having to do a firmware update on my soldering iron

You don’t. It works perfectly fine OOTB. Can’t speak for the Pinecil v2 with Bluetooth and the companion app but I have v1 and the software been stable and bug-free enough I’ve never even given a thought to updating the firmware on it

deleted by creator

Thanks for the correction. A full month is much more problematic.

Thanks, SUSE completely slipped my mind

How does the xz incident impacts the average user ?

It doesn’t.

Average person:

• not running Debian sid, Fedora nightly, Arch, OpenSUSE Tumbleweed, or tbh any flavour of Linux. (Arch reportedly unafffected)
• ssh service not exposed publicly

The malicious code was discovered within a day or two a month of upload iirc and presumably very few people were affected by this. There’s more to it but it’s technical and not directly relevant to your question.

For the average person it has no practical impact. For those involved with or interested in software supply chain security, it’s a big deal.

Edit:
Corrections:

• OpenSUSE Tumbleweed was affected; Arch received malicious package but due to how it is implemented did not result in compromised SSH service.
• Affected package was out in the wild for about a month, suggesting many more affected systems before malicious package was discovered and rolled back.

They did. Its called airmessage. Has been around for almost 3 years now

Full disclosure: I’ve never used 1Password so can’t really comment on it compared with others, but I’m currently running a selfhosted Bitwarden re-implementation (vaultwarden) and am generally pretty happy with it. I’ve only ever used LastPass as a password manager before (aside from a seeding algo back in the day), and while I really don’t like their business practices or security history, their extension has or at least had a bit better consistency on Firefox than Bitwarden does, at least with regards to detecting username/password fields and detecting when a new credential is being created and asking it to be saved automatically. That being said, it’s something that I can live with considering it’s free software. As far as I’m aware, in terms of features all the big players in that space are pretty evenly matched, though I do remember some advanced feature that 1Password offered over others; maybe related to privilege access management in enterprise.

Just another option. If you know already or are willing to learn how to write documents in markdown format (like how lemmy supports), and learn some of infrastructure set-up and it can be between free and very cheap to have a blog on something like netlify.app, github pages or others. There are plenty of static site generators out there that can be both relatively easy and very powerful.

I currently have a private blog set up on a cloud provider that just takes markdown documents and builds those along with some templates and webpage code to create a site like this. Although I have mine hosted on a VPS with my own domain, it’s completely possible to use something like github pages, netlify.app, etc. for that. They’re both free afaik to host on, but if you want to pay for a dedicated service they are usually between 2 and 5 USD per month.

Edit: The option above isn’t activitypub software, sorry for not realizing that immediately, but it is federated in a way I suppose.

I’ve heard only good things about it, but haven’t tried it myself. Mostly due to laziness finding the sources of my f-droid apps. How quickly do you usually see update notifications after a new release drops OP?