What are the worst tech purchases you or your family have ever made?
I watched a video recently and wanted to know what other have bought over the years.
What are the worst tech purchases you or your family have ever made?
I watched a video recently and wanted to know what other have bought over the years.
Yeah, there’s also the big issue with Jellyfin remote access. The TL;DR is that Jellyfin has a few critical “anyone can stream your media without a login” vulnerabilities that mean it should basically never be accessible outside of your LAN. Jellyfin’s devs have openly stated that they have no intentions of ever fixing these, because it would require completely divesting from the Emby fork that the entire project is built upon. And that makes sharing with friends/family really difficult.
Sure, you can use Tailscale (or whatever your preferred VPN is) for personal use. Maybe you’ll even get your immediate family on board. But good luck trying to get your tech-illiterate grandma (who lives 4 hours away) logged in over the phone. And unless she has a router that supports VPN connections, (not likely) she probably won’t be able to get her smart TV on your VPN. Which means she can’t securely access your server from her primary method of viewing media.
With Plex, you simply make the account, sign in, and get access. I even have a burner account that has access to a few of my libraries, so I can log it into my server at friends’ houses without them needing to make their own account.
Luckily, Plex and Jellyfin happily run side-by-side. If you prefer Jellyfin’s UI, then that’s great. You can continue to use it. But please don’t think that it’s secure just because you put it behind a reverse proxy.
Could you please provide some evidence for your statement?
I mean, we can just look at the official GitHub’s list of security issues to find a few of them really quickly. And note that many of the previous security issues they have “closed” were only due to 120 days of inactivity, not because they were actually fixed.
Anyone who says Jellyfin is secure enough to put on the internet is either grossly misinformed, or outright lying. Lemmy has a lot of apologia for FOSS, and Jellyfin is one of the worst offenders. Many users will be quick to comment “lol my instance has been port forwarded for years and has been fine” like it’s a valid security audit. I love FOSS. What programmers are able to do in their free time, just because they see a need and want to fill it, is honestly amazing. It’s a modern world wonder. But that doesn’t mean we should excuse bad security practices, or encourage users to relax their threat models just because something is free.