Yes, the restriction to a single VPN client is annoying.

Blocking ad/telemetry domains can be done by adding Adguards DNS servers in the OS settings. Sadly blocking apps Internet permissions completely is not possible (except on OS like LineageOS, CalyxOS or GrapheneOS).

Symphonium is a great Android music player which connects to a Subsonic or Jellyfin server (or any other protocol like SMB).

Navidrome is a music server which implements the Subsonic protocol. This means apps like Symphonium can connect to it.

Any old PC is enough, even a Raspberry Pi is fast enough for a music server.

1. Install Navidrome on the server/pc
2. Configure Navidrome (open ports, add your music library/folder)
3. Connect a subsonic-compatible music app to to the server (I.e. type in IP or domain as well as the port).

Anything more like SSL (https) and a domain is optional for getting it working, and only a benefit if used outside of your home network. Using Tailscale makes a domain/SSL unnecessary and also no longer needs messing around with networking (e.g. no opening ports on the router).

Yes. 1TB SSDs can be bought new for 50€, 500GB for even less. For some people this is expensive depending in the region (e.g. I also know someone who uses an HDD). But given the price of other pc parts it isn’t something to cheap out on (a 1TB/2TB HDD is also 50€).

The survey was originally sent out on reddit /r/selfhosted, so I expect most respondents are from there.

Global hotkeys have been addressed on KDE, but no applications actually support it — one of the reasons being that no other desktops support it. Typical chicken-egg problem.

No, I haven’t connected a Pi to a 4k TV.

FreeTube does not have controller support, and for AndroidTV I’d recommend SmartTube.

Kodi/LibreELEC is able to do all of it, but IMO it’s not a good experience for browsing YouTube and I don’t know how well the third party Steam Link integrations work.

This is why I’d also recommend LineageOS Android TV, which supports Pi’s thanks to konstakang. But I’m not sure why it’d work better than a FireTV stick, since both run AndroidTV.

Edit: I’ve had an issue where the Pi 5 wouldn’t boot AndroidTV, until I tried to turn it on again after a few weeks. So I’d recommend sticking with the FireTV + SmartTube + Jellyfin + Steam Link (unless you’ve got a Pi 5 lying around anyway).

Edit 2: The Pi 5 + Android TV had issues with HDMI-CEC of the TV, so I had to buy a remote with a USB adapter. This sends the wrong signals (e.g. keyboard enter, not what Android TV expects), which is fixable with some app remapper. Maybe it’ll work better for you, but the FireTV is likely the easier solution.

Yes.

If VPN’s actually won’t be able to protect its users from copyright claims anymore, there’ll still be anonymisation networks like I2P (at least so long as encryption isn’t banned).

Yes, it’s slow atm, but if it was included in more torrent clients and enabled by default, speeds would likely get better.

Because they use the official apps/web-vault, they don’t need to implement most of the vault/encryption features, so at least the actual data should be fine.

Security audits are expensive, so I don’t expect it to happen, unless some sponsor pays for it.

They have processes for CVEs and it seems like there wasn’t any major security issues (altough I wouldn’t host a public instance for unknown users).

Vaultwarden is one of the few services I’d actually trust to be secure, so I wouldn’t worry if you update timely to new versions.

Yes, Bitwarden browser plugins require TLS, so I use DNS challenge to get a cert without an open port 80/443.

The domain points to a local IP, so I can’t access it without the VPN.

Having everything behind a reverse proxy makes it much easier to know which services are open, and I only need to open port 80/443 on my servers firewall.

Fully agreed.

Accessing Vaultwarden through a VPN gives me peace of mind that it can’t be attacked.

Another great thing about Bitwarden is that it’s possible to export locally cached passwords to (encrypted) json/csv. This makes recovery possible even if all backups were gone.

Great to hear you found my comment helpful.

Just make sure you make backups regularly. Especially with used drives, I wouldn’t count on them surviving the stress of a rebuild. If a second drive fails in a RAID10, all data might be gone.

Edit: I’d be thankful if you could report back how the test goes. I need a drive for a backup ;) and I’m considering buying from eBay too.

I will test them upon receiving and see how it goes from there:)

I don’t know where exactly you live, but if your in the EU customs/taxes + shipping will make the deal worse, but better than expected.

E.g. for Germany, this drive would cost 382€ with UPS Saver Duties & Taxes included, instead of 273€ for the drive itself.

I’ve found the same drive with a local commercial eBay seller for 420€, including taxes and shipping.

A new 24TB drive would cost 485€.

Edit: IMO a better deal would be 22TB drives, which have the same price per TB but are new. But then again, their used/recertified price is also ~10% lower than new.

Google could add a feature to their OS to upload all pictures to their servers, but that’d likely violate laws and is easy to detect (unusual network traffic).

Thus it is extremely unlikely they upload your pictures to their servers if you disabled their cloud backup feature.

What’s more likely is that they hash your pictures locally, and upload the hash to their servers, like some government proposals want to make them do (to find known CSAM, they say). Or they could track metadata of the pictures (location, date/time). This would be hard to detect and some of the info they likely already have through other features in the OS. Whether they do those things or not I don’t know.

This data wouldn’t reveal the content of the pictures, so nobody can see your images.

Why LVM + BTRFS instead of only using btrfs? Unless you need RAID 5/6, which doesn’t work well on btrfs.

This does not apply to difficult projects like emulators.

E.g. suyu, a yuzu fork, does not seem to get much development. Most of the changes are build or documentation related. [1]

Those emulators will work fine for the currently supported games, but without new competent people trying to stay anonymous, I don’t see how these emulators will improve.

[1] https://git.suyu.dev/suyu/suyu/commits/branch/dev

Nintendo didn’t put legal pressure on emulator devs for decades at this point, which made devs less cautious about preserving their pseudonymity.

Now it’s too late and they can’t stop Nintendo from finding out who they are and which mistakes they did at some point over the years.

Maybe a new generation of emulator developers will be more protective of their identity, by using hosting providers like Njalla or privacy networks like i2p. The latter would limit access (as it requires i2p), which isn’t desirable for most users.

Blocking incoming traffic and accepting outgoing traffic is usually the default for distributions anyway.