Hey, at least their research is focusing on serving you ads through HDMI instead of security, so even if you’re not using the Roku, you can still get their ads over HDMI.
The only thing that would have prevented this in this context would be mandatory MFA. Did they have that? No, but there's a huge number of places that are way more sensitive than a streaming platform that don't have mandatory MFA (coughETradecough).
It is wholly misleading to characterize this as a "Roku data breach," and it's disingenuous to portray Roku in this instance as somehow glaringly worse than everyone else.
No. Nobody has stolen hashes. They have usernames and passwords collected from elsewhere, that they tried against Roku, because people tend to reuse usernames and passwords.
That doesn’t have anything to do with it, really. There’s plenty of ways that credentials get “leaked,” not the least of which is users who reuse passwords also falling for scam emails that have them “log in” to something. It could matter if some specific credentials were initially acquired because some other place was storing clear text passwords, and that place had a breach.
Still wouldn’t be an issue at all if users didn’t reuse passwords. That’s the lynchpin. This is users’ fault, not Roku’s.
It could matter if some specific credentials were initially acquired because some other place was storing clear text passwords, and that place had a breach.
Exactly, that was my assumption.
After all, reusing passwords for multiple sites becomes a problem as soon the password becomes known. But for that password to become known, some site had to either allow the plaintext password to be leaked, or an unsalted hash. Or the site has to allow for insecure (easily guessable) passwords to be used.
Reusing passwords is undeniably the user’s fault, but only because some other site’s security measures may also have been negligent.
Life is so much better after I gave up on these atrocious media boxes and TV operating systems and just use a small computer connected to the TV.
I control the interface, I control the connection, it works perfectly. Steam Link for games, Jellyfin for media - always working, never showing ads, never bothering me with accounts or updates.
I have a little cheapo Chinese Bluetooth keyboard thingy. It’s very small, with a keyboard and trackpad. I also use my Xbox controller, which works great with Steam’s UI.
Here’s what I use but for the love of God do not pay 21 USD for this thing. Not sure why prices are bizarre in the US, but here in Brazil I paid what would convert to around 8 USD for it.
I didn’t follow a guide, but there are many good ones online.
For games, really just install Steam on your main computer and the TV client, make sure Remote Play is configured to use the most out of your connection and set to the desired resolution. This is about it.
For torrents, you want a downloading client (I use qBittorrent), software that will automatically download movies and TV shows based on what you want (Sonarr, Radarr, all the *Arr stuff) and some server that will store the media and organize it in a “Netflix-like” easy to use interface, for that I use Jellyfin on my main PC.
So in short, for games, I open Steam Big Picture, select the game, I’m playing. For media, my PC downloads everything I want at night and during the day it’s all there with subtitles, episodes, descriptions, etc, ready to play by opening up Jellyfin. It’s mostly hands off, but the initial setup can be a bit painful if you’ve never used these tools before, specially dealing with the *Arr setup.
I have a NAS running my JellyFin server in a container, i’d like to have the box/pc connected to my tv running something open source with the respective clients for my streaming services.
Kodi seems like it’s a hassle to get streaming apps working seamlessly.
I feel like Jellyfin is a better solution than something like Plex, but I still feel like there is a trade off. I’m not dealing with ads, accounts, and content appearing / disappearing. But I was the TV and media library’s sys admin in the house, and that came with a different set of inconveniences.
That’s absolutely correct, and something to keep in mind in case you’re already stressed out with work or lacking free time.
Nowadays, after the initial setup, tools like Sonarr rarely give me trouble - but once I a while I’ll have to sit down and resolve a conflict with file naming, for instance. Or when series have weird releases like animes breaking naming conventions for seasons.
That’s absolutely correct, and something to keep in mind in case you’re already stressed out with work or lacking free time
Exactly. I’m exchanging some amount of money and time in order to watch stuff on my TV and phone. These days I’m exchanging a bit more money because I have less time.
I’m thankful Roku has had data breaches. Mostly because I have a Roku TV that was somehow compromised and now, even after a couple of years and several full factory resets, whoever used my throwaway account signed up for all the streaming services at the highest tier. Hard to be mad when I havent had to pay for anything.
And no, before anyone says anything, it’s not putting my home network at risk, as it’s just the Roku account that’s compromised. Nothing tied to me personally, not even a card/address on the account, so I just chalk it up to “as long as it keeps working, Im not worrying about it”.
I used to blame my cousin, as she has a raging drug addiction and does shady crap like steal people’s credit cards/checks and it was only after she had been over that I had noticed. But nope, still going despite time and resets. If I knew a way of pulling login info off the TV, I’d probably share it, because hell, why not.
But it’s probably using a stolen CC. I wouldn’t feel too great about using someone else’s credit card without their knowledge. I’d report it and try to get the card suspended.
Free stuff is great and all, but I imagine they’re using a stolen CC to pay for those subscriptions and they’re exploiting someone who’s not great at paying attention to their credit card bill.
You may want to report it so that someone isn’t getting fucked over.
Exactly. Having been on the CS side of the house for stuff like this, I can’t imagine they would penalize the customer for coming forward. Customer service ain’t got time for that. They’re going to remove the card, reset the password, and maybe report the card.
Taking money from someone else’s bank account is a shitty thing to do. I don’t know why anyone here would be in support of not reporting this.
Well this sucks. I used it when I traveled, public hotspots and such. Worked fine. I never found them intercepting traffic, and I use private DNS. I don’t think they can get into tls connections yet, so as long as your apps are secure, it’s just as reasonable a risk as a public wifi.
Technically if you submit a query to the search engine, you do so because you want answer to a question in the best way possible without having to do too much digging.
So does it matter if it uses AI to help you? I say its a great feature.
No. A lot of times I’m looking to compare many answers. I’ll give you an example.
If I want to look for interesting barbecue rubs that I haven’t tried before I’ll query a search engine. Historically (not so much recently) Google has been better at searching through forums than a direct forum search. So I can check many different sources for the ratios people are using and make my decision.
Google’s half baked AI is really terrible right now. It has a memory of about two answers, barely understands context, and hallucinates more often than both copilot and ChatGPT.
Now I’m looking for a coffee rub and it’s giving me injection advice (happened when I tested Gemini), it gets barbecue styles mixed up, doesn’t follow dietary restrictions that are explicitly stated, and will give you recipes for the wrong cut and type of meat.
It’s not ready, and anyone trusting it for an answer to a question is going to have a bad time. If you have to verify it by checking a bunch of links anyway then it’s not only worthless, it’s making search take longer and take up screen real estate.
Brisket coffee rub is fairly common. I only know one guy who uses a coffee injection because it’s not common, although other injections are pretty common for brisket.
I have no idea why it went off on that particular tangent. I guess whatever barbecue data it was trained on had a lot of injection advice along with the coffee rubs.
I’m searching to get specific information, and good information. I’ve seen LLMs make shit up and be wrong enough times for me not to trust them. I’d rather turn that feature off.
We’re in the technology sub. People here are old enough to know how to Google (old forums, preferably Reddit, as Lemmy is absent), they don’t know how to use an AI effectively (just look at how they’re trying to justify that). Don’t worry about the downvotes and their nonsense responses. Those are the same people who microwave their water instead of using an electric kettle.
As on all social media people here (group)think that they are the smartest. But Lemmy is also a bubble, one with people who don’t want to innovate or experience new things. Very weird for something so tech focused.
engadget.com
Active