I mean I’m sure they’d like to just ship safe code in the first place. But if that’s not their expertise and they demonstrate that repeatedly, we gotta take steps ourselves. Secure is obviously best, but I’d rather have insecure Jellyfin behind a VPN than no Jellyfin at all.

True, but unless that new group is willing to step up and invest in physical device production to directly compete, I don’t think it’s going to be the same. The type of people buying a dedicated NAS with a custom OS are looking for as close to a plug and play solution ad they can get. They’re less inclined to reinstall the OS on their new NAS, and the market is probably going to favor the now proprietary version TrueNAS sells, especially if they take steps to make it difficult to replace the OS on their devices.

Yeah, no, they couldn’t do it to the kernel. But that’s not really the interesting part of their product. It’s all the software that they as a company hold the copyright to. If they solely hold copyright on all their own code or if they have permission to relicense from their contributors, they can take any or all of their products closed source, and when I say “their products” I specifically mean the things they as a company produce, which they built on top of open source projects that they don’t control.

This probably doesn’t apply to TrueNAS, but technically, it’s possible to close a GPL project. You’d need the permission of every last contributor to relicense their code, or they’d have to rewrite all the code they can’t get relicensed (e.g., someone said no or already died), or they could do it if they never accepted any pull requests because they would then be the sole copyright holder and have the freedom to relicense at their whim.

I can’t vouch for TrueNAS, but most open source projects accept pull requests because free labor, whether they’re corporate projects or not, so I’d assume they can’t freely relicense without a hell of a headache, so yeah, it’s probably staying open for the foreseeable future.

Pretty sure I’ve repeatedly heard about the crawlers completely ignoring robots.txt, so does Cloudflare really do that much?

If I remember correctly, you don’t really need Prowlarr. It’s useful if you’re using multiple *arr services, but Prowlarr manages your indexers, the place *arr services look for content, and syncs them to your other *arr services so THEY can do the search. I don’t think Prowlarr itself ever looks for content automatically, only if you manually search through Prowlarr.

Maybe kinda, but it’s also a third party whose certificates are almost if not entirely universally trusted. Self-signed certs cause software to complain unless you also spread a root certificate to be trusted to any machine that might use one of your self-signed certs.

I use a relatively low spec KVM VPS on another continent. Remember, kids, if all your backups are in one location, you don’t have backups. You have copies.

Running a server is very doable. There are packages to deploy and configure almost everything for you and removing a ton of headache.

Getting your email recognized as not spam by the major providers is pretty much impossible. You need all sorts of stuff to help verify integrity including special DNS records and public identity keys, but even if you do everything right, your mail can very easily get black holed before it even reaches a user’s inbox because of stupid shit like someone abused your rented server’s IP years ago, and you can’t seem to get it off everyone’s lists.

Email as a decentralized tool has effectively been ruined by spam and anti-spam measures. You’re effectively forced to use a provider because it’s near impossible to make your outgoing mail work as an individual. I think some of those anti-spam measures are anticompetitive, but I do think some are just desperate attempts to reduce the massive flow of spam.