zlacker

[return to "A story on home server security"]
1. rpadov+Q2[view] [source] 2025-01-05 13:19:23
>>todsac+(OP)
> "None of the database guides I followed had warned me about the dangers of exposing a docker containerized database to the internet."

This prompts a reflection about, as an industry, we should make a better job in providing solid foundations.

When I check tutorials on how to drill in the wall, there is (almost) no warning about how I could lose a finger doing so. It is expected that I know I should be careful around power tools.

How do we make some information part of the common sense? "Minimize the surface of exposure on the Internet" should be drilled in everyone, but we are clearly not there yet

◧◩
2. tossan+04[view] [source] 2025-01-05 13:30:50
>>rpadov+Q2
Just like people shouldn't just buy industrial welding machines, SCUBA equipment or a parachute and "wing it" I think the same can be said here.

As a society we already have the structures setup: The author had been more than welcome to attend a course or a study programme in server administration that would prepare them to run their own server.

I myself even wouldn't venture into exposing a server to the internet to maintain it in my freetime, and that is with a post graduate degree in an engineering field and more than 20 years of experience.

◧◩◪
3. WaxPro+j5[view] [source] 2025-01-05 13:44:46
>>tossan+04
You can't just click a few buttons and have industrial machinery - and when you DO get it there's a ton of safety warnings on and around it. And I don't agree with your fundamental premise; self owned computing should be for everyone. It shouldn't be - at least for some subset of basics - arcane or onerous.
◧◩◪◨
4. tossan+Tv[view] [source] 2025-01-05 17:33:04
>>WaxPro+j5
Like you sibling I think you also misunderstand my statement: I do run local servers, but none a connected to the internet.

I definitely believe it is for all to have a NAS server, a home assistant, or a NUC setup to run some docker containers.

Just don't let them accept connections from the internet.

For most normal home setups it is actually super hard to make them accept incoming requests as you need to setup port forwarding or put the server in front of your router.

The default is that the server is not reachable from the internet.

[go to top]