It seems like people are adopting the Catholic doublethink strategy for Jesus about Luigi. Jesus is somehow simultaneously God and not-God, Luigi seems to be the guy who justifiably killed that CEO and was definitely framed for murder.
The guy’s got to deal with the legal system and apparently they won’t accept self-defense as a valid justification for icing the prick who tried to deny healthcare. So, don’t have an issue with it, but it is weird to see.
I’m not sure if you know this, but…that doesn’t fix most of the security issues in the linked list. All the reverse proxy does is handle hostname resolution and TLS termination (if you are using TLS). If the application being proxies still has an unauthenticated API, anyone can access it. If there’s an RCE vulnerability in any of them, you might get hacked.
I run Jellyfin publicly, but I do it behind a separate, locked-down reverse proxy (e.g., it explicitly hangs up any request for a Host header other than Jellyfin’s), in a kubernetes cluster, and I keep its pod isolated in its own namespace with restricted access to everything local except to my library via read-only NFS volumes hosted on a separate TrueNAS box. If there is any hack, all they get access to is a container that can read my media files. Even that kind of bothers me, honestly.
The overwhelming majority of Jellyfin users do not take precautions like this and are likely pretty vulnerable. Plex has a security team to address vulnerabilities when they happen, so those users would likely be a lot safer. I appreciate the love for FOSS on Lemmy, but it is scary how little most folks here acknowledge the tradeoffs they are making.
All I can say is that is not at all like my experience with Jellyfin. Every person I’ve ever shared it with wanted to go back to Plex. Most complaints had to do with the jankiness of the various apps. Lots of issues with the UIs acting funny, a few connection drops, and some settings not getting respected. I do also recall an episode of Severance that would not stream in the correct color space in Jellyfin but worked perfectly in Plex.
Yeah, I’m not interested in setting all that up and maintaining it for every user I share with. For myself, this is exactly how I access Jellyfin remotely, but I am not explaining to my remote family members how to set up a VPN on their TV.
If you want to be on the hook for all IT requests from folks you share with, this is a fine approach. There are people out there who honestly don’t have a problem with that and more power to them. I doubt they are the majority, and a lot of selfhosters completely ignore this aspect of software. There is a reason non-free services exist beyond just “capitalism bad.” I mean, capitalism indeed bad, but your time is worth something.
This will affect any server that does not already have a Plex Pass/ Lifetime Plex Pass. If your server does not have one, your remote users will have to pay. The service Plex provides is still worth it though, it largely just works on dozens of platforms and that shit isn’t free to make.
Sharing a Jellyfin server with others remotely is still a lot more complicated than it needs to be to compete (no, it’s not as simple as opening a port, and if you think so then you’re either lucky or you aren’t sharing with lots of folks). I run both and I would never try to share Jellyfin with non-technical people. Honestly, I wish Jellyfin would start offering an optional paid relay service to fund their development. They could use the revenue to improve their app ecosystem and still produce mostly open-source software. Homeassistant does this with Nabu Casa and it’s great!
That being said, the new Plex Android app kinda sucks ass. If there was anything that would make me switch it wouldn’t be having to pay for software, or services it’d be a garbage experience on my most common platform.
I think the line is doing anything outside the clearly-nonfunctional system to stop the MAGA cult. All they’re doing is complaining and wasting time, Republicans will dox and threaten with violence. The people that were elected to fight this are almost literally bringing pens and paper to a gunfight.
It’s honestly pathetic to watch a curbstomping being responded to with, “well im gonna write such a scathing letter about this.” The Democrats are absolute trash and need to be shamed for being such cowards about this.
There’s a really strong bias on Lemmy for OSS projects. I’m glad they get so much love here, but everything people say here about Jellyfin has to be taken with a huge grain of salt. It works and you can use it. Depending on your needs, it may even work perfectly for you. There are tons of rough edges though.
Here’s a few:
Jellyfin is improving all the time, and I hope the recent EFCore update improves performance and development velocity. I’m also holding out hope it will eventually lead to externally hosted databases and active-active servers.
