- cross-posted to:
- [email protected]
- cross-posted to:
- [email protected]
Plex has announced a massive price increase on the service’s Lifetime Plex Pass. On July 1, the lifetime subscription option will go from $249.99 to $749.99, an increase of 200%. The price hike will only apply to new subscribers, with no changes to monthly or annual subscription pricing.
I’ll admit I haven’t really looked into it, but how is the Jellyfin web interface insecure? I don’t currently, but in the past I’ve used ssh reverse port forwarding to my VPS and then used an Apache proxy and letsencrypt for ssl on a subdomain. Maybe I was just lucky, but I never had any problems.
It has had a pretty high number of RCE exploits including one recently the architecture of the web service is just very poor and leads to a lot of basic problems.
Personally I am not a fan of the language they chose, and I think it directly leads to a lot of these problems but that’s just like my opinion man.
The server itself also has tons of issues like the constant memory leaks that cause it to eat up endless amounts of memory that they don’t seem interested in fixing and basically once again push it to the users to deal with and a bunch of the boot lickers are like yeah you just need to put it in a Docker and limit its maximum memory as if that’s just normal and expected to need to do
Ah, yeah, guess I never realized it’s a .NET program. Never understood why an open source dev would choose .NET, but what can you do.
Also despise Docker (especially the modern over-reliance on it), but that always gets me into trouble when I admit that publicly.
I am right there with you on the docker hate I get the idea but the docker system itself is a huge problem. The amount of people that do not realize it completely bypasses system firewalls is very sad and unfortunate and leaves a lot of people vulnerable.
I personally try to use lxc containers that I set up myself for containerizing services and install them natively within the container
So they had an RCE that got fixed therefore the software is bad and insecure. Therefore every OS and basically any enterprise software that was ever used is insecure.
Got it.
That would be the case, however the devs official stance is it’s unsafe and should not be used other than over vpn. So they also agree
But for complete other reasons than RCEs or similar.
As an FOSS project that inherited lots of shitty code this is basically the best thing they could do.
Not sure why, but you get specific about once RCE but not about other problems and keep vague about them. Is it the lack of understanding or disingenuousness?
Once? No jellyfin has had about 4 major RCE issues since the fork. At least 4 that I’m aware of. Blaming it on the previous code only makes sense if the split is recent. They have had time to completely rewrite if they really want.
I’d like to see plex die entirely, but I know too many less technical people that use it . They are not going to set up a VPN , end of story end of discussion. And I’m not going to tell them to use jellyfin when it will likely continue to have major security issues and could compromise their systems. I have no doubt that Plex leadership is fully aware of this, they know that even with them pushing more subscriptions and higher costs they are going to continue to have users because the alternatives are just not able to keep up and are not viable for the average person just the technical users which they would have lost to alternatives regardless
It absolutely makes sense, otherwise they would have had to throw everything away.
The EFcore refacotring was like 6 years in the making.
And all that from just a few single ppl. Look at the ckntributer list, and how many contribution. Not many active devs are working on jellyfin on their free time. The problems that jellyfin has, is not from a lack of trying but a from a lack of finger and arms.
And you need to take it like it is.
Ok? I will take it like it is. Jellyfin is a flawed product not currently suitable to replace Plex for the average person and is only particularly usable by technically inclined users capable of protecting themselves through VPN or other means. As well as dealing with things like failed matched media and memory leaks that are frequent.
That is how it is, and that’s how I’ve been taking it from the start.
No, not really. But what should i expect from someone who states as an ‘objective opinion’ “I do not like the programming language so the project is bad”
If i had to guess, since you are jumping on the memory leaks, you got an issue, reported it and did not get treatet like they fix it with a priority.
You keep jumping on “They had an RCE so the security must be completely broken”