this post was submitted on 19 May 2026
253 points (96.7% liked)

Selfhosted

56957 readers
866 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

  1. Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.

  2. No spam posting.

  3. Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.

  4. Don't duplicate the full text of your blog or github here. Just post the link for folks to click.

  5. Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).

  6. No trolling.

  7. No low-effort posts. This is subjective and will largely be determined by the community member reports.

Resources:

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 3 years ago
MODERATORS
ruud@lemmy.world
Loki@lemmy.world
CannaVet@lemmy.world
devve@lemmy.world
HybridSarcasm@lemmy.world
HybridSarcasm@lemmy.hybridsarcasm.xyz
253
Plex Announces Massive Price Hike on Lifetime Subscription Plans (www.ign.com)
submitted 22 hours ago by inclementimmigrant@lemmy.world to c/selfhosted@lemmy.world
123 comments fedilink hide all child comments
 

Plex has announced a massive price increase on the service's Lifetime Plex Pass. On July 1, the lifetime subscription option will go from $249.99 to $749.99, an increase of 200%. The price hike will only apply to new subscribers, with no changes to monthly or annual subscription pricing.

you are viewing a single comment's thread
view the rest of the comments
[–] electric_nan@lemmy.ml 4 points 14 hours ago (3 children)

I have a jellyfin server set up that you access like this:

https://my.servername/jellyfin

Username and password is all you need aside from that. Apps for most platforms or access in a web browser.

[–] mic_check_one_two@lemmy.dbzer0.com 1 points 2 hours ago* (last edited 2 hours ago) (1 children)

Username and password is all you need aside from that.

The sad reality is that Jellyfin’s authentication system is insecure, and there are “anyone can view your content without a valid login” exploits that are not going to be patched. The only way to stop someone would be to include a secondary username+password on your reverse proxy, to prevent attackers from even reaching your Jellyfin login page. Because if you can reach Jellyfin’s login page, you can exploit it without logging in. But that would break basically everything except for web browsers, because none of the various apps have support for more than Jellyfin’s authentication.

[–] electric_nan@lemmy.ml 1 points 2 hours ago (1 children)

I mean, that's not great, but it's also not very concerning to me. Like the risk of someone doing that, and the potential harm resulting seems minimal to me.

[–] mic_check_one_two@lemmy.dbzer0.com 1 points 1 hour ago (1 children)

The problem is that every single person uses the Trash Guide to set up their system. And the guide includes instructions on how to set up your file names.

You’re correct that in isolation the risk is minimal. But nearly every setup is using the trash guide’s suggested naming scheme, which makes guessing it dead simple.

[–] electric_nan@lemmy.ml 1 points 1 hour ago* (last edited 1 hour ago)

I'm not familiar with the trash guide. I set mine up with swizzin community edition.

Edit: either way though, what is the real risk? Someone streams your media without your permission?

[–] Nibodhika@lemmy.world 8 points 13 hours ago (2 children)

You do know that there are security issues with that, right? For example, if someone can guess your media files they can watch them https://github.com/jellyfin/jellyfin/issues/5415

[–] mic_check_one_two@lemmy.dbzer0.com 1 points 2 hours ago (1 children)

Thanks for this. There is a lot of apologia in the FOSS community, and Jellyfin fans are some of the worst. I have 100% seen comments along the lines of “lol I’ve had my Jellyfin port forwarded for years and I’ve been fine” as if it’s a valid security audit. The unfortunate fact is that Jellyfin is not secure, and the devs have openly stated that they have no intention of ever fixing these vulnerabilities. Because fixing them would require completely divesting from the Emby fork that the entire project was originally built on.

Jellyfin should never be available externally. And that means anything incapable of running a VPN will be incapable of connecting.

[–] Nibodhika@lemmy.world 1 points 1 hour ago

Yup, but all that being said I still run Jellyfin and have no intention of switching to Plex. And while I would like to see them fix these issues, I understand (in part) why they won't and I'm okay with my tail scale setup. Also the vast majority of issues are very minor, but the ability to watch any media without login is so major that I think it's worth bringing up every time someone mentions exposing Jellyfin online.

[–] electric_nan@lemmy.ml 3 points 6 hours ago (1 children)

Some of those aren't great, but I don't consider any of them critical in terms of risk. I understand that others may feel differently.

[–] Nibodhika@lemmy.world 2 points 2 hours ago

Agree, I don't consider most of them a risk, but I do like to bring this to the attention of people who are exposing Jellyfin to the web so they can make an informed decision.

[–] MaggiWuerze@feddit.org -1 points 13 hours ago

You should not expose a Jellyfin server to the open internet.