Gravitywell

I recommend self hosting, I don’t consider Plex to be shelf hosting since its so heavily depending on a third party corp to facilitate things.

If you aren’t interested in self hosting i don’t have any suggestions for you other than to enjoy it while it lasts.

Edit2: here we go

That makes sense, I appreciate you taking the time. Its certainly not a very big issue for me personally, and i do have other mitigations in place for more general attacks like fail2ban, but not everyone is in the same situation so its a valid concern to mention.

I do think you’re overestimating the risk, Studios are unlikely to go to such lengths when there are bigger, easier targets. Still, it’s not entirely negligible, even if the exploit seems fairly benign to me personally.

My thinking as a sysadmin is if someone has security concerns, they wouldnt be JUST with jellyfin in most cases, you’d be securing an entire server (or paying someone else to handle that part), so its issues to keep in mind sure, but the mitigation would be mainly outside of jellyfin specifically anyway, thus why its not really mentioned in jellyfin’s docs or considered a big concern by the devs.

So I’m not really disagreeing with anything you’ve said, but I you haven’t changed my mind either, I’m still going to recommend jellyfin over plex.

Stolen is loaded… XBMC was open source. All the parts that rely on that are available for free.

Okay so they violated the GPL to produce their product, it started off on good terms and contributing back up stream but then they got greedy and decided to stop giving back, On top of that they also provide nothing upstream to FFMPEG or any other of the open source projects they benefited massively from… basically they are leeches of open source software… but you are technically correct [1] to say its not literally stealing.

[1] The best kind of correct

Well its good to make sure people know about it, but I would think most admins already know and just don’t care. Its certainly not news to me, and doesn’t seem very useful in terms of actually exploiting anything.

I’m curious what youd think a kind of worst case scenario would be for any of the current jellyfin auth issues. Like what would someone with bad intentions be able to do?

I think the Plex issue with emails being stolen is a bigger problem because then those emails can get phished for their Plex accounts and possibility more. I still wouldn’t consider it a huge deal though, Plex handled it correctly.

My real issue with Plex and why I constantly shit on them is that they stole from XBMC and made a business model that monetizes piracy or at least tries to.

Personally I wish I could just make authentication optional on my jellyfin just like it is for peertube and funkwhale.

Omg I remember when those bears tts videos where everywhere, simpler times.

Looks like You searched under housing. Try searching under “pets”

Yeah but really does that even matter when the top results are just ads anyway? The problem is advertising has taken over search engines and now AI makes it even less likely people “searching” for things will even bother to click off of the search website.

DMCA takedown abuse isn’t anything new, this article seems like it was just due to 404 media having to deal with it, onlyfans is tangentially related and clearly just used in the headline for clickbait purposes… I really expected better of 404 media, The issue is a valid and increasingly worse one, it shouldnt need a clickbait headline. “DMCA Automation is ruining the internet” or something to that effect would have been a lot better.

This whole thing is also a scam on content creators, people arent pirating content by searching for it on google, they’re finding out about websites by talking to people on discord (which itself is not searchable of course) and other such services. Anyone paying for these kind of takedown services is getting taken for a ride.

And the rest of the world ruled that piracy is officially cool again.

sounds like you had a nfo file which when you doulbe clicked it opened “system information” because windows doesnt recognize nfo as a text file.

There is nothing sketchy about unzipped files, its zips with passwords you gotta watch out for. The nfo thing is just your system doesnt have an nfo viewer, you can search one up or just use notepad to open them if you want.

Any VPN worth using would provide their own DNS service