@johnklos - eviltoast
  • 0 Posts
  • 5 Comments
Joined 1 year ago
cake
Cake day: October 17th, 2023

help-circle

  • Ask that question about anything, and ask these same questions about the same:

    Do you want to learn? Do you have a reason to want to have understanding and control over it? Do you have the time, resources, energy and aptitude?

    You’ve just answered your own question :)

    Some people have a deep distain for the idea of self-hosted email, but there’s literally no good technical reason you can’t do it yourself. I think people react so strongly and insist it shouldn’t be self-hosted because they couldn’t hack it ;)

    (yes, I’m poking them for fun)

    Seriously, the only compelling reason they mention isn’t compelling: if you’re worried about deliverability, pay a reputable service for smarthosting through them. Problem solved, and you still get to 100% control your own filtering, logging, storage and access.



  • Because they’re being silly. There is no other public facing service more secure than a relatively modern OpenSSH.

    In some instances, yes, it’s best to disable the ssh that comes with whatever NAS OS you’re running, because they often ship old code and don’t care about updates and security.

    But if you’re running a relatively up to date OpenSSH and you’re using keys, not passwords, then you are as secure as you can reasonably be. There’s no math suggesting otherwise. Moving to a different port will reduce the frequency of attack, but that will have zero impact on the possibility of intrusion.

    Put it this way: if relatively recent OpenSSH has a remotely exploitable vulnerability, you’ll see it on the news on TV. You’ll see it and hear about it literally everywhere. The world will stop for 24 hours and there will be widespread panic. You’ll know.

    If your NAS has an exploit, you might read about it on The Register a few months later.