There are two or three scare-mongering arguments in the article that I cannot believe to be true. The rest might be valid but throwing-in these makes the whole post less valuable:
- traffic might take your site down: it's never going to happen, although I understand why one would hope so
- SSH attacks: change your default port
- shellshock: you use or used CGI scripts in the last decade?
Author here. Sure, maybe successful attacks in those categories are unlikely. But my main point was, so long as I maintain my own VPS, they're still possible, and I'm responsible for defending my box against them. Whereas in SaaS land, I don't even know what physical / virtual boxes the provider has, nor do I care, because I'm not responsible for their security nor for anything else regarding them.
If you have run VPSes for some time, how come you have not learnt and taken some steps to make it less prone to attacks? That's the part I don't find credible enough, or can't share the rationale to include it in this post.
Author here. Like I said in the article, "... I've picked up more than a thing or two when it comes to Linux sysadmin". I did harden my VPS here and there, over the years. And there never was a successful attack on my VPS - not that I'm aware of, at least.
But that doesn't change the fact that I simply don't want to manage a VPS anymore. Like I also said: "However, I've learnt what I have, out of necessity, and purely as a means to an end. I'm a dev, and what I actually enjoy doing, and what I try to spend most of my time doing, is dev work. Hosting everything in SaaS land, rather than on a VPS, lets me focus on just that."
- traffic might take your site down: it's never going to happen, although I understand why one would hope so
- SSH attacks: change your default port
- shellshock: you use or used CGI scripts in the last decade?