Open ghost opened 2 years ago
scruffynerf
commented
2 years ago I'd suggest you use Stashbox instead of trying to add these features to Stash.
Adding links/video to Stashbox would be trivial, compared to add the user stuff to Stash.
Don't use a hammer when you want a screwdriver.
ALonelyJuicebox
commented
2 years ago IMO...I don't think Stash instances (or the folks hosting them on their personal machines) are nearly mature enough for it to be exposed to the public world and I think this opens folks up to a lot of security risk that they may not have been ready for/expecting.
YurikaL
commented
2 years ago Rather than a public website which requires a lot of complex setup, it would be nice if Stash nodes could connect to each other via some kind of P2P, and share content metadata along with its hash ID, such as magnet links or ed2k links. And then Stash should forward this links to external download client. Much more robust and convenient!
scruffynerf
commented
2 years ago While stashDB won't collect those urls, you could certainly setup a Stashbox instance that collected links like that... Stash itself needs multiple urls support but if that's added, the rest would be easy. Feel free to make a stashbox if that floats your boat. I'll repeat: screwdriver or hammer...
ALonelyJuicebox
commented
2 years ago IMO...I don't think Stash instances (or the folks hosting them on their personal machines) are nearly mature enough for it to be exposed to the public world and I think this opens folks up to a lot of security risk that they may not have been ready for/expecting.
As long as there was at least one public stash instance the number of people using stash would be far greater than it is right now and all issues would probably be solved faster.
Besides, hacks usually happen because server maintainers don't upgrade the software after a security vulnerability is noticed and fixed, not because the software "isn't mature enough".
Nah man...putting my security hat on for a second, I'm going to have to completely disagree with you here. When I say "this project isn't mature enough yet to have average users expose their servers to the public web" I mean we have no HTTPS support, we have no IP address logging, our update process is entirely voluntary with no education to the user on when updates have occurred (compromising our ability to fix vulnerabilities even if they are patched), we have no multi user support, we have no 2FA support, we have no support for mitigating abusive behaviors (brute force attacks, etc) and I have no idea how much work we've put in towards sanitizing inputs, URLs, forms, etc to avoid malicious behavior.
This isn't intended to disparage the great work our dev team has put in, but trying to learn from the issues other media platforms like Plex have battled through, I very much want to avoid a scenario where compromised machines running Stash now become part of some massive botnet used for DDOS or something.
Optionally show metadata for all content not tagged Non Copyrighted. So content tagged Non Copyrighted would allow watching the actual content and the content not tagged Non Copyrighted would only allow seeing the metadata like stash-box.
This isn't how copyright works though-- as soon as the media is created, the creator of that media becomes the copyright holder. Yeah there's more to it in terms of registering the copyright in order to sue someone on it, but "non copyrighted" isn't a thing.
scruffynerf
commented
2 years ago Asking for Stash to add these is way off from Stash development needs. You want to turn this from a screwdriver into a hammer. I suggested Stashbox is a closer fit to a public website, and you dismissed that. It's unlikely your issue will see any development effort given the things that actually need to happen to solve current issues that are about being a screwdriver.
ALonelyJuicebox
commented
2 years ago I don't see your point. That seems like a list of tasks to complete if this issue were to be implemented.
My point goes back to my initial comment. You mentioned hacking is usually a result of devs not keeping up with projects and I disagreed for the reasons I brought up. I just don't think Stash, in its current state, is mature enough of a platform for your request given (at a minimum) the poor man's non-exhaustive list of security concerns that I mentioned.
That's irrelevant. The main purpose of this issue is for content creators to host their own website, instead of relying on centralized services like manyvids. The tag could be
Non Copyrightedas it could beMineor whatever.
