Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

My point here is that if someone breaks your blog, they've broken your blog. The blast radius of that should be strictly limited.

Obviously don't go rolling your custom CGI scripts on a server that also hosts your personal email - but these days we are spoiled for choice in terms of isolated hosting strategies for a blog.

Heroku, Vercel, Cloudflare Workers, Fly.io, GitHub Pages, a $5/month VPS...



But "broken your blog" could mean "shell access to your blog server" -- is there no risk of illegal activities happening on that server that put the owner at risk? Like, I don't know, drug trade or child porn or whatever?


Anecdotally, I can't remember ever hearing about someone getting in real trouble because their server got popped and someone else used it for crime.


Philosophically: L'État, c'est moi, build your crappy cgi scripts with nginx or apache all from the CLI and all in vim and you will understand.

Practically: Ports 22, 80, and 443 open and directly accessible from 0.0.0.0/0 is extremely manageable.


Why would anyone today leave port 80 open? I do https by default even for my blog.


For me personally it's just old configs I have that redirect from port 80 to 443. You're right though - probably unnecessary in this day and age.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: