Comment by simonw

Comment by simonw 12 hours ago

3 replies

View on Hacker News

My point here is that if someone breaks your blog, they've broken your blog. The blast radius of that should be strictly limited.

Obviously don't go rolling your custom CGI scripts on a server that also hosts your personal email - but these days we are spoiled for choice in terms of isolated hosting strategies for a blog.

Heroku, Vercel, Cloudflare Workers, Fly.io, GitHub Pages, a $5/month VPS...

kqr 8 hours ago

But "broken your blog" could mean "shell access to your blog server" -- is there no risk of illegal activities happening on that server that put the owner at risk? Like, I don't know, drug trade or child porn or whatever?

Reply View 2 replies
  • simonw 2 hours ago

    Anecdotally, I can't remember ever hearing about someone getting in real trouble because their server got popped and someone else used it for crime.

    Reply View 0 replies
  • speakspokespok 7 hours ago

    Philosophically: L'État, c'est moi, build your crappy cgi scripts with nginx or apache all from the CLI and all in vim and you will understand.

    Practically: Ports 22, 80, and 443 open and directly accessible from 0.0.0.0/0 is extremely manageable.

    Reply View 0 replies