update!: Home Theater (Software) #2938
Conversation
|
@jonaharagon could the build configuration be something wrong or something else, could you check it? If it fails like that something is up. |
friadev
added
the
pr:missing discussion
friadev
left a comment
friadev
left a comment
There was a problem hiding this comment.
Needs to be approved on the forum.
github-project-automation
bot
moved this from Unreviewed
to Needs Changes
in PR Review Status
friadev
added
the
c:software
✅ Your preview is ready!
Please note that this preview was built from an untrusted source, so it was not granted access to all mkdocs-material features. Maintainers should ensure this PR has been reviewed locally with a full build before merging. |
|
Cancel, feel free to deny the re-request I got confused for a moment. |
|
Yeah I'm not happy with VLC. I think we should expect some baseline level of basic security when recommending third party apps, and here VLC doesn't offer an official flatpak and the one that is available is basically not sandboxed at all: full filesystem access etc. On macOS, VLC does not use the App Sandbox and has entitlements for JIT and microphone and camera access. Also it's not on the App Store which means no nice autoupdates from there. I really don't want to recommend this when the default media player is better. |
Anyone else's thought on this? Will consider removing if agreed upon. |
|
@friadev VLC is on the app store In conclusion I am 50/50 on this. |
If you want the macOS version you can't download off the app store, and the version you get from their website doesn't enable the App Sandbox. Also has some weird entitlements like allowing JIT for some reason. The fact that they do have a sandboxed version for iOS tells me they could enable it but they just choose not to for some reason. |
Kodi at least offers an official flatpak. Looking at their macOS app, they have fewer entitlements like enabling JIT and camera/mic, but they still don't enable the App Sandbox and they disable library validation which is a security feature: https://developer.apple.com/documentation/bundleresources/entitlements/com.apple.security.cs.disable-library-validation |
|
I would prefer somebody open a VLC thread on the forum so we can get more eyes on this than just whoever is looking at PRs. My 2 cents though: I think we should consider the context that people are using these media players in. If it's largely trusted content, like media people have ripped themselves, then using tools like this does seem like an improvement to me. This could actually be a great opportunity to address security issues with media on the site. I think @friadev had a good point that we've seen a lot of vulnerabilities directly caused by esoteric media engines in other apps like Chrome and iMessage. If we recommended tools like VLC we could add a section about these dangers and a warning about running internet content. I think that this approach would be more educational and useful to readers than simply avoiding the topic of media players on the site. |
Yeah I suggested that. I could but I don't actually want it to be added so it would be me making the suggestion and then immediately shutting it down which makes no sense. |
|
This pull request has been mentioned on Privacy Guides Community. There might be relevant details there: https://discuss.privacyguides.net/t/kodi-home-theater-software/25866/2 https://discuss.privacyguides.net/t/vlc-media-player-software/25865 |
redoomed1
removed
the
pr:missing discussion
|
it's been a week so about time we summarize and decide:
let's see for the following CVEs of each of them also:
that's all on report based on what I gathered and experience. What do you think is our next move? For transparency: CVEs have been sourced from: https://www.cvedetails.com/ |
|
Based on all discussion so far, I would be fine with renaming this page from Media Players to Home Theater, and listing Jellyfin and Kodi. Media Players (covering tools similar to VLC, IINA, etc.) can be a separate page and PR in the future, but at the moment it does not sound like there are any we actually want to recommend, so I would not proceed with those recommendations at the moment. |
|
Alternatively, we could wait for #2970 to be merged, add Jellyfin to that page, and not list Kodi for now and not create a new media players/home theater category at all. Might make more sense now that I'm thinking about it. |
Whatever you prefer, if that's your preference we'll stick with that. |
|
will be waiting for the that PR to merge first and decide |
github-project-automation
bot
moved this from Needs Changes
to Done
in PR Review Status
Signed-off-by: Gorujo-kun <gorupublic@gorujokun.cy>
It's cross platform after all. Signed-off-by: Gorujo-kun <gorupublic@gorujokun.cy>
working on the VLC. Signed-off-by: Gorujo-kun <gorupublic@gorujokun.cy>
Signed-off-by: Gorujo-kun <gorupublic@gorujokun.cy>
Signed-off-by: Gorujo-kun <gorupublic@gorujokun.cy>
Signed-off-by: Gorujo-kun <gorupublic@gorujokun.cy>
toning it down after trying to open an image in vlc on linux, out of the box it's not great, it really treats images as video and is short out of the box. Signed-off-by: Gorujo-kun <gorupublic@gorujokun.cy>
trying to comply with the names / trademark, we're giving it a formal name for the start as per https://wiki.videolan.org/Intellectual_Property/#Names_.2F_Trademark but to keep the characters short we'll keep it to VLC for the rest Signed-off-by: Gorujo-kun <gorupublic@gorujokun.cy>
Signed-off-by: Gorujo-kun <gorupublic@gorujokun.cy>
Signed-off-by: Gorujo-kun <gorupublic@gorujokun.cy>
uploading as png and will update the markdown to reflect that Signed-off-by: Gorujo-kun <gorupublic@gorujokun.cy>
Signed-off-by: Gorujo-kun <gorupublic@gorujokun.cy>
Signed-off-by: Gorujo-kun <gorupublic@gorujokun.cy>
Signed-off-by: Gorujo-kun <gorupublic@gorujokun.cy>
Signed-off-by: Gorujo-kun <gorupublic@gorujokun.cy>
hopefully? Signed-off-by: Gorujo-kun <gorupublic@gorujokun.cy>
Signed-off-by: Gorujo-kun <gorupublic@gorujokun.cy>
Signed-off-by: Gorujo-kun <gorupublic@gorujokun.cy>
Signed-off-by: Gorujo-kun <gorupublic@gorujokun.cy>
Signed-off-by: Gorujo-kun <gorupublic@gorujokun.cy>
MacOS I can't comment on as I don't have a MacOS device. Signed-off-by: Gorujo-kun <gorupublic@gorujokun.cy>
Signed-off-by: Gorujo-kun <gorupublic@gorujokun.cy>
Signed-off-by: Gorujo-kun <gorupublic@gorujokun.cy>
dngray
force-pushed
the
pr-gorujocy-mediaplayers
branch
from
c3ce179 to
1311a16
Compare
dngray
force-pushed
the
pr-gorujocy-mediaplayers
branch
from
899a794 to
82b073c
Compare
That's now been done, so we could look at this. I think in general media players don't make a whole lot of sense, although VLC probably does on windows, over say windows media player which no doubt has some AI abilities, because why not. If we're looking at Linux well, there's mpv as well. so I do agree in keeping this page about home theater options.. In terms of privacy this page does make more sense in terms of a minipc or single board computer running linux with something like Jellyfin or Kodi for privacy reasons over say smarttv firmware which probably sends all sorts of data back to the manufacturer (eg samsung). I do think we should avoid making hardware recommendations like the Raspberry Pi however, as there's nothing particularly privacy friendly about that and for this purpose it may not even be the most cost effective idea. |
Oohoo never expected the day to come back. Anyways few things:
|
6 participants
List of changes proposed in this PR:
Follow up of what Jonah (@jonaharagon ) said in PR #2930 which was supposed to be a contribution for alternatives towards smart TVs, I'm doing what he asked which is to separate them into 2 pages and 2 separate PRs of those with the names that was suggested in the old PR. And we're beginning with the media players and will work on the hardware side later!
As always let me know if you spot any mistakes or any changes to be made or want to pitch in new recommendations and more importantly any objections thank you. For more context I do recommend looking at that past PR.