- cross-posted to:
- [email protected]
- cross-posted to:
- [email protected]
Plex has announced a massive price increase on the service’s Lifetime Plex Pass. On July 1, the lifetime subscription option will go from $249.99 to $749.99, an increase of 200%. The price hike will only apply to new subscribers, with no changes to monthly or annual subscription pricing.
Recently nginx had an RCE, so if your web server interface has an RCE, it doesn’t matter if jellyfin code is top-notch, if you happen to use a proxy with RCE in front of it. Wireguard has never had an RCE and I’m relatively certain it never will, because I believe you must be in possession of some keys to go very deep in the wireguard code, which in itself is not very large piece of code.
But yes, in principle I agree that we should code securely instead of depending on VPN to solve it for us, unfortunately it’s not the reality today. Memory safe programming languages help, but don’t completely protect against logic errors. VPN is general is pretty good for defence-in-depth.
The nginx rce relied an a series of requirements that affect almost nobody. You had to be using a very specific module and processing a specific type of data reverse proxy was not affected.
But regardless I get your point that anything can have an RCE. However as you say at the end in principle that does not mean you should just give up and expect external projects to handle your security. VPN is a great way to access your services and it is good defense and depth, but for the sake of being a successful project to the masses? It’s basically a dead end Road
I think that’s why we should still have requirements against software we run (although as some funnily say, we are free to get a refund), but not pretend that the software is more secure than it is known to be. sad that we need a VPN for security, but it is what it is.
I don’t know how could we get our devs to be more attentive to security.