This might also become a hassle since basically all residential connections (likely of OPs friends) have dynamic IPs - if someone wants to join while OP is away, but their IP has changed since their last connection, now they have to wait on OP to update the firewall rules.

Apart from getting your MSA token stolen, there’s not really much that can get around server login (yet). All online-mode logins pass through Microsoft (part of the reason why Xbox service outages seem to affect Minecraft so much).

If your friends all individually seem to stay within some certain IP ranges (ex, first handful digits always stay the same, 12.34.56.xx), then I’d say go ahead with whitelisting them fully (ex, 12.34.56.xx --> 12.34.56.0/24, CIDR notation). If they jump around unpredictability, I would stick with the username-based whitelisting and online-mode-only.

Do you have any posts/reading on the win32 additions to the kernel? I vaguely remember something similar being talked about some time ago, but I can’t find anything right now.

as long you are only forwarding Minecraft’s 25565 port from your router to your server machine, it should be fine. Just make sure to keep Online mode on, use the whitelist, and get your plugins from trusted sources. Otherwise I wouldn’t worry too much.

I see others recommending VPN solutions like zerotier for your friends to connect to; I don’t personally feel like this is necessary, and (in my experience), making your friends do more technical setup than just connecting to the server is often a big turn-off.

Bonus: If you ever take a peek at your server logs while it’s running (and exposed to the Internet, if you avoid said VPN solutions), you might notice a lot of weird connections from IPs and usernames you don’t recognize. These are server scanners and threat scanners that look for vulnerable servers to connect to and exploit. This is normal and you’ll be fine as long as you keep that whitelist and stay up-to-date on developments in the server admin space.

Teams works for me as long as I’m not taking calls, just have to switch the user agent to pretend to be Chrome (but only sometimes)

I’ve never heard of AWT being incompatible with Wayland, I’d love to read more on that if you have any!

Office won’t run on Linux or through Wine (AFAIK), I’ve converted to using LibreOffice on both Linux and Windows, which has yet to give me any issues.

Teams, as part of O365, also doesn’t have a Linux app, however… with the (paid) Thunderbird addon Owl for Exchange, you can read+send Outlook emails; it also adds a Teams icon to your Thunderbird sidebar that acts as a link to the web client.

Thunderbird, by default, can only read from Exchange mailboxes, but can’t send from them. If you don’t want to pay, the developers are working to add full Exchange support as stock. (There are also less legitimate ways to get Exchange support, like cracking Owl, but out of respect for the addon dev, you’ll have to find it yourself)

Edit:

If you’re new to Linux as a whole, I’ve seen many recommendations for Mint (a Debian and Ubuntu derivative), but I’ve never tried it myself. I started with Debian since I wanted a stable system that wouldn’t break down by itself or something. It’s rock solid on my Framework 13 Ryzen.

As for a Desktop Environment (DE), you can’t go wrong with GNOME or KDE. I prefer KDE since I don’t like the “look” of GNOME and it’s more “Windows-like” (but still it’s own thing), but it’s really just personal preference.

*.c files are C source files, you can’t run these directly. Run the makefile with sudo make or sudo make install (assuming you have make installed) to build (or build and install) the driver.

edit: Oops didn’t read far enough into your post, you’ve already tried make. What error does it give you?

Big fan of running cat file.json | ConvertFrom-Json and just being able to do things quickly!

Decided to buy another drive instead of doing any more harm than I needed to, no worries

unfortunately I was, lol

I’ve already bought another drive to avoid this funky shuffling, so I should be fine now

What’s the advantage in btrfs over ext4? I’ve kept hearing about it since I started with Linux but the only advantage I can see with it is the snapshot rollback feature, which while useful looking, I don’t think would be something I would use

Yep, I’ve just ordered another 8tb to copy to and avoid the headache that could be a drive failure. And it’ll certainly be faster, gparted is still giving a 13 hour ETA for the first resize! Thanks for the help!

The docs say jellyfin-ffmpeg is only needed on Debian distros, like Debian itself or Ubuntu, other distros like Fedora should be able to use their respective ffmpeg packages. https://jellyfin.org/docs/general/installation/linux#ffmpeg-installation

Is there a reason you can’t have root on your VPS? Maybe you could ask to have Jellyfin and ffmpeg installed by an admin?

If your willing to try it, you could unpack the .deb file with dpkg -x <jellyfin-ffmpeg-for-your-distro.deb> <unpack dir> and stick the resulting directory (directories?) in Jellyfin’s PATH, but I’ve never tried this myself and I don’t know how well this could work.

No issues with the GPlay version on Android 11

TLDR; No

It hasn’t been necessary in a long time, unless you’re a developer who frequently needs to type in filenames in everywhere (since the command line needs extra protection against spaces and other symbols)

The OS (Windows, Mac, Android, etc) handles thar all for you so you don’t have to worry about it (unless you happen to use a badly-written program that doesn’t understand spaces, but this is super rare to begin with, and more protected against as time goes on)

2013 is generous.

drop the bowl on the ground

I don’t think sites can request attestation yet, for vpn ips it’s usually that the ip/ip block has shown “suspicious” behavior & got reported either manually or picked up by bot sensors.

(Now of course it’s also bad to let Google and friends be the arbitrator of good and bad IPs, famous for the destruction of truly self-hosted email (among other things))

Basically, the idea is that a server can refuse to serve you (or degrade your experience with captchas/heavier restrictions) unless you (your device) complete a “challenge”. This could be something like the browser (through a system API) checking some device details like

• root/admin
• unlocked bootloader
• extensions (either bad extensions or something like an Adblock)
• VPN (potentially “if you have nothing to hide you have nothing to fear”)
• installed apps (Adblock via DNS like blokada,
• device emulation
• TPM (generate secure key to make sure device is “real”)
• OS state (heavily modified?, untrusted OS?)

etc. Basically making sure the “environment” is clean and not tampered with (trusted).

The problem is with what defines a “trusted” environment. It could start at just making sure the device isn’t rooted (like Android’s Safetynet/Play Integrity check; most people don’t root their device & don’t/won’t care, also easily justifiable since it can be a security vulnerability because the device is “wide open”).

Then, like the article mentions, the device makers (Google (phones, chromebooks), Microsoft (Windows, Xbox), Apple (macOS, iOS, visionOS, etc), Meta/Facebook (Oculus), etc) could change their terms for attestation and deny approval on stricter, potentially anti-consumer criteria such as device age (forcing you to buy more things).

Not always; I have a rooted+unlocked LG v60 with Universal Safetynet Fix 2.2.1 (2 y.o. version) and MagiskHide Props Config 6.1.2.137 from just as long ago and my Google Wallet works perfectly fine.