Waryle

“trading convenience for security” was what my comment responded to. Using your phone to pay is not compromising security in any way, quite the contrary actually, and I explained why.

In France, everybody (barring most gas stations, even if I have seen some with tap-to-pay nowadays) can take tap-to-pay, even the remote mountain refuges I have been hiking to. You can even pay tolls and parking with it now.

And somebody even more old-school than you would think you’re a fool not taking cash or checks with you as a backup for your card. I’ve been paying with my phone for years without any problem, I just take my card when I need to refuel my car or traveling, and most of the time I have to check my card pin code anyway on my phone because I never use it.

And if my phone is off for some reason, well I have my watch.

Cards on smartphones are more secure than the real cards. You need a pin on your phone to pay, with a card you can pay up to 50€ without any approval.

Also, should a transaction be intercepted, the pirate would only acquire a Digital Account Number (DAN), which can be invalidated to disable the virtual card on the phone. You can still use the physical card and you can add another virtual card on the same, or on a different device.

If a payment made with your physical card is intercepted, the pirate gets the Primary Account Number (PAN) instead. It means that you must disable the real card as well as any virtual card relying on it, and requires you to await a replacement from your bank, and switch all your payments to this new card.

You’re right, but the power is so low that you won’t see anything using an ammeter

You do are managing your AA batteries: you have a dedicated charger for rechargeable AA batteries, and you put yours to charge when you swap them out. That’s just your routine so you just don’t consider that it’s not bothering.

You could just as well put your controller on it’s charging stand/plug it when you’re done playing. Or plugging it after your gaming session when it notifies you that it’s starting to running low.

Since you’re already managing charging things, what prevents you to put your controller to charge when you’re done playing?

Definitely not. All modern chargers are made to negotiate with the charging device for power and voltage, including sending none because the device is full.

What happens if your controller dies and you’re out of AA batteries?

Oh you insufferable rawgabbit. Even in the face of definitive proof, the only thing you care about is throwing a 4 paragraphs tantrum trying to twist every single word just to not say “OK, maybe I was wrong on that thing”. I’m out.

https://www.legifrance.gouv.fr/juri/id/JURITEXT000030635061/

Case law from the Cour de Cassation, where the defendant was convicted, by Articles 323-1 and 323-5, of having extracted data freely following a proven failure of the protection system.

The complainant just had to show that the data SHOULD have been inaccessible, by expressing this “with a special warning” :

"3°) alors qu’en l’absence de dispositif de protection des données, la maître du système doit manifester clairement et expressément manifester, par une mise en garde spéciale, sa volonté d’interdire ou de restreindre l’accès aux données ; qu’en déduisant de la seule présence d’un contrôle d’accès sur la page d’accueil du site de l’ANSES que M. X… s’était irrégulièrement maintenu dans le système contre le gré de son propriétaire, la cour d’appel a violé l’article 323-1 du code pénal ;

Translated :

“3°) whereas in the absence of a data protection system, the master of the system must clearly and expressly manifest, by means of a special warning, his intention to prohibit or restrict access to the data; that in deducing from the mere presence of an access control on the home page of the ANSES site that Mr. X… had irregularly maintained himself in the system against the owner’s will, the Court of Appeal violated article 323-1 of the French Penal Code ;

In my case, the first thing you see when you arrive at my Jellyfin instance is a login form blocking your entry, and you have to go through a backdoor to access my data, so there’s no ambiguity on this point.

You’re wrong, period. Stop trying to debate laws interpretation of a country you don’t even speak the language of.

I live in France, and these are the relevant laws :

• Article 323-1 : you access my server without my authorization -> 3 years of prison, 100k€ fine
• Article 323-3 : you touch my data in any way -> 5 years of prison, 150k fine

Using a flaw in a software to retrieve data you should not have access to is illegal where I live, the same way as you’re not suddenly allowed to enter my house and fetch my drawers just because I left a window open. I won’t debate this point further.

Keeping that copy on a web accessible platform that is accessible by anyone on the internet(unauthenticated) isn’t covered by your rights at a bare minimum.

It’s as accessible as my DVD collection in my living room: anyone can get into my home without a key by illegally breaking a window.

Using a flaw in my Jellyfin to access my content is illegal and can’t be used against me to sue me, period. The idea of rights holders who would hack me to sue me is just plain ridiculous.

Depending on the content “timing” if they trigger on something that doesn’t have a physical/consumer release yet… or all sorts of other “impossible” conditions. This is obviously reliant on what content you actually have on your server.

And again, the only proof they would have could not be used in courts.

For real, you’re just fear-mongering at this point.

I was sincerely hoping someone would bring some real concerns, like how one of these security breaches listed in the OP could allow privilege escalation or something, but if all you got is “Universal might hire hackers to break through your server and sue you”, you’re comforting me in my idea that I don’t have much to fear

Where I live, I have the legal right to have a copy of a film of which I have a legal version, they can watch my media library as much as they want, it’s not enough to prove that it’s illegal.

And hacking my server is illegal, they can’t go to court by presenting evidence obtained through hacking, they would risk much more than me.

My Jellyfin server is behind Cloudflare with IP outside of my country banned.

I got Crowdsec set up on Cloudflare, Traefik and Debian directly.

I got Jellyfin up in a docker container behind Traefik, my router opens only 80 and 443 ports and direct them to Traefik.

Jellyfin has only access to my media files which are just downloaded movies and shows hardlinked by Sonarr/Radarr from my download folder.

It is publicly exposed to be able to watch it from anywhere, and share it to family and friends.

So what? They might access the movies, even delete them, I don’t care, I’ll just hardlink them back or re-download them. What harm can they do that would justify locking everything down?

Storing so many videos has a financial and ecological cost. When you reach thousands of hours of videos, it’s time to ask yourself if it’s really useful to keep them all.

I didn’t start with Morrowind but Oblivion so you can’t blame nostalgia for my opinion, and I have spent around 50-100h on Daggerfall. Now that your point is invalid, do you want to try something else?

Morrowind has never been a pale shadow of Daggerfall. It’s just another take on the RPG genre, and a masterful one.

Of course, it’s not a RPG sandbox like Daggerfall was and that might put off the early Elder Scrolls fans, but it’s superior to its big brother on numerous accounts : story lines, lore, immersion, quests, etc.

Morrowind is a handcrafted marvel with manually placed details everywhere that make the game fascinating and fun to explore, unlike Daggerfall which was big, but repetitive due to its procedural system.

Gnome Shell has been first released in 2011.