- cross-posted to:
- technology@lemmy.world
- cross-posted to:
- technology@lemmy.world
Plex has announced a massive price increase on the service’s Lifetime Plex Pass. On July 1, the lifetime subscription option will go from $249.99 to $749.99, an increase of 200%. The price hike will only apply to new subscribers, with no changes to monthly or annual subscription pricing.
You must log in or # to comment.
I think it’s important to recognize what Plex is saying with this announcement: their current business model isn’t sustainable. That means those who already have lifetime passes are vulnerable to Plex going away. If/when that happens, what will those users do then? That’s the conversation worth having now.
Never used Plex. Jellyfin has always met my needs, so I never bothered to try it.
Plex has been around quite a while longer than JF. Before JF, the only way to really have a “self-hosted Netflix” was with Plex, so there are a lot of us who built our long-standing media setups around that.
That said, I have a JF instance running and matched almost 1:1 with Plex specifically for this situation, so I’m going to start pivoting everyone to that as I wind Plex down.
Meh, I’ve used dlna with PS2 over 20 years ago. Not exactly the same, but for my needs essentially the same.
That’s an interesting method. I actually have a PS2 myself, running PSBBN. Maybe I’ll try that out.
There’s a great project called WatchState that allows you to sync show progress between JF and Plex. Highly recommend it for while you’re switching over.
I wish jellyfin and the apps could ship with something like wireguard setup by default so people that use the jellyfin apps could instantly watch media outside their house without learning what wireguard/tailscale is
The fact that’s needed at all is the problem. Developers need to stop making monolithic structures that have access to everything ever and putting it on the user to maintain to maintain a VPN network for security.
There’s no reason I should not be able to just use an nginx reverse proxy for remote access to my jellyfin and have that be safe. It should at worst give people a copy of my media if there’s a security issue.
Personally I went out of my way to make this be the case, i have my instance locked into an unprivileged lxc whitelist only on syscalls which took a while to figure out the minimum needed for function but I got there. The host System is using the hardened kernel from Upstream and a series of sysctl lockdowns for example P Trace is not allowed even if you are the root user.
So I do indeed just nginx reverse proxy my instant because the worst case scenario even if they got complete shell access to the system they would be locked into an unprivileged container that had no access to any files other than my media files but the fact that I have to go to this level is already ridiculous
It should at worst give people a copy of my media if there’s a security issue.
that’s not the worst possibility. the worst possibility is an RCE into your server.
Personally I went out of my way to make this be the case, i have my instance locked into an unprivileged lxc whitelist only on syscalls which took a while to figure out the minimum needed for function but
that’s a pretty exotic setup. Exciting, but for most people learning to manage a VPN is easier
It should at worst give people a copy of my media if there’s a security issue.
that’s not the worst possibility. the worst possibility is an RCE into your server.
Personally I went out of my way to make this be the case, i have my instance locked into an unprivileged lxc whitelist only on syscalls which took a while to figure out the minimum needed for function but
that’s a pretty exotic setup. Exciting, but for most people learning to manage a VPN is easier
I am aware that an rce is the worst possibility I’m saying it shouldn’t be. The web portion is already its own isolated binary that you have to install but it’s designed with seemingly very little attention to security.
To the point that jellyfin has already had several major RCE and despite having full support for running over the web with http developers are basically just like you should not be using this without a VPN which is overall a pretty pathetic stance for a media server
it is pathetic indeed, but I think much fewer projects admit it than how many should
Recently nginx had an RCE, so if your web server interface has an RCE, it doesn’t matter if jellyfin code is top-notch, if you happen to use a proxy with RCE in front of it. Wireguard has never had an RCE and I’m relatively certain it never will, because I believe you must be in possession of some keys to go very deep in the wireguard code, which in itself is not very large piece of code.
But yes, in principle I agree that we should code securely instead of depending on VPN to solve it for us, unfortunately it’s not the reality today. Memory safe programming languages help, but don’t completely protect against logic errors. VPN is general is pretty good for defence-in-depth.
The nginx rce relied an a series of requirements that affect almost nobody. You had to be using a very specific module and processing a specific type of data reverse proxy was not affected.
But regardless I get your point that anything can have an RCE. However as you say at the end in principle that does not mean you should just give up and expect external projects to handle your security. VPN is a great way to access your services and it is good defense and depth, but for the sake of being a successful project to the masses? It’s basically a dead end Road
but for the sake of being a successful project to the masses? It’s basically a dead end Road
I think that’s why we should still have requirements against software we run (although as some funnily say, we are free to get a refund), but not pretend that the software is more secure than it is known to be. sad that we need a VPN for security, but it is what it is.
