:8096
3. done

Now you can access it at home, and only at home. I honestly fail to see where a VPN would even come into the equation here (again, if you wish to ONLY watch when you are at home, as you've said).

Dang that's impressive

Or disappointing, Idk

This isn't philosophy anymore, it's just game theory

"Confused Jellyfin / Subsonic noises"

Sure!

The two sensors and apps of the same name I'm complaining about are the Freestyle Libre 3 and Dexcom G7. IMO, absolute bare minimum for what is required in an app of this kind is:

• get the glucose level from the sensor and show it in the app, incl. a history graph (even the old dedicated handhelds did this)
• play an alarm when that value is below/above a low/high glucose threshold

The Freestyle Libre 3 does this, and absolutely nothing more. They ported the software from their dedicated device to Android and called it a day. Frustratingly, this means that you don't even get your current glucose in the notification area, or the lockscreen, or anywhere else. You have to open the app. You can set the alarm thresholds arbitrarily, but only get 1 high and 1 low alarm setting. Disabling these means you need to go two levels deep into the settings menu. And you WILL be doing that, constantly. Why? Imagine this: You get woken by an alarm for high glucose. You check the app, and see that you've just barely crossed the threshold, but have been hovering below it for the past hour. You take insulin, but of course, that takes time to act. Since sensor measurements are a bit jittery, you can count on the glucose level to dip back below, then back above, below, above,... the threshold for the next 1-2 hours. The app will blare an alarm at the highest volume your phone is capable of every. single. time. Your (and potentially your partner's) sleep will be interrupted IDK how many times, unless you completely disable the alarm. Be sure to remember switching it back on in the morning, though! :) The fix would be incredibly simple: either allow muting alarms for a set period of time, or don't play an alarm if it has recently been played and the amplitude of glucose measurements is small.

On the flipside, if you miss an alarm - say you are speaking in a meeting so you swipe away the blaring alarm - you will not be reminded again. My high glucose alert is/was set rather low (150 mg/dl) because that's the point where it makes sense for me to take additional insulin. If that alarm goes off and you dismiss it, it will not go off again (unless you first dip below, as discussed). Doesn't matter if two hours later you are at 160 or 380. Sure, it is also my responsibility, I am not denying that. But again, adding this feature would have been hugely helpful and so, so easy to implement.

Let's take a quick sidebar and talk about hardware. The Freestyle Libre 3 is an AMAZING piece of hardware. It's incredibly tiny - about two pennies stacked, both in diameter and height. Still, it sticks to your skin very well, and measures and sends your blood glucose to your phone via Bluetooth every minute for two weeks straight before the battery gives out. As if that weren't enough, it's also so well-made that in the almost two years I was using it, I did not have a single unit that was defective or ran out of battery in less than the promised two weeks. It's fantastic.

...but sending glucose info every 60 seconds is also a drain on your phone's battery, especially if your app isn't, uh, made well. Take a guess as to where this is going. Ready? Wrong, it's worse. If I would go to bed with 100% battery, I would wake up with 40% left. I needed to charge my phone 4 times a day. Since switching to the Dexcom G7 (imperfect as it is - we will get to it, I promise), that is back down to once a day.

Apart from draining the battery, the app is also slow, and gets really slow the longer you have it installed. This mainly shows itself in the glucose graph being slower to render over time. Deleting the apps data, i.e. starting fresh, makes everything run reasonably fast again. Over the course of a couple of months, a couple hundreds of megabytes of app data accrues, and the app starts to crawl instead of run.

The next part is pure conjecture on my part, but I am still going to share it. My theory is that every time you open the app, the entire graph history is computed from scratch. That would explain the amount of data <-> slowness relation, and probably at least partially account for the battery drain.

In short: Freestyle Libre 3 (the hardware) is fantastic, Freestyle Libre 3 (the app) does the bare minimum and sucks at it.

You can not use it with xdrip+, except by installing a cracked version of the original which exposes the current glucose level through a webserver on your phone, and an additional app which grabs the values from there and passes them on to xdrip+. This is error-prone and does not exactly help with the battery drain.

On to the Dexcom G7. In the next comment, because apparently there's a 10k character limit on comments.

OK, this is only tangentially related but it has been on my mind lately and I need to rant:

I am T1 diabetic. Over the last decade, a LOT has happened to improve my life, especially in regards to no longer needing to check glucose levels with blood, as glucose sensors you wear on your arm have become ubiquitous.

It started with a dedicated device that you needed to hold up to the sensor to get a reading (much nicer than pricking your finger) to that sensor being able to notify the dedicated device of high/low glucose values (yay! Sleep through the night, knowing you'll be woken up if something is wrong) to the sensor now constantly streaming glucose values to your phone.

Which is fantastic.

In theory.

In practice, there are two companies making these sensors (OK, there's a couple more, but they suck way more and are much less commonly used).

And both of their closed-source apps suuuuuuuuck. They do the bare minimum and nothing more. (Actually, it's worse than that. Ask me if you want to know. It's its own rant.)

Then there's xdrip+, a FANTASTIC app made by diabetics for diabetics. Instead of just showing you "this is your glucose" and sounding an alarm, once, when it's required, you can (just off the top of my head): Set an arbitrary amount of alarms with their own behaviors, which can be configured to vary by time of day; show the glucose everywhere (notification, lock screen, home screen,...); mute alarms for a custom time; do not sound an alarm if you're trending in the correct direction fast enough; do not sound the alarm multiple times if your are jittering around the threshold; notify other people automatically in case of emergency; and roughly 1000 things more. The app is well maintained, and of course open source.

Can you guess what the problem is?

That's right, manufacturers disapprove of using this app. For the worse one of the two sensors mentioned, the community reverse engineered the communication and it is now working perfectly with the app. For the better sensor, they can't and won't due to fear of legal repercussions.

It's my health. And I need to decide between worse hardware and useless software.

There's no technical reason for this. I dream of the EU passing a law that requires manufacturers of wearable medical devices to publish the comm protocols and to legitimize use of third party software.

Rant over.

Define "inside me"

Laughs in nixpkgs

tar -xzf

(read with German accent:) extract the files

Oof yeah. Finding a reddit thread with your exact query as the title, getting excited to see a comment, aaaaand... It's "This comment was deleted by EliteUltraEraser Premium TM. I value my privacy,...."

(I do get it though. And who knows, maybe this will actually help in the long run ~~and not just lead to increased usage of Discord communities so ask the same thing over and over and over again because they aren't fucking publicly searchable god I hate what Discord has done to the searchability of issues in the tech space~~?)

Racist. That's the adjective describing the father that's - somehow, miraculously - missing from the quoted excerpt.