The British with help by the Americans are pretty much the reason why the current regime is in charge

1953 Iranian coup d’état

He makes some fair points. However I do think the large amount of regressions in 3.4.3 should have resulted in a new release rolling back those changes.

I still like the response of the libxml2 maintainer, where any vulnerability will be disclosed openly and fixed when it’s ready. Maybe more open source projects currently drowning in CVE should take that stance instead of their maintainers burning themselves out over it.

I’m so glad somebody built this. Now let’s expand the proxy into a full on suite of support bots randomly selecting one or another with failover etc.

Get a NUC or old laptop and install your distro of choice on it. Much less hassle than barely supported ARM boards with ancient kernels.

On the upside, those stupid people may be able to indict a ham sandwich, but not a sandwich thrower.

Just to clarify, I didn’t write this blog post. It’s just intended to raise awareness and spread it around here as well. I just don’t believe in editorializing titles

Cookie banners are not required if all you use are actually necessary cookies instead of sharing data with 395 of your partners.

Do you have that research? I though being nice produced better results

I don’t want to worry about my password manager being down if I ever have a total outage for any reason

I’m in the same boat and looking for alternatives.

The first one I tried was Psono, basics worked ok but I didn’t like how there was no keybinding to auto fill passwords. Another negative was the session handling, you’d either need a complete login including 2FA or keep the session active at all times without any prompt for the master password even after a restart.

It really depends on which services you need besides whatever hardware you have lying around.

For me it’s a bit higher, as I used to host all my stuff on a rented dedicated box. Having an always on server in my bedroom didn’t work for me, I have moved out since and built a local sever.

• Dedicated Hetzner server + 10TB storage box: ~75€/month
• Netcup VPS (external monitoring): ~6.50€/month
• Kavita+ subscription for additional features: 5 USD/month (I think)
• Various domains: not sure, I have ~7 domains so another ~100€/year
• Mail: 90USD/year
• VPN: ~50USD/year (forgot to track this expense, oops)
• Backblaze B2: ~2€/month

If you only need a public IP to reach your stuff, an even cheaper VPS should suffice.

Edit: forgot some stuff in the first pass

You’d create two mirror vdevs in the same zpool to get the raid 10 equivalent

Maybe you could switch to a raid10 (mirrored striped vdevs) for faster rebuild time.

BTRFS is relatively similar to ZFS when it comes to their raid implementation, though using raid5 or raid6 comes with some caveats.

Heart of the Machine

Just leaving this here

Now, let’s address this clearly once and for all. What is possible is unauthenticated streaming. Each item in a Jellyfin library has a UUID generated which is based on a checksum of the file path. So, theoretically, if someone knows your exact media paths, they could calculate the item IDs, and then use that ItemID to initiate an unauthenticated stream of the media. As far as we know this has never actually been seen in the wild. This does not affect anything else - all other configuration/management endpoints are behind user authentication. Is this suboptimal? Yes. Is this a massive red-flag security risk that actively exposes your data to the Internet? No.

https://github.com/jellyfin/jellyfin/issues/5415#issuecomment-2825240290

China has been investing in its own semiconductor manufacturing for decades. They are behind, but I wouldn’t bet on them staying behind forever.

Wasn’t the drama Emby going closed source?

Yeah, some dude named jellyfin on Github keeps uploading the latest versions

Great reason not to publish AI slop then

Finally, it’s been too fucking long