|
I doubt they're actually proxying all the video data when you use their site to access your videos remotely, either, based on the very detailed instructions they have about port forwarding on their website.
|
#
?
Oct 8, 2017 18:45
|
|
|
|
| # ? Apr 26, 2024 20:23 |
|
|
i think his point is the plex software is likely tracking everything you do with it and possible sharing that scary metadata with the company. but i still use it lol
|
|
#
?
Oct 8, 2017 18:55
|
|
Associate Christ
|
Volguus posted:I do believe it is, since they require you to make an account there, the data that you stream gets sent to their servers (so that they can re-send it to your phone) and in general they (the corporation, their servers, not just the application itself) have a creepy insight on everything that you do with your installation. While I know I'm not a special snowflake in any way, their application/service does make me uncomfortable. Plex doesn't stream your video through their servers..it goes straight from your home server or PC to your device, and even if it did, it's not weird or strange. Far more people use Plex than attach a PC to their TV. FWIW, Plex can be set to not send identifying metadata. Thermopyle fucked around with this message at 19:15 on Oct 8, 2017 |
|
#
?
Oct 8, 2017 19:08
|
|
|
At the end of the day, isn't it simply easier to just open your media player and play the file that you want? Sure, maybe they're not spying or anything (unlikely) but from whatever i've read on their website it just seems a lot of hassle for no benefit whatsoever (ability to watch a movie on a 5'' screen doesn't count as a benefit). And one still needs the video player software anyway, which on devices like consoles or smart TVs may or may not support the video formats that you downloaded your stuff in, which would mean that you'd have to encode them to video format, which ... sigh, just why? Open up the player and just play it from the NAS or wherever it is and don't worry about it.
|
|
#
?
Oct 8, 2017 19:11
|
|
|
Volguus posted:At the end of the day, isn't it simply easier to just open your media player and play the file that you want? Sure, maybe they're not spying or anything (unlikely) but from whatever i've read on their website it just seems a lot of hassle for no benefit whatsoever (ability to watch a movie on a 5'' screen doesn't count as a benefit). And one still needs the video player software anyway, which on devices like consoles or smart TVs may or may not support the video formats that you downloaded your stuff in, which would mean that you'd have to encode them to video format, which ... sigh, just why? Open up the player and just play it from the NAS or wherever it is and don't worry about it. One of the main benefits of Plex is its simplicity. For one thing, it transcodes video/audio on the fly to whatever format your playing device supports. Your suggestion will just not fly for most normal people. (also, I'm not sure why you get to be the gatekeeper of whether playing on a mobile device is a benefit or not...I mean, if you don't want to use plex thats fine. I don't use it either. But there's nothing wrong, weird, or strange about it.) Thermopyle fucked around with this message at 19:16 on Oct 8, 2017 |
|
#
?
Oct 8, 2017 19:13
|
|
|
Volguus posted:At the end of the day, isn't it simply easier to just open your media player and play the file that you want? Sure, maybe they're not spying or anything (unlikely) but from whatever i've read on their website it just seems a lot of hassle for no benefit whatsoever (ability to watch a movie on a 5'' screen doesn't count as a benefit). And one still needs the video player software anyway, which on devices like consoles or smart TVs may or may not support the video formats that you downloaded your stuff in, which would mean that you'd have to encode them to video format, which ... sigh, just why? Open up the player and just play it from the NAS or wherever it is and don't worry about it.
|
|
#
?
Oct 8, 2017 19:52
|
|
|
Not to mention that you don't need to set up IR on a PC, use some hacky rdp/vnc thing from your phone, or pretend a remote control with s tiny keyboard and blackberry-style roller ball is a usable substitute for a Roku remote or whatever. And streaming your library to 5 TVs means spending $200 total on firetv sticks instead of $400 per TV on NUCs
|
|
#
?
Oct 8, 2017 20:07
|
|
|
Well, i'm not particularly sure about the convenience part. Why? It does require one to make an account. Now, you have two options (like with any account): 1) Use a password manager, therefore you do not know the password and you have to have access to both the database and the application when you are on the go (since you're not using one of those web based password managers, right?). At which point, you may as well have that drat movie on your usb/phone/tablet anyway. 2) Do like most people do and either use 1234 as the password or just reuse it, like you have done so many times in the past. At which point you just gave access to your media files to anyone who wants it. And, to be fair, even with option 1) it is very likely that whoever wants to already has access to their database, accounts and everything. Hell, is not like security is a thing that matters to companies (any/all of them), as the last little while has taught us. To pretend otherwise is just naive. So no, having access to your media from outside your own network is obviously not an option, so them requiring an account to be able to play files on your own network is definitely a blocking requirement. With that being said, hell .. if you (people in general) want to use said service, knock yourself out. But getting all up in arms when a stranger on the internet says that it is wrong, weird and strange ... well, it is weird, wrong and strange.
|
|
#
?
