I can’t wait for what comes first. The claudication and predictable extended support or the wave of malware paralyzing half the world over unsecured devices.

I also have a WD black 2TB that must be near a decade now and it’s still going with zero issues. There were definitely doing something good.

Though truth be told, it’s a data drive, not the OS drive. So there’s less r/w going on.

Have to point a dns to the ip, buy a domain, stablish ddns. I don’t see it happening often. If you know all that you are ought to know about getting hitm

Bot hits are not a problem for jellyfin. The main problem right now is unauthorized access to endpoints for people who know the hash that is being used in that endpoint.

It’s a targeted attack that hampers availability of the services (making it more available than it should be). It doesn’t make internet more insecure or anything.

As I said previously I haven’t actually known of any of these attacks happening on the wild. As they are kinda hard of pull of. You need to know the precisely hash used for the endpoint, the most normal way of knowing that without being an authorized user is because you used to be an authorized user and you are not anymore. That’s weird in jellyfin current ecosystem. People say that the hash could be calculated by a complete outsider, but I have never seen anyone pulling it off on the wild. You need to know a lot of things about the service you are attacking to be able to do it.

So, yes is a security vulnerability, all software have those. But I think it gets blown out of proportion often.

Not techie people are not going to be able to open it for internet access. If you have the knowledge to set a internet available service you should have the knowledge to be able to provide basic security.

Most security issues with jellyfin are an issue only for a specific type of user. The one who is selling access to their server. The worst Jellyfin security issue makes selling access to your server a higher risk situation.

I hope someday those issues would get patched, but I get why there are other priorities for the dev team right now, about issues that bother to a bigger majority of jellyfin users.

Jellyfin dev team is not in charge of your self hosted security though. You know what you are getting, source code available, and it’s up to you setting the security.

While I whish access were secured at some point. I’m still yet to see one of those guessed hash attacks on the wild.

A good thing about Jellyfin is that we KNOW its insecurities because it’s open source.

Other software may be insecure like that but you would only know after an incident happens because you cannot audit the source code.

Thanks! I’ll look into that.

It is, same as nouveau drivers. But with a loss in performance, because not gpu hardware acceleration.

The computer runs and linux with nouveau will be its final destiny. But as for now there are some games I play that are just on the edge that run very well with hardware acceleration but sluggish with igpu or nouveau.

I will have to look into the new distro/old kernel thing. It may be a solution.

user is not in the sudoers file

Back in my day my school used windows. Activated by the computers teacher from some bootleg cd, as god intended.

You can always dual boot and chose boot order in the bios menu. That’s a bulletproof method. That can only fail if windows fastboot make it difficult to get to the bios menu.

Why is a package manager doing psychoanalysis on you?

2013 I think. It’s a 710M laptop gpu. The needed driver is the 390 something like that. Both fedora and ubuntu based distro had dropped support for it. I tried manual installation but indeed it failed because it doesn’t seems to play nice with the kernel.

For me the mistrust on bluesky started when it was so easily adopted as “twitter” alternative, mastodon being just there struggling for that.

In order to achieve that a lot of money and influence have been moved around. People didn’t organically moved, they were influenced to move there. I don’t trust that.

Sadly I had to install Windows 10 iot ltsc on a laptop I own.

I tried to install linux. Several distros. But I always ran into de same issue. I was unable to install nvidia drivers. Which was weird, because that laptop have been on linux a few years prior and I clearly recall installing nvidia drivers without any issues.

So I dug into the problem. And it seems that some new linux kernel had issues with older nvidia drivers, so most, if not all, distros dropped support for that old driver. Only given solution was to run some old lts distro. But por instance mint lts will end on 2027.

At the same time everything worked just fine on that version of windows that have support until 2032.

And, not, the laptop is not that usable with nouveau drivers, as those are incapable of doing hardware acceleration, so everything runs slower, specially games, but it can be noticed even in just the DE.

So it’s weird. That in order to keep old hardware around I need to use Windows, because linux dropped support for this particular older hardware earlier than windows.

I know it’s just an exception, and that is mostly Nvidia’s fault. But I had to do what I had to do.

Still running linux on other of my machines though.

Not all grindr users are linux users. But are all linux users grindr users?

Twitter has more users.

Has Mississippi lower the age restriction to 14 years old?

Siempre lo ha sido. 🌎👩🏻‍🚀🔫👩🏻‍🚀

I’m against it for several reasons. Running unauthorized heavy duty code on your end. It’s not JS in order to make your site functional, it’s heavy calculations unprompted. If they would add simple button “click to run challenge” would at least be more polite and less “malware-like”.

For some old devices the challenge last over 30 seconds, I can type a captcha in less time than that.

It blocks behind the necessity to use a browser several webs that people (like the article author) tend to browse directly from a terminal.

It’s a delusion. As shown by the article author solving the PoW challenge is not that much of an added cost. Span reduction would be the same with any other novel method, crawlers are just not prepared for it. Any prepared crawler would have no issues whatsoever. People are seeing results just because it’s obscurity, not because it really works as advertised. And in fact I believe some sites are starting to get crawled aggressively despite anubis as some crawlers are already catching up with this new Anubis trend.

Take into account that the challenge needs to be light enough so a good user can enter the website in a few seconds running the challenge on a browser engine (very inefficient). A crawler interested in your site could easily put up a solution to mine the PoW using CUDA in a GPU which would be hundreds if not thousands of times more efficient. So the balance of difficulty (still browsable for users but costly to crawl) is not feasible.

It’s not universally applicable. Imagine if all internet were behind PoW challenges. It would be like constant Bitcoin mining, a total waste of resources.

The company behind Anubis seems more shady to me each day. They feed on anti-AI paranoia, they didn’t even answer the article author valid critics when he email them, they use clearly PR language aimed to convince and please certain demographics to place their product. They are full of slogans but lack substance. I just don’t trust them.