I don’t know how could we get our devs to be more attentive to security.
Jellyfin has lots and lots of tutorials, fyi. it’s not as intimidating as it seems once you get going with it.
And Plex doesn’t require any. It’s okay to accept that one product can be more polished than the other, and Plex has a lot of stuff that “just works”
My comment wasn’t for you then, it’s for people curious in an alternative but may be hesitant. Some people enjoy learning new things.
And Plex doesn’t require any. It’s okay to accept that one product can be more polished than the other, and Plex has a lot of stuff that “just works”
And it is ok to accept that Plex is getting worse and worse. Only reason why ppl use it these days is because they still have an old lifetime pass. As soon as they take it away or introduce a new tier of features or even removing features of it, they will swarming away from Plex.
And they will!
OC never said anything to do with your comment, you seem to be really offended by recommending an alternative to a tool that you use.
Jellyfin also „just works“. Getting it going is just as simple as plex.
Have you tried Jellyfin?
This is the most hilarious lie I think I’ve seen in a while from open source on here. To be clear I use it as my daily driver, I switched off Plex a long time ago when I saw the writing on the wall.
But I still have issues with media matching to this day, issues where subtitles on certain devices just refuse to display no matter what you do. And the server still loves to randomly take up absolutely massive amounts of memory for seemingly no reason whatsoever I ended up making a strip to just forcibly kill it and restart it every 12 hours to prevent it from eating the entire system’s memory.
And no my file naming is not the media issue everything I do is properly named exactly as jelly fin documentation says it wants by sonarr. Not to mention you are expected to maintain a VPN system just for accessing your media away from home as the web interface is so hilariously unsecured as to be a constant source of major system vulnerability.
It’s usable, but it’s not as just works as Plex I have thousands of TV shows, anime, and movies as in thousands of each of those categories and Plex never once failed to match to the correct media, never had a problem just playing subtitles on any client, and I think only ever had one major issue with the web interface in terms of security? There’s been lots of minor ones that would give people essentially just access to Plex but not the underlying system
I’ll admit I haven’t really looked into it, but how is the Jellyfin web interface insecure? I don’t currently, but in the past I’ve used ssh reverse port forwarding to my VPS and then used an Apache proxy and letsencrypt for ssl on a subdomain. Maybe I was just lucky, but I never had any problems.
It has had a pretty high number of RCE exploits including one recently the architecture of the web service is just very poor and leads to a lot of basic problems.
Personally I am not a fan of the language they chose, and I think it directly leads to a lot of these problems but that’s just like my opinion man.
The server itself also has tons of issues like the constant memory leaks that cause it to eat up endless amounts of memory that they don’t seem interested in fixing and basically once again push it to the users to deal with and a bunch of the boot lickers are like yeah you just need to put it in a Docker and limit its maximum memory as if that’s just normal and expected to need to do
Ah, yeah, guess I never realized it’s a .NET program. Never understood why an open source dev would choose .NET, but what can you do.
Also despise Docker (especially the modern over-reliance on it), but that always gets me into trouble when I admit that publicly.
I am right there with you on the docker hate I get the idea but the docker system itself is a huge problem. The amount of people that do not realize it completely bypasses system firewalls is very sad and unfortunate and leaves a lot of people vulnerable.
I personally try to use lxc containers that I set up myself for containerizing services and install them natively within the container
It has had a pretty high number of RCE exploits including one recently the architecture of the web service is just very poor and leads to a lot of basic problems.
So they had an RCE that got fixed therefore the software is bad and insecure. Therefore every OS and basically any enterprise software that was ever used is insecure.
Got it.
That would be the case, however the devs official stance is it’s unsafe and should not be used other than over vpn. So they also agree
Plex doesn’t “just work” I have lost access to my install more time than I can coun’t due to their weird prove you are the owner system.
I have it running in parallel with Plex to keep an eye on its progress. There is a lot of things that do not just work. Hardware Encoding for example, or safe remote access
People who dont know a lot of tech stuff cant set it up to access while outside the house so i wouldnt say it “just works”
I install Jellyfin using docker, go to the web address, make the credentials for it and I am up and running.
For Plex you need to do that whole gain ownership song and dance which is a pain if you don’t have full console and file access like on TrueNas.
there are a lot of us still on Plex that hadn’t reached the threshold of issues vs effort that would motivate us to migrate to something like jellyfin.
looks like we’ve arrived.
