priapus

Agreed, using a planning phase makes a huge difference. It will break the implementation into steps, making reviewing or manually refactoring parts of the code far more easily.

This is AI generated garbage with no sources.

Fair enough. I doubt Jellyfin will ever offer something like that. Its designed to be completely self hosted and not rely on a central server, which I dont see changing.

Oh weird. I would guess a transcoding issue, maybe double check those settings to make sure you have the right config for your hardware.

Theres also Infuse, its a video player that supports jellyfin, but I think some features are behind a premium purchase.

No shot you linked to fucking sora

Swiftfin?

You could just get a domain and set up a reverse proxy. Or use Cloudflare tunnels.

No, its a desktop version of the Collabora Online suite. Its based on LibreOffice, but imo has a much better frontend and is more stable.

There’s also Collabora Office

Devs are able to include the ability to run past versions of the game. If they push an update that breaks mods without doing that, I feel like thats their own fault.

Also, even if the dev doesnt do this, there are ways to download previous versions of the game using the steam console.

And even with the large majority using bsky.app, the true decentralized nature of Bluesky is anyone can host the data server that contains the data for their account. Even if you keep using bsky.app as your frontend, your data can be kept on a self hosted PDS.

Bluesky is decentralized, its just decentralized in a different way than Fediverse apps. A lot of fediverse people assume all decentralization would look like ActivityPub, so they just say its fake decentralization rather than learning how it works. (I know because I used to do the same, then I realized how little I understood it from this great blog post, and have since learned a lot more about it.)

There is already alternative infrastructure available (i.e. Blacksky and a variety of other applications hosted using ATProto (you can see a few here: https://bsky.social/about).

You can use any of these apps while maintaining full control of your own data by running your own PDS, or using any community maintained PDS. If you already have an account on the Bluesky PDS, you can migrate it, retaining all of your data. If you dont feel like migrating yet, you can also just export your rotation key, which would allow you to maintain control of your account even in the event that the Bluesky PDS does become evil or something.

Speaking of ATProto, sprk.so is a similar upcoming app, although I think its going to be more similar to TikTok than Vine.

What doesn’t seem clear-cut? My only point here was that using Lemmy does not directly fund the creator of it.

You support one thing who’s creator has questionable views but not the other. The main difference seems to be that you like one and not the other.

You’re making assumptions about me. I use Piefed, not Lemmy. I also do not believe that this situation is enough for me to not support Framework. All I’m saying here is that supporting Framework is for the most part direct financial support, while one can easily support the Lemmy as a whole, without providing financial support to the creator with questionable views.

I don’t care to debate about whether this makes supporting Lemmy better or worse than supporting Framework. I only on what I feel is an oversight in the comparison made by the comment I originally replied to.

Thats a valid point, but I still feel its a less direct form of support, which was my point. I dont feel that it is the same as directly financially supporting a project you morally disagree with.

But not required. If I do not morally support the developer I can instead choose to financially support individual instances, or other projects like Piefed or mbin.

My point here is that comparing this situation to using Lemmy is a bad comparison. Supporting Framework is pretty much exclusively via financial support, the same is not true for Lemmy.

Using Lemmy isn’t giving that tankie money.

If you believe the threat of a company scanning a Jellyfin server in an attempt to find copyrighted media is a realistic one, then that’s fine. I do not.

your more worried about the data that secures your media more than the actual security of the media?

As I said previously, friends and family use my server. Many who are likely to fall for phishing attempts after their email is leaked in a breach like this. I believe the likelihood of them receiving a malicious email from an attacker pretending to be Plex after a breach is much higher than a company successfully scanning my server for copyrighted materials.

Edit:

Like I’ve said a few times. I agree that this should be changed. I do very much hope that Jellyfin does so, and I do feel that it’s worth warning users about. I also still find Jellyfin to be a better option for me than Plex. My own risk tolerance allows for the incredibly tiny possibility a company successfully finds media on my server.

There is no point in continuing this discussion, as we simply disagree, and that is not going to change here.

It’s not. It’s an MD5 of the filepath. UUIDs are generic and random, not specifically tied to something.

Fair enough, I was not aware of this, and I wish the developers made this more clear in the issue thread. This does not change my point that my media is not confidential data. I do agree that it should be by default, but a “breach” where someone accesses a piece of media from my server has no tangible impact on me or my server. A breach that includes my email and account information, absolutely does.

