Thanks for the correction. A full month is much more problematic.

Thanks, SUSE completely slipped my mind

How does the xz incident impacts the average user ?

It doesn’t.

Average person:

• not running Debian sid, Fedora nightly, Arch, OpenSUSE Tumbleweed, or tbh any flavour of Linux. (Arch reportedly unafffected)
• ssh service not exposed publicly

The malicious code was discovered within a day or two a month of upload iirc and presumably very few people were affected by this. There’s more to it but it’s technical and not directly relevant to your question.

For the average person it has no practical impact. For those involved with or interested in software supply chain security, it’s a big deal.

Edit:
Corrections:

• OpenSUSE Tumbleweed was affected; Arch received malicious package but due to how it is implemented did not result in compromised SSH service.
• Affected package was out in the wild for about a month, suggesting many more affected systems before malicious package was discovered and rolled back.

It’s because the original image macro that this is based on was about piracy, saying something along the lines of “I bring a certain ‘just torrent it’ vibe to the conversion that the riaa just doesn’t like.”

Their reuse of the macro is indirectly an answer or a continuation of it that can be seen as acknowledging the original message.

I see now, that makes sense why you are building the image since it was set up that way. I don’t know why projects set up the compose file to build the image when they already have a publicly available image to use; it just creates unnecessary friction for people who just want to test out the software. Anyway, using that image should work for you, but feel free to ask if you run into any issues.

Why are you building the image yourself? Not that there’s a problem with that necessarily, but it seems a bit wasteful of your resources unless you have a specific reason to do so. There’s a docker image (quay.io/invidious/invidious:latest) built by the developers that gets updated pretty frequently. I’ve been using it for years now and it’s been working perfectly fine for me the whole time.

If you’re ok with just file storage sftpgo has been solid for me for years now. Does sftp ftp and WebDAV (like nextcloud). Webui isn’t as pretty but it’s fast. Mobile apps will be various sync apps with sftp or WebDAV support. On Android folder sync pro is pretty good for keeping documents and pictures backed up

My long and mostly complete list:

• Audiobookshelf (GH)
  • Using for audiobooks. Ebooks, comics, and podcast support in early stages.
• Authelia (GH)
  • Using for two-factor authentication in front of all of my services. Critical infrastructure.
• Bazarr (GH)
  • Using for automated subtitle management. Have not needed to rely on it much.
• Code-Server (GH)
  • Using for a plethora of things. I could write an entire post on this alone.
• Courier
  • Using (occasionally) for package-tracking from various carriers.
• EmulatorJS
  • Using for retro-emulation.
• Gitea (GH) x2
  • Using as a git repo server, package repository, and for CI/CD automation. Is critical infrastructure in my lab. Could also write an entire post on this one.
• Headscale with Headscale-UI. Tailscale clients on various VMs LXCs, etc.
  • Using to securely network with my remote servers.
• Homepage
  • Using as a “single-pane-of-glass” to get an overview of service health with links to the various services.
• Invidious
  • Using in-place of YouTube.
• IT-Tools (GH)
  • Using for the myriad of various useful tools it offers.
• Jellyfin (GH)
  • My media player of choice. Using for movies and television, but supports music, ebooks, and photos in addition.
• Kopia Server (GH)
  • Using for data backups to my Minio instance on local NAS and Wasabi. Simple, fast, and reliable.
• Librespeed (GH)
  • Using for the occasional speedtest to my remote servers.
• Matrix stack using Conduit back end and Element-Web front end
  • Federated Discord essentially. Using as a private instance for friends and family.
• Minio
  • Using primarily as a gateway to storing backups, also serves git-lfs for Gitea.
• N8N (GH)
  • Using for home-automation, backing up my Reddit saved posts to a database, deal-alerts, and part of a CI/CD pipeline.
• NTFY (GH)
  • Using for infrastructure notifications mostly. Very simple and versatile alerting solution.
• NZBGet
  • Using for getting “usenet articles”.
• Paperless-NGX
  • Using for document archival. Important receipts, documentation, letters, etc. live here.
• Portainer (GH) with multiple agents on VM’s LXCs and VPSs
  • High level management of my various docker containers.
• Prowlarr
  • Using to provide torznab API to websites that dont natively have it. Integrates with Radarr and Sonarr
• Radarr (GH)
  • Using for movie management.
• Radicale
  • Using for contacts and calendar server.
• Raneto (GH)
  • Using as a knowledge base. Lab documentation, lists, recipes, lots of things live here. Using with with code-server and Gitea.
• Readarr (GH)
  • Using for book management
• Recyclarr (GH)
  • Using for Radar and Sonarr to sync search terms for their automations. Very useful, hard to summarize.
• Requestrr
  • Using (very rarely) as a requests bot for Radarr and Sonarr.
• SFTP-Go
  • Using mostly in-place of Nextcloud. Used to back up phones mostly.
• Shaarli (GH)
  • Using as a read-it-later service. Went through lots of these, and Shaarli has been good enough.
• Singlefile-Archive
  • A hacky way of presenting pages saved with the singlefile browser extension. Not exactly happy with the solution, but for my ocasional use it does work.
• Sonarr (GH)
  • Using as TV series manager
• Speedtest-Tracker (GH)
  • Using to get periodic speedtests. Plan to automate results to blast my ISP if my service speed gets too low.
• Traefik (GH) on each seperate host
  • Using as a web proxy in front of my various services. Critical infrastructure.
• Transmission (GH)
  • Using to get “Linux ISOs”
• Uptime Kuma (GH)
  • Using to monitor site and services status along with a few others. Integrated with NTFY for alerts.
• Vaultwarden
  • Using as my password manager. Have been using for years, cannot recommend enough.
• A handful of static websites served with NGINX
  • The old standby, its been reliable as a webserver.

These services are the result of years of development and administrating my lab and while there is still some cruft, it’s mostly services that I think have real utility.

As far as hardware:

• Running pfsense on a toughbook laptop as a router-firewall.

• A SuperMicro 24 bay disk-shelf with Proxmox and ZFS for NAS duties and a couple services.

• Lenovo Tiny boxes with a Proxmox cluster for the majority of my local services.

• Dell managed switch

• A few Raspberry-pi’s with Raspbian for various things.

• Linksys AP for wifi

Edit: Spelling is hard.