I already have a lifetime Plex pass so this isn’t an issue for me. 6 months from now when Plex decides my lifetime pass has a new expiry, then I’ll be motivated.
this exactly. I got a lifetime pass in the before times (pre-pandemic) back when they were $100 bucks ish, but I know it’s only a matter of time before they come for us grandfathered-in fools.
I have the lifetime pass, bought it for like $80 many moons ago.
looks like we’ve arrived.
Agreed, this is the tipping point. This is where we will see Plex start to abandon the lifetime pass in favor of “imaginary money line go up forever” subscriptions.
Why not run both? That’s what I do, then if Plex is an issue for someone I can make them a Jellyfin account
I haven’t. I bought lifetime Plex Pass something like 15 years ago. A price change doesn’t effect me. It’s all their shitty updates and removing of features that makes me keep an eye on Jellyfin. I already have a sync setup for my watch status and a couple of my main users. Jellyfins apps are still worse.
The Jellyfin vs Plex thing always struck me as odd. As in - why are we holding JF to a different standard to (say) Immich, Syncthing, Pi-hole or any one of a thousand different programs people self host?
Yes, JF ships multi-user accounts and client apps etc. I get it, “multi-use” is implied, so the comparison isn’t totally unfair. But there’s a difference between ‘this feature exists’ and ‘this is the primary purpose of the tool’.
The fact that you CAN share it externally doesn’t mean everyone running JF is doing that, or that it should be the benchmark the whole project is judged by.
To me, self host means “I host it, myself” not “I host it and then pretend to be Netflix for family and friends”. If that’s the use case, then of course, Plex away.
It’s cool that you CAN share JF externally, and it’s cool that Plex does that differently / better. We shouldn’t hold one to the standards of the other.
I got this on Black Friday many years ago for ~70 and despite the pass I am slowly moving over to Jellyfin. I really don’t see how they came up with this valuation, seems like a last money squeeze before abandoning ship.
Everything changed when they signed that A24 deal, and its not even the good movies, its the shitty also-rans. They want revenue now.
I wish them luck, but it seems despite all the data collection they failed to understand who their customers are. Idgaf about their content, I block and remove it where I can. Instead now we have content that will not convince anyone to cancel their Netflix or HBO to move to them and I have a home server that barely runs anymore because the software is so bloated.
Jellyfin
Jellyfin isn’t great, but it sure doesn’t have this problem.
Just to say: MythTv is still a thing…
Ahh, memories. The start of my Linux journey nearly 20 years ago
Isn’t that 300%
With the original price as $250, a 100% increase would be adding the entire value to itself once (i.e doubling) taking us to $500.
A 200% increase is adding the $250 to the original two times for a total of $750.
So calling it a “200% increase” is correct.
It is true to say that “$750 is 300% of $250” or that “The price has tripled” - both correct, but the increase is only 200% because increase doesn’t include the original as part of the value.
This makes perfect sense, thank you
TBH—and I’m not a native English speaker—I think it’s a bit ambiguously phrased. “Increase by 200%” would be more clear.
Fine. Forget about it.
Probably going to get hate for this. But I have easily gotten 750 dollars worth of value out of my lifetime subscription. I’m sure they are doing this to drive down lifetime subscriptions and increase month to month. But I legit think 750 over 20 years it’s still a legit price.
About $3/mo. But for a lifetime deal you’re also buying the risk. If they go bankrupt, stop honoring the lifetime deal, or any variation thereof tomorrow, you’re out $750 - lifetime deals, where they exist are often heavily discounted compared to normal rates due to this. 20 years is though quite a long time. Plex is only 16 years old.
In a perfect world a company would limit the amount of lifetime deals available and only have them in the beginning to get some quick cash allowing them to scale. I don’t think Plex is running a very good business, which also devalues the lifetime deal.
It;'s probably about 800 euro, but that is still 800 euro more than Emby/Kodi/Jellyfin or whatever other altnerative. I had a lot of issues with Plex due to them requiring that proof of ownership thing which didn’t really work on TrueNas core I think it was?
Jellyfin is way easier imo
Enshittification in action.
enshitification isnt price hike all their “fonctionality” nobody were asking for are
My old kodi setup just works, year after year, and will work 10 years from now too…
the thing I hate the most about news like this is all the jellies screaming out “I iNsTaLlEd JeLlYfIn BeCaUsE i KnEw ThIs WoUlD hApPeN!”
we get it. you sniff your own farts.