- cross-posted to:
- technology@lemmy.world
- cross-posted to:
- technology@lemmy.world
Plex has announced a massive price increase on the service’s Lifetime Plex Pass. On July 1, the lifetime subscription option will go from $249.99 to $749.99, an increase of 200%. The price hike will only apply to new subscribers, with no changes to monthly or annual subscription pricing.
You must log in or # to comment.
I think it’s important to recognize what Plex is saying with this announcement: their current business model isn’t sustainable. That means those who already have lifetime passes are vulnerable to Plex going away. If/when that happens, what will those users do then? That’s the conversation worth having now.
I wish jellyfin and the apps could ship with something like wireguard setup by default so people that use the jellyfin apps could instantly watch media outside their house without learning what wireguard/tailscale is
The fact that’s needed at all is the problem. Developers need to stop making monolithic structures that have access to everything ever and putting it on the user to maintain to maintain a VPN network for security.
There’s no reason I should not be able to just use an nginx reverse proxy for remote access to my jellyfin and have that be safe. It should at worst give people a copy of my media if there’s a security issue.
Personally I went out of my way to make this be the case, i have my instance locked into an unprivileged lxc whitelist only on syscalls which took a while to figure out the minimum needed for function but I got there. The host System is using the hardened kernel from Upstream and a series of sysctl lockdowns for example P Trace is not allowed even if you are the root user.
So I do indeed just nginx reverse proxy my instant because the worst case scenario even if they got complete shell access to the system they would be locked into an unprivileged container that had no access to any files other than my media files but the fact that I have to go to this level is already ridiculous
It should at worst give people a copy of my media if there’s a security issue.
that’s not the worst possibility. the worst possibility is an RCE into your server.
Personally I went out of my way to make this be the case, i have my instance locked into an unprivileged lxc whitelist only on syscalls which took a while to figure out the minimum needed for function but
that’s a pretty exotic setup. Exciting, but for most people learning to manage a VPN is easier
It should at worst give people a copy of my media if there’s a security issue.
that’s not the worst possibility. the worst possibility is an RCE into your server.
Personally I went out of my way to make this be the case, i have my instance locked into an unprivileged lxc whitelist only on syscalls which took a while to figure out the minimum needed for function but
that’s a pretty exotic setup. Exciting, but for most people learning to manage a VPN is easier
I am aware that an rce is the worst possibility I’m saying it shouldn’t be. The web portion is already its own isolated binary that you have to install but it’s designed with seemingly very little attention to security.
To the point that jellyfin has already had several major RCE and despite having full support for running over the web with http developers are basically just like you should not be using this without a VPN which is overall a pretty pathetic stance for a media server
it is pathetic indeed, but I think much fewer projects admit it than how many should
Recently nginx had an RCE, so if your web server interface has an RCE, it doesn’t matter if jellyfin code is top-notch, if you happen to use a proxy with RCE in front of it. Wireguard has never had an RCE and I’m relatively certain it never will, because I believe you must be in possession of some keys to go very deep in the wireguard code, which in itself is not very large piece of code.
But yes, in principle I agree that we should code securely instead of depending on VPN to solve it for us, unfortunately it’s not the reality today. Memory safe programming languages help, but don’t completely protect against logic errors. VPN is general is pretty good for defence-in-depth.
The nginx rce relied an a series of requirements that affect almost nobody. You had to be using a very specific module and processing a specific type of data reverse proxy was not affected.
But regardless I get your point that anything can have an RCE. However as you say at the end in principle that does not mean you should just give up and expect external projects to handle your security. VPN is a great way to access your services and it is good defense and depth, but for the sake of being a successful project to the masses? It’s basically a dead end Road
but for the sake of being a successful project to the masses? It’s basically a dead end Road
I think that’s why we should still have requirements against software we run (although as some funnily say, we are free to get a refund), but not pretend that the software is more secure than it is known to be. sad that we need a VPN for security, but it is what it is.
I don’t know how could we get our devs to be more attentive to security.
there are a lot of us still on Plex that hadn’t reached the threshold of issues vs effort that would motivate us to migrate to something like jellyfin.
looks like we’ve arrived.
