Just imagine you invested sum X back then. Who knows if you would still hold it. Maybe you would have made 10 into 100 $ and quit or shifted some into another crypto and lost it there, maybe you would have gambled with derivates which then did not perform as well. Picking single investments is basically gambling. I know this won’t make your leftovers taste better but try not to blame yourself for decisions that were 50/50 bets at best.

I think it is not maintained any more: https://github.com/andOTP/andOTP

Well, every second you “miss out” on going all-in on the highest leverage possible and win. Afterwards you always know better so don’t be sad about it. Back then it was probably even more risky than it is now, so depending on your risk tolerance and investment goals it was probably right to miss it.

Volatility can be measured. There is no way to say BTC is not volatile. Historic charts also will not help predicting the future.

I tested WAFs in the past, also ones from the big players and while they might block some cheesy stuff on the application layer, as long as they are not heavily tailored towards your application, they stop bein effective against most manual stuff.
Everything lower than application layer ist not a WAF btw, so I am not sure if you mean WAF or some Firewallish stuff.

Just stick to best practices and expose only what you really need to expose. When putting third parties in front of your stuff this als has data protection implications. If using it makes you feel better okay but it should not feel you more secure if you expose vulnerable stuff.

You wrote:

there’s certainly plenty of implementations which i wouldn’t class as obscurity.

without specifying further. How am I supposed to work out what you mean? I did a guess in my last answer and you seem not to care about a discussion on the topic but instead now question me. I

I just wanted to make clear that port knocking is obscurity and maintaining and configuring your still public facing services in a secure manner is essential. There are best practices which I did not define and are applicable here.

If you whitelist your IP that of course helps but I am not sure what that has to do with port knocking. Whitelisting an IP after it knocked right, that would be obscurity. Whitelisting an IP after it authenticated through a secure connection with secure credentials? Why not just use VPN?

I am also not directly commenting on OPs question, as I try to tackle missconceptions in the comments.

Does this method use a cryptographically secure secret which is transmitted encrypted? If not, it is obscurity. If yes, just use normal secure authentication if your goal is security. If you want to get volume down and maybe reduce your risk, feel free to use such things but you should not apply the security label to it.

A WAF won’t magically solve your problems and free you from your attack surface. To be effective it needs contect of the application and a lot of tuning. Your public facing services should be treated, configured and maintained as such. I am not sure if you include a WAF in the stuff that won’t stop exploitation of vulns, but it definitely belongs there. Yes, it can decrease volume and make exploitation a bit harder but that’s it usually. Also don’t just include proprietary third party stuff and hope it solves your problems.

While this helps getting volume down it just adds a layer of obscurity and the service behind should still be treated and maintained as if it was fully public-facing.

Sorry to nitpick but I feel like beimg precise here is important. Nginx is a project, ssh a protocol and VPN an overlay network, so more of a concept. All 3 can be run somewhere on the spectrum between quite secure and super insecure. Also safe and secure are two different things, I guess you meant secure so no big deal.

Yes but if you do not have one it can become super complicated.

And as soon as you leave your fare system everything changes.

Not arguing about how cheap you can get IP phones or if it’s a good idea. Just wanted to mention that 300$ is a lot of money for a lot of people. 210$ are as well and while it might make sene in the long run, people might still not be able tovafford it. If you can, go for it, but many can’t.

That’s a lot of money.

Mine is managed hosted so I don’t know.

Also, stop using pesticides/ herbicides in you garden, plant native flowering plants, mow after they finished flowering, let grass grow a bit, maybe mow alternating areas.