Oct 8, 2017 20:15
|
|
|
You don't have to make an account. It nags me on startup but I still hit "skip" all the time
|
|
#
?
Oct 8, 2017 20:16
|
|
|
Volguus posted:Well, i'm not particularly sure about the convenience part. Why? It does require one to make an account. Now, you have two options (like with any account):
|
|
#
?
Oct 8, 2017 20:18
|
|
|
Volguus posted:At the end of the day, isn't it simply easier to just open your media player and play the file that you want? Sure, maybe they're not spying or anything (unlikely) but from whatever i've read on their website it just seems a lot of hassle for no benefit whatsoever (ability to watch a movie on a 5'' screen doesn't count as a benefit). And one still needs the video player software anyway, which on devices like consoles or smart TVs may or may not support the video formats that you downloaded your stuff in, which would mean that you'd have to encode them to video format, which ... sigh, just why? Open up the player and just play it from the NAS or wherever it is and don't worry about it. As has been posted several times, you really don't understand how Plex works at all. You don't need an account (and it doesn't nag me, but I've been waiting for the privacy policy thing to shake out with the newer version before updating it so that might be something they've recently added). You don't need separate video player software. You don't need to manually encode things (plex handles transcoding if the device wouldn't support whatever codec you've got the thing in). Being able to watch your media on any of your TVs/devices and pick up where you left off is, quite frankly, amazing. And it's all contained within your network - unless you want remote access, which you can also have! astral fucked around with this message at 20:34 on Oct 8, 2017 |
|
#
?
Oct 8, 2017 20:31
|
|
|
astral posted:As has been posted several times, you really don't understand how Plex works at all. You don't need an account (and it doesn't nag me, but I've been waiting for the privacy policy thing to shake out with the newer version before updating it so that might be something they've recently added). You don't need separate video player software. You don't need to manually encode things (plex handles transcoding if the device wouldn't support whatever codec you've got the thing in). Being able to watch your media on any of your TVs/devices and pick up where you left off is, quite frankly, amazing. I've also used Kodi, but it's a lot more annoying in various ways.
|
|
#
?
Oct 8, 2017 20:39
|
|
|
.
|
|
#
?
Oct 8, 2017 21:38
|
|
|
Why would I use ZFS instead of LVM and RAID or whatever? Where does this excitement about ZFS come from? What should I read to learn about both of these things?
|
|
#
?
Oct 8, 2017 21:40
|
|
|
An Enormous Boner posted:Why would I use ZFS instead of LVM and RAID or whatever? Where does this excitement about ZFS come from? What should I read to learn about both of these things? In terms of things like RAID, if you're already using LVM I can imagine that the duplication of features at different levels could be annoying. I think that's mostly a side effect of how LVM was designed separately from the filesystem layer in linux. While this probably simplifies the file system design, it seems from what everyone is saying that integrating these features into the filesystem is probably the future. However, because of the licensing issues, ZFS will never become the standard filesystem on linux, and BTRFS's future seems unclear, so at this point for production use I think LVM is still the only option. So, if you only want to learn one thing, you're probably still better off learning LVM I think. mystes fucked around with this message at 22:12 on Oct 8, 2017 |
|
#
?
Oct 8, 2017 21:57
|
|
|
An Enormous Boner posted:Why would I use ZFS instead of LVM and RAID or whatever? Where does this excitement about ZFS come from? What should I read to learn about both of these things? You probably want to talk about that in the Packrats thread.
|
|
#
?
Oct 8, 2017 22:41
|
|
|
mystes posted:So, if you only want to learn one thing, you're probably still better off learning LVM I think. There are people who only want to learn one thing? O.o
|
|
#
?