Depending on your security posture

Is exactly the problem I have though with the evangelical preaching all about jellyfin here. I’ve brought this topic up probably about a half dozen times in the 2 years I’ve been on lemmy… and a while longer before on Reddit. DOZENS of people comment the same things you are… and get it completely wrong. And many more end up messaging me or responding that they had no idea this was an issue. Yet I continue to see people singing praises of Jellyfin! and how it must be so much more secure! When it completely isn’t. So many people brush it off… then flip their shit about Plex doing something.

I don’t entirely understand what this response has to do with what I said. I’m surprised to hear you say that people praise Jellyfin as being far more secure than Plex, as I have not heard that. Security has nothing to do with why I use Jellyfin over Plex.

Overblown if you have mitigations? Sure… but how many do? And why are we treating software that is taking actual actions to better security as “Worse” than something that can’t clear a simple problem in 5+ years because devs don’t want to “break compatibility”.

I feel it’s overblown either way, as I don’t believe the average user considers their media sensitive enough for it to be an issue. I’m not treating Plex as worse. Again, I’M NOT THE ONE WHO SAID ANY OF THAT. I am simply stating that in this specific instance, this Plex breach has a worse impact than the Jellyfin security concerns you bring up.

Which immediately points to Jellyfin… as if it was “better” somehow. while downplaying the actual issue without actually reading what I’m complaining about

My guy, I didn’t start the comment thread, I’m not the one who brought up Jellyfin. I also believe I responded to every point I made, while you ignored many of mine. I don’t know how you can say I’m not reading your comment. You’re being very weirdly hostile when I’m just trying to have a conversation. I don’t have significant stakes in either Plex or Jellyfin. I do prefer one, but I don’t give a shit what others want to use.

Edit3: OH! forgot this as well… “well they’d need to know where to find servers before they can access them to check!” Yup… hello shodan! https://www.shodan.io/search?query=jellyfin Would be trivial to make a script that does all of this and crawls shodan or other sources for domain/ip information. Hell you can probably just look up all LE certs issued that contain “jf” or “jellyfin” or other permutations of subdomains too. But shodan has a list of 11,788 when I check… that’s not insignificant…

Just want to add that I’m not some completely uninformed user. I have a career in cybersecurity, as well as a degree and plenty of certifications. When discussing a vulnerability, we need to consider the actual risk of a vulnerability, using its likelihood of being exploited and its potential impact. The likelihood of someone attempting to brute force media on my Jellyfin is practically nonexistent, as they have essentially nothing to gain. At best, they find an episode of a show or movie that they could find elsewhere. The impact of someone exploiting this vulnerability is also practically nothing. They would get a stream of the video, minutely impacting the performance of my server.

Again, to be clear, I AGREE with sharing this information. People should be aware of this when using Jellyfin. However, it is not an issue for the majority of users. It is also not anywhere near as bad as a breach of actual account information, data that actually is sensitive. I do not agree with framing it to look like using Jellyfin should be considered generally insecure.

Edit: minor phrasing adjustments

Complete access to your media without authentication isn’t “don’t give you any data”.

The media on my server is not what I’d consider private data, it’s just media. If someone wants to spend their time brute forcing randomized UUIDs to have a minuscule chance of viewing some media on my server, then I really couldn’t care less. Especially since they’re gonna get blocked by http probing detection after a few tries.

If someone could the emails and hashed passwords, then I would care about the spam I’d be constantly receiving after and the possibility of my friends and family’s passwords being exposed, as not all of them use secure passwords (despite my best efforts to convince them to change that).

Simply put, if I was using Plex right now, this breach would impact the many family members and friends using my server, something I’d feel guilty about. Meanwhile, with Jellyfin, none of these concerns would have any effect on them.

Edit: You ninja edited your post… bad nettiquette.

I edited it right after posting because I accidentally clicked post. Didn’t think you’d respond that fast.

Meanwhile you’re all frothing at the mouth cause Plex leaked email addresses and encrypted passwords.

This was my only comment in the thread. Kinda feels like your reply here is taking out your frustration with this entire thread on my reply.

put the endpoints behind your own authentication through your reverse proxy.

Breaks every app for jellyfin including tv apps. So no. that’s not a valid answer.

I assumed you were talking about stuff besides media playback. There are other endpoints that can be secure using your reverse proxy without breaking any apps.

Jellyfin just lets everyone in that can guess a filepath

That’s not how the endpoint works. It is a randomized UUID.

Depending on your security posture, this may be an issue for you. It is not for me, and likely is not for many other users. My media is not sensitive information. My email and other identification info is.

Edit: formatting

Endpoints that dont give you any data that would be considered a breach.

That unauthentic endpoint shit is so overblown. They should be authenticated and I hope it changes in the future, but its really not a serious issue. If they worry you, put the endpoints behind your own authentication through your reverse proxy.