I'm curious on how to get started in self hosting. I have computer experience, being an Android Developer, but I hardly have experience in Linux and backend/networking work.

I've been wanting to start up a Plex/Jellyfin server for a while, and I have an old system sitting around with a Ryzen 1700 with a graphics card in there as well that's been begging for attention, and maybe I can throw on a Minecraft server in there as well. Since I travel a bunch, it would be nice too to be able to access my media for when I'm traveling, or to let my parents or friends access some shows if they so desire!

What I'm worried about is exposing my network to the internet basically. I used to run a Minecraft server with port forwarding and such on a personal computer but now I'm realizing that that's probably a bit unsafe lol.

Basically, are there any guides that I can look at, or any of your own experiences that could potentially help me or anyone who's interested?

After 11 years of life, Google Authenticator has added cloud backups for OTP keys in version 6.0.

Google Security Blog: Google Authenticator now supports Google Account synchronization

This is surprising news to me, because historically Authenticator had no way to backup keys by design. Here's a 2017 quote from a Google engineer who maintains Authenticator:

There is by design NO account backups in any of the apps. ^[source]

This design choice always made sense to me, as the point of 2FA is that you've got (1) something you know, and (2) something you have. The second factor should be tied to a physical device. If you lose the physical device, the second factor should be gone, and you'll need to use one of those 10-ish backup codes that we all definitely keep somewhere safe. I'm quite befuddled that Google is reversing this design choice and walking back their previously strong, security-centric design for the sake of user convenience in the case of a lost phone. I used to advise my friends and family to choose Google Authenticator over Authy for this specific reason.

If you want further reading, here's a PCWorld article with an altogether different tone than Google's announcement: Google Authenticator’s long-awaited cloud 2FA feature carries hidden risk

I saw all the hype about Google's new passkey rollout on Hacker News and Ars Technica in the past month, and have even read an article stating that, paraphrased, "I should start using passkeys immediately, even if the tech is not all the way there yet."

Some questions:

• Are you using passkeys currently? Which provider?
• Is there a fear of vendor lock-in (looking at you, Apple) or ditching the product in the future (looking at you, Google)?
• Any other concerns I should be aware of, e.g. what happens if my phone gets run over by a bulldozer?