It’s only because it is a large mp3 okay?

I understand their position but disagree with the tactics.

Yes, the age verification laws are incredibly bad for various reasons. I do not support them in any way.

However, they do exist and services are required to comply with them. Many services in this position use Linux and systemd. On those systems, systemd is the location where user data like this would be stored. So, from a software engineering perspective it only makes sense to include a field to handle this.

People were taking this engineering decision and treating as if it were a proxy for age verification laws. They were doxxing the developer and the comments were borderline inciting violence (and some not borderline at all). That’s the part I take issue with.

It’s slacktivisim.

Effectively fighting against age verification requires engaging with the political system, not spamming toxic comments on social media. The fight against age verification isn’t going to be won inside of git repos and no progress is made by attacking volunteer developers.

You’re right that it is an important issue, but the people that show up just to be toxic and violent are not doing the cause any favors and should be shunned from the community. These people were not actually members of our community, they were tourists following the outrage train and have since moved on to other topics for their next hit of outrage and self-righteousness.

I’m at a loss

Reading the comments I’m glad to see that the outrage crowd has left, last month they were swarming this topic heavily.

(Well, they seem to have limited themselves to downvoting at least)

This is very serious…

…now it’s free x 4.

Yeah, I have had a similar experience.

Some are excited about it when I give them the tour but never use their login.

Luckily my nieces and nephews love the fact that they can watch all of the Mouse House movies without the Mouse House+ subscription

I just got a refund, I’m moving to Real Player

I try to hit 15TB/mo automatically fetching the latest Linux ISOs for ratio. I paid for 20TB so I’m gonna use it!

Only about .5-1TB/mo personally.

“Just one more thing” we all say until we’re hosting a bespoke cloud service for everyone we know.

Next do pihole, put everything on a mesh VPN, home assistant all of your lights/locks/coffee machines, jellyfin, then you may as well get a seedbox in Singapore and automate your media consumption, while you’re there you may as well run subsonic and lidarr and if you’re going to host media audiobookshelf for your reading/audiobook needs.

Or, branch out to other nerd hobbies and buy a 3D printer (why not) and cover your walls and flat surfaces with modular organization systems

I run both, I got the lifetime license for under $100 and it is much easier to have my various family members install the Plex app and then login than to get them on my VPN to access Jellyfin.

Grandma ain’t installing Tailscale

Yeah, I’m not disagreeing with you either, just adding more to the conversation

I work in security as well.

If you only have a single user that accesses via a single static IP then it isn’t much of an issue to manually maintain an IP whitelist.

Allowing access to multiple users across many different networks, means that you’re going to have to deal with their IP changing frequently often multiple times per day. You’d have to be available full-time to update your whitelist if done manually.

If you’re going to run software on those machines to check for their public IP and report it to you (or a script you run) in order to update your firewall’s whitelist then you could just as easily (or, I’d argue, more easily) run a Tailscale client on their machine and only give them access to Jellyfin via Tailscale’s ACL.

I just mean that you can’t simply put Jellyfin behind a reverse proxy and alter some port forwarding rules to protect against the argument injection vulnerability, since it executes the ffmpeg command as the Jellyfin’s service account so it would have access to any file that that account could access (which should be limited to the container, but some people run it bare metal still).

Using a VPN is just easier to deal with, to me, than trying to allow any access from Internet IPs. The firewall can simply block everything from the Internet that isn’t VPN traffic. This is especially true if you control all of the devices that will be connecting to your network.

All of my traffic, even LAN traffic, is on one VPN or another. Everything is done ‘locally’ on the VPNs regardless of where the device is located.

I was Osama bin Laden and I can confirm that this is true.

I think you don’t understand the nature of the exploit.

Anybody who can see the Jellyfin login page can use the Jellyfin server’s permissions to play media directly from your media library.

Port forwarding doesn’t matter. Jellyfin hosts on port 80/443 which you have to allow for the service to function. Most clients are on dynamic IPs or CGNATs so unless you’re going to manually change the IP filter for every single user every few days, IP filters are not a reasonable solution.

‘Take reasonable precautions on the trust of networks’ doesn’t even make sense. Your Jellyfin server is either available to the Internet or not available to the Internet. If you choose not to trust the Internet (the actual mitigation) then you obtain access to your Jellyfin server through a VPN.

either way though, what is the real risk? Someone streams your media without your permission?

I am outraged that someone would commit piracy on my pirated content!

Honestly, if someone is going through all that trouble then they’ve earned it… and it saves me the effort of needing to create them an account.

My Jellyfin has all of these things.

It’s not just that it is open source. It also has the largest software ecosystem of other open source software.

Yeah, they could use TempleOS, but then they’d need to write their own Office replacement. Or they can use Linux and use/fork LibreOffice.

There’s no need to reinvent the wheel, Linux has been the nerd community’s go to OS for replacing Windows for decades.

I personally don’t like adding kernel functionality specifically for the benefit of wine

Well, luckily, you can personally have a kernel without that functionality

That is just the constant issue these people put in the public trust are learning but have to held to task to.

I think the people who’ve gained a career in politics understand the rent seeking game and it is the people who have forgotten what the stakes are.

I don’t buy for a minute that these highly educated people with degrees from prestigious universities don’t understand the historical context that they’re living through. The amount of corruption on public display is shocking to anyone who is paying attention.

We’ve just become complacent and have, collectively, forgotten what the stakes are.

You’re right, the people who are able to make decisions are able to make objectively bad long term decision and the amount of people who want to hold them to task is so massively diluted by a bunch of people who’ve grown complacent due to being born in and living through a period of time that has, historically, been largely positive.

(( Huge asterisks there, obviously. I mean there’s no world wars, widespread slavery or feudalism. Totalitarianism is limited to corners of the world where we’re largely discouraged from thinking about. North Korea is, objectively, an ongoing crime against humanity but most people living in western democracies have no context to understand that reality so it’s feels like a fantasy setting in a movie or TV Show. ))

There are still functioning democracies that haven’t gone off the cliff despite everything and the Internet has given us an organizational tool that has never existed in human history. We’re living through Interesting Times, but there’s still hope.