So you say my personal preference and taste does not matter?
The point is, the amount of time and effort it takes to tune any distro to your personal preference.
There are distros that fit your needs out of the box and there are distros that need hours of setting up and tuning to fit them.
No but PoE and AP helps.
The point is, the anecdotal evidence that you mentioned has nothing to say about other points you are making.
Just because product X runs better in a use case with software Y, does not mean product X is bad.
I do not want to come across like a ubiquity fan boy, since i only use it very targeted privately but the stuff is good, it’s supported and a plug and play solution without the cloud. Exactly what fits the bill for what it’s asked for here.
It is run in operation by thousands of businesses. Does it have problems, sure, like every other brand.
Have run openWRT myself on one of the latest lite APs, was good. Have not noticed a significant difference in the usage between both.
First, I personally have not used it (but a security cam). But i have done some research.
Reolink Integration has Platinum Status on Home Assistant.
If you can set up Frigate then there seems to be 2 Way Voice Communication possible via the Home Assistant App.
There are a couple of Videos that show the process.
Reolink has at least one PoE Doorbell.
Switches, Security gear, nvr, central local management etc. not really something others can or do offer.
Ia it the best probably not but its still good well functioning equipment, for what it offers.
Just because something else works better, does not mean that it works not good.
Yes its expensive but also good gear mostly (never used the door bell myself).
PoE switch is not necessary, PoE injectors can be had for couple of bucks used.
I would go full IP. Solutions like Reolink or unifi exist that do not need the cloud.
Only challenge would be getting ethernet to the door.
But there are 2 wire to ethernet even with poe from unifi. https://eu.store.ui.com/eu/en/category/accessories-poe-power/products/uacc-retrofit-poe-2wire
Not sure if they work well, never uses them but i would try that.
EDIT: Typo
Yes, since with optimizations on OS level and with custom kernels you can pretty much tune it to any other result.
“History started yesterday” vibes. Nato had been amassing forces on their borders prior to the Russian invasion, and had already pushed east into former Warsaw pact territories after the dissolution of the Soviet union despite promises not to do so.
A ‘promise’ that has been debunked often enough. Used by the oppresor to justify his actions.
Also since Ukrain IS no part of the NATO it does even if it would be true, which it is not make even less justifications.
You make a pact and then leave something that important out of the official part? Common.
Tailscale controls the routing, thus the traffic. They control which keys get trusted. They most of the time distribute and develop the software.
It would be quite easy for them to start snooping on traffic, while on the internet anything basically is additional encrypted, that would not apply so broadly to the traffic that get sent via tailscale especially the self hosted crowd, a lot of that traffic would be http and unencrypted.
Just as much as Tailscale is self hosting.
So not at all?
Tailscale is just a Service. Not sure how you could even think calling Tailscale self hosting.
I would update. In a few months those will be published I’m sure.
I mean the patches themself are there and visible. The only thing that is not there is the explenation on what the vulnabilitie is/was.
Why should you? They got fixed?
Often security vulnabilities do not go public the moment the got discovered. There are often wirhheld to only the researcher and the team or only a few ppl of the team the vulnabilitie related to.
This is to give system admins time to update and patch their systems before more details and the research gets released.
Responsible disclosure is one of those procedures.
I think it’s not congruent with wanting to improve jellyfin if your reflex is immediately to say that nothing is truly secure.
At no point in life I said that.
Jellyfin has proven with the latest RCEs that they can handle relevant critical security vulnabilities.
As always, jellyfin does not have that much relevant contributers, and a lot of work has been done in recent time. It is very easy to lean back and say what they should or should not have been doing.
Breaking Clients would make the project not usable for many ppl or at least decrease the usability.
As i have already said, getting uodatea on those closed eco systems can be a nightmare.
I am saying all this because it’s more blown up than it is. I have said in basically every single post that it needs to be fixed right? So pls do not suggest that I do not want it to get better.
But, this link to the collection of vulnerabilities gets posted on every argument without any explanation and or classification. Which is also not ok.
I don’t think downplaying them is the way to go though, Some of these issues have been in existence since 2019.
I am not downplaying them. And yes they should get fixed. But this attack needs access to an account on your server.
so as long as you can guess the full file path,
Yes, also should be fixed, probably by some sort of salt and authentication, but can be easily prevented by adding a random character in the base/root path to the media. Especially with docker or similar, thats an 1 min fix.
And even if not? What then? Why would someone want to attack that?
Those are not good, no. But no deal breakers and actually more blown up then downplayed imho.
Just because you do know any or that there are no know to the public does not mean it is secure. Do we know if the plex communication with your server is secure? No one cares, because no one is looking into it.
The main issue, is that ita not that simple to get new versions on the closed eco systems on many smart TV, especially when you are just a single dev and no company who can throw money on the problem.
As I said, the issue is not that big, and mainly an excuse for most ppl. The API break will come, hopefully sooner than later, but it needs to be carefully designed, to prevent issues in the future.
But again, the current issue is not that much of a problem. I do not see the benefit of anyone to probe my server if i have certain media files on there. And i do not use the default paths.
I am saying that the mentioned security vulnerbility is not as big as ppm make it to be. The bad thing right now is that IF you know the exact path of a media item you can probe if its there. As soon as you varg your path by just single character from the default/guides that are out there, this is basically no longer practical.
Is this ok? No. But to fix this, every Client would be broken.
The current API dies not follow modern security practices since some are not or partially autheticated. Thats basically inherited by Emby.
That is the current main issue and needs to be dealt with.
I assume that after the last EFcore (database handling) this gets addressed since now the API can be designed around the standerized databade calls.
Also overseer is also not saying “pls host on the public internet”. If you do so, you are on your own. Why jellyfin gets treaded different? I do not know.
EDIT: I guess at least some ppl, use this as a comfortable excuse to stay on Plex. “But it is insecure… so i can not set it up”
No, it is impossible to certify security, it’s only possible to certify insecurity.
They could only say something like “it’s designed to run exposed” or something like it.
You can pay for the audit if you like and still there would be no certainty.
I assume, before they say something like that they want a completely new API. But this would break every single client.
I think you heavily are misinterpreting the " The Distro does not matter" argument.
Usually ppl want a distro that “does x” and the answer will be “the distro does not matter, use the one that suits you the mkst”.
The argument “The disteo does not matter” does not come from the user preferences site of things but feom the technical " i want to video edit, “i want to game” etc.