Tried to support the industry by buying a movie a watch a lot. Well, no more. If I need a pihole just to watch a movie I own, that’s ridiculous.
This isn’t a EULA in that it still allows you to use the product even if you decline…
This option is available with most modern games these days. They often ask you to click “approve” twice, knowing you won’t read either and knowing that you believe that you need to accept both to proceed. When in reality, the second one is almost always optional (perhaps even by law because of laws in the EU).
Still gross. And definitely a major dark pattern, but if people just took an extra 3 seconds to double check, they’d stop sending all of their data to these companies.
I legitimately cannot remember the last time I paid for a movie or TV show, or music.
Digitally, or physically.
Even if you count streaming services, its been over 5 years since I laid for Spotify… stopped paying for any kind of on demand videos before even that.
Friends wanna watch a movie at my place? Oh, I have a 10 TB library.
Oh, at your place? Does your TV have a USB port? Tell me its model number and I can figure out what codecs it can actually read.
I’m still getting justified in my boycott of anything Sony that started in 2005, when they bricked my PC for daring to put a Sony CD in my computer’s CD player! Fucking rootkit.
Yes I’m still holding that grudge and I will not relent, for as long as I live.
Any movie I watch I make sure it’s not a Sony product, any music I listen to, I make doubly sure it’s not from a Sony studio. Any electronics I buy, I make triply sure it doesn’t contain any Sony product. Sony is not getting a dime from me ever again!
Fuck Sony!
Yes! I’ve never met anyone else who’s been boycotting Sony since the rootkit! Maybe there are dozens of us? Either way: fuck Sony!
That rootkit thing failed miserably, thankfully, and audio CDs have been DRM-free ever since.
Sure, but I’m not touching anything Sony with a 10 foot pole.
Sure, but I’m not touching anything Sony with a 10 foot pole.
That’s going to discount most of the camera market if not the entire camera market then because Sony makes basically everyone’s imaging sensors, plus a large portion of the anime genre given that company bought out Funimation.
The problem is every company is a Sony now.
So you have to buy from your least hated Sony. You can’t just boycott Sony.
Piracy is now better and safer than using “real” discs. Well done, Sony.
LMFAO. And when I tell people to take care about leaving Jellyfin public with their open API endpoint issues… Yeah Sony WILL abuse your shit… They already do it.
I run a pivpn setup so that nothing is exposed to the internet at all. It’s just too dangerous now. It was bad back in the day, but now I literally have bots trying to join any public facing Minecraft server. It’s so many times worse now than it was a decade ago.
Oh man. I have an open minecraft server for my kids and their friends. Every few weeks I have someone show up to the server leaving notes or interacting with us trying to educate me on whitelisting.
I get more “educators” than i do bots. It’s actually quite annoying. I dont know what accounts these kids login with, you’re not educating me. The server is literally for 6-8 year olds. It’s been wiped 100s of times. I don’t care. Stop. The server is grief resistant anyway. And my ban list is long (and getting at least one longer). /little rant
I mean, it would take seconds for someone to log in and paste bad links in chat/send weird messages so yeah, a server for a 6-8 yr olds is absolutely one I would turn whitelist on for.
I have never had any of my MC servers run without a whitelist, even the one I had publicly listed on planet minecraft back in the day. You should know who has access to your machines on some level.
I used to run servers a decade ago and open was fine. Never had a random join. Crazy to think bots are trying random IPs now, probably would whitelist in that case
You assume that those links would work. Kids machines have DNS whitelists.
I’m not worried.
I guess the bots are trying to find servers still vulnerable to the Log4J exploit. Man that was a juicy one 👀
Can you explain the issues with Jellyfin? Idk about any of this. What are the issues?
https://github.com/jellyfin/jellyfin/issues/5415
The biggest issue is that the video stream endpoint is not auth’d. Meaning that if someone guesses the MD5 hash for a file in your library it will play. Sounds at first glance like it’s unlikely to matter. Except that MD5 is generated based on the file’s filepath. So if you use standard naming conventions on paths that are common (/movies/Big Bucks Bunny(2008)/Big Bucks Bunny.mkv for example being simple and easy), eg defaults for a docker container using *arr suites. Then it’s possible for a precompiled hash list to check for file against your server.
So now add a company like Sony, they can generate all their library as a hash list, hit your server with millions of requests over the course of a couple of hours and map out how much of their content you have on your server. If any of it has never had a physical release (since you’re allowed to backup your own content) you’re completely fucked, and now will have to prove in court that you own ALL the content. And possibly… since it’s open endpoint, it could be argued that you’re even distributing openly (though unlikely argument… but do you really want to chance that?).
Ultimately if your setup is “Standard” you’re asking for a lawsuit.
Answers to “fix” this:
Map your paths in weird folders. instead of /movies/<movie> add in a folder like a GUID, so /eH4i67ZwByjLao3z7nHWKdS5ogysm68x/movies/<movie>. Make sure this occurs INSIDE your docker container if you’re using docker. Will break any precompiled hashes… though possible to hit a collision and still be “found”.
Setup fail2ban or other brute force blocking technology on your reverse proxy.
Use a private network setup… whether VPN, SDN, whatever… tailscale, zerotier, etc… (This will break TVs that don’t have vpn capabilities)
Add another auth in front of Jellyfin. (This breaks ALL Jellyfin apps)
The real answer would be the developers closing the unauth endpoints… But it’s been an issue for over 4 years now… They’re not going to fix it anytime soon as they don’t want to “break compatibility”, which is a pretty dumb excuse IMO.
There’s another issue where you shouldn’t give accounts to people you don’t trust as one user can attack another user AFTER login. So make sure you trust everyone you let have access… they can screw with your profile and do stuff you might not expect.
