Selfhosted

60177 readers

605 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

Detailed Rules Post

Be civil.
No spam.
Posts are to be related to self-hosting.
Don't duplicate the full text of your blog or readme if you're providing a link.
Submission headline should match the article title.
No trolling.
Promotion posts require active participation, with an account that is at least 30 days old. F/LOSS without a paywall has exceptions, with requirements. See the rules link for details.

Resources:

selfh.st Newsletter and index of selfhosted software and apps
awesome-selfhosted software
awesome-sysadmin resources
Self-Hosted Podcast from Jupiter Broadcasting

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 3 years ago

MODERATORS

curbstickle@anarchist.nexus

curbstickle_lw@lemmy.world

278

Plex Announces Massive Price Hike on Lifetime Subscription Plans (www.ign.com)

submitted 1 month ago by inclementimmigrant@lemmy.world to c/selfhosted@lemmy.world

220 comments fedilink hide all child comments

Plex has announced a massive price increase on the service's Lifetime Plex Pass. On July 1, the lifetime subscription option will go from $249.99 to $749.99, an increase of 200%. The price hike will only apply to new subscribers, with no changes to monthly or annual subscription pricing.

you are viewing a single comment's thread
view the rest of the comments

[–] mic_check_one_two@lemmy.dbzer0.com 2 points 1 month ago* (last edited 1 month ago) (1 children)

Username and password is all you need aside from that.

The sad reality is that Jellyfin’s authentication system is insecure, and there are “anyone can view your content without a valid login” exploits that are not going to be patched. The only way to stop someone would be to include a secondary username+password on your reverse proxy, to prevent attackers from even reaching your Jellyfin login page. Because if you can reach Jellyfin’s login page, you can exploit it without logging in. But that would break basically everything except for web browsers, because none of the various apps have support for more than Jellyfin’s authentication.

[–] electric_nan@lemmy.ml 0 points 1 month ago (1 children)

I mean, that's not great, but it's also not very concerning to me. Like the risk of someone doing that, and the potential harm resulting seems minimal to me.

[–] mic_check_one_two@lemmy.dbzer0.com 0 points 1 month ago (1 children)

The problem is that every single person uses the Trash Guide to set up their system. And the guide includes instructions on how to set up your file names.

You’re correct that in isolation the risk is minimal. But nearly every setup is using the trash guide’s suggested naming scheme, which makes guessing it dead simple.

[–] electric_nan@lemmy.ml 3 points 1 month ago* (last edited 1 month ago) (1 children)

I'm not familiar with the trash guide. I set mine up with swizzin community edition.

Edit: either way though, what is the real risk? Someone streams your media without your permission?

[–] FauxLiving@lemmy.world 2 points 1 month ago

either way though, what is the real risk? Someone streams your media without your permission?

I am outraged that someone would commit piracy on my pirated content!

Honestly, if someone is going through all that trouble then they've earned it... and it saves me the effort of needing to create them an account.