Dam i bothered looking it up after seeing your comment and 10 years of seeing it online makes sense to me now

The next ad you see: “The only device that lets you work-out, on your way-out, to work!”

A sad world indeed.

Sorry, I wasn’t clear. When I said “why do you care?”, I didn’t mean YOU specifically with OPs potential problem of losing users.

I meant why do people in general, who self-host software for friends/family, care if their friends/family stop using the software.

E.g. I have friends on Plex, but for whatever reason, I decide I want to move to Jellyfin. My friends stop streaming my media because they dont like jellyfin for whatever their own reasons may be. I personally wouldn’t care about losing them as “users”, because it’s not like they are paying customers. I let them access my instance for free, if they aren’t bothered enough to use it, then thats on them, not me to cater to their needs by keeping Plex around.

Hope that cleared up my meaning. I wasn’t attacking you for caring with your original response.

p.s. you are at risk by hosting Plex too, just in different ways. Plex still requires your server is open to the internet, right? Even if only Plex’s servers can access it, who’s to say Plex themselves don’t get hacked. Always a risk/reward type deal with hosting software, in my opinion, either are fine to expose.

Yes, you are right, but I think my point was missed.

Theres not much reward for hackers to hack private jellyfin hosts (unless there is some big exploit that gives remote code execution that im unaware of), sure the bots will scan and try exploits on open ports, but are they specifically targetting jellyfin?

There is always a risk, but in my opinion, the chances of being hacked through jellyfin are way too low to bother with over-bearing measures, like a required vpn connection.

Running jellyfin in a secure manner (without root, only access to your content, etc) reduces the risk of much harm too.

'preciate the edumacation. Definitely sounds like a harder problem to solve, good point on the universal healthcare, I’m sure that could save some money for companies, it’ll make employees happie regardless to not have to worry about paying doctor bills.

Is the reason it wont work in blue collar settings that it’ll inflate prices of stuff too high? Possible making the country fall back in a global stance on pricing on exports, etc (not competitive)?

Only other reason I can see is if they need people at the workplace 24/7, but they usually hire more people to make that schedule work (which in return ig increases prices of whatever they are producing).

My guess is they were making popcorn and fish sticks for a movie night.

When shaking the air fryer to get all the corn cooked, a single fish stick stuck itself to the top.

Hm I don’t remember posting the comment you are replying to, to the one I replied to.

You are right, but I still argue that keeping Jellyfin up to date is fine, there’s no serious bugs (afaik) that will compromise your whole server for instance, so these bots have nothing valuable to exploit here.

When I say don’t post your instance url I was talking about normal people finding it to try streaming from it without auth, I think I was replying to someone else and though this was the same thread.

I find it hard to believe that there are bots scanning for jellyfin exploits, since as far as I’m aware, the exploit is for viewing content without auth. 99% of bots are scanning for old instances of wordpress or other outdated software to exploit.

If my content on Jellyfin was illegitimate, the person scanning for my files would have to prove that before they can sue, no? I don’t think this makes sense for anyone to do.

p.s. I won’t argue that YOU should setup software that you dont want to, just that this particular reason not to may be a bit farfetched.

You may need to reevaluate your threat model.

I agree with you, it’s likely this vulnerability is only known because Jellyfin is open source… how many are hiding in Plex’s proprietary source code…

Anyways when has anyone ever been pwnd by this “exploit”, I have seriously never heard of anyone being “hacked” by one of them.

Definitely overblown as far as I am aware… don’t post your instance url all over the internet and you will likely be fine.

Using Plex (is fine, do whatever u want) and giving them your data instead doesn’t really help you (or at least sending your data through them).

you will absolutely lose a bunch of them

I always see this and I have to ask: why do you care?

They likely aren’t paid customers of yours, if they don’t follow your rules and the software you like to use, then they are free to use any other method of consuming media.

VPN

Have to agree with the other comment that asks why do you need to use a vpn. Fax

My question is, where are you posting the address to your jellyfin server that someone who finds it will go through the trouble of even doing this?

Also how could they start litigating you based on the content you have? If I had illegal content on my server, I would be really dumb to expose it on the internet on a public jellyfin server. Otherwise my movies, tv, etc are my paid for content…

You didn’t ask, but if you’ve had a bad experience with the apps, you could try one of the native apps.

My friends on Apple devices think Swiftfin (https://github.com/jellyfin/Swiftfin) is much better than the normal jellyfin app.

I haven’t used this one/know anyone that has: Findroid (third party) (https://github.com/jarnedemeulemeester/findroid). Mostly because I haven’t had any issues with the official jellyfin app for android, but it would probably give a cleaner experience, being native and all.

For the server, I think it’s fantastic. Never had any problems that weren’t a few clicks to resolve. Pretty much use it and forget I’m the one maintaining it for the most part. I wonder what issues you encountered?

Hosting on your own hardware is much more fun though! In most cases it’s safer too, you don’t really need to worry about much as long as you dont portforward your ssh port & don’t run programs as root.

I would say it’s cheaper as well, but that depends on how expensive the static ip lease is per month.

The internet is full of bots pounding at your machines to get in. It is only a matter of time until the breach Jellyfin.

If you are talking about brute force attacks for your password, then use a good password… and something like fail2ban to block ips that are spamming you.

This point doesn’t exactly match, but: public services like google auth don’t require users use vpns. They have a lot more money to keep stuff secure, but you may see my point… auth isn’t too trivial of a feature to keep secure nowadays. They implement similar protections, something to block spammers and make users have good passwords (if you dont use a good password, you are still vulnerable on any service).

Wow you have totally changed my mind about my original post!

Serious though, just here for discussion, but it seems that there’s a lot of sheep here that dont question anything or try to expand upon their knowledge… which is a problem, why can’t you reply with something constructive?

Keep reading your headlines that fuel your anger if that’s what you want, but don’t reply to people that oppose your views if you have nothing to add.

You had a chance with your reply to help me and possibly others understand your viewpoint more, but all you have done is make me hate u lol.

Tangent warning thats too late

It does, to me, seem like a violation of privacy (looks like patients have no consent in whether their private data is collected).

But, personally, I would think there would have been better, non-public ways of doing this if he really wanted to exterminate austistic people, etc.

It being public, makes me think he wants PR, etc and wants to be the dude to cure autism.

I don’t know much about this, but just wanted to thank you for continuing the discussion even though I can’t myself because of a lack of knowlege here.

Others prefer insults 🥹

Lool thanks for the diss, I will try to keep my head held up high. Unless it was meant for the original comment, then I can forget about this ;(