Comment by lolinder

I'm not running a business, I'm running a home. The threat models are totally different and I adjust my security posture accordingly.

Besides, I don't bother with auth for simple services, not stuff that actually hosts data. If someone unauthorized is inside my network they're not going to be interested in using my TTS/STT service or in finding out the last barcode I scanned or in using my tiny consumer GPU to generate tokens on an LLM—there are way worse things they could be doing at that point than fiddling with the many tiny services I have set up.

Also: I couldn't set up so many silly, inconsequential services if I didn't have a VPN. With my setup, every new idea I have can be a quick service on my network accessible by me anywhere in the world. If I had to expose each of these things to the internet I wouldn't bother running them at all lest they have an exploit that ends up being an entrypoint into my network.