The biggest issue is that the video stream endpoint is not auth'd. Meaning that if someone guesses the MD5 hash for a file in your library it will play. Sounds at first glance like it's unlikely to matter. Except that MD5 is generated based on the file's filepath. So if you use standard naming conventions on paths that are common (/movies/Big Bucks Bunny(2008)/Big Bucks Bunny.mkv for example being simple and easy), eg defaults for a docker container using *arr suites. Then it's possible for a precompiled hash list to check for file against your server.
So now add a company like Sony, they can generate all their library as a hash list, hit your server with millions of requests over the course of a couple of hours and map out how much of their content you have on your server. If any of it has never had a physical release (since you're allowed to backup your own content) you're completely fucked, and now will have to prove in court that you own ALL the content. And possibly... since it's open endpoint, it could be argued that you're even distributing openly (though unlikely argument... but do you really want to chance that?).
Ultimately if your setup is "Standard" you're asking for a lawsuit.
Answers to "fix" this:
Map your paths in weird folders. instead of /movies/
<movie>
add in a folder like a GUID, so /eH4i67ZwByjLao3z7nHWKdS5ogysm68x/movies/
<movie>
. Make sure this occurs INSIDE your docker container if you're using docker. Will break any precompiled hashes... though possible to hit a collision and still be "found".
Setup fail2ban or other brute force blocking technology on your reverse proxy.
Use a private network setup... whether VPN, SDN, whatever... tailscale, zerotier, etc... (This will break TVs that don't have vpn capabilities)
Add another auth in front of Jellyfin. (This breaks ALL Jellyfin apps)
The real answer would be the developers closing the unauth endpoints... But it's been an issue for over 4 years now... They're not going to fix it anytime soon as they don't want to "break compatibility", which is a pretty dumb excuse IMO.
There's another issue where you shouldn't give accounts to people you don't trust as one user can attack another user AFTER login. So make sure you trust everyone you let have access... they can screw with your profile and do stuff you might not expect.
Oh man. I have an open minecraft server for my kids and their friends. Every few weeks I have someone show up to the server leaving notes or interacting with us trying to educate me on whitelisting.
I get more "educators" than i do bots. It's actually quite annoying. I dont know what accounts these kids login with, you're not educating me. The server is literally for 6-8 year olds. It's been wiped 100s of times. I don't care. Stop. The server is grief resistant anyway. And my ban list is long (and getting at least one longer). /little rant
LMFAO. And when I tell people to take care about leaving Jellyfin public with their open API endpoint issues... Yeah Sony WILL abuse your shit... They already do it.
You might want to proofread your own post before talking about literacy. Your very first word is typo'd.
And I couldn't give a shit about biblical anything. I'm atheist.
Edit: Oh and literacy is capability of reading/writing. Not about what someone believes. So you might want to check back into elementary school with that other guy too.
Outlets dont really have an orientation. Shouldnt matter which direction the power is flowing as long as you dont exceed 80% the rating of the lowest denominator of the circuit. 800 watts shouldn't really hurt any circuits, even the 10amp ones which is about the smallest I think I've ever seen here.
Backfeeding is only illegal in the sense of safety requirements to my knowledge. These panels dont feed when grid is off (embedded ATS). Which satisfies safety (UL would just need to approve, but likely wouldn't until the last item below is addressed). At just 800 watts... I doubt you'd ever backfeed anyway. And if you do, good luck collecting any money for it. But to that point, I backfeed 15kW batteries during peak hours. Above and beyond my solar setup... they can't really say anything about it. But I go full island when grid is down, which sadly happens often even though I'm in a major metro area.
Lower cost of energy does make it a harder sell overall but that wasn't really the question. These panels are also significantly cheaper since you dont need to pay install fees and such. The equation is a bit different.
The only real hiccup is the nature of our phased systems here... a solar panel in a single outlet will only feed one phase.That's a problem. One that probably makes it a nonstarter as people simply wont install 240v outlets on their patios/balconies. But I don't think Ive seen a law that says backfeed illegal, but illegal to cause safety issues on dead grid (eg. you must have an ATS or main service lockout). Do you have a source on illegality outside ot ATS/lockout requirement?
