In todays episode of “Plex enshittifies” Plex employee breaks ToS.
Source: https://forums.plex.tv/t/fake-reviews-on-play-store-by-plex-staff/917736
In todays episode of “Plex enshittifies” Plex employee breaks ToS.
Source: https://forums.plex.tv/t/fake-reviews-on-play-store-by-plex-staff/917736
Leaving this for people to realize that there’s a literal chapter’s worth of book of security issues that haven’t been fixed and seems to keep getting the can kicked down the road… for over 4 years now.
https://github.com/jellyfin/jellyfin/issues/5415
I love Jellyfin… people need to implement it sensibly knowing the potential risks.
Edit: Ah yes! I MUST be a shill for saying “Implement it sensibly”.
Here, let me “de-shill” myself.
You have several options to make Jellyfin serviceable to users outside of your literal LAN network.
If anything above fails… you’re likely on the hook for support. Hope you plan for that!
/movies/title (year)/title.ext
to something like/9ZHBrvNH4dKQDYFa2parH32qqSFpjsWTataVkjy4NqPxpVktT55PkEee5YSVRvUQ/movies/title (year)/title.ext
). MD5 is now much harder to generate/guess… pray that there isn’t some other vulnerability. Gotta go back and reconfigure and organize your shit. Oh and make sure that your docker mounts aren’t crushing the path!Am I still a Plex shill? BTW I run Jellyfin AND Plex. Literally side by side. Different uses for different cases because Jellyfin just can’t compete with Plex for sharing with dumb-ass relatives.
Imagine downvoting “Be careful what you expose to the internet”. I thought I’d got away from Reddit.
The core message is (to me) fine.
What I kind of dislike is the delivery.
Btw: Can someone tell me why the path-guessing is so dangerous?
I don’t care if someone can guess the path for
the.rise.of.the.linux.ISO.720p.DD.H264.mp4
and wants to download it.Not like any damage or (interactive) intrusion was made into my network
Cause organizations like Sony have already done things like installed rootkits on people’s computer. Now imagine they realize this is a flaw in some media setups the their legal departments start actioning on it. (generate a rainbow table of common names for files, and common paths used in linux/docker containers… running 10000 http requests on a server over a few minutes is child’s play)
All it takes it one thing to parse on a list that never had a physical release and now your whole server will be subject to discovery at the court case.
If you have literally no illegal content on your server, no problem… other than that you’ll be on the hook to provide proof of rights to have the content… and possibly at worst rights to distribute (they accessed it without authentication, so literally anyone else could have too).
Edit: Oh but hold on! I hear you say that it would be illegal for them to scan your computer like that…
Except it isn’t. There’s no law that says you can’t try to navigate to a URL. There are laws that say that you can’t bypass attempts to authenticate/protect content… but remember the endpoint isn’t behind authentication.
Assuming I am from the US?
Because if so, it doesn’t apply
But I appreciate your time for the explanation.
If your use case is to have a nice media sever at home and while traveling (via tailscale or similar) without exposing your private data, Jellyfin is great.
If your use case is running a pirate tv service for other people, then you probably want something else.
If you’re support ANYONE other than yourself who isn’t technical, it’s a hurdle. And likely a significant one.
I would not be able to educate my wife properly on the times when she would need to enable wireguard on her phone to use it properly (and when to disable it for other scenarios).
This has nothing to do with running a pirate service.
My wife has no problem starting the tailscale app and then starting the jelkyfin app. Its really that simple.
She also uses the tailscale exit node I run whenever she is on a public wifi. Its really a well designed simple to use app.
Would you like to explain to my MIL about how to set up tailscale for her entire network so she can stream to her TV?
Download file from Google Drive link
Download OpenVPN app
Pick file in OpenVPN app
Enter password
Share WiFi from phone to TV
Done
Edit: idk why ppl are downvoting. This shit is the easiest way, not the best way
Too hard, she can’t even open a PDF file on her own.
Does she drive or open bank accounts?
If the answer is yes, why is that so much harder?
And I work in tech support. With medical non-technical folks. Guiding them through the control panel oblindly on the phone.
I know what I am dealing with on the regular!