←back to thread

From Plex to Jellyfin Media Server

(www.ctrl.blog)
333 points indigodaddy | 2 comments | 13 Nov 22 02:02 UTC | HN request time: 0s | source
Show context
rektide ◴[13 Nov 22 02:50 UTC] No.33579466[source]
This all feels like it should be 800x less of an issue because phones & tablets should just be able to connect over SMB & you should use whatever media player you want on your device.

Telling your home router to forward 445 is not that hard. Usinf minupnpc or just building in auto-port forwarding would be better. Alas I've seen some isp's block users from connecting to 445, which seems insane (my ispets me host there, but my parents isp blocks me from dialing home?!). So I often forward on another port (ex: 4445) and then everything works fine.

The main problem why the obvious "just use computers" problems doesnt work is... Android. Phones. These incressingly user-hostile anti-general-purpose-computing systems. Some of my media players still work with the 2017 code drom of the Android Samba Provider, but it uses old Android APIs so many media players wont work with it. I have no idea if Android still makes filesystem providers possible at all, but we havent seen any, and this one old one-time-drop artifact remains the only example I know of it ever having beem done ever on Android. But then again I really have had no interest in Box/Azure Drives/whatever... it'd be interesting/great to know if anyone does remote drives on android today. It feels wild that we have so much bespoke special software for remote media serving... when we have seemingly so little that does the general job.

https://github.com/google/samba-documents-provider

Ideally upnp/dlna should also somehow be an option too, but it assumes secure private networks I think? I'd love if it could be exposed publicly but locked down but it does all use mdns. And Tailscale's the only company on the planet who seemingly has the sense to extend our homenet's reach quickly/easily.

replies(4): >>33579532 #>>33579549 #>>33579607 #>>33579816 #
depingus ◴[13 Nov 22 03:05 UTC] No.33579549[source]
Phones and tablets can access windows shares just fine. You just need a file manager that supports it. Regardless, direct playing files from a share, doesn't come close to matching the UX a media server provides.

Also, don't expose windows shares to the internet.

replies(1): >>33579657 #
rektide ◴[13 Nov 22 03:22 UTC] No.33579657[source]
> Also, don't expose windows shares to the internet.

Is this a problem? I feel like this reputation is 10 years out of date.

Personally I use smbd & I am not afraid for it. I'd like to tell Windows users the dame, provided I trust them to disallow all but logged in users.

replies(2): >>33579837 #>>33657582 #
phpisthebest ◴[13 Nov 22 03:51 UTC] No.33579837[source]
Generally speaking unless you are prepared to (at a minimum)

1. Harden the operating system

2. Actively monitor logs, and apply updates upon release

3. Put a Firewall with IDS/IPS between the server and the internet (which most home "routers" do not provide)

you should not put anything on the wider internet, instead using something like tailscale (which you mention in another post) to create a secured private network across unsecured inet

replies(1): >>33580427 #
1. rektide ◴[13 Nov 22 05:43 UTC] No.33580427[source]
That sounds way overblown on multiple levels. "Harden the OS"... why... if you are port forwarding samba? Firewall with IDP? Please. This kind of advice seems designed to intimidate & scare, and it's absurd & cruel to convince people self hosting is so impossible and terrifying. Geeks oversell their conservative paranoia & gate-keeping like this all the te but this naysaying is just posionous!

I've gone through every CVE for Samba & there seemingly is 1 potential problem since 2007 that would possibly potentially be an issue for a basic non-domaim controller smbd fileshare that a random non-user could possibly exploit. If you dont trust your users, there's indeed some CVEs of real threat, but still, like... 4.. https://www.cvedetails.com/vulnerability-list/vendor_id-102/...

Yes you probably should update fairly regularly, just in case. But more often than not, if you are a couple years behind, it's not a problem. Maybe someday that goes bad. But... so far... being super lax on updates generally hasnt had much impact. Maybe check logs every now and then, but honestly... once you have some confidence, it's fine. This stuff runs fine. It's easy.

replies(1): >>33580520 #
2. dinosaurdynasty ◴[13 Nov 22 06:05 UTC] No.33580520[source]
One problem with (at least samba) is that the configuration is a PITA and it's easy to do a lot of unsafe things (which probably wouldn't get a CVE because "well you enabled anonymous users, which are often enabled by default by distributions...")

(at least compared to caddy or wireguard...)