Maybe I'm in the minority and totally off base, but that main purpose as you're describing it here isn't what I gathered from your initial request (which sounded more like Plex shares tbh)
I mean...thinking out loud here, if I'm hosting Stash at home for the content that I've created, what benefit does that have for me over making use of a platform like ManyVids? Users can't pay me for the content directly like they can on ManyVids, I'm going to reach bandwidth and hardware limitations pretty quick if I start getting a fair amount of traffic (things I don't have to worry about on MV), I'll have to do extensive marketing outside of Stash comparatively as there's no inherent traffic, no form of DRM (even basic UDP stream stuff) for my content, all the security issues I mentioned earlier, and lastly, Stash just isn't really designed for the use case you're inferring here. On a list of platforms I'd use for that use case Stash isn't even on the board for this for me.
It might serve you well to chunk up more of this request into their own separate issues as well, there's a lot of material you're requesting in one go here
scruffynerf
commented
2 years ago It might serve you well to chunk up more of this request into their own separate issues as well, there's a lot of material you're requesting in one go here
Please don't even encourage this. None of this request is actually worth considering. Stashbox does some of this out of the box, and adding video to Stashbox is a trivial task, relatively. You have easy theming and access to video url links, so a player is easy to add with those two things at hand. I'm looking at doing this, for other reasons.
DogmaDragon
commented
2 years ago we have no HTTPS support, we have no IP address logging, our update process is entirely voluntary with no education to the user on when updates have occurred (compromising our ability to fix vulnerabilities even if they are patched), we have no multi user support, we have no 2FA support, we have no support for mitigating abusive behaviors (brute force attacks, etc) and I have no idea how much work we've put in towards sanitizing inputs, URLs, forms, etc to avoid malicious behavior.
I don't see your point. That seems like a list of tasks to complete if this issue were to be implemented.
But that's not the goal of Stash and implementing it would require a lot of time dev time instead of focusing on features that are in line with what Stash is. It's an open source project, fork it and work on it or hire a developer to assist you if that's something you want.
This isn't how copyright works though-- as soon as the media is created, the creator of that media becomes the copyright holder. Yeah there's more to it in terms of registering the copyright in order to sue someone on it, but "non copyrighted" isn't a thing.
That's irrelevant. The main purpose of this issue is for content creators to host their own website, instead of relying on centralized services like manyvids. The tag could be
Non Copyrightedas it could beMineor whatever.
There are a bunch of decentralized sites already. Nobody is using them. The most popular I think is https://wetspace.com
pickleahead
commented
2 years ago It is not only about the amount of work and effort. You would also put yourself in serious risk. With the amount of issues a public stash would face (security, performance, content protection, …), it is far more reasonable to start your own project. Build a frontend with a framework of your choice and feed it with stash metadata. There are tons of frameworks out there allowing easy implementation of your feature list in a proper and secure way and with more developers behind than stash will ever have.
holly-hacker
commented
1 year ago I would still see a lot of use in this. I want to share some content I have with a limited amount of other people and I'm writing my own app because Stash doesn't support this.
ALonelyJuicebox
commented
1 year ago I don't think anyone's arguing the utility of the request, it's everything else I and others have mentioned. I mean tbh, if you really needed to be able to share your Stash today, you can have it it just comes with some caveats as well as the potential security exposure I brought up.
Hey worst case...if you're already considering writing your own app, you might as well fork Stash to do what you need it to.
holly-hacker
commented
1 year ago For the case of Stash, all I'd need is to have non-admin accounts that can view content but not modify their metadata or edit settings. It would be nice if there was more granular access control (ie. block/allow access to certain videos/actors/sites) but just having multi-user support would be a great first step.
I think the original intent of this issue was to have the same but without login (ie. make non-authenticated users able to view content without being able to modify), and that should tie in to this pretty nicely.
I would like to serve all content as a plex share.
Allow users to curate the content like in stash-box. Waiting for moderation approval on deletes, merges, etc or however it works in stash-box, I'm not really sure. Allow the admin to choose moderators.
Add an optional setting so users can gain points with uploads or by curating the content. Watching, downloading and performing certain actions would cost points depending on the number of users, so with heavy load doing something like a database join wouldn't be possible.
Related to account system, users and permissions, account uploads.