Syncthing is great. Servers are overrated anyway, I would rather everything be peer-to-peer wherever possible. Currently working on a script to integrate calcurse with DecSyncCC so I can keep my calendar synced between my laptop and phone without a server!

My idea is that if I stay on the oldest supported version for as long as possible, that would help me avoid evil changes in new versions, since the news would have gone public before I update. You bring up a good point about security updates tho. How relevant is it to browser extensions? Has there been malware out there that specifically targets vulnerabilities in extensions? Just casually doing git log | grep -E 'vuln|crit|secur|bug' in two extensions that I use quite extensively (pun intended), I don’t seem to find any security-related commits.

but if it’s public the odds of SOMEONE reading it and finding out it’s doing shady shit is substantially higher

See, that’s the banger: The Great Suspender is licensed under GPL and its source code is available on GitHub. The malware was injected specifically into the chrome web store version. So that’s why I’m slightly paranoid of automatic updates.