Fail2ban isn’t going to help you when jellyfin has vulnerable endpoints that need no authentication at all.
- 1 Post
- 11 Comments
Joined 2 years ago
Cake day: July 1st, 2023
You are not logged in. If you use a Fediverse account that is able to follow users, you can follow this user.
Jellyfin has a whole host of unresolved and unmitigated security vulnerabilities that make exposing it to the internet. A pretty poor choice.
3·2 days agoAnd it won’t scale at all!
Congratulations, you made more AI slop, and the problem is still unsolved 🤣
Current AI solves 0% of difficult programming problems, 0%, it’s good at producing the lowest common denominator, protocols are sitting at 99th percentile here. You’re not going to be developing anything remotely close to a new, scale able, secure, federated protocol with it.
Nevermind the interoperability, client libraries…etc Or the proofs and protocol documentation. Which exist before the actual code.
5·3 days ago“It’s just a prank bro”
Wayyyyyy less than 20%.
Even removing, incredibly liberal, bot percentages from reddit Lemmy is still < 0.001% of the audience
It’s a solution to a problem Lemmy will soon have in that case.
Which is bots.
Lemmy isn’t flooded with bots and astroturfing because it’s essentially too small to matter. The audience is something like < 0.001% that of reddit.
Once it grows the problem comes here as well, and we have no answers for it.
It’s a shitty situation for the internet as a whole, and the only solution is verifying humans. And corporations CANNOT be trusted with that kind of access/power
2 years ago I talked about the core problem with federated services was the abismal scale ability.
I essentially got ridiculed.
And here we are, with incredibly predictable scaling problems.
If we refuse to acknowledge problems till they become critical, we will never grow past a blip on the corner of the internet. Protocol development is HARD and expensive.
No, most definitely not, and it… Sucks.
I just wanna sit down and play Minecraft or something again.
Sounds like American healthcare to me.
You either cope, and probably cause irreparable hard to yourself, or you go to the clinic or ER and get labeled a drug seeker.
The sad part is is that you’re right.
And the reason that it’s sad is that most of the individual veneers on proprietary projects deeply about a project itself and have the same goals as they do with open source software, which is just to make something that’s useful and do cool shit.
Yep, the business itself can force them not take care of problems or force them to go in directions that are counter to their core motivations.
Please to see: https://github.com/jellyfin/jellyfin/issues/5415
Someone doesn’t necessarily have to brute Force a login if they know about pre-existing vulnerabilities, that may be exploited in unexpected ways