so like most of the community, I wanted to do a dance when I saw https://tildes.net/~tech/1t09/motorola_and_grapheneos_foundation_partnership_announced. However I have a Google Pixel 6 and according to this page, that stops getting security updates this October.

now what I can't tell is is it a better idea to wait for the new moto+grapheneOS phone or bite the bullet and buy a supported pixel. I don't know if anyone know how long until a moto+grapheneOS phone actually hits the market. If it's next year, not a big deal to wait. If it's 2+ years, I get worried about missing out on security updates.

Not sure the best course of action, security wise.

First, let me just say that I'm tech savvy, but I'm self taught for the most part. I never studied cybersecurity or network security. I know the basics, but not the nitty-gritty.

I used to host my own Anytype Server (note taking app) on my raspberry pi. To do this, the documentation says that I need to open two ports, one TCP and another UDP. So that's what I did, and had it set up this way for a while now.

Yesterday though, my raspberry's microSD died. So while I wait for the new one to arrive, I'm taking the chance to review my home network settings.

I closed off a third port that I had for my synology server (for the OpenVPN). I am now using Wireguard (with Tailscale) which doesn't require opening ports. And since my raspberry is offline, I also turned off the other two ports (as of now, I have none opened)

So here's the thing: I remember from my searching that a lot of people are strongly averse to opening ports. Iirc, the basic idea is that if a bad actor knows my home IP and which ports are open, they can enter. So, in theory, a hacker could potentially infiltrate my raspberry pi - and from there potentially wreak havoc in my other devices.

So my questions are:
1- Is it really like that? Could a hacker gain unlimited access to my raspberry via an opened port?
2- If yes, is there something that I can do to strengthen my raspberry pi security?
3- Am I being overly paranoid by worrying about this, even if it’s theoretically possible?

Edit: Decided to go with the Ubiquiti Dream Machine Pro. Thank you for all the suggestions and advice!

Hey Tildenauts,

I'm planning to help a local nonprofit replace their aging hardware firewall pro bono. I have a fair amount of experience with networking and security, especially where web servers are concerned, but I haven't setup a hardware firewall recently enough to know off the top of my head which are the best options here.

The organization is fairly small but on its way to medium sized, around 30 employees at the moment but will likely expand to 50+ in coming years. So I'm looking for a solution that will comfortably scale up to 100 employees. There is remote work, accessing their local server via VPN, so something that comes bundled with a user friendly VPN client would be ideal. I haven't seen their physical setup yet but I know their server gets a lot of use. Not all employees use it remotely on a regular basis but many do.

From past experience I know that Cisco, Sophos and SonicWall are potential options. Cisco seems to be pushing their Meraki platform pretty hard but I don't think this organization needs a subscription based solution.

Anyone have recommendations for hardware firewalls I should consider? Any potential footguns I should know about?

Thanks in advance!