having to do a firmware update on my soldering iron

You don’t. It works perfectly fine OOTB. Can’t speak for the Pinecil v2 with Bluetooth and the companion app but I have v1 and the software been stable and bug-free enough I’ve never even given a thought to updating the firmware on it

Oneplus 7 Pro on release. Amazing phone, great value. Still holds up years later

deleted by creator

Thanks for the correction. A full month is much more problematic.

Thanks, SUSE completely slipped my mind

How does the xz incident impacts the average user ?

It doesn’t.

Average person:

• not running Debian sid, Fedora nightly, Arch, OpenSUSE Tumbleweed, or tbh any flavour of Linux. (Arch reportedly unafffected)
• ssh service not exposed publicly

The malicious code was discovered within a day or two a month of upload iirc and presumably very few people were affected by this. There’s more to it but it’s technical and not directly relevant to your question.

For the average person it has no practical impact. For those involved with or interested in software supply chain security, it’s a big deal.

Edit:
Corrections:

• OpenSUSE Tumbleweed was affected; Arch received malicious package but due to how it is implemented did not result in compromised SSH service.
• Affected package was out in the wild for about a month, suggesting many more affected systems before malicious package was discovered and rolled back.

If you’re ok with just file storage sftpgo has been solid for me for years now. Does sftp ftp and WebDAV (like nextcloud). Webui isn’t as pretty but it’s fast. Mobile apps will be various sync apps with sftp or WebDAV support. On Android folder sync pro is pretty good for keeping documents and pictures backed up

They did. Its called airmessage. Has been around for almost 3 years now

Full disclosure: I’ve never used 1Password so can’t really comment on it compared with others, but I’m currently running a selfhosted Bitwarden re-implementation (vaultwarden) and am generally pretty happy with it. I’ve only ever used LastPass as a password manager before (aside from a seeding algo back in the day), and while I really don’t like their business practices or security history, their extension has or at least had a bit better consistency on Firefox than Bitwarden does, at least with regards to detecting username/password fields and detecting when a new credential is being created and asking it to be saved automatically. That being said, it’s something that I can live with considering it’s free software. As far as I’m aware, in terms of features all the big players in that space are pretty evenly matched, though I do remember some advanced feature that 1Password offered over others; maybe related to privilege access management in enterprise.

Just another option. If you know already or are willing to learn how to write documents in markdown format (like how lemmy supports), and learn some of infrastructure set-up and it can be between free and very cheap to have a blog on something like netlify.app, github pages or others. There are plenty of static site generators out there that can be both relatively easy and very powerful.

I currently have a private blog set up on a cloud provider that just takes markdown documents and builds those along with some templates and webpage code to create a site like this. Although I have mine hosted on a VPS with my own domain, it’s completely possible to use something like github pages, netlify.app, etc. for that. They’re both free afaik to host on, but if you want to pay for a dedicated service they are usually between 2 and 5 USD per month.

Edit: The option above isn’t activitypub software, sorry for not realizing that immediately, but it is federated in a way I suppose.

so I assumed someone would probably have subscribed before me

I think the community is very new, so there’s a decent chance you were the first. As to the overloading problem, it’s certainly possible. Lemmy.world has a ton of users, and while I know ruud is dedicating a lot of resources to your lemmy instance, it just may not be enough to keep performance great. There’s been a lot of reports of performance problems by both lemmy.world users and federation problems between .world and other lemmy instances, most likely from being overloaded. You might try setting up a secondary account on another instance if you’re inclined, can’t hurt. Then at least you’ll be able to compare. Mine is on sh.itjust.works and everything has been pretty decent for me since the latest software upgrade, just as a point of reference.

Sorry for my cluelessness, I’m new to the fediverse

No worries mate, we’re all new here. I’m still getting used to things too.

Thanks bot, but you weren’t needed in this particular case. You’re a Good Bot though.

how can that be if others from this instance have already subscribed?

How certain are you that the community was already subscribed to? You may be the first person on your instance to subscribe there. If that’s the case you’ll only be seeing anything posted after you subscribed.

That is, unless Faceman is correct, in which case lemmy.world will eventually backfill content when it can.

For example, I’m seeing three posts there on both my instance and when I visit https://feddit.nl/c/trendingcommunities. I’m fairly sure that when I first subscribed I could only see the first post, but definitely not sure that’s the case.

Oh that’s interesting, that’s the first I’ve heard of it. I wonder how one would go about testing if that works.

It depends on if you were the first person on your instance to subscribe, and if that subscription happened before or after the posts were made. Lemmy doesn’t do backfilling content, which means only new content after the subscription happens will be visible to your instance. I’m not a fan of that personally, but I can see why they did it that way.

They mostly do by default, which is pretty annoying. But there are ways around it. I’m currently self-hosting a Miniflux instance where I can set per-feed whether or not it will try to parse the full text of each article. Most of the time that works, but on the off chance it doesn’t I fall back to Morss by prepending the feed with http://fulltext/

Agree completely. In the grand scheme of things the damage that appears to have happened here is small potatoes, but it brought attention to the vulnerability so it was patched quickly. Going forward now, the authors and contributors to the project might be a bit more focused on hardening the software against these types of vulnerabilities. Pen testing is invaluable on wide user-base internet accessible platforms like this because it makes better, more secure software. Unfortunately this breech wasn’t under the “ethical pen testing” umbrella but it sure as hell brought the vulnerability to the mindshare of everyone with a stake in it, so I view it as a net win.

I self-host basically everything I can, aside from email. Self-host Calendar, contacts, streaming, budgeting, documents and storage, passwords, private chat, etc.

Email I’d love to self-host, but consensus seems to be that it’s between moderately difficult to impossible to get outbound deliverability depending on quite a few factors, some of which are out of one’s control.

As for reasons why I self-host, basically everything you’ve listed in your post. I want to be the owner of my data, not some corp making profit by mining it for ad revenue or selling it to data brokers. Also I love digging into the guts of standing up my own services and keeping them maintained, I’ve learned so much over the years from it.

I’ve heard only good things about it, but haven’t tried it myself. Mostly due to laziness finding the sources of my f-droid apps. How quickly do you usually see update notifications after a new release drops OP?

By default one should assume everything I utter is sarcastic…except this sentence; this is real real.