[koheripbal]

You're being a bit generous with credit to them. We have no idea how long the malicious actors had access (not do they it seems), nor what depth of access they had. I turned off my server until they have had a chance to verify that no malicious software updates have been pushed.

With regard to complex passwords, Plex is one of those accounts that using a random password is quite cumbersome since my kids and I are often connecting new devices that don't access the password manager. We also use it on smart TVs while on vacation. We use a unique, but simple to remember password.

The problem with Plex is that they force you to use cloud auth even if you self-host despite that not being necessary at all for those many of us that self-host. I don't have any other server I host that requires this. The local LAN login they claim works without auth doesn't work for most devices nor across subnets.

It means I cant access Plex when the isp is down and it means Plex sees my library and my kids' activity (which I don't like for privacy reasons), despite having paid for lifetime Plex before this was a requirement.

Think about the Plex as a business that may very likely get acquired one day by a large media corporation. What happens to my data then? Will they ask me to verify my ownership of content I host(ed)? They are already pushing commercial "free"content to my kids, which is exactly what I was trying to get away from.

[doorsopen]

I've switched to using jellyfin and i've never looked back.

[kornhole]

kodi.tv doesn't require any account either. The 2TB SSD I have connected to the RPI hosting it works as a good enough media server for my whole network. I love the unique channels and the ability to stream Newpipe from phone to it. I might try Jellyfin to learn its features.

[poglet]

Not sure how you've setup Kodi however I switched from Kodi to Jellyfin about a year ago.

I purchased a low powered computer with a Celeron N5100 (sorry I might have the model wrong) but I was looking for something that could support and transcode modern video formats in hardware, and connected my external drives too. From there I was able to install Jellyfin, then the Jellyfin clients on all my devices (TV, Phone, iPad etc).

It seems to work really well, espeicaly when exposing the server to the internet using nginx, a SSL certificate, DNS and a dynamic DNS provided by my Asus router. Unsure of the security of this or how to harden it -> VPN might be better for more security conscious people.

You mention you like the unique channels and the Newpipe feature, I don't think any of this is available in Jellyfin, it doesn't seem to be very customisable at all with the exception of a limited list of plugins.

[mikewhy]

> often connecting new devices that don't access the password manager

Isn't that what plex.tv/link is for?

[Thews]

There is no need for a "complex password" just use a passphrase and don't reuse it.

[fomine3]

it's still annoying to type on TV OSD keyboard by cursor