I see your logic and reasoning and counter with: they don’t care

Huh? Did you even read the whole thread? They’re linked above.

They could put a banner in the network settings warning users about these security issues while they get them fixed, that doesn’t require fixing any inherited code. In the GitHub issue linked, there’s at least one upset user because they had no idea this was even a problem.

What about the pwned users of Jellyfin that have unknowingly had security holes for 5 years because Jellyfin doesn’t care enough to even put a banner in their settings to say it’s not secure?

I mean, that’s fine, but it’s still an issue and a risk that would cause me to want to use VPN for remote viewing. It doesn’t seem like security is Jellyfin’s priority at the moment, not that it’s Plex’s either, but it’s not to a place where it’s worth it to switch from a security standpoint, personally.

I’d love to switch. I would do it right now, but the problem is that Jellyfin’s security isn’t better if you open it up to the internet. For example, I’d have to set up a VPN for my remote users for proper security, and most of my users are in other states, not technically inclined, and watch on their TVs. I’d have to at least support a raspberry pi for them, or some sort of site to site VPN, and if it goes down, I’ll be expected to fix it. On top of that, if I do a simple raspberry pi based VPN, it would be made even more complicated since they’d want it to work with their smart TVs.

Again, I really want to switch. But Jellyfin needs to fix their security issues before I can. I’m also happy with the way Plex is reporting this, it’s above the standard “your data is lost” notifications.

Edit: here’s a link to the related GitHub issue I’ve been following: https://github.com/jellyfin/jellyfin/issues/5415

And @Saik0Shinigami@lemmy.saik0.com has a great thread explaining more: https://lemmy.today/comment/18923504

Ah, I stand corrected. That’s probably why I’ve never been charged, 2.5k is a lot for my use.

Which part? If you’re wanting to use cloudflare pages, it’s relatively straightforward. You can follow this and get up & running pretty quickly: https://www.hongkiat.com/blog/host-static-website-cloudflare-pages/

If you’re asking about the tarpits, there’s two ways (generally) to accomplish that. Even if you don’t use cloudflare pages to host your site directly (if you use nginx on your server, for example), you can still enable AI tarpits for your entire domain, so long as you use cloudflare for your DNS provider. If you use pages, the setup is mostly the same: https://blog.cloudflare.com/ai-labyrinth/#how-to-use-ai-labyrinth-to-stop-ai-crawlers

If you want to do it all locally, you could instead setup iocaine or nepenthes which are both self hosted and can integrate with various webserver software. Obviously, cloudflare’s tarpits are stupid simple to setup compared to these, but these give you greater control of exactly how you’re poisoning the well and trapping crawlers.

+1 for Duplicacy (the GUI, as a container). Very worth it, IMO. Not only do I use it for my PC, I back up my server to my other server in another state with it. I also use it with Backblaze B2 (for very important files) which is slightly more than Hetzner ($6/TB). I haven’t run into any chunking issues and they don’t charge for API calls. Highly recommendated.

I agree. I’d 100% love to dump Plex immediately, but trying to get my MIL across the country to setup a VPN is just not going to happen. Even if I ship a preconfigured raspberry pi over there, it won’t work for her TV and if it breaks, she’s gunna want me to go out there and fix it. If Jellyfin ever gets it together enough for that to no longer be necessary, I’ll leave plex. But for now, I’m gunna unfortunately stay with Plex

Yep, on top of simply blocking, if you’re self hosting or using cloudflare, you can enable AI tarpits.

Blast it out to whoever you want, I’ll even show my asshole if it gets you off.

I do agree that suicide is a risk, and that guns increase the risk by making it very easy, 100%. I’m not gunna choose a side for you either, it’s a hard one.

I do want to note two things though. It doesn’t need to be a full blown civil war for them to start abusing and arresting trans people, and many trans suicides are caused by transphobia, both from other citizens and from government policy.

If you’re trans, this is your signal to buy a gun ASAP.

What a great thread, thanks for sharing.

Usenet doesn’t need VPN over SSL, just saying 🫣

Help, I think I broke it.

Is that all you’ve got? Maybe ask an LLM for more material?

Good, nginx and apache are better off, especially after how you dealt with this thread. Maybe try using AI for your arguments next time? I’m sure the slop machine could do a better job.

Just gonna fall that much harder when the bubble pops.