For King and Kernel!
shrugal
joined 1 year ago
It's a matter of risk management, and your personal situation and willingness to sacrifice convenience to reduce risk. There are many aspects that can affect risk, e.g. how often a software is updated, if it's open or closed source, how widely used it is, your personal level of relevant IT knowledge, the likelihood of a serious attack, what you are actually protecting, and so on.
One central rule is that more attack surface leads to a higher risk of security breaches (e.g. by discovering new vulnerabilities), and hiding everything behind a VPN reduces the attack surface to just one piece of software that's mainly focused on security. Additional public entry points add convenience but also increase your attack surface, so you have to find a level you are personally comfortable with.
In my opinion and experience, if an app is made for public access, in a production ready state and already widely used, if you trust the creator in general and with security updates in particular, and if you trust your own knowledge and ability to configure it correctly and keep all the relevant doors closed, then it's completely fine to make it publicly accessible in most cases. The security risk is not zero, but it's way overblown by some people in tech forums.
In your case, the login page behind a CF tunnel with 2FA enabled and yourself on the lookout for possible vulnerabilities sounds like an acceptable level of risk to me, unless the data on your NAS could start a nuclear war or something.
It's not unlocked though. A better analogy would be that it's locked but out in the open, instead of behind a garage door.
People saying email, look into using external SMTP servers as relays. Your domain most likely comes with at least one email account with SMTP access. You can use that as a relay to send personal/business emails from your server using the provider's reputable IP addresses.
I'm doing exactly that, and it works like a charm. Get a DynDNS, backup mx and SMTP relay and you're good, or get a domain provider like strato.de that already includes all three with the domain.
Spam is also manageable. I get maybe 1-2 per day that make it past the filter, and I do have to add some custom keyword filters from time to time, but that's about it. Fetching updated filter lists and self-learning from past errors keeps the filter up to date and is completely automated.
Wait, you guys can click in grub?
I like to do two kinds of comments:
- Summarize and explain larger parts of code at the top of classes and methods. What is their purpose, how do they tackle the problem, how should they be used, and so on.
- Add labels/subtitles to smaller chunks of code (maybe 4-10 lines) so people can quickly navigate them without having to read line by line. Stuff like "Loading data from X", "Converting from X to Y", "Handling case X". Occasionally I'll slip in a "because ..." to explain unusual or unexpected circumstances, e.g. an API doesn't follow expected standards or its own documentation. Chunks requiring more explanation than that should probably be extracted into separate methods.
There is no need to explain what every line of code is doing, coders can read the code itself for that. Instead focus on what part of the overall task a certain chunk of code is handling, and on things that might actually need explaining.
Medieval economy/politics/life sims like The Guild (aka Europa 1400).
It used to be a buggy mess, but it has become pretty stable in recent years. I'm using it daily and can't remember the last time I encountered a severe bug.
His firstborn son will take over as Linus II, as is tradition.
Fedora.
They have solid community and financial backings, they do tremendous work pushing the Linux desktop forward, it's close to vanilla and the sweet spot between stable and bleeding edge (aka "leading edge") for me personally.