Were you a Rocket League player by chance?

I just validated that the latest version of the LDAP privilege escalation issue is not an issue anymore. The curl script is in the ticket.

This was the one where a standard user could get plugin credentials, such as the LDAP bind user, and change the LDAP endpoint. I.E., bad.

I chose this one because after going through all of them, it was the only one that allowed access to something that wasn’t just data in Jellyfin.

So for me, security is less of an issue knowing that, as only family use the service, and the remaining issues all require a logged in user (hit admin endpoint with user token).

Plus, I tried a few of those and they were also fixed, just not documented yet. I didn’t add to those tickets because I was not as formal with my testing.

@EncryptKeeper@lemmy.world

Use an LDAP to OIDC bridge?

It will have had to. Many of the most common from pre 2012 are not allowed at banks. And no 4 consecutive digits are.

Makes sense. Still annoying 😆

Except no dates. This chart is soooooo old.

Using the same digit 4 times is no longer allowed most places, but this chart shows them being pretty popular.

This chart has no sourcing or date associated. Is it old?

Edit: Yes, it is. Here is the excellent source article: http://www.datagenetics.com/blog/september32012/

So it’s from 2012, and used historic breach data from years before then.

In other words, this chart is wholly inacurate now.

Tagging those discussing similar: @Rivalarrival@lemmy.today @codfishjoe@lemmy.world

Make a dummy Google Account, and log into it when on the VPN. Having an ad history avoids the blocks usually. (Note: only do this if your browsing is not activist related/etc)

Also, if it’s image captchas that never end, switch to the accessibility option for the captcha.

This 100% needs to be reported. First to KIA, then to the media after whatever time is required to pass for responsible disclosure in your country/region.

While that ride looks fantastic, we’ll be hunting down the gravel roads in the mountains 😉

That being said, the peninsula is definitely on our list!

What exactly is multi-community? It’s not defined above and the PR has no description.

Do what makes you comfortable.

You’ll be out with family and friends, in an environment where most any swimsuit would be expected. Any lack of confidence would come from your own internal comfort, so you do you.

As a more practical suggestion if you’re on the fence, wear a wrap? Then you can decide how you feel in the moment.

Haha, well we plan to go east east for hiking/backpacking/cycling, too, so the original reccos have been pinned. Our first stops will probably be in the Montreal area, though. These lists are great, we often base where we stop (we camp in a minivan) based on coffee shops or food so you just saved us a ton of research!

Nice, thank you! We may be headed to the Montreal area first, so how about there, too? 😉

Understanding if you don’t want to risk a dox, but we will be traveling into east Canada this year from upstate NY. Any reccos on cafes?

The foam inside these shoes will deteriorate if they sit for 4 years though, won’t it?

Colonel Sanders daughter.

Witness.

(Not the book name, but if you’ve read the book, good on you).

Unless specified otherwise, all Data requested by this Application is mandatory and failure to provide this Data may make it impossible for this Application to provide its services.

Information collected automatically through this Application (or third-party services employed in this Application), which can include: the IP addresses or domain names of the computers utilized by the Users who use this Application, the URI addresses (Uniform Resource Identifier), the time of the request, the method utilized to submit the request to the server, the size of the file received in response, the numerical code indicating the status of the server’s answer (successful outcome, error, etc.), the country of origin, the features of the browser and the operating system utilized by the User, the various time details per visit (e.g., the time spent on each page within the Application) and the details about the path followed within the Application with special reference to the sequence of pages visited, and other parameters about the device operating system and/or the User’s IT environment.

So basically everything you do, in the launcher of your phone. Which means everything you open, search, etc, and for how long. They also tie it to you, and explicitly state it can be used for legal reasons:

For operation and maintenance purposes, this Application and any third-party services may collect files that record interaction with this Application (System logs) or use other Personal Data (such as the IP Address) for this purpose.

Lastly, they hand it off to Matomo (a Google Analytics style tracker) and Bugsnag (error monitor with a privacy policy worth it’s own review).

https://www.iubenda.com/privacy-policy/324827

I highly recommend a switch. Neo has proven to be very similar. Like, clonish similar.

Nova was mentioned by @DavidP@lemmy.world, however they were purchased by an analytics company, and my understanding is it now has some nepharious garbage in it.

I switched to Neo Launcher, a FOSS launcher that is very similar.

However many prefer Lawnchair, which is also similar and FOSS.

Both of those meet your criteria.