I agree the article isn’t super clear. Reading it twice, it seems that the user credentials are exfiltrated to the C2 server (only the screenshot implies it), which definitely would be malicious.

Also a possible interpretation could be that the package advertised “just” some automations (e.g. export playlists to m3u?) and getting music metadata, whereas it was actually downloading musics locally unbeknownst to the user. Then exfiltrating the music back to the C2 server, effectively using the package’s users to mass pirate musics without exposing the pirates directly. That would indeed be malicious, especially if the package did not advertise any content downloading.

But for the last paragraph I’m extrapolating on the few info this article gives without making much sense…

EDIT: from the original article here https://socket.dev/blog/malicious-pypi-package-exploits-deezer-api-for-coordinated-music-piracy it does not seem that the musics are downloaded on the user systems then extracted to the C2 server, but rather all that’s necessary to build the download urls, including tokens tied to the victims’ account.

I successfully did it about 2 years ago, following the instructions from this repo (last commit 2 years ago though…) https://github.com/MMMZZZZ/Jellyfin-Migrator

Oh I got one from when I was a kid: my sibling’s friend once valled her an “invertebrate brain”. I’m glad she didn’t have any vertebrae in there!

We have the same principle in French with (so learning Ihr in German was easier!), but frankly this is a reason why I prefer working in an english professional setting. Some people, generally older, get offended if you ever use the ‘du’ with them. But some others will want to look shill/younger and will get offended or mock you if you use ‘du’ with them. So yeah, using “you” to talk to the queen, my boomer customer or my nephew makes it so much easier!

You can have a look at hugo, with some simple theme like hugo-book

Looks nice, I’ll give it a try! There’s also a Jellyfin community, don’t hesitate to crosspost there :)

Technically, most people?

I’m just going to drop my number 1, especially because it’s in no one’s list but somehow CP2077 is mentionned several times…

• The Witcher 3 !

Then the rest would be:

• Age of Empires II
• Minecraft
• Overwatch 1
• Star Wars Battlefront II (the OG)
• Trackmania
• Portal
• Skyrim

… I’ll leave the remaining 2 to others :)

There hasn’t been any release since a year either, the last one being 4.37.5 https://github.com/authelia/authelia/releases

But you can have a look at the github milestones, 4.38.0 is in the work and hopefully will be released sooner than later https://github.com/authelia/authelia/milestone/17

Regarding security: a quick browsing in the project’s issues, filtering by area:security did not show any flaws being reported since the last release. But there may have been undisclosed vulnerabilities the project’s dev are working on fixing for the next version. My personal non-professional non-legally-binding opinion is that it looks fine, so I do keep it running on my server.

The original dev has gone silent indeed, but a team of volunteers resumed development recently. So I wouldn’t call it outdated, but we’ll see if they’ll keep up the good work for long.

I’ve been using it for more than a year to automate a few stuff, it’s been good for this purpose so yeah I would recommend it :)

Windows only but does pack a pretty nice set of features: https://hassagent.readthedocs.io/en/latest/

Fair point! I wasn’t thinking they would be skippable, but boy do I hope that I was wrong…

They would just be able to create and stream 2 or more ad-encoded versions where ads are encoded in differently positions. Then no sponsorblock could save us since it would skip the wrong segments for some people…

Yeah but that’s because the content creator cannot dynamically change the time at which the sponsored part is. For ads, Google could dynamically insert ads at every 1/3rd of videos with a variation ± 1mn, and there’s nothing an extension like sponsorblock could do without triming on the original video’s content.

+1 on Horizon Zero Dawn! Listening to the album I faved these ones:

• Aloy’s theme seems pretty obvious
• Years of Training was really epic and the matching cinematic was awesome to watch, xou really feel empowered
• Homecoming no spoilers but damn, still giving me goosebumps

Love it too! One that has been my top listen count for years is The Witcher 3 OST. The use of some slav traditional instruments was nothing I’ve ever heard like before, and it resonated a lot with the story. Special mention to:

• The Wolf and The Swallow for giving me the chills everytime I listen to it
• Hail To Caranthir also has something special to it.

Although neither tracks are part of the published albums :/

Any love for qwant?

Funny, I recently had a similar story at work. We’re in a building with several companies, so the “Rolls Royce” guy of your story was someone from another company, and the “Mercedes” guy was one of our colleagues. Exact same thing, the other guy was badly parked whereas our colleague was within the marks (although slightly misaligned TBF, but still in the marks). Some people…

I’m guessing you were in a Home Assistant core installation? EDIT: Just saw that it’s supervised as well. I’m not sure why you can’t update it from the web ui?

I’ve been using a RPI 2B in a Home Assistant Supervised installation for the past two years with absolutely no problem. I can update it from the Web UI properly. The only things I noticed:

• you sometime get a “unsupported hardware” notification that you can dismiss. Just keep in mind that since this isn’t a “supported” platform, you shouldn’t bother the devs with hardware related problems should you have any. As I said, I never had any problem and I’m running many addons/integrations.
• I wonder if sometimes zigbee2mqtt may be slow due to the hardware. Nothing too problematic, but I might upgrade hardware in the future to check that