I had a break over Easter from writing, so I could spend some quality time with the family. Hence, not hearing from me for a few weeks.
Going forward I am going to switch to a fortnightly schedule for this newsletter. I find most of my readers enjoy the interesting links and my commentary on them more than my articles (tell me if I am wrong) and on slow weeks I don't always have much to share.
This week I want to talk a little bit about security when comes to hosting you applications either in the cloud or self-hosting your own personal projects.
Ever wondered why your DevOps team insists on using a VPN to access production databases? Or why exposing your home server directly to the internet might not be the best idea? Let's dive into how VPNs work in cloud environments and home networks, and why they're crucial for security.
The Public Internet: A Dangerous Neighbourhood #
Think of your cloud or home infrastructure like a house. Would you leave every door and window open for anyone to walk in? Of course not! Yet, that's essentially what happens when you expose services directly to the internet without proper security measures.
Cloud Infrastructure: The Principle of Least Privilege #
In cloud environments like AWS or Azure, a well-architected infrastructure typically follows these principles:
Public Access Limited to Necessities
Network Segmentation
For example, a typical AWS setup might look like this:
Public Internet → Load Balancer (443) → Web App → Private RDS Database
↳ VPN Gateway → Internal Admin Tools
Self-Hosting at Home #
I host a lot of applications myself at home, such as:
- Calibre — e-Book management
- JellyFin — for streaming my media library to the TV
- Audio Book Shelf — for streaming audiobooks
- MiniFlux — for my RSS feeds
- SearXNG — privacy-friendly search engine
- VaultWarden — password server for BitWarden
- Home Assistant — for managing all my lights in my home
- Actual Budget — for managing my finances
- Immich — for photo management
- Duplicacy — for backups
- Mattermost — my own private Slack for notifications.
It is useful to have access to some of these applications when I am away from home, but the last thing I want to do is to set up port forwarding and open up my home to the public internet. Especially when there is financial data and my passwords on the line.
Luckily there is quite an easy way to set up a VPN at home using Tailscale. With Tailscale set up I can easily connect to my home services on my laptop and on my phone when I am away.
Security isn't just about keeping the bad guys out – it's about implementing sensible access patterns that make it natural to do the right thing. VPNs provide that crucial secure tunnel to your infrastructure, whether it's in the cloud or at home.
Remember: If you're exposing internal services directly to the internet, you're probably doing it wrong. A VPN might seem like an extra step, but it's a small price to pay for security. After all, you wouldn't leave your house keys under the doormat, would you?
❤️ Picks of the Week #
📝 Article — Senior Developer Skills in the AI Age — There are some great suggestion for how to incorporate AI effectively into your workflow. I find setting detailed requirements especially when it comes to tech stack can be very useful.
📝 Article — Interviewing a software engineer who prepared with AI — It is going to get harder to find decent software developers if people are using AI to help with the interview process. We may just have to go back to in person interviews 😔.
🛠️ Tool — Gumroad's source is available — I am surprised they have made this open source. I have never sold anything with Gumroad myself, but I have been tempted a few times.
📝 Article — How (not to) fail a system design interview — The system design interview is always my favourite part as an interviewer as you can really see how a candidate thinks. There is some solid advice here.
📚 Resource — Understanding Machine Learning: From Theory to Algorithms — Comprehensive free textbook perfect for developers looking to understand ML fundamentals.
📝 Article — The blissful Zen of a good side project — I have so many side projects I want to make, and it definitely feels a lot more freeing building something for yourself than at work.
📝 Article — Life Altering PostgreSQL Patterns — I use PostgreSQL every day at work. There are some good tips in here.
📝 Article — A startup doesn't need to be a unicorn — I used to be in the bootstrapping camp, but I have realised that it is incredibly stressful burning through your own money while not earning anything. Burning through some else's money while remaining lean is a much better approach.
📝 Article — How to Write Blog Posts that Developers Read — There is some great advice in here that I need to follow myself 😅.
📝 Article — PostgreSQL Full-Text Search: Fast When Done Right — Another PostgreSQL guide, this time for full-text search. I wonder if I can make our search at work faster using this.
📝 Article — The best programmers I know — I agree with this and I have found the same traits in other developers that I admire as well.
