If you're on android I can highly recommend Eternity. Open source and a fork of Infinity for Reddit; which is still going as a paid service post Reddit API débâcle. I loved Infinity prior to Reddit being a bitch and Eternity is just as great

Telegram's server side software is closed source, owned and ran by them exclusively so they really have no room to talk. WhatsApp doesn't even have OSS clients so they're even worse in that regard

How does the xz incident impacts the average user ?

It doesn't.

Average person:

• not running Debian sid, Fedora nightly, ~~Arch~~, OpenSUSE Tumbleweed, or tbh any flavour of Linux. (Arch reportedly unafffected)
• ssh service not exposed publicly

The malicious code was discovered within ~~a day or two~~ a month of upload iirc and presumably very few people were affected by this. There's more to it but it's technical and not directly relevant to your question.

For the average person it has no practical impact. For those involved with or interested in software supply chain security, it's a big deal.

Edit:
Corrections:

• OpenSUSE Tumbleweed was affected; Arch received malicious package but due to how it is implemented did not result in compromised SSH service.
• Affected package was out in the wild for about a month, suggesting many more affected systems before malicious package was discovered and rolled back.

They did. Its called airmessage. Has been around for almost 3 years now

lemfinity

Today's episode of Veronica Explains is brought to you in part by corporate greed.

Less than 5 seconds in and I already know I'm going to like this video.

I self-host basically everything I can, aside from email. Self-host Calendar, contacts, streaming, budgeting, documents and storage, passwords, private chat, etc.

Email I'd love to self-host, but consensus seems to be that it's between moderately difficult to impossible to get outbound deliverability depending on quite a few factors, some of which are out of one's control.

As for reasons why I self-host, basically everything you've listed in your post. I want to be the owner of my data, not some corp making profit by mining it for ad revenue or selling it to data brokers. Also I love digging into the guts of standing up my own services and keeping them maintained, I've learned so much over the years from it.

Top comment from HN discussion:

Makes it a complete no-go for me

iamdamian 9 days ago

I check out Warp every 6 months or so, because I’d love to see more innovation with the terminal, and the screenshots look great. But the story’s the same every time: I download the app, fire it up, and am greeted by a mandatory ‘sign up’ screen and privacy policy, at which point I close and immediately delete the app.

I will never be okay with a terminal that requires me to have a proprietary login to operate on my own local file system with local tooling.

I'm all for bots that are used as tools for the community, the invidious one seems pretty great too. A bit concerned about what the potential "bot army" on some of these instances will be used for going forward though.

Good bot

Wait, is that even a thing here?

Lots already. Of course depends on what your interest are. For ex. my subs

• /c/3dprinting@lemmy.world
• /c/android@lemmy.world
• /c/arduino@lemmy.ml
• /c//c/buytiforlife@sh.itjust.works
• /c/collapse@sopuli.xyz
• /c/cybersecurity@sh.itjust.works
• /c/diy@beehaw.org
• /c/elitedangerous@lemmy.world
• /c/environment@beehaw.org
• /c/ergomechkeyboards@lemmy.world
• /c/explainlikeimfive@lemmy.world
• /c/freemediaheckyeah@lemmy.fmhy.ml
• /c/fediverse@lemmy.ml
• /c/food@beehaw.org
• /c/foodporn@lemmy.world
• /c/foss@beehaw.org
• /c/functionalprint@kbin.social
• /c/funny@burggit.moe
• /c/linuxhumor@lemmy.ml
• /c/games@sh.itjust.works
• /c/gaming@beehaw.org
• /c/gaming@lemmy.ml
• /c/general@burggit.moe
• /c/general_discussion@lemmy.fmhy.ml
• /c/golang@lemmy.ml
• /c/kombucha@sh.itjust.works
• /c/lemmy@lemmy.ml
• /c/lemmyworld@lemmy.world
• /c/plugins@sh.itjust.works
• /c/lemmy_support@lemmy.ml
• /c/linux@lemmy.ml
• /c/linux_gaming@lemmy.world
• /c/linux_gaming@lemmy.ml
• /c/linux_memes@sopuli.xyz
• /c/mechanicalkeyboards@lemmy.ml
• /c/medicine@lemmy.world
• /c/mildlyinfuriating@lemmy.world
• /c/newyuzupiracy@lemmy.dbzer0.com
• /c/nostupidquestions@lemmy.world
• /c/opensource@lemmy.ml
• /c/operating_systems@beehaw.org
• /c/patientgamers@lemmy.ml
• /c/photography@lemmy.ml
• /c/piracy@lemmy.ml
• /c/piracynews@lemmy.ml
• /c/piracy@lemmy.dbzer0.com
• /c/politics@beehaw.org
• /c/pop_os@lemmy.world
• /c/privacy@lemmy.ml
• /c/privacyguides@lemmy.one
• /c/programmerhumor@lemmy.ml
• /c/programming@programming.dev
• /c/proxmox@lemmy.world
• /c/RedditMigration@kbin.social
• /c/science@beehaw.org
• /c/selfhosted@lemmy.world
• /c/sewing@sh.itjust.works
• /c/sewingrepairing@sh.itjust.works
• /c/steamdeck@lemmy.ml
• /c/steamdeck@sopuli.xyz
• /c/technews@radiation.party
• /c/technology@beehaw.org
• /c/technology@lemmy.ml
• /c/zelda@lemmy.ml
• /c/unixporn@lemmy.ml
• /c/whatisthisthing@lemmy.world
• /c/worldnews@lemmy.ml
• /c/youshouldknow@lemmy.world
• /c/asklemmy@lemmy.ml
• /c/diy@sh.itjust.works
• /c/homeassistant@lemmy.world
• /c/main@sh.itjust.works
• /c/ntfy@discuss.ntfy.sh
• /c/unix@sh.itjust.works

