Switches, Security gear, nvr, central local management etc. not really something others can or do offer.
Ia it the best probably not but its still good well functioning equipment, for what it offers.
Just because something else works better, does not mean that it works not good.
Yes its expensive but also good gear mostly (never used the door bell myself).
PoE switch is not necessary, PoE injectors can be had for couple of bucks used.
I would go full IP. Solutions like Reolink or unifi exist that do now need the cloud.
Only challenge would be getting ethernet to the door.
But there are 2 wire to ethernet even with poe from unifi. https://eu.store.ui.com/eu/en/category/accessories-poe-power/products/uacc-retrofit-poe-2wire
Not sure if they work well, never uses them but i would try that.
Yes, since with optimizations on OS level and with custom kernels you can pretty much tune it to any other result.
Tailscale controls the routing, thus the traffic. They control which keys get trusted. They most of the time distribute and develop the software.
It would be quite easy for them to start snooping on traffic, while on the internet anything basically is additional encrypted, that would not apply so broadly to the traffic that get sent via tailscale especially the self hosted crowd, a lot of that traffic would be http and unencrypted.
Just as much as Tailscale is self hosting.
So not at all?
Tailscale is just a Service. Not sure how you could even think calling Tailscale self hosting.
I am saying all this because it’s more blown up than it is. I have said in basically every single post that it needs to be fixed right? So pls do not suggest that I do not want it to get better.
But, this link to the collection of vulnerabilities gets posted on every argument without any explanation and or classification. Which is also not ok.
Just because you do know any or that there are no know to the public does not mean it is secure. Do we know if the plex communication with your server is secure? No one cares, because no one is looking into it.
The main issue, is that ita not that simple to get new versions on the closed eco systems on many smart TV, especially when you are just a single dev and no company who can throw money on the problem.
As I said, the issue is not that big, and mainly an excuse for most ppl. The API break will come, hopefully sooner than later, but it needs to be carefully designed, to prevent issues in the future.
But again, the current issue is not that much of a problem. I do not see the benefit of anyone to probe my server if i have certain media files on there. And i do not use the default paths.
I am saying that the mentioned security vulnerbility is not as big as ppm make it to be. The bad thing right now is that IF you know the exact path of a media item you can probe if its there. As soon as you varg your path by just single character from the default/guides that are out there, this is basically no longer practical.
Is this ok? No. But to fix this, every Client would be broken.
The current API dies not follow modern security practices since some are not or partially autheticated. Thats basically inherited by Emby.
That is the current main issue and needs to be dealt with.
I assume that after the last EFcore (database handling) this gets addressed since now the API can be designed around the standerized databade calls.
Also overseer is also not saying “pls host on the public internet”. If you do so, you are on your own. Why jellyfin gets treaded different? I do not know.
EDIT: I guess at least some ppl, use this as a comfortable excuse to stay on Plex. “But it is insecure… so i can not set it up”
No, it is impossible to certify security, it’s only possible to certify insecurity.
They could only say something like “it’s designed to run exposed” or something like it.
You can pay for the audit if you like and still there would be no certainty.
I assume, before they say something like that they want a completely new API. But this would break every single client.
The question is, are the vulnerabilities actually a risk for your setup?
Should they be fixed? Absolutely.
But do they affect you? For me its basically a no.
A vulnability can be a nothing burger or critical issue that needa to be fixed. But it depends.
i feel like one issue is a bit of a downplay here,
But how does it matter if the issue is closed or open? It is linked and stated early and tracked.
That issues get merged and closed is quite normal when there arw duplicates.
Also, i think the oppoaite. The issues get ‘upplayed’. Which one of these are you actually worried about? And how does they affrct you?
My second complaint is the security design. They’ve had open issues about unauthenticated endpoints for three or four years now. And whenever the issue gets so old that it starts to look bad, they refactor the issue into a newer issue abd bury it in the sand.
You mean that one issue that is still open and linked in the “security and quality” tab on github?
No, not really. But what should i expect from someone who states as an ‘objective opinion’ “I do not like the programming language so the project is bad”
If i had to guess, since you are jumping on the memory leaks, you got an issue, reported it and did not get treatet like they fix it with a priority.
You keep jumping on “They had an RCE so the security must be completely broken”
Once? No jellyfin has had about 4 major RCE issues since the fork. At least 4 that I’m aware of. Blaming it on the previous code only makes sense if the split is recent. They have had time to completely rewrite if they really want.
It absolutely makes sense, otherwise they would have had to throw everything away.
The EFcore refacotring was like 6 years in the making.
And all that from just a few single ppl. Look at the ckntributer list, and how many contribution. Not many active devs are working on jellyfin on their free time. The problems that jellyfin has, is not from a lack of trying but a from a lack of finger and arms.
And you need to take it like it is.
But for complete other reasons than RCEs or similar.
As an FOSS project that inherited lots of shitty code this is basically the best thing they could do.
Not sure why, but you get specific about once RCE but not about other problems and keep vague about them. Is it the lack of understanding or disingenuousness?
It has had a pretty high number of RCE exploits including one recently the architecture of the web service is just very poor and leads to a lot of basic problems.
So they had an RCE that got fixed therefore the software is bad and insecure. Therefore every OS and basically any enterprise software that was ever used is insecure.
Got it.
And Plex doesn’t require any. It’s okay to accept that one product can be more polished than the other, and Plex has a lot of stuff that “just works”
And it is ok to accept that Plex is getting worse and worse. Only reason why ppl use it these days is because they still have an old lifetime pass. As soon as they take it away or introduce a new tier of features or even removing features of it, they will swarming away from Plex.
And they will!
OC never said anything to do with your comment, you seem to be really offended by recommending an alternative to a tool that you use.
Have you even read the issues and understood them?
Yes, those should be fixed, but unless you are worried about someone hijacking a video stream when you use a generic media path, there is not that much to worry about.
First, I personally have not used it (but a security cam). But i have done some research.
Reolink Integration has Platinum Status on Home Assistant.
If you can set up Frigate then there seems to be 2 Way Voice Communication possible via the Home Assistant App.
There are a couple of Videos that show the process.
Reolink has at least one PoE Doorbell.
https://m.reolink.com/product/reolink-video-doorbell-poe/