Go with the drive with the best money/TB rate that meets your criterias. I would consider everything above ironwolf or red plus fitting for NAS use. Data center drives are in my experience often cheaper than NAS drives. (wd ultrastar or seagate exos or toshiba enterprise capacity)

Look for the warranty. Some times another drive for just a couple of bucks gives you a way longer warranty.

And as backblaze says themselves every time, this data is not.the complete truth either, they have large sample size but this sample size is still too small to large claims about reliability. Especially about brand reliability.

deleted by creator

It is just not the way the usual scammer and spammers operate. Ofc there are other types of criminals that do operate differently but those do not get their Addresses from a data leak which E-Mail aliases pretect against

Why should a scammer or spammer bother with a tech savy person. Scammers and spammers use E-Mail dumps from data leaks to spam and scam ppl. The first step is automated, way more profitable then to go spear fishing on a normal user.

Is that of itself not an opinion…?

Nope. It is objectively opinionated, since he only shows his solution and offers or shows no other solution.

Tbf I haven’t looked at the source material but I don’t think two points make it “outdated”. It’s like calling Debian outdated.

Debian is not outdated, also is the technology not outdated he used in the guide (as far as i can tell since i have not read through everything). But using those to get to the shown solution is outdated. When someone in this community asks for a VPN solution most ppl will recommend Wireguard and or tailscale and not OpenVPN.

OpenVPN has other benefits like better user management and more customizability but for this use case it is not the fit, since other solutions are easier to setup and harder to fuck up the security part for a beginner.

Edit: Those are only the 2 examples i picked. I have not looked through everything, but those 2 stood out to me by just looking at the ToC.

Looks like there are lots of ppl angry that i call out the software they use. And they seemingly also have not even any argument.

This is correct, i missed that part. pfSense is mentioned 259 vs. OPNsense 3 times. But only the “not nice part” is mentioned and not the hostility towards FOSS. Here are some examples https://github.com/rapi3/pfsense-is-closed-source

I have not vetted every single claim but just alone that fact that they have this closed source model is enough for not using it. OPNsense is to my knowledge fully open source.

OpenVPN is still a solid option and widely used today.

Absolutely, but Wireguard is simpler to setup and comes by default and by design with a more secure default config.

• Create keys on host and on clients
• Generate a config
• You now have a secure VPN Setup.

Now look at all those options you need to tune on OpenVPN.

even though the company behind it isnt perfect.

But then why recommending pfSense? OPNsense is the same with a much more FOSS friendly company behind it. Yes pfSense is at the moment ok but no reason to use it over OPNsense imho.

People should still be able to use whatever software they like without being juged by it.

Yes. And i never judged anyone running thr software, only ppl who recommend it.

Its better for people to at least start with something, rather than nothing

I am not sure about it. Personally, when i get into a new topic i like to have comparisons. They show me what is actually relevant and what i should look out for. But maybe it is just me.

I said multiple times “recommend” here, but that is actually my main problem, i would be much more ok when he simply said there is x and y also available but i use z because of 123…

This guide is heavily opinionated and simply outdated. 2 examples:

1. use of openvpn. Wireguard is by design way more secure (use of keys instead of passwords) and is way more performant.
2. use of pfSense. Yes pfSense is ok but the company behind it has shown it hostility towards open source and foss multiple times. Why should a beginner use PFsense when OPNsense exists. OPNsense is not even mentioned.

And that are only 2 points i discovered while scrolling through. Louis is a great guy but as it looks like he should leave that topic to other people.

Yes they could also redesign the whole product for a few ppl who will plug it into an old PC that still uses vga or an old server that has no IPMI.

You realise how big the VGA connector is relative to the product?

Cant you just use a dongle?

And it is heavily opinionated, without pointing out other solutions like for example the use of openvpn without mentioning wireguard even once.

TLDR, the developers of pfSense are not the nicest people sometimes. If this bothers you, consider checking out OPNsense.

So first the author is arguing around on the router section that you should not buy a cheap router but then goes for pfsense instead of opnsense, i understand that when you are used to pfsense that you may not want to switch but recommending it for new ppl is just stupid. They have shown their hostality against their OS community in the past see https://news.ycombinator.com/item?id=13615896

As it was already said. Docker is not virtualization. The number of Containers you can run depends on the containers and what applications are packaged in them. I am pretty sure you can max out any host with a single container when it runs computational heavy software. And i am also pretty sure you can run on any given host thousands of containers when they are just serving a simple static website

Have done it via bash scripts for years. Never had a problem. Since a few months i use https://github.com/qdm12/ddns-updater

Those attacks you see are mostly (close to 100%) harmless bots, scripts. Yes they are trying default passwords and exploits that got patched years ago.

If you do not use default credentials and do run up to date software there is nothing to worry about.

Even brute force attacks are rare.

This is just “noise” so to speak.

If you are scared by this, you should reconsider hosting something on the internet. Yes things like fail2ban can help but only if they knock on your server multiple times and mostly only to keep your logs clean.

https://prometheus.io/docs/introduction/overview/

would fit all points.

So for port forwarding you need the port on the router the host and the port the traffic should get forwarded to on the selected host.

So you are saying, when exposing a host then the host is reachable over internet but when using port forwarding it is not?

How you check this? What commands/procedure?

Because in the local/private network are many hosts, like your phone, pc and your server. Exposing means that the device that is exposed gets basically everything forwarded what usually the router would handle. Exposing does expose a host to the WAN.

Forwarding a Port only forwards the specified ports. You can use multiple hosts for that. For example you can port forward port 80 to your Phone to port 321 or whatever and port 443 to your server at port 20.