Disclaimer: I run Plex and Jellyfin and regularly check in on the state of things in Jellyfin. I donate to Jellyfin. I want Jellyfin to be better than Plex. I don’t think any objective measure bears this out yet.
I agree with you, however Jellyfin is not intrinsically more secure than any other piece of software. You have to be very careful how you go about deploying it if you open up external access, as you are dependent on the Jellyfin devs to fix vulnerabilities and they aren’t actually being paid to do this. If you’re paranoid about privacy, you should be paranoid about this too; the people sending subpoenas aren’t above port-scans on ISP subscribers, they did it back in the early days of torrents.
You get control and privacy, but you also get responsibility. It’s a trade-off, and one I’d certainly make if Jellyfin were more mature. That’s just me though, I’ve been hosting my own stuff for about a decade now and I can set up an isolated environment for Jellyfin to run within. Plex is a lot more newbie-friendly and I’d still recommend it for most folks unless they for sure know what they’re doing.
As an aside, these concerns are common to all FOSS software that don’t have deep-pocketed backers. Jellyfin is likely never getting those, unfortunately. I hope they can find some other way of sustaining themselves, they’ve not got much money for the scale of development needed and it’s all volunteer-driven today.
https://opencollective.com/jellyfin
I want them to keep going, and I’ve even donated to them. I still don’t think it’s at a place to replace Plex for most people yet though.
Switching between wasn’t seamless, it kept forgetting where I left off on the last device, which was pretty annoying. Also, mobile/remote connectivity was spotty for me. Never got to the bottom of that, but my best guess is Plex’s relay system makes up for a lot of random network issues. My best work-around was to add my phone to tailscale, but obviously that’s not a great solution and won’t work for a lot of devices.
Overall, my impression was that Plex is a lot more polished. I also bought a lifetime membership years ago, so I have no incentive to switch to something that isn’t better. Plex isn’t perfect, but it was still better than Jellyfin as of a few months ago. I honestly hope that changes soon, I have zero faith in Plex as a company.
I’m in the same boat as you. I’d love to switch but the user experience of Jellyfin is still pretty bad outside the most basic cases. If you have a media center PC, it’s fine, but if you want to be able to switch between several devices the way you can with Netflix, it’s quite poor.
Plex is slowly trending down and Jellyfin is slowly trending up. I hope Jellyfin outpaces Plex before the enshittification is complete, but it’s a steep hill to climb.
I wouldn’t shortchange how much making the barrier to entry lower can help. You have to fight Rust a lot to build anything complex, and that can have a chilling effect on contributions. This is not a dig at Rust; it has to force you to build things in a particular way because it has to guarantee memory safety at compile time. That isn’t to say that Rust’s approach is the only way to be sure your code is safe, mind you, just that Rust’s insistence on memory safety at compile time is constraining.
To be frank, this isn’t necessary most of the time, and Rust will force you to spend ages worrying about problems that may not apply to your project. Java gets a bad rap but it’s second only to Python in ease-of-use. When you’re working on an API-driven webapp, you really don’t need Rust’s efficiency as much as you need a well-defined architecture that people can easily contribute to.
I doubt it’ll magically fix everything on its own, but a combo of good contribution policies and a more approachable codebase might.
If you’d celebrate the real killer, then arguing that Luigi didn’t do it seems secondary to the fact that it wasn’t a crime anyone should be punished for. It’s a weird kind of mental backflip to stay within the lines of the current system while supporting actions that are outside the system.
Personally, I’ve had to pay UHC tens of thousands of dollars in premiums and additional tens of thousands every time I’ve gotten hurt/sick because UHC covers basically nothing. They billed me $800 the last time I got a tetanus shot. It would have been $150 if I had claimed to be uninsured so it is literally cheaper for me not to tell providers I have insurance.
If shooting a mugger for stealing your wallet is justified homicide, then so was shooting this asshole. I have no issue saying, “I think Luigi did it and he should be free.”