📝 Article — The chroot Technique - a Swiss army multitool for Linux systems — If you ever get stuck with an unbootable Linux machine then read this. This could have saved me a few times.
🛠️ Tool — Hacker News Hug of Death — I love somewhat pointless little projects like this.
📝 Article — Owning my own data, part 1: Integrating a self-hosted calendar solution — I need something like this. I ended up moving back to Google 😢 for me email and calendar as it just made it easier as the rest of my family and work is also on Google.
📚 Resource — Big Book of R — This looks like a great resource if you want to learn R.
🤖 AI — Google to embrace MCP — MCP looks really interesting if you want to give an LLM abilities which use your APIs or data. AI definitely requires some standardisation around these things.
🗺️ Map — Live Map of the London Underground — This is really cool. I don't know how accurate it is, but it is fun to watch.
📝 Article — Behind the 6-digit code: Building HOTP and TOTP from scratch — Deep dive into the mechanics of two-factor authentication.
🤖 AI — Google is winning on every AI front — I have still been using Claude Sonnet 3.5 for most of my development work. I need to see how Gemini 2.5 performs.
🛠️ Tool — Open source and self hostable/private file converter — Something else for me to self-host. I think I might have a problem 🤣.
📝 Article — Why I Decided on the Framework 13 for My Next Laptop — Kev has a few posts on his experience with this laptop and using Linux. I would like to use something like this but at this point in my life I have too many Apple products and I need everything to just work.
📝 Article — A Reddit bot drove me insane — So we now have AI bots writing posts on Reddit to drive users to affiliate links and hardly anyone seems to notice.
📚 Resource — Open guide to equity compensation — If you join a tech company chances are you will be given some form of equity. Worth giving this a read.
📝 Article — Everything wrong with MCP — We have been looking at MCPs at work and a lot of the examples link directly to the database which is a big no-no. I think MCPs can be useful if given specific access to API endpoints and the correct authorization and authentication can be passed through.
🛠️ Tool — Damn Vulnerable MCP Server — On a similar note here is an example of some of the things that can go wrong using MCP.
🤖 AI — DolphinGemma: How Google AI is helping decode dolphin communication — This is interesting but not overly useful for me! When are Google going to develop CatGemma so I can talk to my cats. I need the full Dr Dolittle experience!
🛠️ Tool — A hackable AI assistant using a single SQLite table and a handful of cron jobs — This is cool! I am saving all these things so that at some point I can have a fully working local J.A.R.V.I.S at home!
🛠️ Tool — SQLite File Format Viewer — Useful tool for exploring SQLite database internals.
📝 Article — OKLCH() — I have not looked into OKLCH yet, but it looks like a useful for colours in CSS.
📝 Article — Cleaning up gone branches — Useful git maintenance techniques.
📝 Article — "Most promising signs yet" of alien life on a planet beyond our Solar System — I am sure we aren't the only living things in our galaxy. I doubt I will see any proof in my lifetime though.
👾 Game — Which year: guess which year each photo was taken — This is quite a fun game. I got quite close on a few of them.
📝 Article — I analyzed chord progressions in 680k songs — Fascinating data analysis of musical patterns.
🛠️ Tool — Solidjs: Simple and performant reactivity for building user interfaces — This looks interesting. I am not a big lover of React. I like the fact that Solid JS has no hook rules and components execute just once when they are first rendered.
🤖 AI — Dia, an open-weights TTS model for generating realistic dialogue — Another cool TTS model. These sound realistic, but it sounds like it is trained on podcasts or radio shows. The fire demo is funny though.
📝 Article — How I reduced my microplastics exposure (without going crazy) — I should probably pay more attention to microplastics. I have already moved to either metal or glass bottles, but there are definitely more things that can be reduced.
📝 Article — AI Horseless Carriages — There are some great points in here if you are looking to build AI into your applications. The key here is working out what the application might look like if it used AI from the start.
📝 Article — The slow realization that what I thought was real was actually fake — I was expecting this to be an article about AI, but it turns out companies have been pulling the wool over our eyes for years and AI is just the digital version of this.
💬 Quote of the Week #
We now trust our senses, memories, and gut feelings less and put all our faith in Google. These bad habits rot the discipline necessary for contemplation or study and rob us of the grit necessary to follow through with long-term goals.
From the book Feck Perfuction by James Victore.
Top comments (0)