it’s an extra hurdle, but it’s far from a guaranteed barrier. There’s a whole class of exploits called container escapes (or hypervisor escapes if you’re dealing with old-school VMs) that specifically focus on escalating an attack from a compromised container into whatever machine is hosting the container.

Nice, I appreciate the analysis. I’m still early enough on with Jellyfin that I’m still willing to ascribe every issue to user error but I think I see what you mean. But I keep telling myself that I will contribute to a large multi-dev OSS project at some point and still never have; contributing code in public is still kinda nerve-wracking. maybe if I have a selfish enough reason to fix something I’ll finally push through that 😆

Good question; I did not know what Emby is until just now. I will explore it some more, I’m having issues getting the jellyfin ios/android clients to connect consistently to my server so I might ultimately do that instead / in parallel but I’m leery of freemium solutions.

I finally set up Jellyfin and Sonarr! I’ve been using Plex and manually managing torrents for a while now, recently found the *arr services and they are very impressive. Got the Jackett - Sonarr - Jellyfin - Nginx stack set up, now working on getting SSL + DynDNS so I can make it available remotely. Also accidentally blasted my ratio downloading a bunch of TV shows all at once so gotta seed up for a bit before i fill it out more. But so far the setup has been pleasantly breezy for how complex a setup it is ❤️