this post was submitted on 24 Mar 2025
96 points (95.3% liked)

Selfhosted

45324 readers
2115 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

  1. Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.

  2. No spam posting.

  3. Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.

  4. Don't duplicate the full text of your blog or github here. Just post the link for folks to click.

  5. Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).

  6. No trolling.

Resources:

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 2 years ago
MODERATORS
 

I've been running my server without a firewall for quite some time now, I have a piped instance and snikket running on it. I've been meaning to get UFW on it but I've been too lazy to do so. Is it a necessary thing that I need to have or it's a huge security vulnerability? I can only SSH my server from only my local network and must use a VPN if I wanna SSH in outside so I'd say my server's pretty secure but not the furthest I could take it. Opinions please?

you are viewing a single comment's thread
view the rest of the comments
[–] JubilantJaguar@lemmy.world -5 points 1 week ago* (last edited 1 week ago) (1 children)

it depends how secure you want your network to be. Personally I think UFW is easy so you may as well set it up

IMO this attitude is problematic. It encourages people (especially newbies) to think they can't trust anything, that software is by nature unreliable. I was one of those people once.

Personally, now I understand better how these things work, there's no way I'm wasting my time putting up multiple firewalls. The router already has a firewall. Next.

PS: Sure, people don't like this take - you can never have enough security, right? But take account of who you're talking to - OP didn't understand that their server is not even on the public internet. That fact makes all the difference here.

[–] Appoxo@lemmy.dbzer0.com 6 points 1 week ago (1 children)

IMO this attitude is problematic. It encourages people (especially newbies) to think they can't trust anything, that software is by nature unreliable. I was one of those people once.

IMO: Exactly the reverse. That's how we get clients clicking and agreeing to everything presented without for once thinking critically.

In 6 working years (MSP) I had probably less than 10 occurrences of clients questioning a security concept from their own action.
If we didnt protect them from their own stupidity, the amount of cyber breaches would explode...

Just recently:
A client: I clicked on the box that is asking me for domain credentials.

The client didnt say what type of window it was or what happened before/after.
The client juat contacted us, because the pc wouldnt connect to the network and thus was unusable... >_>

[–] JubilantJaguar@lemmy.world -2 points 1 week ago (1 children)

Possibly it's about personality types. I was only going on my own experience. Of always being told by a chorus of experts "Oh no you don't want to do that!" and ending up being terrified to touch anything. When I now know that I usually had nothing to be afraid of, because dangerous things tend to be locked down by design, exactly as they should be.

[–] Appoxo@lemmy.dbzer0.com 1 points 1 week ago

Until they arent.
They are experts because they knew what clicking the wrong button might do.
E.g.: Database admins using the wrong script with a miscconfigured argument or a backup admin responding to a failover, tripple checking every setting to not create a problematic failover and then still clicking the wrong button causing an outage because some random behaviour caused an overload.

It happens. And best case you were better (double or tripple) safe than sorry.