Concerning this particular article, perhaps the vulnerability here are not a mallicious software packages, but the management of these software repo’s.

Should it be possible to upload a package on a repo with 99% of the same name as one that already exists without some additional checks?

I do not mind banning hammers for the visitors or a museum, especially if there is an exhibition of art that is concidered “unacceptable” by a certain group of people.

I run a small setup on a seperate server segment (2nd router behind my main router) so it is on the internet. I run nextcloud, an dendrite and conduit instance (matrix chat-server servers), a mastodon and go-to-social instance (fediverse), bitwarden (password manager), and others.

If there is a service that you do not want to be publically accessable by everybody but you do want to access from everywhere on the internet yourself, check out client-side TLS (https) certificates. The server does is accessable from the internet put only people who have a TLS certificate on their client signed by you can access it. For services that do not require incoming connections from other machines (e.g. nextcloud, bitwarden, … but no federated services like matrix-chat or the fediverse) that is a very good option to protect your servers.

Australia looks like an interesting case. Iknow that in some countries, ISPs have to provide service to both urban and rural customers at the same price, which means that urban customers actually subsidize people living in rural areas. In some other cases, the gouvernements help pay for this.

Isn’t there a project in Australia that the federal gouvernement is subsidizing the role-out of fibre?