Not to mention that some providers offer APIs to provide certificates without opening port(s) 80/443. This allows using nice host names on your personal domain with valid SSL over the internal network too. Want to migrate a server or service? Just change the IP associated with the domain on the internal DNS. Makes migrating and upgrading a lot easier.
You don’t have to take my word on this, but when you have so many vulnerabilities, the foundation and knowledge about security practices by the developers is missing some key ingredients.
I use Jellyfin. I like jellyfin. I would like people to use jellyfin, but do it responsibly.
Citing backwards compatibility is not an acceptable answer either. If individual endpoints and/or protocols (web sockets) are being addressed as separate issues, then there is no overall filter for the most basic thing as checking if the user is authenticated, you know a potential attacker will look for more.
Will they target jellyfin instead of your average government website with a low budget and similar issues? Unlikely, but possible if the level of effort is low and can potentially create a large botnet, maybe?
You handle these with overall filters (or whatever they are called on c#) and white lists if something truly needs not to have it instead of reacting when someone reports it.
The simple fact that some of the code was sending api keys as GET parameters (which get logged cross every access log in the middleware on its way to the target server) and it didn’t raise any flags seems sufficient enough to suggest DO NOT expose jellyfin directly to the internet.
By then you would have racked up thousands of dollars in legal fees. Not to mention if anyone posts anything negative about the current administration you could be used as an example.
We already have students on visas being kidnapped off the streets, let’s stop pretending the law actually matters for the people in power.
Bash does seem like a better fit for this kind of script since it is a lot more portable.
I.e.: It comes by default for many Linux distributions. For windows, a Git bash install will get you most utilities needed for large reliable scripts (grep, scp, find, sort, uniq, cat, tr, ls, etc.).
With that said, you should write it on whatever language you want, especially if it is for learning purposes, that’s where the fun comes from :)
Cheaper plex subscription at the cost of healthcare and taking orders from a moron. Can’t say no to a great deal!
I don’t know if it is always the fastest. I know they said android, but for example on not too old Apple phones (pre-usb c), I had the impression you could get better throughout on wifi compared to a cable connection. Maybe that’s just apple trying to squeeze money on proprietary connectors, but other manufacturers seem to copy their worst takes sometimes though.
He just needs a bonus for a few billion dollars and then it will be ok.
I seriously can’t believe there are board members that brain dead that think it would be a good idea to approve that kind of bonus if they are trying to make any money for the company.
Can you elaborate on what you mean?
And the day that something bad in general about the code can be said? That’s when developers fork. It means something different to us.
I’ve heard of people using a shake sensor or a power monitoring outlet/switch which seems like it would take a lot less effort to integrate into automations (like showing a light when it is done somewhere).
Not sure if the UK is similar to where I lived, but they were the worst “cloud” provider I’ve ever used. Want to shut down the instance you had to recreate it with a different OS? Good luck getting it back online as they are out of capacity. Also, if you accidentally deleted one of the default network components it was impossible to recreate it without incurring a cost kind of going against anything you learned about cloud computing and “infrastructure as code”. It was a glorified GUI.
Edit: I’m just glad my current employer does not use anything oracle as their support is also famously bad.
Developer1: @developer2: could you take a look, I know u know stuff about this.
Developer2: can’t reproduce. Might be able to if I get the app logs in trace level, the blood of 3 dragons and a signed autograph of Michael Jordan’s third hello world program.
User1: here are some other unrelated logs at info level only and nothing else.
Git bot: clozed y’all.
deleted by creator