Not exactly ideal archival software…

It doesn’t store files in a human readable way and requires a separate DB and application to interpret your stored data. Without controls over how it stores that data.

I just set the desktop app up a week ago on a new computer. I am most definitely not mistaken.

Yeah but the local backups suck because you have no control over their retention period, And it forces you to create a new one everyday. Which if you have a large signal history, can wipe your phones storage in just a few days.

Yeah, the current backups are pretty dumb in the sense that it writes a new file everyday and you have no control over retention, history or deletion.

I just want to be able to backup all my media history and chat in a securely encrypted file to a location of my choosing with a retention period of my choosing.

Except it won’t. The desktop app specifically states that it will not transfer history when you activate it…

There’s a big difference between desktop environment needs and headless server needs.

Anything with user interaction will require an enormous number of additional services, which consumes resources.

I expect to run simple headless software on 256-512 MB of RAM. For example.

Literally nothing about their software should require a login.

It’s asinine

I’ve seen this thread somewhere else before.

Same thing different context.

And I seem just like before that it’s because the user is entering what are very predictable words or phrases and they are just not putting two and two together.

Samesies

Had to use gett when I visited Tel Aviv a few years back. That’s about it

These are all holes in the Swiss cheese model.

Just because you and I cannot immediately consider ways of exploiting these vulnerabilities doesn’t mean they don’t exist or are not already in use (Including other endpoints of vulnerabilities not listed)

This is one of the biggest mindset gaps that exist in technology, which tends to result in a whole internet filled with exploitable services and devices. Which are more often than not used as proxies for crime or traffic, and not directly exploited.

Meaning that unless you have incredibly robust network traffic analysis, you won’t notice a thing.

There are so many sonarr and similar instances out there with minor vulnerabilities being exploited in the wild because of the same"Well, what can someone do with these vulnerabilities anyways" mindset. Turns out all it takes is a common deployment misconfiguration in several seedbox providers to turn it into an RCE, which wouldn’t have been possible if the vulnerability was patched.

Which is just holes in the swiss cheese model lining up. Something as simple as allowing an admin user access to their own password when they are logged in enables an entirely separate class of attacks. Excused because “If they’re already logged in, they know the password”. Well, not of there’s another vulnerability with authentication…

See how that works?

Please to see: https://github.com/jellyfin/jellyfin/issues/5415

Someone doesn’t necessarily have to brute Force a login if they know about pre-existing vulnerabilities, that may be exploited in unexpected ways

Fail2ban isn’t going to help you when jellyfin has vulnerable endpoints that need no authentication at all.

Jellyfin has a whole host of unresolved and unmitigated security vulnerabilities that make exposing it to the internet. A pretty poor choice.

https://github.com/jellyfin/jellyfin/issues/5415

The hard part is in the scripting, the retries, the back off, automation, queuing and queue management…etc

At that point I’m implementing my own bootleg TubeArchivist 😅

Oh it’s definitely an easy to read DB. But that’s still beyond the point IMHO.

If you can’t reconstruct the state of your files without 3rd party software to interpret them, then they are not in an archive format.

One should be able to browse their data using OS native tools on an offline device push comes to shove.

The sad part is is that you’re right.

And the reason that it’s sad is that most of the individual veneers on proprietary projects deeply about a project itself and have the same goals as they do with open source software, which is just to make something that’s useful and do cool shit.

Yep, the business itself can force them not take care of problems or force them to go in directions that are counter to their core motivations.

Yep, just like electron or Tauri. A web view wrapped in a native application.

These are very common these days, it’s the same use case and value proposition. Mainly because it’s just easier to develop UIs with web technologies that look the same everywhere, never without the app.

You do know that a pwa can be packaged up in an app container and you won’t even be able to tell the difference?

It doesn’t actually have to operate like a pwa, and require native pwa sport.

There are tons of apps that you use that are just well packaged PWAs, packaged as an app store app, and you don’t even know about it.

PWAs only suck on when they suck, just like everything else.