jellyfin is goated. Long live jellyfin!
Comment on Plex got hacked.
Grandwolf319@sh.itjust.works 1 day ago
Man. My decision to go with Jellyfin just keeps paying off more and more
aeternum@lemmy.blahaj.zone 1 day ago
thelittleblackbird@lemmy.world 1 day ago
Y hope you know how to harden jellyfinn, because they are not better than plex team…
daniskarma@lemmy.dbzer0.com 22 hours ago
Jellyfin dev team is not in charge of your self hosted security though. You know what you are getting, source code available, and it’s up to you setting the security.
thelittleblackbird@lemmy.world 21 hours ago
But they are responsible for the unsecured / gruyere cheese product they ship.
Jellyfinn has a lot of holes and it is easy to deploy it in a insecure way by not techie people. Last time I checked they even didn’t have a recommended practices for hardening it
daniskarma@lemmy.dbzer0.com 20 hours ago
Not techie people are not going to be able to open it for internet access. If you have the knowledge to set a internet available service you should have the knowledge to be able to provide basic security.
Most security issues with jellyfin are an issue only for a specific type of user. The one who is selling access to their server. The worst Jellyfin security issue makes selling access to your server a higher risk situation.
I hope someday those issues would get patched, but I get why there are other priorities for the dev team right now, about issues that bother to a bigger majority of jellyfin users.
Waryle@jlai.lu 1 day ago
My Jellyfin is behind a Crowdsec + Cloudflare proxy with geoblocking and other protections + Reverse Proxy with additional protections, in a rootless Docker container with no access to the Docker socket, and has only access to a mounted folder which contains just downloaded movies and shows. The effort to break in is high, the reward very low.
But the most important difference between Jellyfin and Plex is that neither Jellyfin devs nor Jellyfin instances have any personal or credit card information from their users, and therefore are way less a problem of hacked into.
thelittleblackbird@lemmy.world 1 day ago
Good to read you know how to implement some protection layers around your jellyfinn :)
But most of the people (specially the plex ones) don’t have the technical background to deploy something like you have, and convince those people to do the switch without knowing how to protect themselves is not a wise thing to do. Specially when this time, plex response was perfectly fine :)
Waryle@jlai.lu 22 hours ago
I already answered your second paragraph: Jellyfin holds no sensible data.
And there is no central server gathering data from all users, an hacker would need to find and break in multiple Jellyfin instances, to get useless data from 1 to maybe 10 users each time.
And Plex is not easier to install and secure than Jellyfin.
dogs0n@sh.itjust.works 22 hours ago
But most of the people (specially the plex ones) don’t have the technical background
Seems weird to say, because I had to setup Plex one time on a server for testing and it was a bit harder than setting up Jellyfin, so I wouldn’t call most Plex hosters dumb.
Plus they are still hosting something on their servers, they would still need to secure it in some ways?
rezifon@lemmy.world 19 hours ago
Every year Jellyfin improves and Plex further enshittifies. You’re fighting against the tide here.
thelittleblackbird@lemmy.world 15 hours ago
???
This is not about enshitification. The best user friendly app can be a security nightmare and an utterly crap can be rock solid.
It is not about that, not even development models or just rock star programmers.
It is about who has a performing security team and who doesn’t.
rezifon@lemmy.world 11 hours ago
None of Jellyfin’s security issues affect me.
All of Plex’s shit does.
MaggiWuerze@feddit.org 1 day ago
Good luck getting a similar reaction to the myriad of security issues Jellyfin had
VeganCheesecake@lemmy.blahaj.zone 1 day ago
Yeah, but you can run jellyfin with local accounts, entirely within a VPN. Pretty much makes most security issues irrelevant.
MaggiWuerze@feddit.org 1 day ago
Which is the exact mindset that enables Jellyfin devs to not fix those issues, congratulations
VeganCheesecake@lemmy.blahaj.zone 23 hours ago
Maybe? Like, I’d very much prefer they fix them, even though they do not impact my use case. Still, they don’t.
Mongostein@lemmy.ca 1 day ago
No doubt. Why do you need an account on their servers to use a server on your own hardware? So dumb.
Archer@lemmy.world 1 day ago
The second I saw that I immediately looked for alternatives and abandoned plans to have my own Plex server. I knew it would enshittify fast when they can lock you out of your own server
acosmichippo@lemmy.world 1 day ago
fuck plex for plenty of other reasons, but you can disable authentication on local networks.
Archer@lemmy.world 1 day ago
Just a matter of time until they remove that
7U5K3N@lemmy.dbzer0.com 1 day ago
For me… my server software is running. But the account doesn’t see it. And as such I can’t claim my server to get it back up and running.
Fun times. Glad I changed my password. :/