• 0 Posts
  • 180 Comments
Joined 1 year ago
cake
Cake day: June 9th, 2023

help-circle



  • That’s simply bad software practice, which was fixed once pointed out. Fact is that if they had done this on purpose, they wouldn’t have changed it and instead, would’ve came up with an excuse to keep it the same way.

    This is not correct. While they have removed it from being installed on newer installs/updates, the certificate remains on the system that ran the corresponding version installer/upgrade unless it will be manually removed by the few percent that got the news.



  • ShortN0te@lemmy.mltoLinux@lemmy.mlRustdesk alternative?
    link
    fedilink
    arrow-up
    5
    arrow-down
    7
    ·
    9 days ago

    It could install software that transmits the data some time else. Basically something virus would do. The code can be hidden somewhere or loaded from somewhere with simple code.

    Those are basic tactics used for years by malware. If just simply monitoring would be enough to protect against malware then we would have way less problems.

    You should never run untrusted code or code by untrusted ppl.



  • ShortN0te@lemmy.mltoLinux@lemmy.mlRustdesk alternative?
    link
    fedilink
    arrow-up
    12
    arrow-down
    2
    ·
    10 days ago

    The installer has included a root certificate before that gets installed without asking. Also there are some code blobs in the code iirc.

    Also how they handled the initial wayland “support”.

    It is relatively easy to smuggle in backdoors if you are the maintainer of the code and afaik there was not even an independent audit.

    Saying it is fine just because of it being OS is really naive.




  • Wasn’t the CVE fixed in a reasonable time frame? I seriously doubt that the maintainers would have ignored it if it wouldn’t have been discussed so publicly.

    AFAIK, to exploit it, you need network access to CUPS then add the printer and then the client needs to add/select a new printer on the client device and actively print something.

    If CUPS is reachable from the internet, then the system/network is misconfigured anyway, no excuse for ignoring the issue but those systems have other sever issues anyway.


  • Basically, when you do not run server side transcoding and instead rely on client side support you will run from time to time into issues. Jellyfin does not have the ppl to get every client to work with all the different formats on every hardware.

    1080 h264/h265 does not say much about the media format. Those codec differentiate in things like Chroma (4:2:0; 4:4:4, etc) or in color depth like 8 or 10 bit. So not every h264 media file does run on the same hardware. Audio codecs are even more complicated.

    I think since i setup my hardware transcoding I ran into a not playable file once. But depending on the hardware it can be worse. On android TV you may have to play around with the settings.

    I understand that this can be a deal breaker for some ppl.


    1. Not sure what you mean by that. Jellyfin has had an up to date version in the play store for years.
    2. Yes every Profile is separated into its own account, that’s by design and will most likely never change. An easy PIN option in the local network existed for years. Now you can even login with your phone app by entering a displayed PIN.
    3. I remember very few media that i had issues with in the past. Depending on the transcode hardware you have some things can be tricky





  • That is why you use an open source manager. KeePassXC for example is not owned by a for-profit company.

    Losing the container due to corruption disk failure etc can be easily managed with backups.

    Losing the password. Yes this is a real valid scenario. I personally have no problem with that i manage fine for years without having to write it out on paper to backup it. A solution would be to actually write that password out somewhere and hide it/ put it into a safe. An attack then needs to attack both, depending if you use disk encryption it is easy to get access to the password safe or not. There are other things to consider, like you could try to hide it in a very long string of characters like 20 pages of random characters, even if you forget it you will be able to find it cause it is very likely that you remember a few characters.


  • I know a lot of services that log you out regularly. Or need a password when you change settings or whatever.

    Well yea people with the “I don’t care. I just press the button and it always works” model do exist.

    WTF no. Password managers are reasonable secure. That is no i don’t care behavior.

    And when you are worried about password managers you should not use cookies. Stealing a cookie is much more simple than stealing and encrypting your password safe.