Hacker News: random_human_

New comment by random_human_ in "WiiFin – Jellyfin Client for Nintendo Wii"

random_human_ — Tue, 14 Apr 2026 09:21:22 +0000

The absolute worst thing I can see in there is that an third party who somehow managed to get a link to one of your library items (either directly from you or from one of your users--or by spending the next decade bruteforcing it I guess) could stream said item: https://github.com/jellyfin/jellyfin/issues/5415#issuecommen...

Everything else looks to me like unimportant issues, that would provide someone who's already logged in as a user minor details about your server.

New comment by random_human_ in "WiiFin – Jellyfin Client for Nintendo Wii"

random_human_ — Tue, 14 Apr 2026 06:35:00 +0000

If you expose Jellyfin on 443, have HTTPS properly set up (which Caddy handles automatically), your admin password is not pswd1234 (or you straight up disable remote admin logins), and use a cheap .com domain rather than your IP--what is the actual attack surface in that case?

As far as I can remember that is more or less what is usually suggested by Jellyfin's devs, and I have yet to see something that convinces me about its inadequacy.

New comment by random_human_ in "WiiFin – Jellyfin Client for Nintendo Wii"

random_human_ — Tue, 14 Apr 2026 05:42:52 +0000

For whatever reason people here and on Reddit will tell you that you need to have Jellyfin pass through five VPNs, otherwise nasty things will happen. Meanwhile the actual devs suggests simply setting up a reverse proxy, which you can do in two lines with Caddy: https://jellyfin.org/docs/general/post-install/networking/re...