Ask Lemmy
A Fediverse community for open-ended, thought provoking questions
Rules: (interactive)
1) Be nice and; have fun
Doxxing, trolling, sealioning, racism, toxicity and dog-whistling are not welcomed in AskLemmy. Remember what your mother said: if you can't say something nice, don't say anything at all. In addition, the site-wide Lemmy.world terms of service also apply here. Please familiarize yourself with them
2) All posts must end with a '?'
This is sort of like Jeopardy. Please phrase all post titles in the form of a proper question ending with ?
3) No spam
Please do not flood the community with nonsense. Actual suspected spammers will be banned on site. No astroturfing.
4) NSFW is okay, within reason
Just remember to tag posts with either a content warning or a [NSFW] tag. Overtly sexual posts are not allowed, please direct them to either !asklemmyafterdark@lemmy.world or !asklemmynsfw@lemmynsfw.com.
NSFW comments should be restricted to posts tagged [NSFW].
5) This is not a support community.
It is not a place for 'how do I?', type questions.
If you have any questions regarding the site itself or would like to report a community, please direct them to Lemmy.world Support or email info@lemmy.world. For other questions check our partnered communities list, or use the search function.
6) No US Politics.
Please don't post about current US Politics. If you need to do this, try !politicaldiscussion@lemmy.world or !askusa@discuss.online
Reminder: The terms of service apply here too.
Partnered Communities:
Logo design credit goes to: tubbadu
view the rest of the comments
Yeah, there’s also the big issue with Jellyfin remote access. The TL;DR is that Jellyfin has a few critical “anyone can stream your media without a login” vulnerabilities that mean it should basically never be accessible outside of your LAN. Jellyfin’s devs have openly stated that they have no intentions of ever fixing these, because it would require completely divesting from the Emby fork that the entire project is built upon. And that makes sharing with friends/family really difficult.
Sure, you can use Tailscale (or whatever your preferred VPN is) for personal use. Maybe you’ll even get your immediate family on board. But good luck trying to get your tech-illiterate grandma (who lives 4 hours away) logged in over the phone. And unless she has a router that supports VPN connections, (not likely) she probably won’t be able to get her smart TV on your VPN. Which means she can’t securely access your server from her primary method of viewing media.
With Plex, you simply make the account, sign in, and get access. I even have a burner account that has access to a few of my libraries, so I can log it into my server at friends’ houses without them needing to make their own account.
Luckily, Plex and Jellyfin happily run side-by-side. If you prefer Jellyfin’s UI, then that’s great. You can continue to use it. But please don’t think that it’s secure just because you put it behind a reverse proxy.
Could you please provide some evidence for your statement?
I mean, we can just look at the official GitHub’s list of security issues to find a few of them really quickly. And note that many of the previous security issues they have “closed” were only due to 120 days of inactivity, not because they were actually fixed.
Anyone who says Jellyfin is secure enough to put on the internet is either grossly misinformed, or outright lying. Lemmy has a lot of apologia for FOSS, and Jellyfin is one of the worst offenders. Many users will be quick to comment “lol my instance has been port forwarded for years and has been fine” like it’s a valid security audit. I love FOSS. What programmers are able to do in their free time, just because they see a need and want to fill it, is honestly amazing. It’s a modern world wonder. But that doesn’t mean we should excuse bad security practices, or encourage users to relax their threat models just because something is free.