Well I already have jellyfin running in a container, just have to figure out how to get mum’s TV to work with it I guess

<edit> log in on a local IP and not the network name and it’s working again. but I’ll be moving to jellyfin from now

  • Strit@lemmy.linuxuserspace.showEnglish
    20·
    1 day ago

    From one of the Jellyfin devs in the issue you linked, posted in April this year:

    Now, let’s address this clearly once and for all. What is possible is unauthenticated streaming. Each item in a Jellyfin library has a UUID generated which is based on a checksum of the file path. So, theoretically, if someone knows your exact media paths, they could calculate the item IDs, and then use that ItemID to initiate an unauthenticated stream of the media. As far as we know this has never actually been seen in the wild. This does not affect anything else - all other configuration/management endpoints are behind user authentication. Is this suboptimal? Yes. Is this a massive red-flag security risk that actively exposes your data to the Internet? No.

    At this point, this over-4-year-old issue has gotten posted to HackerNews more than enough times and gotten quite enough unhelpful peanut-gallery comments like those above… We are limiting this issue to Jellyfin collaborators only at this point. Most of the big items are already tracked elsewhere (specifically, unauth playback) or have already been fixed. And many other options are now open to us in a post-10.11 landscape now that we have a proper library database ready.

      • Strit@lemmy.linuxuserspace.showEnglish
        10·
        1 day ago

        Yes, but it’s always the one people come back too.

        They mention the other issues are either being tracked elsewhere or already solved.

        At the end of the day, it’s a community project, done by primarily volunteers, who is not making any money doing this. No VC funding to hire developers to take care of these issues.

        • TrickDacy@lemmy.worldEnglish
          74·
          1 day ago

          I understand there’s an explanation for it. Doesn’t make these things not things to consider when choosing one’s solution

      • somerandomperson@lemmy.dbzer0.comEnglish
        93·
        1 day ago

        But it’s FOSS, compared to Plex. And it also does not ask for money for anything.

        You can also add more security yourself if you want to. Not by coding new stuff into jellyfin, but by adding some sort of auth BEFORE jellyfin.

        • Chewy@discuss.tchncs.deEnglish
          2·
          1 day ago

          Setting up auth before Jellyfin breaks clients. This is not an option. Edit: Unless you meant VPN like Tailscale, but then you’d have to install Tailscale too, which I don’t want to explain to others.

          • somerandomperson@lemmy.dbzer0.comEnglish
            1·
            1 day ago

            Tailscale needs you to explicitly add your device to the tailnet, so it’s some form of authentication.

            Also, why don’t you want to explain tailscale? It’s really simple.

              • Chewy@discuss.tchncs.deEnglish
                2·
                18 hours ago

                And making sure Tailscale auto launches on a FireTV stick is a pita too. Telling them to open Tailscale on each start is not an option.

      • Scrubbles@poptalk.scrubbles.techEnglish
        21·
        1 day ago

        Feel free to go read the multiple writeups from the maintainers that go over each one, we don’t need to copy them all here into the comments for you.