As far as I know the arr suite tools do not download things. They scour publicly available pages for torrent links and meta data, so they don’t really need to be behind a VPN. The download client it all ends in should definitely be behind a VPN though

Can you still have custom sounds for the calling sound? Back in the day everyone had some shitty, barely audible version of their favorite song

He literally called him a horror story and asked for his impeachment not even a month ago, what are you on?

coughs in 50TB

Lol, great idea. Let’s see if they can make it as good as Vampire Survivors (which was clearly the inspiration)

I was sure this had to be satire… Oh boy

What damage? Its been known for years what a scummy company Nintendo is and people still buy their games and consoles in the millions. The fans will just say that Nintendo is in the right and move on

I mean, yeah… On the other hand it shouldn’t really edit a link you want to share, should it?

if your mail server blocks them they won’t show up there I think. It just refuses to accept the mail. Maybe check Nexxtcloud logs to see what happens when it tries to send the mail

do they not get sent or do you just not receive them (eg because your mail server blocks them as spam)?
Do both come from the same address?
Can you try to format the testmail the same way to see if they still arrive?

Still better to have a team to react to this incident than just have them shrug and ignore it for 5 years

You mean constantly displaying sexuality as evil and interest in it as sinful leads to a unhealthy sexuality? Say it ain’t so

No, the worst is that a company like Sony or their lawyers can find my server and create a list of movies I offer and then sue me over it. I live in a country where lawyers make a living doing nothing but that.

Besides that, security by obscurity is the worst possible form and barely qualifies as security at all. It’s also another place where the Jellyfin devs leave their users to their own devices when it comes to securing the server against malicious actors.

And none of this is clearly communicated by the project. The unauthenticated endpoints are not disclosed, the issues with the filepath is not disclosed. Jellyfin fans treat it as a drop in replacement for Plex, but people using it as such basically throw an unauthenticated server onto the open web

That’s simply not true. You can just set your local ip range as unauthenticated and use it to your hearts content without an internet connection.

You can access it through your local network without authentication. Add a vpn and you got the same setup Jellyfin fans will praise

Plex has a whole team dedicated to security. It’s obviously not perfect and it is a larger attack surface than Jellyfin, but I’ll take that any day over devs who treat security as an afterthought

Again, its not random. It’s not a UUID. Its an md5 hash of the filepath. Which is easily guessable since most people have a very similar if not identical folder structure, especially since a lot have it managed by the *arr suite. take that plus the publicly available release names for movies and you’re done

It actually had Denuvo removed in August it seems

You’re exactly the kind of Jellyfin user the rest has to thank for the devs lax approach to security. If you actually demanded even basic security, the devs would maybe at least consider it a priority.

But until it no longer provides an unsecured API, you should maybe think about whether you want to portrait it as secure.

Jellyfin holds no sensible data.

Maybe if you don’t live in a country where piracy is actively prosecuted

And Plex is not easier to install and secure than Jellyfin.

You can literally start a Plex server from a exe on desktop windows. Don’t make a fool out of yourself.

Also it is immensely more secure, unless with “Jellyfin” you actually mean “Jellyfin plus a myriad of convoluted extra steps every user has to take by themselves since the devs can’t be arsed to follow basic standards for web security”