Interesting. And I assume this is an issue on Windows too?
The endpoint issue exists in all builds. It would just have a different path in windows because paths in windows start with drive letter.
Fuck Sony for this shit
Can you share which movie this was? I’ve never seen anything like that.
Gran Turismo
Farturismo
I bought some LED light that have stickers so you put them behind the tv, it also has a camera looking at the screen, it mimics its colors and it creates a good atmosphere.
I had to set it up to my wifi to make it work like wtf, and a phone app too, like wtf. After the installation I blocked its mac in the router.
For movies I just pirate them to my computer and cast them to my tv with the media share option, idk the name.
can we find a way to spoof this so that they think legit physical disk usage is going up?
I don’t think it’s a good metric since most people using Blurays don’t have their players connected to the Internet anyway. Connecting Bluray players online is a very niche use-case. It might be more popular if they had built-in Streaming Apps or NAS playback but many don’t and are just Bluray players.
Or just any game console? Which is the normal Blu-ray player?
The fact that they don’t give you the option to “refuse” but rather to “skip” annoys me to such an extent. Leave us alone, you never needed to do this.
Why is your Blu-ray player connected to the internet?
VLC on a Linux laptop. You think my Blu-ray player has the ability to take screenshots?
You never heard of a capture card?
Can I introduce to my friend MakeMKV?
Never heard of HDCP?
HDCP is easy to bypass. Almost laughable really, there are tons of “Splitters” and Strippers on the market. I’ve also seem a few totally legal capture cards that can read it directly.
You can crack anything if you are remotely motivated.
Denuvo has entered the chat
Never say never. Especially since we’re only in the beginning of the AI era, AI de-compilation is starting to become feasible, AI cracking probably will too.
MakeMKV handles my Blu-ray decryption for VLC
VLC can play blurays?
Not out of the box, AFAIK, but there is a plugin. I never got it to work though, because you also need some up-to-date certification file.
VLC plays everything
But for real, does it play blu rays? I was under the impression it did not and you had to get that $100 program.
It does. Last time I did it, though, it required a couple of files to get going. Have a look here for info: http://fvonline-db.bplaced.net/
It does but I use makemkv for the Blu-ray decryption
Not UHD discs. Those don’t play on windows.
I am sometimes surprised to find new things VLC can do, it’s awesome.
Yes, and I assume you wrote this message on your blu-ray player and typed it with your remote
Disconnect from the internet while watching. Close it when you finished. Restart your computer, then connect to the internet and you should be fine I think
I’m all good. I really wasn’t asking for tech support. Just sharing something with the community. Don’t worry, Sony didn’t get my data.
Thanks for the helpful thoughts though.
Does VLC report this? Kinda seems like the sorta thing that only works on actual players.
It tried to. I use an opnsense firewall which caught it. I copied my logs and submitted the domains to a popular dns blocklist and they’ve already been merged.
Thanks!
Was this like an iso file of the disk that you played played in vlc? And you’re saying it tried to ping that telemetry domain? I’m not quite understanding the context here.
Physical disc in a cd/dvd/bluray drive
So you put the physical disk in and it plays through vlc player on your pc?
If so, are you sure it was vlc that pinged the domain and not the bluray player?
Both devices made ping attempts. Not hard to confirm with firewall logs bc of timestamps and internal IP addresses.
Yeah it seems really strange. I know some Bluray players support Internet connectivity but unless they’re also a Streaming box I don’t see why people would connect them to the internet. Really it seems like the majority of people don’t so not sure how useful this feature is.
The industry will take whatever steps it needs to protect itself and protect its revenue streams ... It will not lose that revenue stream, no matter what ... Sony is going to take aggressive steps to stop this. We will develop technology that transcends the individual user. We will firewall Napster at source – we will block it at your cable company. We will block it at your phone company. We will block it at your ISP. We will firewall it at your PC ... These strategies are being aggressively pursued because there is simply too much at stake. - Steve Heckler, senior vice president of Sony Pictures Entertainment Inc, August 2000
quote from https://web.archive.org/web/20010201204600/http://www.nyfairuse.org/sony.xhtml
via https://en.wikipedia.org/wiki/Sony_BMG_copy_protection_rootkit_scandal
there is simply too much at stake
OUR MONAYS!1!!!
Wow I’ve never seen this quote. That’s something.
Are there any region-free 4K blu-ray drives available? I’m asking for a friend.
Welp, blu ray playyæer sure don’t need no internet - gimme dumb technology plz
usually bluray and 4k players need to connect to the internet at least once in order to download the codecs, but like yea I disconnect mine from the internet right after
blu ray playyæer
Did a cat jump on your keyboard?
“It also enables the delivery of advertising content”
They already paid for the product! Double-dipping assholes
triple-dipping, they also get your data.
I wonder if these people think everyone wants to be advertised to.
No, I am 100% certain they know that the vast majority of people don’t care and some people really really hate it, but nobody actually enjoys it.
Someone I know who is currently on a pseudoscience and conspiracy theory arc genuinely believes that personalized ads are good because then you can easily buy things you know you’ll like
I’ve bought things from personalized ads before. But mostly they’re annoying. And creepy.
the idea of “just browse the web normally with someone looking over your shoulder taking notes on what you like to then sell you shit - or even better, it infers what you like using magic and can even tell when you’re pregnant before you know it yourself” can be nice in some ways I guess, but yeah I agree. no thanks.
Guess there’s no accounting for stupid.
sadly, i too heard that from somebody 🤷
Some people will bend over backwards for a nibble of the corporate boot
Some people are allergic to researching their purchases
I don’t think they care
No no, you see. You didn’t pay for the product but the license for the product. Now it makes sense, right?
I don’t understand. Maybe a set of adverts would help me?
