MaggiWuerze @ MaggiWuerze @feddit.org

Posts

1

Comments

636

Joined

1 yr. ago

Yeah, no way. Jellyfins Backend is like an open barn door. And with the kind of content most of us here offer through either Jellyfin or Plex, I wouldn't want to open up like that.

They are not about escalating permissions but about unauthorized access to your library. As some living in a country with professional piracy lawyers, that go out and try to catch people in the act, I won't open my server to that kind of risk.

I like Jellyfin being open source and all, but the maintainers made it clear that they prefer backwards compatibility with clients over fixing these issues.

I have Plex running alongside Jellyfin as well but opening up Jellyfin to external users is just not an option, since most of them won't or can't install a VPN on the devices they use to watch Plex on. And I sure as hell won't open Jellyfin to the internet

But the remote streaming uses their servers. If you wanted to direct stream without involving your servers you already needed a vpn

You can just buy a lifetime Plex pass. Its a one off payment

Remote streaming means to people outside your home. You can just use a VPN and won't have to pay a dime, just like you wouldn't when you streamed to you TV at home. They offer servers that help lunch through more aggressive NATs and allow its users to just install the app and access the content from anywhere without having to worry about a VPN or something.

I honestly find it baffling that so many people are opposed to lay for a service they are using. Probably shows that most people that pirate are cheapskates rather than anti drm

Yeah and expose the unsecured Jellyfin Backend to the whole world. Nice

Honestly yeah. The Jellyfin Backend is basically unauthenticated for a large part, allowing anyone to map and stream your content as soon as they guessed the ids, which isn't that hard, since they are based on the paths on your device. So if your movie sits in /mnt/media/movies/the_bee_movie that is pretty esay to guess and calculate the id from, allowing anyone to stream that content from your server

And they actively refuse to do anything about them because it would force clients to update. You could just just as well open an unsecured ftp server to your content

I would rather stop sharing completely before I make a Jellyfin accessible to the internet with the state their Backend is in. If you want people to be able to use it on TVs, Jellyfin is also not an option because most of them don't support vpns

External servers are shared with you, they can just check which owners have libraries shared with them. That's not some nefarious logging, its information they need to offer that function

If you bought a Plex pass in the past your users won't notice a difference. And I assume most server owners did it for the hardware encoding alone

Exactly, most people that share co tent with others already have the Plex pass so this doesn't do anything to them or their users.

Put that on the pile of reasons we should stop using it in fucking everything

No, I'm the kind who thinks security by obscurity is bullshit. But you do you

Not OP, but usually you use this for automated tests when you develop mobile apps

Jetbrains Java

I think he meant behind the language itself, not projects using it

How very luddite of you

What? Why would I have to make my library harder to manage just because Jellyfin devs can't get their act together? They should just start a api/v2 and secure it properly while allowing to disable the old one