Firewalling Umbrel "Redux"

@nordlys and @DarthCoin, I recently enjoyed re- re- re- reading your high quality banter on the previous firewalling thread, which has been a while back now (here). As someone who’s worked a bit in the dark arts (benefitting from Agencies who specialize in theft of secrets…), the assumption that all is well as long as your front door is locked and a good password is hidden neatly under the keyword, well, doesn’t fly. So, without further ado, what do we make of today’s ArsTechnica article regarding weaknesses in SSH implementation? Nothingburger, and only a theoretical risk, or have the researchers done quality work by showing the vulnerabilities actually in the wild?