Not everything you don’t like to hear comes from a bot
MaggiWuerze
- 0 Posts
- 14 Comments
Joined 10 months ago
Cake day: July 2nd, 2024
You are not logged in. If you use a Fediverse account that is able to follow users, you can follow this user.
1·23 hours agoI am waiting for opencloud to finish its calendar implementation. The only thing I have reservations about is the fact it doesn’t use a database to store file info. Not sure I trust their approach
Sure, the utterly fucked up authentication of the Jellyfin Backend somehow is the fault of Plex users and everyone who points out obvious flaws is of course a Plex shill.
Maybe you should take a look at what you are defending here. The fact that the devs openly refuse to fix this to maintain backwards compatibility, thus endangering their users speaks a lot about the quality of the project
It’s not chance if the I’d is based on the path to your media. There’s but that much variation in the path to a certain movie and its trivial to build a rainbow table to try them out. This way unauthenticated users can not only stream from your server but effectively map your library
It’s not impossible, Far from it. The ids are not random uuids but hashes derived from the path. Since most people have a similar setup to organize their media, this gets trivial very fast
That depends entirely on your target audience as well as the devices you want to use it on. Smart TVs don’t really support VPNs and my parents would not know how to even activate that let alone set it up on their end. I have a lot of non tech savvy users, so Plex is just way more convenient and accessible.
The main issue for me is the way they react to it. Not only is there no warning about this, but they also refuse to fix it because it would break client support and they prefer backwards compatibility over security
I’m just not sure if fail2ban can mitigate the unaouthorized api access or other issues
If you plan to use fail2ban, I assume you want to make your Jellyfin accessible from the public internet. Please be aware, that large parts of the Jellyfin Backend are not properly authenticated and allow unauthorized, potential mapping of your library and even unauthorized streams.
7·20 days agoThat controller looks like it spend 30 years in a chain smokers apartment
Shoutout to Libation, that allows you to download and deDRM your Audible library.
There’s This thing called a purchase
Scraperr is a self-hosted web application that allows users to scrape data from web pages by specifying elements via XPath. Users can submit URLs and the corresponding elements to be scraped, and the results will be displayed in a table.
From the table, users can download an excel sheet of the job’s results, along with an option to rerun the job.
View the docs.
What? Why would I have to make my library harder to manage just because Jellyfin devs can’t get their act together? They should just start a api/v2 and secure it properly while allowing to disable the old one