I find it hard to believe that there are bots scanning for jellyfin exploits, since as far as I’m aware, the exploit is for viewing content without auth. 99% of bots are scanning for old instances of wordpress or other outdated software to exploit.

If my content on Jellyfin was illegitimate, the person scanning for my files would have to prove that before they can sue, no? I don’t think this makes sense for anyone to do.

p.s. I won’t argue that YOU should setup software that you dont want to, just that this particular reason not to may be a bit farfetched.

You may need to reevaluate your threat model.

I agree with you, it’s likely this vulnerability is only known because Jellyfin is open source… how many are hiding in Plex’s proprietary source code…

Anyways when has anyone ever been pwnd by this “exploit”, I have seriously never heard of anyone being “hacked” by one of them.

Definitely overblown as far as I am aware… don’t post your instance url all over the internet and you will likely be fine.

Using Plex (is fine, do whatever u want) and giving them your data instead doesn’t really help you (or at least sending your data through them).

you will absolutely lose a bunch of them

I always see this and I have to ask: why do you care?

They likely aren’t paid customers of yours, if they don’t follow your rules and the software you like to use, then they are free to use any other method of consuming media.

VPN

Have to agree with the other comment that asks why do you need to use a vpn. Fax

My question is, where are you posting the address to your jellyfin server that someone who finds it will go through the trouble of even doing this?

Also how could they start litigating you based on the content you have? If I had illegal content on my server, I would be really dumb to expose it on the internet on a public jellyfin server. Otherwise my movies, tv, etc are my paid for content…

You didn’t ask, but if you’ve had a bad experience with the apps, you could try one of the native apps.

My friends on Apple devices think Swiftfin (https://github.com/jellyfin/Swiftfin) is much better than the normal jellyfin app.

I haven’t used this one/know anyone that has: Findroid (third party) (https://github.com/jarnedemeulemeester/findroid). Mostly because I haven’t had any issues with the official jellyfin app for android, but it would probably give a cleaner experience, being native and all.

For the server, I think it’s fantastic. Never had any problems that weren’t a few clicks to resolve. Pretty much use it and forget I’m the one maintaining it for the most part. I wonder what issues you encountered?

The recent duckduckgo ad campaign will surely help rescue googlers and so does my mission to ensure everyone I know doesn’t use google search.

But but goat milk

I didn’t mean to say that it’s (still) trash, I think it’s useable, but there are still a lot of improvements to come.

Element as a client seems to want to do everything, which is probably great for a lot of people, but it (in my experience) has led to a poor user experience (which with more time, will likely improve, they seem to have a lot of backing).

With Element completing voice/video implementation, I imagine it’ll be easier for other clients to reference their work when implementing their own support.

Once the other clients get voice support, I will definitely be trying them out again, I’m sure they will make a much simpler experience that works out the box.

The lost keys problem has luckily never happened to me, it usually boils down the user error I believe, but yeah, if it is a user error that happens often, they should figure out some way to fix that (probably a hard problem, which is sort of fixed (i believe) if you use the client on multiple devices, so if you get logged out of your account you can easily authorize your access from another logged in device, eg desktop/mobile).

I agree, I don’t think it’s trash. From my experience, chatting is very good, voice/video are just the next thing they are tackling.

Better UX will probably come after important features are done.

Just imagine the good they could have done by being a new competent Matrix client that can do everything, but instead they are a Discord clone.

Yeah, they kinda screwed up Element with combining mobile and desktop features into one app. The first time I tried creating a call on desktop, it was suddenly apparent how confusing they had made it, because you can do it in multiple ways (normal calls & conference calls).

There are other UIs that look very nice, but sadly don’t support voice chat. Hopefully these other clients can catch up, but it’ll likely take a while.

Either of us deliberately destroy data: locked up.

Company exec does the same: slap on the butt and a $2 fine.

We should all be on the same playing field!

Hosting on your own hardware is much more fun though! In most cases it’s safer too, you don’t really need to worry about much as long as you dont portforward your ssh port & don’t run programs as root.

I would say it’s cheaper as well, but that depends on how expensive the static ip lease is per month.

The internet is full of bots pounding at your machines to get in. It is only a matter of time until the breach Jellyfin.

If you are talking about brute force attacks for your password, then use a good password… and something like fail2ban to block ips that are spamming you.

This point doesn’t exactly match, but: public services like google auth don’t require users use vpns. They have a lot more money to keep stuff secure, but you may see my point… auth isn’t too trivial of a feature to keep secure nowadays. They implement similar protections, something to block spammers and make users have good passwords (if you dont use a good password, you are still vulnerable on any service).

the only thing I miss is the big preview window in the file manager

I may be misinterpreting you, but I think this is a thing with Dolphin. It has a preview pane, which supports all the file types I commonly interact with (F11), which can be dragged to resize bigger or smaller.

I haven’t used any preview thing on Windows, which is why I think I may be misunderstanding.

Anyways if you haven’t tried Dolphin, maybe it has a solution for you (made by kde project, but I believe it should be installable for any desktop environment).

https://apps.kde.org/dolphin/

Thanks for your reply, I will definitely keep that in mind if Seafile fails to meet any critera moving on, but yeah your last point is also right, it would probably be a big pain to migrate out at this point with all my data for multiple users here.

It seems a lot has been modernising recently, I didn’t know they were also using Go, but hopefully they continue with it for new code.

The problem is that content rights holders setup bots that track who is torrenting media that they own (all the peers they can connect to).

Then they use your ip to ask your ISP to stop you.

As far as i am aware (and possibly wrong), magnet links aren’t any more secure than using a .torrent file, it’s just another form of it that can be easily clicked (or copied) to open in your client (i’ve never looked but it might just be a link containing the info that would be in the torrent file).

NextCloud being so slow forced me to migrate to Seafile.

Seafile being less one-stop-shoppy made me not use it so much, but whenever I do it is always fast and responsive (unlike nextcloud, where 80% of the time I was looking at the loading indicator). Looking it up now though, it looks like it has a lot of new features I haven’t yet tried so I’m probably gonna start using it more now.

Only downside with Seafile is it’s deduplication (for me), because it stops me from easily accessing files directly (always gotta use a client). Likely a benefit for most though and I do rarely need to access a file directly on disk, just when I do, it’d be an easy shortcut for whatever I’m doing.

Depending on where you live, it may not matter if you don’t use a VPN, you could possibly research what usually happens in your area?

Many people never get warnings, others ignore them and nothing happens.

Usually nothing happens because ISPs don’t care if you torrent, it wastes their time and resources when studios/content owners send dmcas (or whatever) and they have to send a warning. I bet the warnings are just automated for most isps so they can mostly ignore them. ISPs also don’t want to punish their customers because then they’ll lose revenue by cutting you off.

(The ignoring part is heresay, i’m just combining info i’ve heard over the years and experience)

Some (most?) countries it’s not illegal to torrent copyrighted content either, unless you distribute it (seed).