The short answer is because it is open source.

I’m using some non-standard transcoding profiles, for example RIFE motion interpolation. I have some other server customizations so that it integrates with my home automation system a bit better.

I can’t customize Plex.

I understood the misunderstanding from reading the previous comments.

I was clear in other comments that I was speaking of what I knew to be true at the time, therefore the tense was correct from my perspective.

I didn’t say you were intentionally lying, only that you were mistaken. I wasn’t making a personal attack.

I acknowledge that based on your experience that is how Plex worked 10 years ago, but it is not how it currently works. So, when you say that ‘this is how Plex works’ instead of ‘this is how Plex worked 10 years ago’ it’s implying that it still works like that when it does not. That could confuse people who are here and trying to learn.

This place takes itself way, way too seriously, in my opinion. I’m sorry for any toes I stepped on without even meaning to, and I won’t comment on the matter further.

The community exists to talk about, and help people with, self hosting. Providing incorrect information runs counter to that purpose and so community members should point out when information isn’t correct.

Misinformation just means that the information that you’re providing is not correct, it’s not a personal attack on you to be corrected about a factual issue. It doesn’t mean that you’re a bad person or suggest that you’re trying to be intentionally misleading, it just means that your statements do not match the current factual reality.

Well, grammatical quibble then.

Your verbs are present tense and not past tense:

Plex requires a Plex Pass subscription

Plex doesn’t allow you to watch media on your local network

This gives the impression that you’re talking about the current state of things. Which seems to be the above commenter’s issue.

Where as:

Plex required a Plex Pass subscription

or

Plex didn’t allow you to watch media on your local network

Would imply a past experience.

Misinformation doesn’t mean that you’re intentionally lying (that is disinformation), it just means that you’re stating facts that are not true.

(I’m not being negative, just pedantic lol)

To actually contribute to the conversation:

Plex now allows local network streaming without their servers being offline as long as your client is already authenticated (cached tokens have a short expiration date however)

Alternatively, you can add your LAN’s subnet in Settings > Server > Network > ‘List of IP addresses and networks that are allowed without auth’

Here’s a full written guide: https://forums.plex.tv/t/howto-use-plex-with-no-internet/383325

(I know you’re just joking)

☝️🤓, We typically don’t consider local-only applications as being hosted.

Hosted implies a server and the ability to operate remotely and to service multiple users.

I have both specifically for this reason.

Plex is for my family who only need to know ‘login to your Plex account’, but I personally use Jellyfin because I’m on my VPN. I got the lifetime pass for under $100 ($80?) and it has saved me a lot of time by preventing technical issues that would need my personal attention.

It’s only because it is a large mp3 okay?

This is very serious…

…now it’s free x 4.

Yeah, I have had a similar experience.

Some are excited about it when I give them the tour but never use their login.

Luckily my nieces and nephews love the fact that they can watch all of the Mouse House movies without the Mouse House+ subscription

I just got a refund, I’m moving to Real Player

I try to hit 15TB/mo automatically fetching the latest Linux ISOs for ratio. I paid for 20TB so I’m gonna use it!

Only about .5-1TB/mo personally.

“Just one more thing” we all say until we’re hosting a bespoke cloud service for everyone we know.

Next do pihole, put everything on a mesh VPN, home assistant all of your lights/locks/coffee machines, jellyfin, then you may as well get a seedbox in Singapore and automate your media consumption, while you’re there you may as well run subsonic and lidarr and if you’re going to host media audiobookshelf for your reading/audiobook needs.

Or, branch out to other nerd hobbies and buy a 3D printer (why not) and cover your walls and flat surfaces with modular organization systems

I run both, I got the lifetime license for under $100 and it is much easier to have my various family members install the Plex app and then login than to get them on my VPN to access Jellyfin.

Grandma ain’t installing Tailscale

Yeah, I’m not disagreeing with you either, just adding more to the conversation

I work in security as well.

If you only have a single user that accesses via a single static IP then it isn’t much of an issue to manually maintain an IP whitelist.

Allowing access to multiple users across many different networks, means that you’re going to have to deal with their IP changing frequently often multiple times per day. You’d have to be available full-time to update your whitelist if done manually.

If you’re going to run software on those machines to check for their public IP and report it to you (or a script you run) in order to update your firewall’s whitelist then you could just as easily (or, I’d argue, more easily) run a Tailscale client on their machine and only give them access to Jellyfin via Tailscale’s ACL.

I just mean that you can’t simply put Jellyfin behind a reverse proxy and alter some port forwarding rules to protect against the argument injection vulnerability, since it executes the ffmpeg command as the Jellyfin’s service account so it would have access to any file that that account could access (which should be limited to the container, but some people run it bare metal still).

Using a VPN is just easier to deal with, to me, than trying to allow any access from Internet IPs. The firewall can simply block everything from the Internet that isn’t VPN traffic. This is especially true if you control all of the devices that will be connecting to your network.

All of my traffic, even LAN traffic, is on one VPN or another. Everything is done ‘locally’ on the VPNs regardless of where the device is located.

I was Osama bin Laden and I can confirm that this is true.

I think you don’t understand the nature of the exploit.

Anybody who can see the Jellyfin login page can use the Jellyfin server’s permissions to play media directly from your media library.

Port forwarding doesn’t matter. Jellyfin hosts on port 80/443 which you have to allow for the service to function. Most clients are on dynamic IPs or CGNATs so unless you’re going to manually change the IP filter for every single user every few days, IP filters are not a reasonable solution.

‘Take reasonable precautions on the trust of networks’ doesn’t even make sense. Your Jellyfin server is either available to the Internet or not available to the Internet. If you choose not to trust the Internet (the actual mitigation) then you obtain access to your Jellyfin server through a VPN.

either way though, what is the real risk? Someone streams your media without your permission?

I am outraged that someone would commit piracy on my pirated content!

Honestly, if someone is going through all that trouble then they’ve earned it… and it saves me the effort of needing to create them an account.

My Jellyfin has all of these things.