Doesn’t $0.36 times 150,000 downloads come out to 54 thousand dollars, which is a lot of money?

People have audited the APIs and it is a known issue that if you know the correct URL to certain resources on the server (e.g. specific files) you can fetch them without authentication. Nothing more serious than that has been found.

I would trust the FOSS software’s actually auditable security any day of the week over the sketchy proprietary solution targeting an extremely niche market.

For some reason they recommend against directly forwarding Jellyfin’s ports, but reverse proxies are fine. I expect this is because the default configuration doesn’t use SSL.

This smug mentality that security is unnecessary when exposing ports to the open internet reminds me of people who think its fine to drive drunk because “I’ve done it dozens of times before and nothing happened!” It also reminds me of the mentality of tech company VPs right before they have a massive data breach. It’s quite absurd to read.

I think you’ll find without exposing ports to the open internet we would not be having this conversation right now. Which, I suppose, wouldn’t be such a bad thing.

It does not say that in the documentation. What the documentation does have, however, are extensive instructions on how to make Jellyfin accessible on WAN: https://jellyfin.org/docs/general/post-install/networking/ https://jellyfin.org/docs/general/post-install/networking/reverse-proxy/

I’m not sure if you’re joking or not, but you can remotely stream from Jellyfin without using a VPN.

Abandoning streaming services only to become a serf of another commercial subscription service seems like such a bizarre move that I really don’t understand how Plex users even exist.

Fairphone also lets you change out the battery very easily, so it’s not that big of a deal if it degrades. You might save the world 20% of a battery’s worth of e-waste by micromanaging your charging, which won’t really make a difference.

That’s called a partial update and is strongly discouraged by the Arch Linux documentation.

The reason people say that Arch is unstable is that you are expected to read the news on the website before every update or else your system is liable to be broken – and sometimes it will break in spite of that. Oh, and the expectation is that you’ll be updating multiple times per week, and if you don’t, you will soon be in a situation where to install any package you must update your entire system.

Most other distros place no such expectations on the user.

That subtitle isn’t real

My understanding is that it is fixable by just implementing a couple of APIs, but Artix barely has the resources to fix their own init system, so they aren’t able to support such compatibility.

No you haven’t. The security is the Jellyfin login prompt, then Jellyfin itself, then the Jellyfin container, and if you’re really paranoid, that container won’t be in your LAN.