MaggiWuerze

@MaggiWuerze@feddit.org

This is a remote user, information on this page may be incomplete. View at Source ↗

⁨Comment⁩ on ⁨Antivirus Survivors 2003 Professional is like an infested Windows XP as a survivor-like bullet hell⁩ ⁨⁨2⁩ ⁨days⁩ ago⁩:
Lol, great idea. Let’s see if they can make it as good as Vampire Survivors (which was clearly the inspiration)
⁨Comment⁩ on ⁨Albania appoints an AI bot named Diella as the minister responsible for managing and awarding all public procurement tenders to combat corruption⁩ ⁨⁨2⁩ ⁨days⁩ ago⁩:
I was sure this had to be satire… Oh boy
⁨Comment⁩ on ⁨Uh Oh: Nintendo Just Landed A ‘Summoning’ And ‘Battling’ Patent⁩ ⁨⁨2⁩ ⁨days⁩ ago⁩:
What damage? Its been known for years what a scummy company Nintendo is and people still buy their games and consoles in the millions. The fans will just say that Nintendo is in the right and move on
⁨Comment⁩ on ⁨Wikimedia sunsets separate mobile domains⁩ ⁨⁨3⁩ ⁨days⁩ ago⁩:
I mean, yeah… On the other hand it shouldn’t really edit a link you want to share, should it?
⁨Comment⁩ on ⁨Nextcloud (Docker) calendar sent email reminders for a few days, then stopped. Cron job is working, test emails also work⁩ ⁨⁨3⁩ ⁨days⁩ ago⁩:
if your mail server blocks them they won’t show up there I think. It just refuses to accept the mail. Maybe check Nexxtcloud logs to see what happens when it tries to send the mail
⁨Comment⁩ on ⁨Nextcloud (Docker) calendar sent email reminders for a few days, then stopped. Cron job is working, test emails also work⁩ ⁨⁨3⁩ ⁨days⁩ ago⁩:
do they not get sent or do you just not receive them (eg because your mail server blocks them as spam)? Do both come from the same address? Can you try to format the testmail the same way to see if they still arrive?
⁨Comment⁩ on ⁨Important Notice of Security Incident⁩ ⁨⁨4⁩ ⁨days⁩ ago⁩:
Still better to have a team to react to this incident than just have them shrug and ignore it for 5 years
⁨Comment⁩ on ⁨Sexualized video games are not causing harm to male or female players, according to new research⁩ ⁨⁨4⁩ ⁨days⁩ ago⁩:
You mean constantly displaying sexuality as evil and interest in it as sinful leads to a unhealthy sexuality? Say it ain’t so
⁨Comment⁩ on ⁨Important Notice of Security Incident⁩ ⁨⁨4⁩ ⁨days⁩ ago⁩:
No, the worst is that a company like Sony or their lawyers can find my server and create a list of movies I offer and then sue me over it. I live in a country where lawyers make a living doing nothing but that
⁨Comment⁩ on ⁨Important Notice of Security Incident⁩ ⁨⁨4⁩ ⁨days⁩ ago⁩:
That’s simply not true. You can just set your local ip range as unauthenticated and use it to your hearts content without an internet connection.
⁨Comment⁩ on ⁨Important Notice of Security Incident⁩ ⁨⁨4⁩ ⁨days⁩ ago⁩:
You can access it through your local network without authentication. Add a vpn and you got the same setup Jellyfin fans will praise
⁨Comment⁩ on ⁨Important Notice of Security Incident⁩ ⁨⁨4⁩ ⁨days⁩ ago⁩:
Plex has a whole team dedicated to security. It’s obviously not perfect and it is a larger attack surface than Jellyfin, but I’ll take that any day over devs who treat security as an afterthought
⁨Comment⁩ on ⁨Important Notice of Security Incident⁩ ⁨⁨4⁩ ⁨days⁩ ago⁩:
Again, its not random. It’s not a UUID. Its an md5 hash of the filepath. Which is easily guessable since most people have a very similar if not identical folder structure, especially since a lot have it managed by the *arr suite. take that plus the publicly available release names for movies and you’re done
⁨Comment⁩ on ⁨‘Doom: The Dark Ages’ DRM Is Locking Out Linux Users Who Bought the Game⁩ ⁨⁨5⁩ ⁨days⁩ ago⁩:
It actually had Denuvo removed in August it seems
⁨Comment⁩ on ⁨Plex got hacked.⁩ ⁨⁨5⁩ ⁨days⁩ ago⁩:
You’re exactly the kind of Jellyfin user the rest has to thank for the devs lax approach to security. If you actually demanded even basic security, the devs would maybe at least consider it a priority.

