The first worry are vectors around the Synology, It’s firmware, and network stack. Those devices are very closely scrutinized. Historically there have been many different vulnerabilities found and patched. Something like the log4j vulnerabilities back in the day where something just has to hit the logging system too hit you might open a hole in any of the other standard software packages there. And because the platform is so well known, once one vulnerability is found they already know what else exists by default and have plans for ways to attack it.
Vulnerabilities that COULD affect you in this case for few and far between but few and far between are how things happen.
The next concern you’re going to have are going to be someone slipping you a mickey in a container image. By and large it’s a bunch of good people maintaining the container images. They’re including packages from other good people. But this also means that there is a hell of a lot of cooks in the kitchen, and distribution, and upstream.
To be perfectly honest, with everything on auto update, cloud flares built-in protections for DDOS and attacks, and the nature of what you’re trying to host, you’re probably safe enough. There’s no three letter government agency or elite hacker group specifically after you. You’re far more likely to accidentally trip upon a zero day email image filter /pdf vulnerability and get bot netted as you are someone successfully attacking your Argo tunnel.
That said, it’s always better to host in someone else’s backyard than your own. If I were really, really stuck on hosting in my house on my network, I probably stand up a dedicated box, maybe something as small as a pi 0. I’d make sure that I had a really decent router / firewall and slip that hosting device into an isolated network that’s not allowed to reach out to anything else on my network.
Assume at all times that the box is toxic waste and that is an entry point into your network. Leave it isolated. No port forwards, you already have tunnels for that, don’t use it for DNS don’t use it for DHCP, Don’t allow You’re network users or devices to see ARP traffic from it.
Firewall drops everything between your home network and that box except SSH in, or maybe VNC in depending on your level of comfort.
I have a slightly different suggestion.
Inflation is crap and the first thing to go are subscriptions that raise their prices when people are already hurting. If you want retention, keep your prices locked when users are having bad times and you’re raking in record profits.
I think curation is great too, but I also think age plays a lot into individual views. A bunch of the younger guys at work were saying how they didn’t want playlists and they didn’t want to listen to an album, they just wanted to hit a button that knew their tastes musically and would give them a mix of familiar likes and new discoveries. The proceeded to describe a radio station to me, sans commercials. They were hot on all the music streaming and though I was crazy for wanting to spend time sorting through music.
Looking at a Spotify by age graph, the boomers dig it (because it’s easy?), Gen-Z and the Younger Millennials dig it, Gen X has less than half the uptake of the other groups.
We were mixing our own tapes in our tweens and teens. We wired ourselves to find music, copy it and play it in the specific order we want.
or at least that’s my story and I’m sticking to it.