This is the correct but boring (but correct) answer.

So, a bookmarks list basically.

Prediction: you’ll never actually read most of what ends up on this to-read list.

Yep. Pathetic and embarrassing.

ITT: lots of generic VPN advice by people who have no experience with the specific problem.

that could be because it is an AMAZING post – it covered all the points and no one has anything left to say

Finally, I know why.

This is the only answer you need to read. It’s a non-problem if you just do this, and there’s no reason not to do it.

Sure, it’s fine. But if I’m only publishing text and photos, and I don’t need tons of specialized plugins, and I’m dealing with things myself - then personally I will go with a static-site generator every time. It’s at least as fast, and more secure by design.

Did not know that. Useful.

Full DB-driven monster for a few bytes of text. Sledgehammer to crack a nut if you ask me. But sure, this is the obvious answer.

Even more interesting IMO: what are the options that do not involve self-hosting (thus avoiding the PITA of babysitting a domain and server security)?

But surely the average Zuckerbook user is not so dumb as to miss what this graphic is describing - a crazy utopia where they could talk to people on TikTok and Xitter as well as Zuckerbook?

Possibly it’s about personality types. I was only going on my own experience. Of always being told by a chorus of experts “Oh no you don’t want to do that!” and ending up being terrified to touch anything. When I now know that I usually had nothing to be afraid of, because dangerous things tend to be locked down by design, exactly as they should be.

it depends how secure you want your network to be. Personally I think UFW is easy so you may as well set it up

IMO this attitude is problematic. It encourages people (especially newbies) to think they can’t trust anything, that software is by nature unreliable. I was one of those people once.

Personally, now I understand better how these things work, there’s no way I’m wasting my time putting up multiple firewalls. The router already has a firewall. Next.

PS: Sure, people don’t like this take - you can never have enough security, right? But take account of who you’re talking to - OP didn’t understand that their server is not even on the public internet. That fact makes all the difference here.

Immutable distros like NixOS don’t stop you from tweaking stuff, they just record every tweak centrally, so that you can undo them and do rollbacks.

Others can confirm that I’ve got that right. Haven’t tried it but the idea sounds great.

I would like to have a system when I know what I did, what is opened/installed/activated and what is not

Story of my life after 20 years on Linux. Maybe we could call it “modification anxiety”.

I believe this is the case for an immutable OS.

Ha, good analogy.

This sounds like an elaborate way of saying you want to blog.

Or, as the kids call it these days, “to post on my Substack”. The two things being identical except that the latter sounds cooler and allows them to indulge their corporate Stockholm syndrome.

Very interesting perspective! And yes, I keep all my data locally, literally all of it, and the only bits of it that go on my VPS or - worse! - mobile device are either encrypted or not private. So your theory is right on the mark.

Worth remembering that the benefits of open source are less critical with server-side software compared to when it’s your own personal computer. Personally, if it’s SAAS then I’m not much bothered what they’re running it on. Not to invalidate your general point.