Comment

Comment on FFS Plex, the server is on my local network

Imo Plex is worth the lifetime pass if you get it on sale.

All the comments saying Jellyfin is better always puzzle me. I’ve given it like three chances now and each time it feels just as buggy as the last. And that doesn’t even consider the fact that you’ll need more steps to expose it to the Internet for remote viewing or the fact that there’s literally a list of unaddressed security holes github.com/jellyfin/jellyfin/issues/5415

source

Sort:hotnew top

Strit@lemmy.linuxuserspace.show ⁨3⁩ ⁨days⁩ ago
From one of the Jellyfin devs in the issue you linked, posted in April this year:

Now, let’s address this clearly once and for all. What is possible is unauthenticated streaming. Each item in a Jellyfin library has a UUID generated which is based on a checksum of the file path. So, theoretically, if someone knows your exact media paths, they could calculate the item IDs, and then use that ItemID to initiate an unauthenticated stream of the media. As far as we know this has never actually been seen in the wild. This does not affect anything else - all other configuration/management endpoints are behind user authentication. Is this suboptimal? Yes. Is this a massive red-flag security risk that actively exposes your data to the Internet? No.

At this point, this over-4-year-old issue has gotten posted to HackerNews more than enough times and gotten quite enough unhelpful peanut-gallery comments like those above… We are limiting this issue to Jellyfin collaborators only at this point. Most of the big items are already tracked elsewhere (specifically, unauth playback) or have already been fixed. And many other options are now open to us in a post-10.11 landscape now that we have a proper library database ready.

source
- TrickDacy@lemmy.world ⁨3⁩ ⁨days⁩ ago
  That only addresses one of several items.
  
  source
  - Strit@lemmy.linuxuserspace.show ⁨3⁩ ⁨days⁩ ago
    Yes, but it’s always the one people come back too.
    
    They mention the other issues are either being tracked elsewhere or already solved.
    
    At the end of the day, it’s a community project, done by primarily volunteers, who is not making any money doing this. No VC funding to hire developers to take care of these issues.
    
    source
    TrickDacy@lemmy.world ⁨3⁩ ⁨days⁩ ago
    I understand there’s an explanation for it. Doesn’t make these things not things to consider when choosing one’s solution
    
    source
  - somerandomperson@lemmy.dbzer0.com ⁨3⁩ ⁨days⁩ ago
    But it’s FOSS, compared to Plex. And it also does not ask for money for anything.
    
    You can also add more security yourself if you want to. Not by coding new stuff into jellyfin, but by adding some sort of auth BEFORE jellyfin.
    
    source
    Chewy7324@discuss.tchncs.de ⁨3⁩ ⁨days⁩ ago
    Setting up auth before Jellyfin breaks clients. This is not an option.
    
    source
    -> View More Comments
  - scrubbles@poptalk.scrubbles.tech ⁨3⁩ ⁨days⁩ ago
    Feel free to go read the multiple writeups from the maintainers that go over each one, we don’t need to copy them all here into the comments for you.
    
    source
Onomatopoeia@lemmy.cafe ⁨3⁩ ⁨days⁩ ago
So don’t expose it to the internet - which should be the default stance for anything.

The internet was (mistakenly and intentionally) built without security - that doesn’t mean we should just accept that, but instead build everything with our own security.

Numerous mesh VPN solutions exist: Hamachi has been around since at leas 2006. NeoRouter since at least 2012. Then we have Wireguard and Tailscale.

Business build their own tunnels between locations, using routers/gateways with that capability. Consumer routers from Linksys could do this in 2006.

Thwres zero excuse for running anything exposed to the internet.

source
- TrickDacy@lemmy.world ⁨3⁩ ⁨days⁩ ago
  
  So don’t expose it to the internet
  
  No
  
  Thwres zero excuse for running anything exposed to the internet.
  
  …except this entire thread is based on a use case for it
  
  With Plex you get to pay for those bugs and still have software that depends on a connection even though you’re hosting and viewing your own media, locally.
  
  You’re condescending dude. I wouldn’t be using Plex if I didn’t understand like 37 things you’re implying I don’t understand here. I paid for it once, it was a good value for me, and I find it pretty weird that you apparently want to admonish me for that. If you want to use jellyfin have at it. I found it buggy to the point of barely being usable. Just sharing that experience and I don’t need anyone to agree with that.
  
  source
  - possiblylinux127@lemmy.zip ⁨3⁩ ⁨days⁩ ago
    Don’t expose stuff to the internet
    
    source
    TrickDacy@lemmy.world ⁨3⁩ ⁨days⁩ ago
    Are you advocating for an self hosting to only exist locally. Or are you advocating for hosting everything on corporate servers?
    
    source
    -> View More Comments
  - AbidanYre@lemmy.world ⁨3⁩ ⁨days⁩ ago
    
    …except this entire thread is based on a use case for it
    
    Except it’s not. OP is trying to watch stuff on his own network.
    
    source
    TrickDacy@lemmy.world ⁨3⁩ ⁨days⁩ ago
    Then they aren’t doing it correctly, or lying. That is an included/free feature. They advertise it that way and other users ITT say it works. I’ve no reason to doubt them.
    
    source
  - non_burglar@lemmy.world ⁨3⁩ ⁨days⁩ ago
    The problems with Plex are not technical. The problems from Plex are that they take away features and change the terms of use to the detriment of the user. Given plex’s pricing changes over the last year, I would be concerned that your lifetime pass be affected by some policy change.
    
    source
    TrickDacy@lemmy.world ⁨3⁩ ⁨days⁩ ago
    Yes, they changed the free featureset, and afaik those changes were fair. Providing a tunnel for remote streaming for free doesn’t seem like a good business plan. I mean, yeah they could always back out of the promise of what a lifetime pass is, and if they do I will find a new solution and hope they’re sued for it.
    
    If they do back out of their lifetime commitment, I suspect that would drive some other similar apps to get better. Maybe I would even learn to live with jellyfin as it currently exists in that situation. But so far I don’t see a reason to, and that would almost have been true if I never paid for plex.
    
    source
    -> View More Comments
TeddE@lemmy.world ⁨3⁩ ⁨days⁩ ago
I used Plex for privacy reasons. I stopped using Plex for privacy reasons.

source