That sounds funny, but In that reality, the government with all its power will find a way in (they probably already have programs (as in departments) for finding their way into other countries tech).
Better to just install a proper de-googled android build (grapheneos, etc) and only use wifi (if data/phone num not needed) for the best odds.
In a couple of years (with more r&d, development and investment) I bet this will change to being use a linux phone.
Hm I don’t remember posting the comment you are replying to, to the one I replied to.
You are right, but I still argue that keeping Jellyfin up to date is fine, there’s no serious bugs (afaik) that will compromise your whole server for instance, so these bots have nothing valuable to exploit here.
When I say don’t post your instance url I was talking about normal people finding it to try streaming from it without auth, I think I was replying to someone else and though this was the same thread.
I find it hard to believe that there are bots scanning for jellyfin exploits, since as far as I’m aware, the exploit is for viewing content without auth. 99% of bots are scanning for old instances of wordpress or other outdated software to exploit.
If my content on Jellyfin was illegitimate, the person scanning for my files would have to prove that before they can sue, no? I don’t think this makes sense for anyone to do.
p.s. I won’t argue that YOU should setup software that you dont want to, just that this particular reason not to may be a bit farfetched.
You may need to reevaluate your threat model.
I agree with you, it’s likely this vulnerability is only known because Jellyfin is open source… how many are hiding in Plex’s proprietary source code…
Anyways when has anyone ever been pwnd by this “exploit”, I have seriously never heard of anyone being “hacked” by one of them.
Definitely overblown as far as I am aware… don’t post your instance url all over the internet and you will likely be fine.
Using Plex (is fine, do whatever u want) and giving them your data instead doesn’t really help you (or at least sending your data through them).
you will absolutely lose a bunch of them
I always see this and I have to ask: why do you care?
They likely aren’t paid customers of yours, if they don’t follow your rules and the software you like to use, then they are free to use any other method of consuming media.
VPN
Have to agree with the other comment that asks why do you need to use a vpn. Fax
My question is, where are you posting the address to your jellyfin server that someone who finds it will go through the trouble of even doing this?
Also how could they start litigating you based on the content you have? If I had illegal content on my server, I would be really dumb to expose it on the internet on a public jellyfin server. Otherwise my movies, tv, etc are my paid for content…
You didn’t ask, but if you’ve had a bad experience with the apps, you could try one of the native apps.
My friends on Apple devices think Swiftfin (https://github.com/jellyfin/Swiftfin) is much better than the normal jellyfin app.
I haven’t used this one/know anyone that has: Findroid (third party) (https://github.com/jarnedemeulemeester/findroid). Mostly because I haven’t had any issues with the official jellyfin app for android, but it would probably give a cleaner experience, being native and all.
For the server, I think it’s fantastic. Never had any problems that weren’t a few clicks to resolve. Pretty much use it and forget I’m the one maintaining it for the most part. I wonder what issues you encountered?
Yeah pretty sad. It would be a much more useful feature for me on mobile.
On desktop, I usually just create a new window for different types of stuff.
No easy way to organize my infinite tabs on mobile (as far as im aware).
Chromium browsers on mobile do this, but it’s also a bit weirdly complicated/frustrating to work with at times, I hope of Firefox get to it, they can make it super simple.
The recent duckduckgo ad campaign will surely help rescue googlers and so does my mission to ensure everyone I know doesn’t use google search.
Either of us deliberately destroy data: locked up.
Company exec does the same: slap on the butt and a $2 fine.
We should all be on the same playing field!
Hosting on your own hardware is much more fun though! In most cases it’s safer too, you don’t really need to worry about much as long as you dont portforward your ssh port & don’t run programs as root.
I would say it’s cheaper as well, but that depends on how expensive the static ip lease is per month.
The internet is full of bots pounding at your machines to get in. It is only a matter of time until the breach Jellyfin.
If you are talking about brute force attacks for your password, then use a good password… and something like fail2ban to block ips that are spamming you.
This point doesn’t exactly match, but: public services like google auth don’t require users use vpns. They have a lot more money to keep stuff secure, but you may see my point… auth isn’t too trivial of a feature to keep secure nowadays. They implement similar protections, something to block spammers and make users have good passwords (if you dont use a good password, you are still vulnerable on any service).
the only thing I miss is the big preview window in the file manager
I may be misinterpreting you, but I think this is a thing with Dolphin. It has a preview pane, which supports all the file types I commonly interact with (F11), which can be dragged to resize bigger or smaller.
I haven’t used any preview thing on Windows, which is why I think I may be misunderstanding.
Anyways if you haven’t tried Dolphin, maybe it has a solution for you (made by kde project, but I believe it should be installable for any desktop environment).
Thanks for your reply, I will definitely keep that in mind if Seafile fails to meet any critera moving on, but yeah your last point is also right, it would probably be a big pain to migrate out at this point with all my data for multiple users here.
It seems a lot has been modernising recently, I didn’t know they were also using Go, but hopefully they continue with it for new code.
The problem is that content rights holders setup bots that track who is torrenting media that they own (all the peers they can connect to).
Then they use your ip to ask your ISP to stop you.
As far as i am aware (and possibly wrong), magnet links aren’t any more secure than using a .torrent file, it’s just another form of it that can be easily clicked (or copied) to open in your client (i’ve never looked but it might just be a link containing the info that would be in the torrent file).
NextCloud being so slow forced me to migrate to Seafile.
Seafile being less one-stop-shoppy made me not use it so much, but whenever I do it is always fast and responsive (unlike nextcloud, where 80% of the time I was looking at the loading indicator). Looking it up now though, it looks like it has a lot of new features I haven’t yet tried so I’m probably gonna start using it more now.
Only downside with Seafile is it’s deduplication (for me), because it stops me from easily accessing files directly (always gotta use a client). Likely a benefit for most though and I do rarely need to access a file directly on disk, just when I do, it’d be an easy shortcut for whatever I’m doing.
Depending on where you live, it may not matter if you don’t use a VPN, you could possibly research what usually happens in your area?
Many people never get warnings, others ignore them and nothing happens.
Usually nothing happens because ISPs don’t care if you torrent, it wastes their time and resources when studios/content owners send dmcas (or whatever) and they have to send a warning. I bet the warnings are just automated for most isps so they can mostly ignore them. ISPs also don’t want to punish their customers because then they’ll lose revenue by cutting you off.
(The ignoring part is heresay, i’m just combining info i’ve heard over the years and experience)
Some (most?) countries it’s not illegal to torrent copyrighted content either, unless you distribute it (seed).
If you’re looking at getting a new (used) phone, I would suggest GrapheneOS (the most secure/private de-googled rom afaik).
You need a Pixel phone, the newer you get the longer you will keep getting software updates for the future (if you keep the phone past these many years of support, then I believe switching to a other rom will be required for security patches etc. Each phone is supported until Google stops supporting them I believe). You said you don’t care about updates because you can keep it from connecting to the internet, but it’s a plus anyways.
If you plan on never touching a google service, GrapheneOS allows for that (nothing google by default), but on the other hand, if you need google play, etc for banking apps or whatnot, they have that covered with Sandboxed Google Services (which you can run solely in another user profile on your phone for added privacy).
Anyways, I think GrapheneOS in a great option & their website has much more info if you’d like to continue hearing about it:
https://grapheneos.org/
p.s. you can check their website for how long different pixels will have continued support before (if) you get one (incase anyone else is reading this).