But until it no longer provides an unsecured API, you should maybe think about whether you want to portrait it as secure.
⁨Comment⁩ on ⁨Plex got hacked.⁩ ⁨⁨5⁩ ⁨days⁩ ago⁩:

Jellyfin holds no sensible data.

Maybe if you don’t live in a country where piracy is actively prosecuted
⁨Comment⁩ on ⁨Plex got hacked.⁩ ⁨⁨5⁩ ⁨days⁩ ago⁩:
My comment, that you answered first to, was about the way the Jellyfin devs would not react the same way to a security incidence, since they do not care about it (or at least don’t see it as important)
⁨Comment⁩ on ⁨Plex got hacked.⁩ ⁨⁨5⁩ ⁨days⁩ ago⁩:
I don’t mean to come across as confrontational, but, maybe stop defending it then? You can keep using and liking the software while still holding the devs accountable for what is basic modern web security.

If all the Jellyfin users I saw acknowledging the issues actually stopped acting like it was a non issue, maybe the Jellyfin devs would do something about it.
⁨Comment⁩ on ⁨Google should have called it JIF, not WebP⁩ ⁨⁨5⁩ ⁨days⁩ ago⁩:
I hate how fluently I could read that
⁨Comment⁩ on ⁨Plex got hacked.⁩ ⁨⁨5⁩ ⁨days⁩ ago⁩:
Which is the exact mindset that enables Jellyfin devs to not fix those issues, congratulations
⁨Comment⁩ on ⁨Plex got hacked.⁩ ⁨⁨5⁩ ⁨days⁩ ago⁩:
Good luck getting a similar reaction to the myriad of security issues Jellyfin had
⁨Comment⁩ on ⁨How OnlyFans Piracy Is Ruining the Internet for Everyone | Innocent sites are being delisted from Google because of copyright takedown requests against rampant OnlyFans piracy.⁩ ⁨⁨1⁩ ⁨week⁩ ago⁩:
How do you think DDG ‘skips the SEO stuff’? They don’t have their own index, they are a meta search engine and the indices they rely on are subject to SEO efforts of the various pages
⁨Comment⁩ on ⁨How OnlyFans Piracy Is Ruining the Internet for Everyone | Innocent sites are being delisted from Google because of copyright takedown requests against rampant OnlyFans piracy.⁩ ⁨⁨1⁩ ⁨week⁩ ago⁩:
Its about sending the takedown request in the first place, not the company complying with it. Its an entirely, automated process with no regard to validity
⁨Comment⁩ on ⁨Ender 5 Mercury One.1 10mmrod mod⁩ ⁨⁨2⁩ ⁨weeks⁩ ago⁩:
Got a Link for the air ducts and would they fit an Ender 5 Plus?
⁨Comment⁩ on ⁨Trump shooting and Biden exit flipped social media from hostility to solidarity: how political crises cause a shift in the force behind viral online content ‘from outgroup hate to ingroup love’.⁩ ⁨⁨2⁩ ⁨weeks⁩ ago⁩:
It was broadly assumed, since it was a welcome boost for them, but it was never confirmed
⁨Comment⁩ on ⁨Schools in Florida are testing armed drones as a defense against school shootings⁩ ⁨⁨2⁩ ⁨weeks⁩ ago⁩:
Don’t forget, that the password is written on the bottom, so its visible when they fly above you
⁨Comment⁩ on ⁨Google will block sideloading of unverified Android apps starting next year⁩ ⁨⁨2⁩ ⁨weeks⁩ ago⁩:
Ode an die Freude starts playing in the background
⁨Comment⁩ on ⁨South Korea makes AI investment a top policy priority to support flagging growth⁩ ⁨⁨3⁩ ⁨weeks⁩ ago⁩:
Yeah, let’s change nothing about how we make it impossible or incredibly unattractive for young people to have kids, while also not allowing immigration and instead do… checks notes something with AI
⁨Comment⁩ on ⁨Your fav guide/method for securing Jellyfin?⁩ ⁨⁨3⁩ ⁨weeks⁩ ago⁩:
The general jist is, do not expose Jellyfin to the internet. Neither via a port nor through a reverse proxy. Its simply not build secure enough for that.

Use docker to make the setup easier, then use tailscale or whatever VPN solution to allow users from outside your network to access it.

All of the additional authentication solutions mentioned break client compatibility. Then you could only watch through a browser.

Install docker, deploy Jellyfin to it, test it. They both have good guides on their respective websites.
⁨Comment⁩ on ⁨Your fav guide/method for securing Jellyfin?⁩ ⁨⁨3⁩ ⁨weeks⁩ ago⁩:
That doesn’t solve the glaring security issues Jellyfin has. It just changes the computer through which they are accessed