I already have a lifetime Plex pass so this isn’t an issue for me. 6 months from now when Plex decides my lifetime pass has a new expiry, then I’ll be motivated.
this exactly. I got a lifetime pass in the before times (pre-pandemic) back when they were $100 bucks ish, but I know it’s only a matter of time before they come for us grandfathered-in fools.
I have the lifetime pass, bought it for like $80 many moons ago.
looks like we’ve arrived.
Agreed, this is the tipping point. This is where we will see Plex start to abandon the lifetime pass in favor of “imaginary money line go up forever” subscriptions.
Why not run both? That’s what I do, then if Plex is an issue for someone I can make them a Jellyfin account
I haven’t. I bought lifetime Plex Pass something like 15 years ago. A price change doesn’t effect me. It’s all their shitty updates and removing of features that makes me keep an eye on Jellyfin. I already have a sync setup for my watch status and a couple of my main users. Jellyfins apps are still worse.
Probably going to get hate for this. But I have easily gotten 750 dollars worth of value out of my lifetime subscription. I’m sure they are doing this to drive down lifetime subscriptions and increase month to month. But I legit think 750 over 20 years it’s still a legit price.
About $3/mo. But for a lifetime deal you’re also buying the risk. If they go bankrupt, stop honoring the lifetime deal, or any variation thereof tomorrow, you’re out $750 - lifetime deals, where they exist are often heavily discounted compared to normal rates due to this. 20 years is though quite a long time. Plex is only 16 years old.
In a perfect world a company would limit the amount of lifetime deals available and only have them in the beginning to get some quick cash allowing them to scale. I don’t think Plex is running a very good business, which also devalues the lifetime deal.
It;'s probably about 800 euro, but that is still 800 euro more than Emby/Kodi/Jellyfin or whatever other altnerative. I had a lot of issues with Plex due to them requiring that proof of ownership thing which didn’t really work on TrueNas core I think it was?
Jellyfin is way easier imo
Jellyfin
Jellyfin isn’t great, but it sure doesn’t have this problem.
Enshittification in action.
enshitification isnt price hike all their “fonctionality” nobody were asking for are
My old kodi setup just works, year after year, and will work 10 years from now too…
A gentle reminder that Jellyfin exists to those thinking of alternatives.
A gentle reminder that Jellyin more or less requires you to set up a reverse proxy and a secure VPN to use it outside of your home.
Why would you not do that anyway?
Because if I’m watching locally I dont need them, and if I’m watching remotely Plex already offers secure remote viewing 'out of the box`. They give every user an SSL certificate and a public accessible URL at app.plex.tv. They also handle secure user authentication. The new price is stupid, but Jellyfin is not a 1:1 replacement.
For free (FOSS), and is way better than Plex
If you use it weekly it shouldn’t be free to you, certainly if you use it more frequently than that. Give money to the projects you depend on or they will disappear.
You find a place on jellyfin.org where they take donations? I was looking last night and only found a link where you could contribute your time.
If you click through some of the options on this page: https://jellyfin.org/contribute/
It links to a donation option here: https://opencollective.com/jellyfin
Thanks!
If you ignore the mostly horrendous UI, the security problems, the worse transcoding performance, the harder setup, the difficulty to access it remotely in a safe way,… Yeah sure, way better
Plex doesn't have hardware transcoding unless you pay almost 800 euro
I, and I assume everyone on this forum who has one, paid around 50-100€ for their lifetime pass. My hardware encoding works great and doesn’t need me to tell it about each and ever codec in existence and how to handle each one.
The new price is insane, but that was not the topic of this thread.
Isn’t plex’s price hike the main topic of this post?
Thats why I said thread and not post. This thread was comparing the two
You are right,. that is fair. You can also pay 230 euro currently for it.
The ui can be improved with community addons like moonfin but i agree it would be nice if they improved these out of the box
I couldn’t care less about the client design, since you have free choice there. If only the devs could be arsed to fix the issues that prevent me from just putting it behind a reverse proxy. If I could let people use it without exposing what is essentially an open door or forcing them to install a vpn, I would probably do that and slowly ween off Plex
deleted by creator
Lol, what an insane take. EVERY project that exposes an API is responsible for securing that. Its not rocket science, its server software 101.