Edit: Fixed links for desktop, no idea if it works the same for mobile apps

Write it like [/c/sublemmy@lemmy.server](/c/sublemmy@lemmy.server) and it will link correctly. If it's giving you a 404 error just wait a minute and try again, the server needs to download the sub first

My long and mostly complete list:

• Audiobookshelf (GH)
  • Using for audiobooks. Ebooks, comics, and podcast support in early stages.
• Authelia (GH)
  • Using for two-factor authentication in front of all of my services. Critical infrastructure.
• Bazarr (GH)
  • Using for automated subtitle management. Have not needed to rely on it much.
• Code-Server (GH)
  • Using for a plethora of things. I could write an entire post on this alone.
• Courier
  • Using (occasionally) for package-tracking from various carriers.
• EmulatorJS
  • Using for retro-emulation.
• Gitea (GH) x2
  • Using as a git repo server, package repository, and for CI/CD automation. Is critical infrastructure in my lab. Could also write an entire post on this one.
• Headscale with Headscale-UI. Tailscale clients on various VMs LXCs, etc.
  • Using to securely network with my remote servers.
• Homepage
  • Using as a "single-pane-of-glass" to get an overview of service health with links to the various services.
• Invidious
  • Using in-place of YouTube.
• IT-Tools (GH)
  • Using for the myriad of various useful tools it offers.
• Jellyfin (GH)
  • My media player of choice. Using for movies and television, but supports music, ebooks, and photos in addition.
• Kopia Server (GH)
  • Using for data backups to my Minio instance on local NAS and Wasabi. Simple, fast, and reliable.
• Librespeed (GH)
  • Using for the occasional speedtest to my remote servers.
• Matrix stack using Conduit back end and Element-Web front end
  • Federated Discord essentially. Using as a private instance for friends and family.
• Minio
  • Using primarily as a gateway to storing backups, also serves git-lfs for Gitea.
• N8N (GH)
  • Using for home-automation, backing up my Reddit saved posts to a database, deal-alerts, and part of a CI/CD pipeline.
• NTFY (GH)
  • Using for infrastructure notifications mostly. Very simple and versatile alerting solution.
• NZBGet
  • Using for getting "usenet articles".
• Paperless-NGX
  • Using for document archival. Important receipts, documentation, letters, etc. live here.
• Portainer (GH) with multiple agents on VM's LXCs and VPSs
  • High level management of my various docker containers.
• Prowlarr
  • Using to provide torznab API to websites that dont natively have it. Integrates with Radarr and Sonarr
• Radarr (GH)
  • Using for movie management.
• Radicale
  • Using for contacts and calendar server.
• Raneto (GH)
  • Using as a knowledge base. Lab documentation, lists, recipes, lots of things live here. Using with with code-server and Gitea.
• Readarr (GH)
  • Using for book management
• Recyclarr (GH)
  • Using for Radar and Sonarr to sync search terms for their automations. Very useful, hard to summarize.
• Requestrr
  • Using (very rarely) as a requests bot for Radarr and Sonarr.
• SFTP-Go
  • Using mostly in-place of Nextcloud. Used to back up phones mostly.
• Shaarli (GH)
  • Using as a read-it-later service. Went through lots of these, and Shaarli has been good enough.
• Singlefile-Archive
  • A hacky way of presenting pages saved with the singlefile browser extension. Not exactly happy with the solution, but for my ocasional use it does work.
• Sonarr (GH)
  • Using as TV series manager
• Speedtest-Tracker (GH)
  • Using to get periodic speedtests. Plan to automate results to blast my ISP if my service speed gets too low.
• Traefik (GH) on each seperate host
  • Using as a web proxy in front of my various services. Critical infrastructure.
• Transmission (GH)
  • Using to get "Linux ISOs"
• Uptime Kuma (GH)
  • Using to monitor site and services status along with a few others. Integrated with NTFY for alerts.
• Vaultwarden
  • Using as my password manager. Have been using for years, cannot recommend enough.
• A handful of static websites served with NGINX
  • The old standby, its been reliable as a webserver.

These services are the result of years of development and administrating my lab and while there is still some cruft, it's mostly services that I think have real utility.

As far as hardware:

• Running pfsense on a toughbook laptop as a router-firewall.

• A SuperMicro 24 bay disk-shelf with Proxmox and ZFS for NAS duties and a couple services.

• Lenovo Tiny boxes with a Proxmox cluster for the majority of my local services.

• Dell managed switch

• A few Raspberry-pi's with Raspbian for various things.

• Linksys AP for wifi

Edit: Spelling is hard.