Very nice video explaining the mysterious nftables in a succinct and easy manner. Thanks a lot for this quality post!

If only I didn’t need to create an account to read this post.

Just started learning chinese a few week ago. Thanks for giving me the satisfaction of understanding my first sentence in the wild :) 谢谢！我爱gentoo！

With emacs you don’t learn once, nor twice but at least 100 times. but seriously, it’s a very nice editor that you either fall for life or not at all.

Don’t recommend using FTP. It’s a shitty old protocol that needs to die. Just use nginx or apache with directory listing enabled.

Since I’m old and need to deal with administrating a bunch of machines for work, I settled on the most dull and unsurprising distros of all: debian. Sure, when I was younger and eager to learn and with much time on my hands, I used gentoo (basically what is now arch) and all the others too.

Maybe try guix

Emacs will always be abe to do things you can’t do with other editors. It’s a text based interface toolkit that happens to also have a good text editor and IDE capability. Buuut, you need to spend a lot of time to set things up. I use it since probably more than 20 years and I still often need to look up and learn stuff. If you want a tool and not a workshop, get a simpler editor.

Just came here to say that the guy looks like a creep!

No, I rarely read the code of software I use, especially crypto code since thant’s not my thing. But good to know that you did. Thanks for your opinion.

Please tell us more about the actual security problems!

Agreed!

Be sure to use a passphrase

I don’t agree about the point concerning cost. You have additional training, update, maintenance and config burden. This on top of the burdon of using the VPN on top of ssh.

Ok, fair point. But why stop at one vpn? I choose to trust OpenSSH, but I agree that adding a secondary layer of security actually helps here. You basically multiply two very low probabilities to get an even lower one. The trade-off is that you add complexity. You now need to keep two services up to date, and correctly configured and access/key material distributed.

I’d only recommend this setup for projects with special security requirements.

And why exactly is that more secure?

Welcome to the internet! Your system will get probed. Make sure you run as little as possible services on open ports and only high quality ones such as OpenSSH. Don’t freak out because of your logs. You’re fine as long as your system is up to date and password login disabled! Don’t listen to the fail2ban or VPN crowd. Those are only snake oil.

A VPN is probably just as (in)secure as OpenSSH. There is no gain in complicating things. OpenSSH is probably one of the most well tested code for security around.

Public ssh is completely fine as long as you use key based auth only and keep your sshd up to date. Stop spreading bullshit.

Welcome to the internet. You will be probed. Just as your immune system, or rather your body, is being probed.

Just don’t run broken software. The attackers will not be able to exploit you then. If they have zero day exploits, the WAF will most of the time not save you since they are often pretty easy to circumvent. WAFs are only effective against old and shitty exploits that should be patched anyways since ages.