Oct 9, 2017 03:45
|
|
|
An Enormous Boner posted:Why would I use ZFS instead of LVM and RAID or whatever? Where does this excitement about ZFS come from? What should I read to learn about both of these things? ZFS has a lot of cool stuff like send/receive and snapshots and in my limited disaster recovery experience I thought it was a lot easier to swap in a hard drive and rebuild a dataset for the first time than with mdadm. There's a ton of secondhand crap about checksumming and self-healing and ECC ram but I'd say most of the features are just nice to have (e.g, how many files have you had corrupted on your regular old filesystem?). If you're starting from scratch or migrating data wholesale I'd look into it but if you have something that works then don't bother switching for nebulous benefits or the internet hype machine unless you have something specific in mind. There's an entire freebsd section on zfs that's well-written and mostly applies to any OS: https://www.freebsd.org/doc/handbook/zfs.html, and if you're looking for linux-specific instructions then zfsonlinux probably has packages for what you are using, or you can compile it with not a lot of trouble or arcane error warnings: https://github.com/zfsonlinux/zfs/wiki/Getting-Started. This has applied to basically anything I've ever done with linux but if you sort of know what you want to do then you can google it, which is how I have navigated through my LVM and mdadm problems. The man pages are verbose but they're there.
|
|
#
?
Oct 9, 2017 05:42
|
|
|
hifi posted:There's a ton of secondhand crap about checksumming and self-healing and ECC ram but I'd say most of the features are just nice to have (e.g, how many files have you had corrupted on your regular old filesystem?). How would you know that your files aren't corrupt without the checksums and ECC ram? THEY COULD ALREADY BE CORRUPT 
|
|
#
?
Oct 9, 2017 06:05
|
|
|
Ok, why is this curl not working?code:
|
|
#
?
Oct 11, 2017 16:19
|
|
|
Trycode:1) Establish TCP connection 2) Establish SSL/TLS session, using SNI (which needs the hostname) 3) Send HTTP request. By putting "Host: name.hostname.org" into the HTTP header, you're giving the correct info for the HTTP stage 3 but it needs it earlier at stage 2. By using --resolve, you're bypassing the DNS server and telling curl directly that 10.0.0.101 resolves to name.hostname.org so curl will use that in the SSL/TLS stage. minato fucked around with this message at 16:46 on Oct 11, 2017 |
|
#
?
Oct 11, 2017 16:41
|
|
|
minato posted:Try --resolve isn't a recognised option. --version gives curl 7.19.7 for what it's worth
|
|
#
?
Oct 11, 2017 16:46
|
|
|
If Google serves me correctly, then your version of curl is from November 2009 so you have far bigger problems.
|
|
#
?
Oct 11, 2017 16:55
|
|
|
minato posted:If Google serves me correctly, then your version of curl is from November 2009 so you have far bigger problems. Hunh, in saying that, I was also trying from another host that has curl from 2013 (woo so modern) which comes up with a similar, but less detailed error message: code:
|
|
#
?
Oct 11, 2017 17:02
|
|
|
Well, yeah, for the reasons I stated before. So either: - use "-k" to ignore the SSL issues - add "10.0.0.101 hostname.domain.org" to your /etc/hosts file. or - poke around your curl man page and see if there isn't some other way to explicitly set the SNI hostname or DNS resolution (maybe look closely at --connect-to)
|
|
#
?
Oct 11, 2017 17:11
|
|
|
I literally had this same issue today actually, heh. --resolve ended up being what I needed to get curl playing nice with SNI. There's no built in option to specify the hostname for SNI, which kind of sucks.
|
|
#
?
Oct 11, 2017 20:06
|
|
|
On the topic of SSL problems, I have a RHEL6 server out there that was scanned by my clients security team, and they found it uses OpenSSL 1.0.1e-fips, which they requested I upgrade to 1.0.2, but from GOOGLES I see that RHEL6 doesn't support 1.0.2. I downloaded a source from OpenSSL and I'm compiling it, but I'm not sure if that is the right solution. Anyone have any ideas on this? Edit looks like compiling from source is a bad idea. Super-NintendoUser fucked around with this message at 15:18 on Oct 12, 2017 |
|
#
?
Oct 12, 2017 14:52
|
|
|
Tell your security team that Redhat backports CVEs, and ask which issue they'd like addressed. Then find the right errata and use it. There used to be a repo which provided modern opened for old EL distros, but I can't recall it
|
|
#
?
Oct 12, 2017 15:24
|
|
|
evol262 posted:Tell your security team that Redhat backports CVEs, and ask which issue they'd like addressed. Then find the right errata and use it. That's what I asked them, their email basically said "we scanned an open port, and found it using an older unsupported version of OpenSSL, install 1.0.2 to fix". But I responded by asking what specifically their scan reported, since you can't just telnet to an open port and ask it what openssl version, typically the server responds with ciphers you don't support and then you know what to fix. Their team doesn't do any real data gathering, I'm always getting reports from them that are sort of nonsense. Once they scanned a server, found that multiple versions of the same package were installed, and so they removed all the newer versions, leaving the oldest. This broke their production servers hardcore. I asked the reasoning for purging the latest version, and they told me basically 'well we figure that you aren't using the newest version because why would you have the left the older ones on there?" :facepalm:
|
|
#
?
