This has been the case since SATA revision 3.3, released Feb 2016. So while I may have exaggerated with “ancient”, a brand new PSU certainly shouldn’t still be feeding 3.3v to that pin.

I have done this with dozens of drives and have never had to do any pin blocking. You only need to do that if you’re using an absolutely ancient sata power cable that doesn’t know about the spinup pin change

It certainly is. ISO 27001 is a framework, not very prescriptive at all. Basically an auditor will ask “how do you ensure data isn’t leaving your facility in the form of discarded hardware?” If you say “here’s a link to our media destruction policy. It says all drives are wiped according to NIST 800-88 cryptographic erasure. If that is not possible or not applicable, the drive is destroyed. Here’s our log of decomissioned equipment” chances are very good they’ll say “OK great let’s move on to the next one” with only minor followup questions.

Op said they tried without the firewall connected and had the same results

Thanks, I hate it. Not that free esxi was super great but at least it was something

Security comes in layers. If someone compromises your DNS server, or switch, (or does arp poisoning, etc etc) for example, but not the reverse proxy, (and it resolves backend via DNS and it doesn’t validate/pin certs), they could intercept the traffic transparently. If you have SSL on that link, it massively reduces the attack potential.

All of that is inherent in self hosting anything publicly accessible. You wouldn’t start off a reply to someone setting up openvpn with “you’re in for a world of hurt,” would you?

As someone who also has 15+ years of experience in the field and is currently infosec management, it’s not that bad. Certainly not something I’d say “you’re in for a world of hurt” about like somebody just bought a bad timeshare.

Especially if you’re not hosting production email for a company and you’re not leaving the server as an open relay, it isn’t very painful at all.

You could also be less condescending, but as you said: your call. :)

I’m a huge supporter of open source, so Plex being closed alone makes it gross to me. Very little about Plex felt selfhosted.

I also like to tinker a lot and jellyfin lets me screw around with much more under the hood - precise encoding settings, dlna customizations, I’m sure there’s more but the primary driver was ideology. I’m not giving my money to some company that’s primarily developing features I don’t want so that I can use my own media to the fullest.

I’ve had very little issue with hardware accelerated encoding, but I already had the right drivers installed and on unix OSes that’s probably the hardest part

Edit: looks like they may will be looking into it much more but I use hdhomeruns : https://jellyfin.org/docs/general/server/live-tv/

I don’t understand what you mean by “they may be looking into it much more”? HDHomerun is supported explicitly per the link you provided

Shinobi is absolutely not closed source: https://gitlab.com/Shinobi-Systems/Shinobi

Shinobi would absolutely do that if that’s all you want it to do. It’s definitely not a one-click setup either, though, unfortunately.

Personal preference: Jellyfin instead of plex

Some that I run that you don’t seem to have anything for:

• Lancache (if you have several gaming PCs on the network or host any kind of lan party)
• surveillance camera software e.g. shinobi
• I see grafana, but other monitoring services like icinga, librenms, etc
• Mayan EDMS - I’ve found this really helpful as anything I get in the mail, I scan in, and this makes it all searchable and retrievable.
• There’s a whole hole you could dig if you start getting into home automation (I use home assistant)