dogs0n

Not to mention how apparently 2.5 and 5ghz bands suffer on the Flint 3 just to get Wifi 7.

Hope no one’s buying them (though I imagine a lot of people see 3 > 2 and blindly trust it’s better in all cases).

Flint 3 probably would’ve been better as a different product line. As it currently stands, It seems a bit misleading to attach it to the Flint 2 when so much is different at its core.

Looking at you Flint 3 DOWNGRADE!!!

100% agree, my server has pretty much nothing except docker installed on it and every service I run is always in containers.

Setting up a new service is mostly 0% risk and apps can’t bog down my main file system with random log files, configs, etc that feel impossible to completely remove.

I also know that if for any reason my server were to explode, all I would have to do is pull my compose files from the cloud and docker compose up everything and I am exactly where I left off at my last backup point.

Sorry, I wasn’t clear. When I said “why do you care?”, I didn’t mean YOU specifically with OPs potential problem of losing users.

I meant why do people in general, who self-host software for friends/family, care if their friends/family stop using the software.

E.g. I have friends on Plex, but for whatever reason, I decide I want to move to Jellyfin. My friends stop streaming my media because they dont like jellyfin for whatever their own reasons may be. I personally wouldn’t care about losing them as “users”, because it’s not like they are paying customers. I let them access my instance for free, if they aren’t bothered enough to use it, then thats on them, not me to cater to their needs by keeping Plex around.

Hope that cleared up my meaning. I wasn’t attacking you for caring with your original response.

p.s. you are at risk by hosting Plex too, just in different ways. Plex still requires your server is open to the internet, right? Even if only Plex’s servers can access it, who’s to say Plex themselves don’t get hacked. Always a risk/reward type deal with hosting software, in my opinion, either are fine to expose.

Yes, you are right, but I think my point was missed.

Theres not much reward for hackers to hack private jellyfin hosts (unless there is some big exploit that gives remote code execution that im unaware of), sure the bots will scan and try exploits on open ports, but are they specifically targetting jellyfin?

There is always a risk, but in my opinion, the chances of being hacked through jellyfin are way too low to bother with over-bearing measures, like a required vpn connection.

Running jellyfin in a secure manner (without root, only access to your content, etc) reduces the risk of much harm too.

Hm I don’t remember posting the comment you are replying to, to the one I replied to.

You are right, but I still argue that keeping Jellyfin up to date is fine, there’s no serious bugs (afaik) that will compromise your whole server for instance, so these bots have nothing valuable to exploit here.

When I say don’t post your instance url I was talking about normal people finding it to try streaming from it without auth, I think I was replying to someone else and though this was the same thread.

I find it hard to believe that there are bots scanning for jellyfin exploits, since as far as I’m aware, the exploit is for viewing content without auth. 99% of bots are scanning for old instances of wordpress or other outdated software to exploit.

If my content on Jellyfin was illegitimate, the person scanning for my files would have to prove that before they can sue, no? I don’t think this makes sense for anyone to do.

You may need to reevaluate your threat model.

I agree with you, it’s likely this vulnerability is only known because Jellyfin is open source… how many are hiding in Plex’s proprietary source code…

Anyways when has anyone ever been pwnd by this “exploit”, I have seriously never heard of anyone being “hacked” by one of them.

Definitely overblown as far as I am aware… don’t post your instance url all over the internet and you will likely be fine.

Using Plex (is fine, do whatever u want) and giving them your data instead doesn’t really help you (or at least sending your data through them).

you will absolutely lose a bunch of them

I always see this and I have to ask: why do you care?

They likely aren’t paid customers of yours, if they don’t follow your rules and the software you like to use, then they are free to use any other method of consuming media.

VPN

Have to agree with the other comment that asks why do you need to use a vpn. Fax

My question is, where are you posting the address to your jellyfin server that someone who finds it will go through the trouble of even doing this?

Also how could they start litigating you based on the content you have? If I had illegal content on my server, I would be really dumb to expose it on the internet on a public jellyfin server. Otherwise my movies, tv, etc are my paid for content…

You didn’t ask, but if you’ve had a bad experience with the apps, you could try one of the native apps.

My friends on Apple devices thing Swiftfin (github.com/jellyfin/Swiftfin) is much better than the normal jellyfin app.

I haven’t used this one/know anyone that has: Findroid (third party) (github.com/jarnedemeulemeester/findroid). Mostly because I haven’t had any issues with the official jellyfin app for android, but it would probably give a cleaner experience, being native and all.

For the server, I think it’s fantastic. Never had any problems that weren’t a few clicks to resolve. Pretty much use it and forget I’m the one maintaining it for the most part. I wonder what issues you encountered?