this post was submitted on 19 May 2026
517 points (98.0% liked)

Technology

84816 readers
4119 users here now

This is a most excellent place for technology news and articles.

Our Rules

  1. Follow the lemmy.world rules.
  2. Only tech related news or articles.
  3. Be excellent to each other!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, this includes using AI responses and summaries. To ask if your bot can be added please contact a mod.
  9. Check for duplicates before posting, duplicates may be removed
  10. Accounts 7 days and younger will have their posts automatically removed.

Approved Bots

founded 2 years ago
MODERATORS
L3s@lemmy.world
enu@lemmy.world
technopagan@lemmy.world
L4s@lemmy.world
L3s@hackingne.ws
517
Plex increasing Lifetime Plex Pass cost to whopping $750 (9to5mac.com)
submitted 1 day ago by dantheclamman@lemmy.world to c/technology@lemmy.world
246 comments fedilink hide all child comments
you are viewing a single comment's thread
view the rest of the comments
[–] hperrin@lemmy.ca 3 points 1 day ago (3 children)

I’ve had my instance open to the internet for about two years with no issues.

[–] dogs0n@sh.itjust.works 1 points 9 hours ago* (last edited 9 hours ago)

I'm on your side. I don't really see the difference hosting Jellyfin or Plex to the internet.

If you want max security and headache for jellyfin, set up a VPN like they say, otherwise keep it exposed, It's very unlikely for your server to be targeted and It hasn't been worth the hassle for me.

Edit: well not directly directly, do the minimum and put it behind a reverse proxy that adds HTTPS of course, but thats recommended in the docs so yah

[–] frongt@lemmy.zip 9 points 1 day ago (1 children)

So far. That you know of.

[–] hperrin@lemmy.ca 3 points 1 day ago (2 children)

I mean, the worst that could happen is they delete everything on the server and I have to spend time restoring from a backup. Not exactly the riskiest thing to do.

[–] frongt@lemmy.zip 4 points 22 hours ago (1 children)

Well, the worst that could happen is they start hosting CSAM out of your house and then the FBI knocks on your door.

[–] hperrin@lemmy.ca 0 points 18 hours ago (1 children)

Ok, fair enough. I don’t think that’s likely though.

[–] frongt@lemmy.zip 2 points 18 hours ago (1 children)

No. More likely is an automated botnet mining cryptocurrency or running a DDoS. That's usually what happens.

[–] MaggiWuerze@feddit.org 0 points 15 hours ago

Don't forget automated tools of rights holders like Sony scouring your server and finding that Spiderman.3.bluRay.MKV, suing you for infringement

[–] Appoxo@lemmy.dbzer0.com 2 points 23 hours ago

I am using a non-privileged user on jellyfin.
Admin stuff needs to be done with a hidden user.
I might should be bothering to do rootless docker at some point...

[–] Pika@sh.itjust.works 4 points 23 hours ago* (last edited 22 hours ago)

depending what is on it, and your risk factor, theoretically an attacker can check known resource paths to confirm or deny whats on the server. That's my main complaint currently on it is that the jellyfin team is aware of the fact that it doesn't need authentication, but are looking for some miracle solution that won't toss legacy clients out in order to fix, so therefore the issues are just perpetually open.

edit: it looks like some of these issues may be being worked on now that they moved the problemic protocal into a plugin. I hope that that means they will close them in the next few releases!