r00ty

Now block Twitter for the whole of France. It’s the only correct thing to do.

Was it Sarah Connor?

However, my understanding is that this could be exploited only by authenticated users with permission to add new media. Not like that’s a risk to ignore, but it’s not like it could be exploited by anyone on the Internet.

I wonder if that’s the reason for setting the default live TV management permission to false. Since that permission might well the the route to adding your own malicious m3u link for that second change.

Reverse proxy will let anyone connect to it. VPN, you can create keys/logins for your intended users only. Having said that, from what I could see, nothing in the security fixes were to do with authentication. I think (just from a cursory look), they could only be exploited, if at all from an authenticated user session.

But personally, something like jellyfin where the number of people I want to be able to access it is very limited, stays behind a VPN. Better to limit your potential attack surface as much as you can.

From a cursory look at just the security commits. Looks like the following:

• GHSA-j2hf-x4q5-47j3: Checks if a media shortcut is empty, and checks if it is remote and stores the remote protocol if so. Also prevent strm files (these are meant to contain links to a stream) from referencing local files. Indeed this might have been used to reference files jellyfin couldn’t usually see?
• GHSA-8fw7-f233-ffr8: Seems to be similar, except for M3U file link validation and limiting allowed protocols. It also changes the default permissions for live TV management to false.
• GHSA-v2jv-54xj-h76w: When creating a structure there should be a limit of 200 characters for a string which was not enforced.
• GHSA-jh22-fw8w-2v9x: Not really completely sure here. They change regex to regexstr in a lot of places and it looks like some extra validation around choosing transcoding settings.

I’m not really sure how serious any of these are, or how they could be exploited however. Well aside from the local file in stream files one.

The thing is, they won’t ALL do it. The big names will. Real chocolate will become more of a luxury thing you have less often (which, to be fair is probably a good thing) and the established brands might survive on some blind brand loyalty, or die out.

If you feed data to fr24, you get the same perks as the extremely expensive subscription which includes the same filters. Hint: It is actually very cheap and easy to provide data to them.

Please feel free to keep him.

Not sure what you mean. I just saw asterisks.

So let me get this straight. From the US admin we hear.

-NATO countries cannot rely on USA to help them if they need us. -NATO countries should be ensuring they can defend themselves.

But also -You’d also still better buy all your shit from us!

They’re like the stereotypical bully… “Stop hitting yourself”

I’m based in the UK. But my instance only actually has single digits of actual active users. So, it’s not bothering me too much.

The moment I get a letter from OFCOM, or I see they’re enforcing against smaller federated sites, I’ll just remove non login readable capability and make it entirely invite only (which won’t be a problem, the only people joining for ages were bots and when I added the AI blocking/cloudflare protection they’ve stopped coming too). Until then I am assuming they’re going after the actual social media companies.

If you want to go super de-centralised. Just remove the internet and go for a mesh network :P

So, just going to say. I feel like this violates rule 1: (Not United States Internal News)

In any case, as an outsider I feel like it’s more than obvious that the step up in activities and rhetoric is a direct response to the realisation that there’s mid-terms coming this year and as it stands they will lose hugely.

So yes, they want to either take control of the voting, or even better stop the election entirely. This is what is being worked towards right now, just from me looking from the outside in.

I thought we already had that, the NCA? We don’t generally need “federal” level stuff because we don’t have different laws.

There’s some difference in trial process and civil laws (someone can correct me if there’s a real difference in criminal law, I don’t think there is though) between the countries making up the UK. But we don’t have the whole entanglement of State law vs Federal law.

So, there’s no need for anything more than what we already have which only really need to work to bring the regional forces together on serious cases.

I’ve known six year old children to have more maturity than this. “I’m going to invade Greenland because I didn’t get a Nobel Peace Prize” is what this boils down to.

A literal child is in charge of the most powerful single country in the world.

“Sources close to Rubina’s family, citing eyewitnesses, told Iran Human Rights that the young Kurdish woman from Marivan was shot from close range from behind, with the bullet striking her head,” the group said in a statement.

Shot in the head, from behind at close range. Don’t we have a word for that? Pretty sure we call that an execution.

I was wondering exactly the same. I mean seems like they’re withdrawing from a large number of UN orgs here.

https://www.bbc.co.uk/news/articles/c1evp7weyv2o

Any better?

Huh. I am sure you could search for individual books. For sure you could do it by goodreads ID I think? Yes, adding an entire author as the primary way to do things is a bit much for some. I know for sure I have managed to do individual books before now.

It’s a real shame because Readarr did work and they really just needed to fix their own metadata servers. No? Or were there other problems I’m not aware of?