_synack

joined 2 years ago
sorted by: new top controversial old
Forced E-Waste PCs And The Case Of Windows 11’s Trusted Platform in c/technology@lemmy.world
[–] _synack@sh.itjust.works 24 points 10 months ago

I had a Windows 10 laptop that has a CPU not supported by Windows 11. It’s not e-waste, though. It just runs Ubuntu now.

1
Why can't Finamp play Opus format on iOS but Jellyfin can? (sh.itjust.works)
 

Question

On iOS, why can the Jellyfin app play Opus music fine, but Finamp cannot without forcing transcoding to AAC in Finamp settings?

Details

I recently lossy-encoded my FLAC music library to Opus format and created a new library for it on my Jellyfin server. I started trying to use the Jellyfin iOS app to play music from the library, which works fine with one caveat: if the phone screen locks, the next track in the queue will not play. This seems to be related to a limitation in a library used for the Jellyfin iOS app (expo).

The only workaround I am aware of to continue playing music from a Jellyfin server on iOS after the screen locks is to use the Finamp app instead, which is a purpose-built music player app for Jellyfin servers. But it will not play Opus tracks on iOS, apparently because iOS doesn't natively support Opus except when it's in a CAF container, which is non-standard and exceedingly rare. I have to set Finamp to transcode all music to AAC in order to play the tracks.

Why can the Jellyfin app play Opus tracks on iOS without issue, but Finamp can't?

Steampipe: How to secure API credentials? in c/cybersecurity@sh.itjust.works
[–] _synack@sh.itjust.works 0 points 1 year ago* (last edited 1 year ago)

I’ve heard this related to Gaussian blur and it’s obviously possible with pixelation that uses a large number of smaller pixels, but I would honestly love to see someone demonstrate reversal of the pixelation I used here.

In any case the pixelated credentials were for limited, read only access for testing and the API client was already deleted before I posted the image.

I appreciate the concern and feedback in any case.

Steampipe: How to secure API credentials? in c/cybersecurity@sh.itjust.works
[–] _synack@sh.itjust.works 0 points 1 year ago* (last edited 1 year ago) (1 children)

I saw someone mention it as an alternative to using Orca or Wiz for compliance use cases. I just wanted to check it out. I was attempting to run it locally rather than as a service with configuration via pipeline.

Steampipe: How to secure API credentials? in c/cybersecurity@sh.itjust.works
[–] _synack@sh.itjust.works 0 points 1 year ago* (last edited 1 year ago) (3 children)

It seems you have a lot of experience with the tool. Can you recommend any resources that teach more advanced use cases and configurations? I'm finding that just reading the docs, playing with it, and watching the YouTube videos I found aren't really doing it for me. Most of the materials I'm finding are about AWS, but that's not relevant to me.

0
Steampipe: How to secure API credentials? (sh.itjust.works)
submitted 1 year ago* (last edited 1 year ago) by _synack@sh.itjust.works to c/cybersecurity@sh.itjust.works
8 comments fedilink
 

I learned of the existence of steampipe recently, which seems to be an interesting tool to help teams - including cybersecurity teams - understand their cloud assets and ensure compliance with security policies.

I started playing around with it, and one thing that struck me immediately is the need to store API credentials for the various plugins in plaintext in JSON files in your user profile. This struck me as incredibly insecure, especially given that the default UNIX permissions on the files seem to be 644.

Does anyone know if there is a way to store and dynamically retrieve these API credentials more securely, such as in a remote key store like AWS Secrets Manager or Azure Key Vault? I spent awhile searching and watching some YouTube videos, but didn't come across a method to do this.