[-] [email protected] 131 points 1 month ago* (last edited 1 month ago)

Leaving this for people to realize that there's a literal chapter's worth of book of security issues that haven't been fixed and seems to keep getting the can kicked down the road... for over 4 years now.

https://github.com/jellyfin/jellyfin/issues/5415

I love Jellyfin... people need to implement it sensibly knowing the potential risks.

Edit: Ah yes! I MUST be a shill for saying "Implement it sensibly".

Here, let me "de-shill" myself.

You have several options to make Jellyfin serviceable to users outside of your literal LAN network.

  1. setup a VPN. Pray you don't have a user on a device that doesn't have a VPN app that you can work with.
  2. setup whitelisting on your server. Pray that IP addresses don't change.
  3. setup fail2ban or crowdsec. Pray that you users don't piss off either by doing user things and getting locked out.

If anything above fails... you're likely on the hook for support. Hope you plan for that!

  1. Obfuscate your paths (change /movies/title (year)/title.ext to something like /9ZHBrvNH4dKQDYFa2parH32qqSFpjsWTataVkjy4NqPxpVktT55PkEee5YSVRvUQ/movies/title (year)/title.ext). MD5 is now much harder to generate/guess... pray that there isn't some other vulnerability. Gotta go back and reconfigure and organize your shit. Oh and make sure that your docker mounts aren't crushing the path!

Am I still a Plex shill? BTW I run Jellyfin AND Plex. Literally side by side. Different uses for different cases because Jellyfin just can't compete with Plex for sharing with dumb-ass relatives.

[-] [email protected] 63 points 3 months ago

"In the environment you just described"

So wheres the rest of the prompt then?

Why the fuck do we keep acting like this shit is content worth interacting with?

[-] [email protected] 80 points 5 months ago

Can you post winnie the xi jingping on there?

Or is that an insta-ban like every other chinese-based platform?

[-] [email protected] 103 points 11 months ago

Wow... Both other people who commented here are fucking heartless.

The man was just trying to help the homeless people and keep his neighborhood safe

The relative said Housman was trying to settle an argument between two homeless campers on Clinton when one of the campers stabbed him in the throat.

While many residents were nervous and wary of the homeless campers, Housman had a different approach: to make the neighborhood safer, he appointed himself "sheriff" and began to screen homeless campers and then provide them with support once they gained his approval.

During our interview, another neighbor pulled up, claiming that Housman provided electricity to the homeless campers.

Ya'll are dicks. Read the article. He was a good dude and epitomized the exact shit you espouse. You don't want cops involved... you want the community to police itself and do good. This guy was doing just that. Doing way more to help these people than you do.

[-] [email protected] 79 points 1 year ago* (last edited 1 year ago)

Pretty sure it's not xenophobic to look at "Headquarters Moscow, Russia" and wonder if there's any possibility that Putin could enforce something upon the company.

It's not like Russia doesn't do it to us.

The Russian Federal Security Service (FSB) separately accused the US National Security Agency and company Apple of being behind the attack

It's fair to hurt Russia's GDP by choosing not to use Kaspersky [in light of people's opposition to the war with Ukraine]. That doesn't mean "xenophobic".

Edit: Added bracketed clarification

[-] [email protected] 128 points 1 year ago

For something that isn't a crime. Why are we feeding this troll attention? Let him fall off the face of the earth and all his "projects" fail.

[-] [email protected] 81 points 1 year ago

It's just a computer... Why not? As long as it cannot be running while the car is driving I don't particularly see an issue.

Would be great if I could fire up a game while waiting in cell parking at the airport for my family that comes into town for example. Gotta remember that this isn't new. We had minivans with built in n64s and shit before.

[-] [email protected] 95 points 2 years ago

It's grandpa's time to shine.

[-] [email protected] 75 points 2 years ago

So your source... And the one that got the most upvotes against a written article that is based on articles written by actual scientists... is TikTok ADHD girl who has what qualifications?

Cause you know... https://www.cnn.com/2023/01/25/world/earth-core-turning-scli-scn-intl/index.html which is linked in another comment around the same time this one was created... cites at least 3 separate people who claim that the data is sound.

Your girl even admits we know very little about the core of our planet itself and yet can resoundingly claim that she's right?

[-] [email protected] 69 points 2 years ago

They're all uppity that to use cloudflare proxy they have to terminate the ssl connection there. So technically cloudflare can sniff all the traffic. But that's kind of the point of WAFs and Reverse Proxies.

I would argue that the sheer amount of data throughput that Cloudflare has, you'd have to really be on a list to be monitored... and they certainly cannot just log all data willy nilly.

[-] [email protected] 62 points 2 years ago

If you've lost root credentials you can always bypass them.

https://www.tecmint.com/reset-forgotten-root-password-in-ubuntu/

When your in after this point you can reset the password to something you know then continue from there.

view more: ‹ prev next ›

Saik0Shinigami

0 post score
0 comment score
joined 2 years ago