Someone discovered an exploit on cardano (a blockchain) that allowed for a “bad” transaction (think spending the same coin twice, or rejecting a transaction that was already valid).

This got some discussion but an actual fix wasnt the priority. Someone else decided to try and see if they could intentionally create a similar bad transaction.

There is a dedicated test chain which is specifically for those kind of tests but instead of choosing to do the bad transaction on the test chain, the person thought they would just block all internet traffic on their computer, but instead of doing that correctly by unplugging their ethernet cable or turning off the wifi, asked chat GPT how to block traffic ans chatGPT guessed wrong.

… Its a pretty weak excuse IMO. It doesnt sound like the exploit was vibe coded, just that the person trusted instructions about blocking connections from GPT. Like if this was a professional they would be fired immediately for such incompetence, but it sounds like it was not a professional.

Ultimately the problem is that they made the choice to use the main blockchain instead of the test one, that makes their defense of it being an accident a bit weak.

I bet thats true of most jobs

I dont find needing to knowing how to use the most common way of setting up servicss is gate keepy.

If you dont want to learn things then it probably is better to just pay someone else to handle the setup i dont think there is anything wrong with doing it that way either.

But where is all the fires and rioting? /s

You can use a service like duckdns.org for free to get a (sub)domain that can be used with funkwhale.

The issue isnt limited to signal, a whole swath of things are down at the moment.

Time for more tax fruad!

I use Dockge to manage everything.

By that logic, I could decide that movie studios have to opt out of me watching their movies for free, and if they don’t then it’s legal for me to pirate them. See how insane that sounds?

That sounds perfectly fine to me. This is now the official policy of all the serviced provided by gravitywell.xyz

When I last needed to get on IRC I used pidgin, because it’s what worked.

I just switch between google accounts when my free session runs out of tokens for the moth. Never giving cursor or any of those “Ai” companies a dime but I take full advantage of their free tiers.

Wouldn’t that just make a file full of zeros?

I think the proper (joke) command here would be

rm -rf /var/*

Funkwhale is the best option for replacing Spotify. It can be private or public and federated so you can follow users who want to share their playlists and such.

Navidrome is another good option although i don’t use it personally I hear nothing but good things.

Avoid subsonic directly but youll find funkwhale and other services support it as a protocol very well. Its just the subsonic server software itself and all of the forks seem to basically just be reinventing the same wheel over and over so they can charge for “premium” features.

Could you imagine if some of the people who fall for these SaaS corporate apps just contributed like 1/10th the amount to open source projects that can be self hosted from the start instead of having to get screwed over first before they realize the risk they are taking “trusting” some for profit corp to not extort them at some future point.

Exactly, it had even less information and far less context, yet it produced a better result.

Ryan Harvey - Old Man Trump (ft. Ani DiFranco & Tom Morello)

I just asked an offline 1B model gemma 3 running on my phone the same question and it gave me a decent recipe , no WiFi needed.

I recommend self hosting, I don’t consider Plex to be shelf hosting since its so heavily depending on a third party corp to facilitate things.

If you aren’t interested in self hosting i don’t have any suggestions for you other than to enjoy it while it lasts.

Edit2: here we go

That makes sense, I appreciate you taking the time. Its certainly not a very big issue for me personally, and i do have other mitigations in place for more general attacks like fail2ban, but not everyone is in the same situation so its a valid concern to mention.

I do think you’re overestimating the risk, Studios are unlikely to go to such lengths when there are bigger, easier targets. Still, it’s not entirely negligible, even if the exploit seems fairly benign to me personally.

My thinking as a sysadmin is if someone has security concerns, they wouldnt be JUST with jellyfin in most cases, you’d be securing an entire server (or paying someone else to handle that part), so its issues to keep in mind sure, but the mitigation would be mainly outside of jellyfin specifically anyway, thus why its not really mentioned in jellyfin’s docs or considered a big concern by the devs.

So I’m not really disagreeing with anything you’ve said, but I you haven’t changed my mind either, I’m still going to recommend jellyfin over plex.