I’m a software developer working in the telecam sector on security related products, so I know a fair bit about system security. Yet I wound secure my own system far less than most people here if I didn’t enjoy cybersecurity as a hobby.

I wonder what you are securing against? Some examples:

  • jellyfin: unless you have home videos on there, what does it matter if someone exfiltrates some movies? Surely you have basic DOS protection and/or region locking to reduce wasted network traffic, right?
  • linux: I assume nobody is using their servers as daily drive PCs, so what does it matter if somehow your system is superficially compromised. You can always reimage. Sure they could mine some bitcoin with your system, but it doesn’t have that much PSU headroom to cost you much on your bills, right?

It just seems like most attack vectors lead to mild annoyance at most for most systems.

Do you guys just enjoy cybersecurity? Do you actually keep sensitive data on your self hosted systems? Do you self-host on expensive hardware? What am I missing?

  • Ryan · 伯明翰量化筆記
    link
    fedilink
    English
    arrow-up
    1
    arrow-down
    2
    ·
    5 hours ago

    lambdabeta — tu pregunta sobre el “daño real” me hizo recordar el caso de un SaaS que lancé con logs abiertos por error. Detectamos 2000 intentos de inyección SQL en 12 horas, cero datos filtrados, pero los crawlers de Google Ads se comieron el presupuesto en CPC porque la página tardaba 5 segundos en responder. El ataque no era el objetivo, era el efecto colateral: costes ocultos en minutos. Si tu server no mueve dinero, el peor daño suele ser el tiempo perdido limpiando https://cxgo.ai/l/VnBgp1i .