It's funny, apparently your elementary school didn't teach you all that much either did they? Would seem that I chose to phrase it that way on purpose since... well... you know it's weird to put the terms next to each other like that right? Might lead a reader to actually think about the concepts and infer some meanings that the author might have been trying to impart.
But that's okay. You'll do better next time!
But here, let me barney style it for you. If you work for a living... and have to pay taxes for a service that's occurring rather than volunteering and handling it yourself, you are in a sense volunteering... in an involuntary manner, your pay to pay for that service!
I didn't change the topic at all though did I? I stated one thing which was that the stated stuff in the article doesn't necessarily make the rich richer... and implied heavily that it could even make them poorer... since you know... taking time away from actual jobs to do the things that the religious nutters are recommending in this article would meet the criteria.
But you see... the lemmy hivemind can't comprehend that nuance. So here we are. People blaming me for something that I never said.
You took the rage bait. You took their article to mean something when you can easily make it mean EXACTLY what your point is. You're just too into arguing with random people on the internet to realize it.
Yes spite your local community and the people around you to shake your fist at the rich people who live nowhere near you!
How dare they do something somewhere else!
Meanwhile dumbfucks like me bike/walk their community and clean up the parks on a pretty consistent basis so that we don't have to pay some company (that's inevitably owned by a rich person mind you) to contract with the HOA and do some menial task. WOE IS ME! THE SHAME! How dare I help my community!
Edit: Your mentality is that if you let your community suffer, you refuse to volunteer and do nothing at all... that you might happen to get more taxes to "fix" the issues that volunteers could have handled. So this drives up tax costs... Just for ~325 people (or less if local government) in government to figure out a way to alter and move that money into their pockets. Could have just stopped the money flow from the get-go and kept it in your pocket.
Negative. Opposite intention... It takes more than 15 hours a week to raise a child properly. I would argue this is a good stance to reduce the workload on people as far as "jobs" go.
You don't need to argue random bullshit. Take their argument, and take it to the logical extreme. Done. Now they have to admit that the 40 hour work-week for jobs is excessive.
Edit: Basically make the looney religious nuts eat their words... in case that wasn't clear.
How many of those programs would even need to exist if more people volunteered... voluntarily? Wouldn't have needed to tax people from the get-go. Let alone tax people then tax cut for the rich.
Sorry, but we're still going to agree to disagree. Unfortunately, we can't just make up definitions and have a discussion while in complete disagreement on the definition of the word we're discussing.
Shame is WHY someone would be driven to pursue insight and self-reflection. Insight in of itself isn't something that people just attain with no other factors.
Had they been taught the implications that alcohol has on your near-term health and consciousness instead, they might have been wise enough to not drink too much out of themselves. :)
Okay? What does this have to do with shame or the current conversation? I would argue that most kids hit the hard wall of realization the morning after and have some shame about the events of the night prior... Many kids realize their shame and gain insight through self-reflection. Some wont learn anything at all... Partially because some people simply have no shame, or simply have no will to self-reflect and grow... I would argue that your own example proves my point and shows that shame is an important part of growth. Others will learn "properly" about the health risks and still not care and conduct themselves in a shameful way regardless.
Shame requires some amount of morals, integrity, and honor. Otherwise you'd fail to feel any semblance of the guilt or impropriety of your own actions. Stating that someone should be ashamed is akin to saying "you're acting without integrity/morals if you conduct yourself this way". If telling people that they're doing the wrong thing and should feel bad about it is now "banned" then you're just going to have people doing whatever they want with no social feedback at all. You can't develop the culture of habits that you're looking for unless society can police social interactions in some form.
You seem to be under some belief that with sufficient education people will just be "good" and do the "right thing" and we don't require any other pressure from any other social format to maintain the norm... That's wishful thinking IMO.
Saik0 @ Saik0Shinigami @lemmy.saik0.com Posts 1Comments 2,153Joined 2 yr. ago
Eww Ubuntu.