IPv6 binds on wildcard addresses include binding to the IPv4 addresses.

What does ss -tlnp return? Does the process listen on any ports?

That should only affect ports below 1024.

Your two bind addresses might be in conflict with each other since [::]:5234 includes binding to the first one.

You want https://tabby.tabbyml.com/ instead of tabby.ml

Haven’t used it myself but you could give https://rustdesk.com/ a try.

As someone who had to help coworkers with Windows, Mac and Linux problems one of the main problems of macOS is the fact that you have to use the clumsy GUI for so many things and that the Unix-like underpinnings are badly maintained and outdated so many systems have several versions of the same tool installed in various locations (OS-, Homebrew-, MacPorts- or whatever other package manager of the day versions).

And I am saying that that information you are referring to is unknown for any given CVE unless it is unlocked by some investment of effort that usually far exceeds the effort to actually fix it and we already don’t have enough resources to fix all the bugs, much less assess the impact of every bug.

Assessing the impact on the other hand is an activity that is only really useful for two things

• a risk / impact assessment of an update to decide if you want to update or not
• determining if you were theoretically vulnerable in the past

You could add prioritizing fixes to that list but then, as mentioned, impact assessments are usually more work than actual fixes and spending more effort prioritizing than actually fixing makes no sense.

I am familiar with CVSS and its upsides and downsides. I am talking about the amount of resources required to determine that kind of information for every single bug, resources that far exceed the resources required to fix the bug.

New bugs are introduced in backports as well, think of that Debian issue where generated keys had flaws for years because of some backport. The idea that any version, whether the same you have been using, the latest one or a backported one, will not gain new exploits or new known bugs is not something that holds up in practice.

The idea that it is somehow possible to determine that for each and every bug is a crazy fantasy by the people who don’t like to update to the latest version.

“How I get a reliable ssh connection” and “What I do with the SSH connection once I have one” are two entirely different things, autossh does the first, my comment was about the second.

OpenSSH also has a built-in tunnel that is more general (-w Parameter) than just port forwarding.

You should be aware that a large number of mail hosters will block all mail from your server merely because it is sent from a dynamic IP address.

If you don’t have a DB or the ability to store data in general none of the open source analytics software will work either.

I was under the impression that there is only one Matrix server implementation. Standards are not really required in that situation.

Regular updates are definitely necessary too. Also, if you do limit SSH users to a chroot make sure you limit TCP (port) forwarding too.

It might be worth mentioning which xmpp implementation you are actually using for your server if you expect anyone to help you. Also in general, more details about your hosting setup, how you installed it, did you follow any tutorial or use any particular installer (e.g. Helm chart on Kubernetes), possibly if you made any changes to the config,…

Well, having read his blog for a while Drew DeVault could certainly also be described as “having a bit of a ‘personality’”. Seems communities tend to form around people who have strong opinions on many things and sometimes those opinions clash. That in itself isn’t really an issue though, mostly it becomes more of a problem the larger the scope of opinions discussed becomes as there is more potential for conflict that can not be resolved because it touches on core world view aspects of one or both people involved.

Borg is also supported by Hetzner Storage Boxes

Oh, all my drives are RAID too, mostly for the convenience of being able to use them while I order a replacement for a failed drive and not having to restore from backup once I get that.