Saik0

It was purchased a while ago by a less than reputable company. But the service was court tested no log. I’ve not had issue… but the risk could still be there that they’ve started logging.

Edit: Can always set an exit point in another country so that its unlikely that logs can be pulled regardless.

Edit2: oh and its scriptable to grab the port assigned from the pia app and feed it to qbittorent :chef’s kiss:

people like to shit on PIA. but they still support port forwarding.

if you can play an item back. you can enumerate it.

I mean, that’s effectively the same boat I’m in. I run all my own stuff in my own cluster (recently posted some of it if you check my post history).

But putting up Jellyfin for any user that isn’t on your network is literally a security nightmare. I cannot run blatantly insecure software and leave it internet facing. It’s one thing if it was just found and they’re working on closing it… But this has been documented/known for 4 years. They’re not fixing it and have shown no interest in addressing it at all.

VPN is literally the only answer… and that breaks all TV-based access outright since none of them do VPN. Basic auth doesn’t work. Other forms of auths breaks all app access (leaving only browser). And each time any of these possible alternative answers come up, they’ve outright dismissed it.

If/When Plex finally gets hostile, I’ll simply turn it off. But I can’t let Jellyfin be what services my users, it just doesn’t work.

I’ve spoken out on this same issue before… and as a previous security instructor/researcher… it’s fucking scary how many people shit on Plex for a platform that has had known vulnerabilities in auth for 4 years now, that’s existed since the previous code-base… so at least 7 years old and those issues existed in the previous emby codebase going back over a decade.

Plex isn’t perfect… there’s risks involved there too… but at least when something is brought up as a significant risk it seems to get fixed outside of the implicit risks of the Plex org itself.

All I read in these threads is effectively “WAAAH I don’t WANNA pay!”… Without realizing that the payment gave them something significantly more secure.

h265

https://www.cnx-software.com/2017/10/30/h-265-hevc-license-pricing-updated-for-low-cost-devices/

Lot of companies don’t want to pay it themselves… and lots of people don’t see the point when there’s a list of perfectly capable codecs that are free… including AV1

https://en.wikipedia.org/wiki/List_of_open-source_codecs

Ultimately as a software developer making money… if you don’t license the codecs that you’re using properly (when using a non-FOSS codec) you are liable for damages at that point for violating the terms of the license for the codec. It IS a cost. And across millions of users that costs adds up.

to use your own GPU for hardware encoding was always a scumware tactic

It costs them money to distribute the codec. It’s not scumware. Otherwise they would have to make install/setup of plex a 2 step process… and updates would be annoying as shit.

They need you to pay so they can push codecs with their updates/install.

I’m fine with the one time payment. I donate to shit I use regardless.

Okay? But they’re not holders… and their access to servers is changing and hinges on YOUR status. It’s not unreasonable to notify them about this change.

As do I… had a coworker message me about using adobe to merge/split pdfs… rather than walking them through the adobe workflow, just linked them right to the url… It’s so easy to use that I didn’t have to say anything more. they got it in seconds that would have taken me minutes of back and forth to explain to them.

It’s great. Simple tools for simple purpose.

It’s directly relevant.

Miranda is required by law. The law creates the responsibility.

There is no requirement and thus no “responsibility” to post a notice of “why” onto a pop-up when you access a site. Just because me and you care, doesn’t make a responsibility for the company/entity running the website to capitulate to what we want.

Miranda is required by law… notifying random people who visit your website isn’t.

Its their responsibility to make clear the reason they require it.

Not really?

They don’t have to explain anything to you (though for many of US in this bubble in specific would probably run away from a service that’s so closed like this)… The vast majority of people who run into the Anubis setup will have no fucking clue what any of it means, nor give a shit about it. They just want to get to the content.

Nobody has to do it purposefully for it to still be shitty and revealing.

Or… and I could be wrong here…

It takes money to create the resource they’re providing and are simply asking to be paid for you to access it. At the very least to cut on bot scraping so login to prove you’re not a bot.

Doesn’t have to be shitty at all unless you believe that they shouldn’t be paid at all and should incur the cost of bots.

In addition to the other post…

You already have a setup and throwing one more docker on isn’t a big deal. especially if you have watchtower already setup as well… then it even updates itself.

I use tools like this all the time… PDF for example stirling-pdf makes doing something things a LOT easier than firing up a “proper” pdf editor. This tool would likely be the same concept for other workflows.

Well… he hasn’t called the past few days.

nah doesnt just piss them off… it now confettis the mailroom which guarantees a janitors employment. this is how you generate low skill labor jobs! its a win win.

I wish I could find something like this (low power kinda thing) that could take like 40 sata ssds.

I have a whole stack of 500 GB ssds from a datacenter decommission that I’ve been sitting on.

The 2TB units found their way into my ceph cluster… but those machines are live vms… A smaller little guy that can stack all these 500 gb would be nice to give to my cousin or something and use as offsite backup.

I played ps2 heavily for a couple of years. Fun game.

I remember organizing several squads to play tactics when the main zerg pushes were off doing random stuff. There was a lot of planning and tactics that had to happen specifically around guessing what the public players would end up naturally pushing for. Colloquially known as “the zerg”. Almost treated like a mass of self-organizing players, but in reality they were just individuals who happen to follow each other to random places.

Eg. leadership comms would be flooded with plans of “The zerg is pushing towards Tawrich, We should send Alpha and Bravo over to Zurvan to split the TR forces (maybe recapture that) and Charlie to crown to intercept backup/vehicle spawns. Delta needs to fuck off with pulling those tanks… get in the fucking building.”

Well… You’ll at the very least wish that you had a car.

But it’s a good game. Try it. Find out. :)

Nope, it wasn’t… Even then though, the game is old enough that we can no longer assume that people have even played the game anymore. Kids are using the internet that would have been born after FO:NV. There are likely some 20 year olds on this site that have never played it because they would have been too young.