Being free is not an excuse, especially when there are perfectly valid migration strategies, that don’t force them to abandon legacy clients.
Fans like you are the reason they get away with disregarding their basic responsibility
deleted by creator
How are other projects going to handle using the Jellyfin app to log into Jellyfin? I don’t understand this. I see sentiments like this pretending Jellyfin is perfect like they don’t understand why people use Plex. I want to give my mom a URL that she can login to (or even better she gives me a code) after she downloads an app. What is the point of Jellyfin itself not handling this? It’s pointless. If I’m going to have a half baked server app, I might as well just use Kodi. They can be as stubborn as they want with this but people need these very basic things. I’d actually donate money to the project if they didn’t stubbornly REFUSE to do the main thing every Plex user wants. Other projects don’t need to do this. The Jellyfin developers need to. I first tried Jellyfin 6 years ago and this is STILL an issue and so I just stay on Plex because I’ve already got lifetime. I WANT to move to Jellyfin but I need to give normies access to my stuff and apparently that’s a wontfix for them?? I can host all this shit myself. I just need it all built in and for the apps to support it. I don’t think anyone is crazy to want this right?
You just give those people the name of the app your recommend (Jellyfin, Moonfin etc) and give them the URL and their username, then they create a password.
It’s not that difficult for most and if it is you help them once with it.
deleted by creator
I’ve gotten my money’s worth out of the $74.99 I paid for Plex Pass Lifetime several years ago. If they ever get rid of my Plex Pass and try to say “Lifetime didn’t actually mean Lifetime”, I’ll be gone.
We’ve seen other companies pull this move by saying “lifetime” only applies to X version.
Except when I bought my lifetime it meant lifetime for the SERVICE, not the app…
Did it. I don’t remember it saying that. And I bought it around the same time as you since I paid the same price.
I like to think I got my money out of mine as well, even though I only used it for like a year or two before switching to jellyfin.
I know that whales exist, but seriously… Who is into self hosting but also into dropping $750 on a service that can end on a whim?
They dont want you to buy lifetime they want you to pay month to month.
I think it is safer to say they don’t prefer it. If they didn’t want you to buy it at all, they could discontinue the offering today.
Its like when a contractor quotes you a ridiculous price because they dont want to do the work. They assume you are going to say no, they dont want to do it. But if you say yes to their absurb price they are happy to take your money.
Never used Plex. Jellyfin has always met my needs, so I never bothered to try it.
Plex has been around quite a while longer than JF. Before JF, the only way to really have a “self-hosted Netflix” was with Plex, so there are a lot of us who built our long-standing media setups around that.
That said, I have a JF instance running and matched almost 1:1 with Plex specifically for this situation, so I’m going to start pivoting everyone to that as I wind Plex down.
Meh, I’ve used dlna with PS2 over 20 years ago. Not exactly the same, but for my needs essentially the same.
That’s an interesting method. I actually have a PS2 myself, running PSBBN. Maybe I’ll try that out.
There’s a great project called WatchState that allows you to sync show progress between JF and Plex. Highly recommend it for while you’re switching over.
Jellyfin has lots and lots of tutorials, fyi. it’s not as intimidating as it seems once you get going with it.
And Plex doesn’t require any. It’s okay to accept that one product can be more polished than the other, and Plex has a lot of stuff that “just works”
Jellyfin also „just works“. Getting it going is just as simple as plex.
Have you tried Jellyfin?
This is the most hilarious lie I think I’ve seen in a while from open source on here. To be clear I use it as my daily driver, I switched off Plex a long time ago when I saw the writing on the wall.
But I still have issues with media matching to this day, issues where subtitles on certain devices just refuse to display no matter what you do. And the server still loves to randomly take up absolutely massive amounts of memory for seemingly no reason whatsoever I ended up making a strip to just forcibly kill it and restart it every 12 hours to prevent it from eating the entire system’s memory.
