Kirk probably wouldn’t be dead right now if Trump wasn’t elected, I fully believe that in some way or another

Huh? Did you even read the whole thread? They’re linked above.

Finally, I constantly do this.

I mean… lemvotes.org is a thing.

They could put a banner in the network settings warning users about these security issues while they get them fixed, that doesn’t require fixing any inherited code. In the GitHub issue linked, there’s at least one upset user because they had no idea this was even a problem.

What about the pwned users of Jellyfin that have unknowingly had security holes for 5 years because Jellyfin doesn’t care enough to even put a banner in their settings to say it’s not secure?

I mean, that’s fine, but it’s still an issue and a risk that would cause me to want to use VPN for remote viewing. It doesn’t seem like security is Jellyfin’s priority at the moment, not that it’s Plex’s either, but it’s not to a place where it’s worth it to switch from a security standpoint, personally.

I’d love to switch. I would do it right now, but the problem is that Jellyfin’s security isn’t better if you open it up to the internet. For example, I’d have to set up a VPN for my remote users for proper security, and most of my users are in other states, not technically inclined, and watch on their TVs. I’d have to at least support a raspberry pi for them, or some sort of site to site VPN, and if it goes down, I’ll be expected to fix it. On top of that, if I do a simple raspberry pi based VPN, it would be made even more complicated since they’d want it to work with their smart TVs.

Again, I really want to switch. But Jellyfin needs to fix their security issues before I can. I’m also happy with the way Plex is reporting this, it’s above the standard “your data is lost” notifications.

Edit: here’s a link to the related GitHub issue I’ve been following: https://github.com/jellyfin/jellyfin/issues/5415

And @[email protected] has a great thread explaining more: https://lemmy.today/comment/18923504

Ah, I stand corrected. That’s probably why I’ve never been charged, 2.5k is a lot for my use.

Which part? If you’re wanting to use cloudflare pages, it’s relatively straightforward. You can follow this and get up & running pretty quickly: https://www.hongkiat.com/blog/host-static-website-cloudflare-pages/

If you’re asking about the tarpits, there’s two ways (generally) to accomplish that. Even if you don’t use cloudflare pages to host your site directly (if you use nginx on your server, for example), you can still enable AI tarpits for your entire domain, so long as you use cloudflare for your DNS provider. If you use pages, the setup is mostly the same: https://blog.cloudflare.com/ai-labyrinth/#how-to-use-ai-labyrinth-to-stop-ai-crawlers

If you want to do it all locally, you could instead setup iocaine or nepenthes which are both self hosted and can integrate with various webserver software. Obviously, cloudflare’s tarpits are stupid simple to setup compared to these, but these give you greater control of exactly how you’re poisoning the well and trapping crawlers.

+1 for Duplicacy (the GUI, as a container). Very worth it, IMO. Not only do I use it for my PC, I back up my server to my other server in another state with it. I also use it with Backblaze B2 (for very important files) which is slightly more than Hetzner ($6/TB). I haven’t run into any chunking issues and they don’t charge for API calls. Highly recommendated.

It looks delicious, for real. Like, I want it in me.

I agree. I’d 100% love to dump Plex immediately, but trying to get my MIL across the country to setup a VPN is just not going to happen. Even if I ship a preconfigured raspberry pi over there, it won’t work for her TV and if it breaks, she’s gunna want me to go out there and fix it. If Jellyfin ever gets it together enough for that to no longer be necessary, I’ll leave plex. But for now, I’m gunna unfortunately stay with Plex

Yep, on top of simply blocking, if you’re self hosting or using cloudflare, you can enable AI tarpits.

$1000, if anyone was wondering.

Nah, I didn’t even bother. I only play 5 & 6.

The problem is the github issue has hallucinations and incorrect technical terminology. It really shouldn’t be used for this purpose, it’s pretty selfish to expect maintainers to consider something that you used LLM for in my opinion. I don’t think that’s elitist, is it really all that difficult to write a feature request on your own, especially if you’ve already done the hard part (the research)?

I mean, sure, but LLM issues are currently plaguing open source projects. Curl, for example: https://gist.github.com/bagder/07f7581f6e3d78ef37dfbfc81fd1d1cd

If someone isn’t passionate about something enough to write their own request, why would the devs be passionate about implementing it?

Yikes. Why would the devs implement anything created by LLM? It shows that the requester (you, in this case) isn’t passionate enough to sit down and write something on their own.

So we’re filing LLM slop for Lemmy issues now? Also that’s a pretty poor choice for a name.