51·
11 months agoI successfully did it about 2 years ago, following the instructions from this repo (last commit 2 years ago though…) https://github.com/MMMZZZZ/Jellyfin-Migrator
n0xew
- 0 Posts
- 5 Comments
Joined 3 years ago
Cake day: June 19th, 2023
You are not logged in. If you use a Fediverse account that is able to follow users, you can follow this user.
Looks nice, I’ll give it a try! There’s also a Jellyfin community, don’t hesitate to crosspost there :)
Not sure if it fits the bill, but it is categorized as a soulslike: Death Door. It’s an indie game, chill and cute atmosphere, still challenging but not too punishing. I haven’t played much soulslike before but I started this one on Steam Deck and I’m really digging it!
There hasn’t been any release since a year either, the last one being 4.37.5 https://github.com/authelia/authelia/releases
But you can have a look at the github milestones, 4.38.0 is in the work and hopefully will be released sooner than later https://github.com/authelia/authelia/milestone/17
Regarding security: a quick browsing in the project’s issues, filtering by
area:securitydid not show any flaws being reported since the last release. But there may have been undisclosed vulnerabilities the project’s dev are working on fixing for the next version. My personal non-professional non-legally-binding opinion is that it looks fine, so I do keep it running on my server.
I agree the article isn’t super clear. Reading it twice, it seems that the user credentials are exfiltrated to the C2 server (only the screenshot implies it), which definitely would be malicious.
Also a possible interpretation could be that the package advertised “just” some automations (e.g. export playlists to m3u?) and getting music metadata, whereas it was actually downloading musics locally unbeknownst to the user. Then exfiltrating the music back to the C2 server, effectively using the package’s users to mass pirate musics without exposing the pirates directly. That would indeed be malicious, especially if the package did not advertise any content downloading.
But for the last paragraph I’m extrapolating on the few info this article gives without making much sense…
EDIT: from the original article here https://socket.dev/blog/malicious-pypi-package-exploits-deezer-api-for-coordinated-music-piracy it does not seem that the musics are downloaded on the user systems then extracted to the C2 server, but rather all that’s necessary to build the download urls, including tokens tied to the victims’ account.