And no my file naming is not the media issue everything I do is properly named exactly as jelly fin documentation says it wants by sonarr. Not to mention you are expected to maintain a VPN system just for accessing your media away from home as the web interface is so hilariously unsecured as to be a constant source of major system vulnerability.
It’s usable, but it’s not as just works as Plex I have thousands of TV shows, anime, and movies as in thousands of each of those categories and Plex never once failed to match to the correct media, never had a problem just playing subtitles on any client, and I think only ever had one major issue with the web interface in terms of security? There’s been lots of minor ones that would give people essentially just access to Plex but not the underlying system
Plex doesn’t “just work” I have lost access to my install more time than I can coun’t due to their weird prove you are the owner system.
I’ll admit I haven’t really looked into it, but how is the Jellyfin web interface insecure? I don’t currently, but in the past I’ve used ssh reverse port forwarding to my VPS and then used an Apache proxy and letsencrypt for ssl on a subdomain. Maybe I was just lucky, but I never had any problems.
It has had a pretty high number of RCE exploits including one recently the architecture of the web service is just very poor and leads to a lot of basic problems.
Personally I am not a fan of the language they chose, and I think it directly leads to a lot of these problems but that’s just like my opinion man.
The server itself also has tons of issues like the constant memory leaks that cause it to eat up endless amounts of memory that they don’t seem interested in fixing and basically once again push it to the users to deal with and a bunch of the boot lickers are like yeah you just need to put it in a Docker and limit its maximum memory as if that’s just normal and expected to need to do
Ah, yeah, guess I never realized it’s a .NET program. Never understood why an open source dev would choose .NET, but what can you do.
Also despise Docker (especially the modern over-reliance on it), but that always gets me into trouble when I admit that publicly.
I am right there with you on the docker hate I get the idea but the docker system itself is a huge problem. The amount of people that do not realize it completely bypasses system firewalls is very sad and unfortunate and leaves a lot of people vulnerable.
I personally try to use lxc containers that I set up myself for containerizing services and install them natively within the container
It has had a pretty high number of RCE exploits including one recently the architecture of the web service is just very poor and leads to a lot of basic problems.
So they had an RCE that got fixed therefore the software is bad and insecure. Therefore every OS and basically any enterprise software that was ever used is insecure.
Got it.
That would be the case, however the devs official stance is it’s unsafe and should not be used other than over vpn. So they also agree
People who dont know a lot of tech stuff cant set it up to access while outside the house so i wouldnt say it “just works”
I have it running in parallel with Plex to keep an eye on its progress. There is a lot of things that do not just work. Hardware Encoding for example, or safe remote access
I install Jellyfin using docker, go to the web address, make the credentials for it and I am up and running.
For Plex you need to do that whole gain ownership song and dance which is a pain if you don’t have full console and file access like on TrueNas.
My comment wasn’t for you then, it’s for people curious in an alternative but may be hesitant. Some people enjoy learning new things.
And Plex doesn’t require any. It’s okay to accept that one product can be more polished than the other, and Plex has a lot of stuff that “just works”
And it is ok to accept that Plex is getting worse and worse. Only reason why ppl use it these days is because they still have an old lifetime pass. As soon as they take it away or introduce a new tier of features or even removing features of it, they will swarming away from Plex.
And they will!
OC never said anything to do with your comment, you seem to be really offended by recommending an alternative to a tool that you use.
The company’s blog post also described a number of improvements they plan to make
After you pay: “oops, we won’t”
As a lifetime owner, the number of features they’ve deprecated is probably the worst part.
- Photo support (luckily Immich came along)
- Tidal integration (no idea if that was Plex or Tidal’s decision)
- Plugins (god forbid anyone add the functionality they keep removing)
It’s close between that and the last app overhaul that removed a bunch of functionality.
So basically, they just want to phase our the lifetime plan, but they know removing it outright would cause outrage so they “just” increase the price to massively lower interest and then say: “Well nobody wanted it so we removed the product”.
I swear to god plex and the profiteering sons of bitches behind it can go fuck themselves.
It’s good “fuck off” pricing.
The make more off of FAAS then lifetime sub’s. More of their users are FAAS users them stream your own.
