It depends on how the router responds to other non-forwarded ports. For UDP an open port with no response is the same as a dropped packet. A scanner will only know if the device sends an ICMP response back to indicate that it is closed.

If filesystem UUIDs are IP equivalents. Then device paths are MAC addresses. FS labels are DNS. Device mapper entries are service discovery.

There are a lot of edge case characters around visually indistinguishable names. If that is a concern usernames should use a restricted known character sets instead of trying to block specific characters. You likely should also treat lookalike characters as equivalents when checking for username overlap.

Likely you needed to include the intermediate cert chain. Let's encrypt sets that up automatically so it's quite a bit easier to get right.

There is also SMS passive reading using LEO intercept. Hacked police email accounts are used to gain access to carrier systems where they use "imminent threat" no warrant lookups to pull the SMS in real time.

SMS is a terrible form of 2FA, better than none but not by much.

Fridges with a dial usually are an uncalibrated simple analog thermostat sensor (often a gas tube with a pressure switch) along with a simple analog control board. Fridges with a digital thermostat tend to use a calibrated sensor (usually a thermocouple) with a digital control board.

Yeah, I think that was it. I also played a heck of a lot of sudoku on it.

The expression syntax for the GNU find command is very powerful. I would expect that it is up to the task. If you don't have the GNU find command with it's extensions I could see how it's would be difficult.

If you want an automated system that can protect against ransomware your backups need to be hosted in some way where the backup server has control of the retention and not the client (NAS, local disk, etc are not sufficient). If your NAS supports automated snapshots that can't be deleted by the backup user it can mostly fill this gap but may need to be checked for how it handles snapshots when the disk fills.

For self-hosted solutions I've used BURP, Amanda, and Borg backup in the past but have switched to Proxmox backup server as my VMs all run in Proxmox. You still need to consider full disaster recovery scenarios where both your primary and backup system fail. For this PBS sports both tape and remote server replication.

There are also many cloud solutions that do this automatically. For cloud I would always use them in tandem with some kind of local backup.

For all of these they should have an admin account that has strong protection and doesn't share credentials with any of the primary systems.

Are they on a local disk? Thunar doesn't render any thumbnails for remote storage by default.

You can still enter audit mode and change some registry settings to switch to a local account. Last time I did an 11 install on a device with Wi-Fi it also let me create a local account after trying to continue with a blank password a few times.

When rsync copying the active root I like to bind mount / to /mnt/root_fs first. This avoids the issue with needing to exclude folders with sub-mounts and will expose files to copy that might be hidden by the mounts.