so like most of the community, I wanted to do a dance when I saw https://tildes.net/~tech/1t09/motorola_and_grapheneos_foundation_partnership_announced. However I have a Google Pixel 6 and according to this page, that stops getting security updates this October.

now what I can't tell is is it a better idea to wait for the new moto+grapheneOS phone or bite the bullet and buy a supported pixel. I don't know if anyone know how long until a moto+grapheneOS phone actually hits the market. If it's next year, not a big deal to wait. If it's 2+ years, I get worried about missing out on security updates.

Not sure the best course of action, security wise.

First, let me just say that I'm tech savvy, but I'm self taught for the most part. I never studied cybersecurity or network security. I know the basics, but not the nitty-gritty.

I used to host my own Anytype Server (note taking app) on my raspberry pi. To do this, the documentation says that I need to open two ports, one TCP and another UDP. So that's what I did, and had it set up this way for a while now.

Yesterday though, my raspberry's microSD died. So while I wait for the new one to arrive, I'm taking the chance to review my home network settings.

I closed off a third port that I had for my synology server (for the OpenVPN). I am now using Wireguard (with Tailscale) which doesn't require opening ports. And since my raspberry is offline, I also turned off the other two ports (as of now, I have none opened)

So here's the thing: I remember from my searching that a lot of people are strongly averse to opening ports. Iirc, the basic idea is that if a bad actor knows my home IP and which ports are open, they can enter. So, in theory, a hacker could potentially infiltrate my raspberry pi - and from there potentially wreak havoc in my other devices.

So my questions are:
1- Is it really like that? Could a hacker gain unlimited access to my raspberry via an opened port?
2- If yes, is there something that I can do to strengthen my raspberry pi security?
3- Am I being overly paranoid by worrying about this, even if it’s theoretically possible?

Does Tildes have any way for me to logout of a device I'm not currently using?

• I don't see any session management or "logout of all devices" in the settings.
• Would resetting my password invalidate all active sessions?
• Do I need to email someone?