Oct 12, 2017 15:45
|
|
|
I get that from my security guys too. "nessus told us this thing is vulnerable so fix it" Generally I can get a pdf report out of them if I ask a couple times, but that still leaves me to play sleuth all on my own. They have zero capacity to help with resolution. We don't run RHEL6, all our stuff is CentOS/Scientific Linux but the packages they provide come straight from RedHat and our systems pass all security scans.. so it's possible all you need is a yum update.
|
|
#
?
Oct 12, 2017 16:02
|
|
|
That is just security_scanning.txt. I think everyone has had that experience where some dipshit just clicks Scan in Nessus and sends you a 50000 page PDF of "problems" with zero context or helpful information. And somehow gets paid thousands of dollars for it. Then you get to spend the next week responding to every high severity finding by showing them the Red Hat errata page where they backported a fix for the exploit.
|
|
#
?
Oct 12, 2017 17:12
|
|
|
This situation is sort of complex because they reported the server has openssl 1.0.1, but the application port they are scanning actually has it's own lib folder that contains 0.9.8, so even if I could get server upgraded the application includes the older version. I need to talk to the application developers to see what they can do.
|
|
#
?
Oct 12, 2017 17:38
|
|
|
About how long does a fix for a broken package stay in the RedHat Bugzilla ON_QA queue before it gets rolled out to the public?
|
|
#
?
Oct 12, 2017 18:56
|
|
|
098e is mostly immune to the bad CVEs anyway Red Hat's bugzilla/errata process basically goes like:
There's also ON_DEV, and some teams use that for "working" As for timeline, that's hard to say. The bug can be moved to ON_QA manually, or because the errata it's attached to was moved. I don't think that information is in the public bugzilla comments. If it's an upstream bug, it was moved manually. And upstream bugs may not have a QA team to verify, so it's up to the developer (especially Fedora). In this case, it may suddenly move to CLOSED - CURRENTRELEASE Your best bet is to look at the target milestone and then the release cadence for that product (6mo, 9mo, etc). If it's a z-stream, those mostly come out once a month, but not every bug is targeted to z-stream, especially RHEL bugs. We'd really have to see the specific bug to guess
|
|
#
?
Oct 12, 2017 19:24
|
|
|
evol262 posted:098e is mostly immune to the bad CVEs anyway
|
|
#
?
Oct 12, 2017 19:31
|
|
|
Had to create a new account to look at this. Unfortunately, none of the things I was hoping to suggest are public. But you can infer a lot from the lack of "Z-stream" anywhere in the bug or keywords
|
|
#
?
Oct 12, 2017 21:02
|
|
|
Red Hat can be annoyingly slow with their fixes and updates. We upgraded our servers to 7.4 and ever since we've been waiting for the 'iptables -w' fix in frustration. And every now and then running 'for i in $RHEL7 ; do ssh $i 'systemctl is-enables iptables && systemctl is-failed iptables && systemctl restart iptables ; done'. Hope you weren't running Docker on the server. Even more annoying are the security updates. A new critical kernel bug is published, Ubuntu releases the update in couple hours and Red Hat is right behind in about a week. Is there a channel to get the untested RPMs? I'd rather take my chances with an un-QAd kernel update that shut down a general use shell server for several days.
|
|
#
?
Oct 12, 2017 22:58
|
|
|
If you need overnight fixes, RHEL isn't for you. Try one of the more agile distributions. RHEL is geared more towards stability and they stay a little more cautious about pushing out updates. That said, critical security fixes are typically available much faster. Not a couple hours fast, but they seem to show up within a couple days of the vulnerability going public. If it's a quality of life update? You gonna be waiting a long time friend.
|
|
#
?
Oct 13, 2017 00:03
|
|
|
Saukkis posted:Ubuntu releases the update in couple hours and Red Hat is right behind in about a week.
|
|
#
?
Oct 13, 2017 00:06
|
|
|
|
| # ? Apr 26, 2024 20:23 |
|
|
The speed of a urgent CVE depends on whether there was a coordinated release and good practice for disclosure. For zero days, Canonical releases whatever without testing at all. We don't. For "known" vulnerabilities with responsible disclosure and a set date to go public at the same time as every else
|
|
#
?
Oct 13, 2017 02:13
|
|