Physical security is very hard

TPM is a useful to help ensure physical security. TPM isn’t perfect but it is decent for what it is.

TPMs protect against evil maid attacks

Android has a nice solution with the system vs user encryption

It would be a fine system if the keys were stored on the encrypted volume that the TPM decrypts

I think you are legally liable for damages

I’m never going to recommend something that I can’t get to work reliability. Also the lack of a security audit is a major deal breaker.

Communications is one of those things that needs to be absolutely solid.

My personal experience

Also they haven’t had a security audit

Sort of I guess

Why does it matter?

Don’t use Jami. It is a security nightmare and unreliable.

I honestly would prefer something like Briar

Docker restricts the permissions of software running in the container. It is hardened by default and you need to manually grant permissions in some rare cases.

Always good advise

However, OpenSSH is pretty solid security wise. https://www.openssh.com/security.html

Note: it is best to check the official security pages instead of random websites.

Yes and no

Breaking out of docker in a real life context would require either a massive misconfiguration or a major security vulnerability. Chances are you aren’t going to have much in the way of lateral movement but it is always good to have defense in depth.

This is security theater

Flaws in SSH do happen but they are very rare. The solution to this is defense in depth which is different than security by obscurity.

To expand on this a bit:

A lot of attacks are automated since the goal is to compromise as many hosts as possible. These hosts are then used in a botnet or sold to people on shader websites to use as proxies.

IP whitelists are not terribly secure and are quite a hassle.

Instead use a overlay VPN or some sort of extra security layer like mTLS or Authelia

With SSH it is easier to do key authentication. Certificate authentication is supported but it is a little more hassle. Don’t use password authentication as it is deprecated and not secure.

The key with SSH (openssh specifically) is that it is heavily audited so it is unlikely to have any issues. The problem is when you start exposing self hosted services with lots of attack surface. You need to be very careful when exposing services as web services are very hard to secure and can be the source of a compromise that you may or may not be aware of.

It is much safer to use a overlay VPN or some other frontend for authentication like mTLS or an authenticated reverse proxy.

Two nodes doesn’t provide quorum

Ok grandpa let’s get you to bed

Autoupdate is fine for personal stuff. Just set a specific date so that you know if something breaks. Rollbacks are easy and very rarely needed.

Kubernetes is the Arch of Containers except way more confusing