cross-posted from: https://poptalk.scrubbles.tech/post/2333639
I was just forwarded this someone in my household who watches our server. That's it folks. I've been a hold out for a long time, but this is honestly it.
They want me to pay to stream content that I bought from my hardware transcoded also on my hardware.
I'll say it. As of today, I say Plex is dead. Luckily I've been setting up Jellyfin, I guess it's time to make it production ready.
Edit: I have a Plex Pass. More comments saying “Just buy a plex pass” are seriously not getting it. I have a Plex Pass and my users are still getting this.
And for the thousandth person who wants to say the same things to me:
- YES I know I'm unaffected as a Plex Pass owner.
- My users were immediately angry at it, which made me angry. Our users don't understand what plex pass is, and they shouldn't have to, that's why I had it. The fact that they were pinged even though it should have kept working is horribly sloppy
- Plex is still removing functionality. I don't care that "People should pay their fair share". If Plex wants to put every new feature behind a paywall, that's completely okay. They are removing functionality.
- "But they have cloud costs". Remote streaming is negligible to them. It's a dynamic DNS service. Plex client logs in, asks where server is, plex cloud responds with the IP and port of where server is located. That's it.
- "Good luck finding another remote streaming" - Again, Plex just opens up an IP and port. Jellyfin also just opens up an IP and port (Hold on jellyfin folks I know, security, that's a separate conversation). All "remote streaming" is is their dynamic dns. Literal pennies to them. Know what actually is costing them money? Hosting all of that ad-supported "free" content that they're probably losing money on.
In short, I don't care how you justify it. Plex is doing something shitty. They're removing functionality that has been free for years. I'm not responding to any more of your comments repeating the same arguments over and over.
Seems like it was only a matter of time.
20% more will jump to Jellyfin. The other 80% will entrench and talk even more about how great Plex is. I mean Jesus, $250 to watch pirated movies. lol wtf It's also fucking wild to me that people are defending a monetization model that is on self hosted hardware. Like, I gotta pay for my server and then a license to avoid buying DVDs. Fuck it, at this point just buy the fucking movie.
Ya'll are brain dead. Plex loves you tho.
Yup, read through this thread and it becomes clearer and clearer. and trust me, I've been a long time hold out, I've been through this many times - but this is the first time I've seen functionality removed from Plex to be put behind a paywall. And doing a price hike at the same time. Absolutely shitty. I've already migrated off.
You have a plex pass though, so nothing changed for you - you just got all angry because you didn't read the email properly.
Your users are going to be much worse off now than they were, and you will absolutely lose a bunch of them who don't want to (or can't) have to connect to a VPN every time they want to stream from your library.
Why would they need to connect to a VPN every time they connect to Jellyfin?
Jellyfin has some security issues that, depending on who you ask, are either critical vulnerabilities that make it completely unsafe to expose to the Internet or largely unconcerning for regular users.
I'm not overly concerned about my instance running behind a reverse proxy. Perhaps I am just naive...
Honestly yeah. The Jellyfin Backend is basically unauthenticated for a large part, allowing anyone to map and stream your content as soon as they guessed the ids, which isn't that hard, since they are based on the paths on your device. So if your movie sits in /mnt/media/movies/the_bee_movie that is pretty esay to guess and calculate the id from, allowing anyone to stream that content from your server
And apart from an undesirable bandwidth usage resulting from someone guessing their way to my file structure, how can this be used to compromise my server?
They can stream content from your server or map out what you have on there by using a rainbow table. Depending on the country you live in they can and will use that combined with your IP to start litigating you
And this has actually happened before?
My question is, where are you posting the address to your jellyfin server that someone who finds it will go through the trouble of even doing this?
Also how could they start litigating you based on the content you have? If I had illegal content on my server, I would be really dumb to expose it on the internet on a public jellyfin server. Otherwise my movies, tv, etc are my paid for content..
You don't need to post it. Bots are scanning every ip, 24/7, looking for servers to infect, endpoints to abuse and data to extract.
Go set up a ssh tarpit on your server and watch the flies drown in it. I will not expose anything on my server that has so many known vulnerabilities
Your content might be legitimate, but the vast majority use Plex and Jellyfin as a media Server for pirated content and still want to share it with their friends or family. And just FYI, most blurays and DVDs also forbid this kind of sharing in their license
I find it hard to believe that there are bots scanning for jellyfin exploits, since as far as I'm aware, the exploit is for viewing content without auth. 99% of bots are scanning for old instances of wordpress or other outdated software to exploit.
If my content on Jellyfin was illegitimate, the person scanning for my files would have to prove that before they can sue, no? I don't think this makes sense for anyone to do.
p.s. I won't argue that YOU should setup software that you dont want to, just that this particular reason not to may be a bit farfetched.
I always see this and I have to ask: why do you care?
They likely aren't paid customers of yours, if they don't follow your rules and the software you like to use, then they are free to use any other method of consuming media.
Have to agree with the other comment that asks why do you need to use a vpn. Fax
I dunno man, I don't care much, when Plex gets shitty enough I'll jump. But paying for the ongoing maintenance of software isn't some evil thing, even if I self host it.
But that's not what you're paying for. You're paying for access to that software...
You're not paying for software maintenance, you're paying a subscription service to a private company that has already decided to cut back on features that others also thought they were paying to maintain.
If you want to actually pay for software maintenance, migrate to Jellyfin and pay them instead, rather than filtering your payments through middle managers and shareholders first.
Problem is jellyfin (apps and server) is shit
You didn't ask, but if you've had a bad experience with the apps, you could try one of the native apps.
My friends on Apple devices think Swiftfin (https://github.com/jellyfin/Swiftfin) is much better than the normal jellyfin app.
I haven't used this one/know anyone that has: Findroid (third party) (https://github.com/jarnedemeulemeester/findroid). Mostly because I haven't had any issues with the official jellyfin app for android, but it would probably give a cleaner experience, being native and all.
For the server, I think it's fantastic. Never had any problems that weren't a few clicks to resolve. Pretty much use it and forget I'm the one maintaining it for the most part. I wonder what issues you encountered?
It's wild to me that people who claim to be tech savvy don't understand that Plex Server, the software, is what makes Plex what it is and as popular as it is. No other solution exists that is as easy as Plex and as secure as Plex. Jellyfin, Emby, Kodi, etc are nowhere near as simple to use and don't have the breadth of app support that Plex does. Plex is basically on every device anyone owns. They sign in and they can stream from everyones libraries. No VPNs needed, no other hoops.
I paid like $100 for a lifetime Plex Pass like 10 years ago. The 2 dozen friends and family that share my server don't pay a cent and this changes nothing.
Entrenchment. This is a profoundly absurd statement.
You paid $100 to access software hosted on your own devices. That's wonderful you think that's a great idea. I'm sure the Plex devs love you and would kiss you right on the mouth.
Because you're vendor locked in.. lol.
This.
I just set up Plex for my mom on her bargain bin cheapo android TV. It had the plex app right there and it’ll play without transcoding.
Can’t do that with Jellyfin.
This place sucks at times as it becomes clear it’s just an echo chamber that we used to call the Donald for.
My users don’t like the UI of Jellyfin as it isn’t as polished as Plex. I do this for my users and although it costs me money, it does save them a whole lot more money and means they’re taken out of some capitalist systems which should be the goal no?
I also have the cost of a VPN too.
Edit: The comment I replied to was on -6 upvotes at the time of posting.
The UIs are nearly identical, though.
Not in the slightest.
On iOS for instance there is a weird thing where it has a set of Ui controls and then if you double tap the screen it turns to the iPhone default Ui controls.
I use jellyfin, and jellyfin is not safe to expose to the internet.
They have a handful of vulnerability and security holes that have been open for like 5+ years now. And the old emby architecture is quite difficult to work with.
And they actively refuse to do anything about them because it would force clients to update. You could just just as well open an unsecured ftp server to your content
A load of those so called vulnerabilities are way overblown and in most cases require you to be logged in anyway.
So you’re saying there are some vulnerabilities which are not overblown and therefore should be a concern?
That is with any piece of software. their will always be some vulnerabilities that are very bad. so by your definition using any piece of software is a concern.
I agree with you, it's likely this vulnerability is only known because Jellyfin is open source.. how many are hiding in Plex's proprietary source code..
Anyways when has anyone ever been pwnd by this "exploit", I have seriously never heard of anyone being "hacked" by one of them.
Definitely overblown as far as I am aware... don't post your instance url all over the internet and you will likely be fine.
Using Plex (is fine, do whatever u want) and giving them your data instead doesn't really help you (or at least sending your data through them).
You don’t need to post your IP. Any server admin would tell you that if you have a server exposed to the internet then you’re going to get people / bots knocking and your doors (ports) to see what is open. They could then use something like meta spoilt to find vulnerabilities and gain access to your server.