This. Just setup fail2ban or similar in front of Jellyfin and you’ll be fine.

I believe Linux Server builds images every day for most of their containers, even though there has been no code changes.

The first one also has better code coverage and way more pulls on Docker Hub.

I went through the same process as you. They clarified the issue three days after release though https://pi-hole.net/blog/2025/02/21/v6-post-release-fixes-and-findings/#%3A~%3Atext=your local network.-%2CCustom%2Cconfigs+not+loading%2C-Sorry%2C+this+probably

In addition to the BIOS settings, I had to create a systemd service that prevents Linux from disabling Wake-on-LAN on shutdown.

Yeah, I use Caddy for that, as I only use DNS-01 for local-only services.

I have been using BunkerWeb for the past 4 years and have been mostly happy with it. Its default settings are sometimes a bit agressive but you can change those globally or service per service.

This is anecdotal experience, but last time I left Wireguard on for an entire day and it accounted for 5% of battery usage that day.

I believe you swapped DoT (TLS, port 853) and DoH (HTTPS) in your message. I have yet to be in a network that restricts port 853, but if I could I would rather use DoH on Android.

I really like Readeck, it is very polished and the fact that it copies links content is very useful when saving Medium blog posts (and generally to make sure that I don’t lose the content if the linked page is ever removed)

If you use a third-party’s DNS server (such as Cloudflare, Quad9 or Google) as your upstream DNS server, you only have to update PiHole.

If you have set up your own upstream DNS server using a DNS resolver like unbound or Bind9, update it as well as your PiHole.

I struggle to find if it uses DNSSEC or even a change log. If it does, contact the maintainer and disable DNSSEC (if you can) until a fix is released.

They maintain their own resolver, so they have to patch it if not done already.

It’s the latter. Unless you run your own DNS resolver, most people are safe

I’m not familiar with off-the-shelf DNS filtering on mobile, but since running a DNS resolver on-device would be impractical, I think they must be using a DNS server that they maintain. Which means that unless I’m wrong, the vulnerability lies on their end, you should be fine.

Exactly, I don’t get the “Mastodon as a poor man’s RSS agregator” trend

You’re probably looking for something that supports OPDS to automatically download e-books to your e-reader.

First search result is Komga

TrueNAS SCALE as host with an Ubuntu LTS VM running Docker containers.

Original I went with only containers running on top of SCALE but both iX and TrueCharts made it harder to run plain Docker Compose on TrueNAS.

What a weird choice for a storage-oriented device, I would have gone for a SBC with SATA ports or a PCIe port.

Just to clarify: will you use the same domain? If yes, oleorun’s answer is good enough. If not, it would be much more harder (you would also have to update your instance’s URL and users’ inboxes URLs in the database for federation to work, probably have to unsubscribe aand resubscribe to every community on your instance and even then I’m not sure that would not lead to federation issues)