If I understand this correctly, you're still forwarding it a port from one network to another. It's just in this case, instead of a port on the internet, it's a port on the TOR network. Which is still just as open, but also a massive calling card for anyone trolling around the TOR network for things to hack.

Git was literally written by Linus to manage the source of the kernel. Sure patches are proposed via mailing list, but the actual source is hosted and managed via git. It is literally the gold standard, and source control is a foundational piece of software development. Same with not just unit tests, but functional testing too. You absolutely should not be putting off testing.

Gotta be honest, downloading security related software from a random drive is sending off sketchy vibes. Fundamentally, it's no different than a random untrusted git repo. But, I really would suggest using some source control rather than trying to roll your own with diff archives.

Likewise, I would also suggest adding in some unit and functional tests. Not only would it help maintain software quality, but also build confidence in other folks using the software you are releasing.

After briefly reading about systemd's tmpfiles.d, I have to ask why it was used to create home directories in the first place. The documentation I read said it was for volatile files. Is a users home directory considered volatile? Was this something the user set up, or the distro they were using. If the distro, this seems like a lot of ire at someone who really doesn't deserve it.

Just serve the CloudFlare certs. If the URL is the same, it won't matter. Doesn't matter if you're talking to a local private address like 192.166.1.100 or a public IP. If you're accessing it via a DNS name, that is what is validated, not the underlying IP.

PS. If you tried this and are having issues. We need more details about how things are set up, and how you are accessing them.

This isn't a statement from Apex or EAC. The original source for the RCE claim is the "Anti-Cheat Police Department" which appears to just be a twitter community. There is absolutely no way Apex would turn over network traffic logs to a twitter community, who knows what kind of sensitive information could be in that. At best, ACPD is taking the players at their word that the cheats magically showed up on their computers.

PS. Apparently there have been multiple RCE vulnerabilities in the Source Engine over the years. So, I’m keeping my mind open.

I do not buy this RCE in Apex/EAC rumor. This wouldn't be the first time "pro" gamers got caught with cheats. And, I wouldn't put it past the cheat developers to not only include trojan-like remote-control into their cheats, but use it to advertise their product during a streamed tournament. All press is good press. And honestly, they'd probably want people thinking it was a vulnerability in Apex/EAC rather than a trojan included with their cheat.

I believe what you're looking for is ROCE: https://en.wikipedia.org/wiki/RDMA_over_Converged_Ethernet

But, I don't know if there's any FOSS/libre/etc hardware for it.

I've heard good things about used/refurb HP (elite desk and pro desk) and Lenovo (m700 and m900) mini-pcs. A quick search shows they're going for ~120-140$ for a quad core with 16 gigs of memory.

Check out minisforum, for example this intel mini-pc. They have a ton of selection, not just that one example.

From the article, "These systems range from ground-based lasers that can blind optical sensors on satellites to devices that can jam signals or conduct cyberattacks to hack into adversary satellite systems."

You are not being overly cautious. You should absolutely practice isolation. The LastPass hack happened because one of their engineers had a vulnerable Plex server hosted from his work machine. Honestly, next iteration of my home network is going to probably have 4 segments. Home/Users, IOT, Lab, and Work.