send_me_your_ink

Can we take a moment to ask ourselves - how the hell did piping to shell become ok? We have all kinds of method's for deploying stuff - from the age old tarball to the new shinny flat pack. But somehow we also became ok with

Curl foo | sh

Oftentimes as root.

He wrote himself into a corner. Somehow he needs to wrap up a spiralling plot in one book...

It's never gonna happen.

I beg to differ. Wood phone cases hide the bump by increasing the total thickness of the phone and making the back nice and flat.

It's software put on every machine so that the company can quickly isolate it if/when something bad happens (or it falls out of security compliance). To do this is requires a constant Internet connection, insanely high privileges on the machine and frequent updates to be appraised of risks.

That risk update went off the rails and into the next state.

Do you need the space? If not who cares.

Personally I run a media service for friends and family. I'm about to bring another 100tb online because we are running low on storage. Am I holding or just running a rack of servers in my basement?

Got it. Yea. In this instance it's a wrapper for wire guard. If your on windows or would be a wrapper for openvpn. And your running mulivad on the pi?

Unfortunately I can't give you specifics - because I simply don't use mulivad. It looks like mulivad used open VPN if on windows, or wire guard for Mac/linux. And Gluetin is a generic vpn client packaged in a docker container?

If you are downloading onto your main computer - a docker vpn client is just going to get in your way. I should ask - what is is said computer running?

This is why I talked about allowing local traffic.

I'm going to try and keep this newbie friendly (but I'm not the best at it, so let me know if something is not clear).

In an ideal world everything has an IP address that is unique. Some portion of the denotes it's network, some portion denotes the host. In this way we can define logical (and oftentimes physical) associations. Your home is a classic example of a local area network (LAN).

So what does a vpn do? It makes a tunnel that connects your machine to a remote network, forming a logical connection and "relocating" your device. In the VPN config you should have the option to allow local access. This will set up some fun rules for how network traffic is routed - if it's going to a LAN address it can, otherwise all traffic is routed over the VPN.

Ok.

I'm going to warn you right now. Unless you want to do some reading on how traffic is routed, how Linux handles VPN connections and (probably) containers, do not run the clients that download content on your media server.

If you want to use jellyfin to distribute media in a lan you do not need to do anything other then just start the jellyfin server on the pi and add content.

Ok. I'm going to assume you have zero networking experience, and have one computer (a desktop/laptop). I'm also going to assume you are using some flavor of screen mirroring tech (eg a Chromecast) to wirelessly connect the

Per your post the goal is to A) download items, B) store the items on local disk, C) display the items on your TV via some kind of wireless.

I'm further going to assume we are strictly working with torrents.

You will want to download two applications, 1) a torrent client (I'm not going to recommend one because Im not up to date on the differences), and VLC. You will also need whatever application your VPN requires but I think you have that configured.

When downloading via a torrent you first turn on the VPN prior to downloading/seeding/etc. Once the torrent is finished, you can send you content to your TV via VLC (there is an option to use the TV as a renderer target).

Some gotchas. Unless you configure your VPN to allow local traffic, all traffic goes via the VPN. This means that your computer is completely isolated from the rest of your Network (it's visible, but can not interact with any of it). If you want, I can go into the hows/why's of what's going on. For the Pi. Use it to learn and play with Linux for the time being - focus on getting comfortable with the shell and do not attempt to run a reverse proxy/web server unless you understand what's going on (this is to keep you safe).

Also flatten (sometimes used conjunction with "pave") it to denote the systems is getting reimagined.

As someone who manages multiple identity systems - tell your IT to get their act together. Most of my environments we force reaith once a week (and that just a quick enter your password/TOTP code). Otherwise if you can log into your computer we trust you are who you say you are (note: we have some downright scary and invasive stuff on the network so we know if you start accessing stuff you should not). The sensitive/scary stuff is a lot faster (activity timers), but the teams involved know why it's set this way (and where involved in setting the maximum durations).

If you feel like poking a bear. NIST 800-63B is the US Federal guidance on passwords. In the past this guidance said to have long passwords and rotate them. Now they say 8 characters and never change (along with using MFA).