this post was submitted on 02 Apr 2025
229 points (100.0% liked)
Technology
38500 readers
478 users here now
A nice place to discuss rumors, happenings, innovations, and challenges in the technology sphere. We also welcome discussions on the intersections of technology and society. If it’s technological news or discussion of technology, it probably belongs here.
Remember the overriding ethos on Beehaw: Be(e) Nice. Each user you encounter here is a person, and should be treated with kindness (even if they’re wrong, or use a Linux distro you don’t like). Personal attacks will not be tolerated.
Subcommunities on Beehaw:
This community's icon was made by Aaron Schneider, under the CC-BY-NC-SA 4.0 license.
founded 3 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
It's a list from 2021 and as a cybersec researcher and Jellyfin user I didn't see anything that would make me say "do not expose Jellyfin to the Internet".
That's not to say there might be something not listed, or some exploit chain using parts of this list, but at least it's not something that has been abused over the last four years if so.
The last set of comments is from 2024. These have not been addressed. The fact that it is possible to stream without auth is just bonkers.
The entirity of jellyfin security is security via obscurity which is zero security at all.
"As a cybersec researcher", the limp wristed, hand wavy approach to security should be sending up alarm bells. The fact that it doesn't, means that likely either, you don't take your research very seriously, or you aren't a "cybersecurity researcher".
"Thank you for this list. We are aware of quite a few, but for reasons of backwards compatibility they've never been fixed. We'd definitely like to but doing so in a non-disruptive way is the hard part."
Is truly one of the statements of all time.
You can't say that a solution is no security at all when it requires time and intelligence to bypass.
It is at least 0.01 security.
Effort or no, if an attacker can reasonably bypass it, it's not secure. That's why software gets security patches all the time, why encryption/hashing algorithms can fall out of favor, and why quantum computing can be pretty fucking scary.
No system is secure.
#confidentlyincorrect
The votes are not on your side
I didn't say it's secure, I just said it's security.
Surely you understand how a stupid response to a silly statement like it is one of the sayings of all time can be appropriate in humorous situations, right?
I understand that you did not find it funny, but I hope that you can understand that it was my intention to be funny, and therefore a serious response is disproportionate.
I thought you were being serious as well. I've dealt with enough people who would genuinely make that argument so I assume nothing.
It definitely was lol
When "hundredths fractions of security" fails to get a laugh, I know I'm in the wrong group of people.
Kinda was. Sry.
No, in this case it's true independent of my opinion or perspective.
I'm sorry if I made you upset. Honestly.
Ofc I have no work regarding that because I was shitposting. I was hoping you'd take things a bit more lightly.
Personally, I'm a bit within the autism spectrum. When I was a kid I had a lot of trouble with some social hints that other people seemed to pick up really fast. With time some of those things I've learnt to pick up better, and others not so much. Also got bullied and that wasn't fun.
My impression of this situation is that you misread a social hint, which is fine, and then got a little bit defensive about it, which is also fine. I can understand that. Has happened to me a billion times and I'm not as graceful as you are.
It's just like.. For me it was better to, at some point, stop resisting the pain of accepting I didn't read these things as well as others did and just admitting "sorry, sometimes i don't get when ppl are joking" because it reminded me of being in the spectrum and therefore different... For me, this was unthinkable... So I kept insisting on points when many others were telling me, with relative compassion, that I may have made a mistake.
I don't care about the issue we were talking about anymore. Just want you to understand that even if I do believe you made a mistake in reading the situation, It's not what I now consider relevant of this conversation, don't think you were wrong in your perspective regarding security and I'm not laughing at you. I'm not doing anything at your expense. Just sharing a personal difficulty with you for your own possible benefit.
Idk if you can relate, but if you can maybe it could help.
Peace, friend, and have a great week. <3
No, you misunderstood. I do care, but not about the issue. About you.
I could be wrong about the issue.
I'm sorry I upset you, but yes, you were coming off a little emotional.
I didn't mean to be rude.
What I shared was a personal story about my life which is painful for me to remember. I don't go around sharing shit stuff with people who want to harm me. I share it with people who i think could benefit from it.
I really hope you have an awesome day cause to me, regardless of anything that's been said, you seem like an awesome person. <3
You too friend, and sorry for being mean.
How about 0.001 security?