Thanks, good to know about firewall.
Thanks, good to know about firewall.
While what you’re saying is theoretically true, don’t forget that as far as I know, most attacks are perpetrated by bots. And while it is true that in a fedora based version one could run ostree admin unlock etc… this particular command would need to be included in the attack script.
Now if the script has to be modified to include all possible different immutable systems that could possibly run it would increase the complexity and most importantly the size of said script making it easier to detect.
I’m not saying that its a bulletproof method, I’m just saying that by itself it greatly minimizes the risk, at least until all servers run immutable systems. And even then it still complicates matters for potential attackers quite a bit. So therefore reducing or at least greatly minimizing the potential of the system being compromised.
Thank you for the tip. Unless my understanding is wrong both OS are similar, Coreos targeting more precisely Kubernetes and cluster management. Had a quick look, but definitively will read more about it.
Thank you, good to know. Not as straightforward as directly installing distro but certainly worth considering.
As to why it reduces attack surface please see answer provided to other comment.
Because even if an attacker could gain access even as root he cannot modify system files. This is why immutable OS distros are called immutable.
This runs a combination of both. Been using this for years and works like magic
Not for myself but a client who was running a game server. He wanted to tweak the number of ticks/second that the kernel interacted with CPU. Didn’t even know that this was a parameter and after a few attempts, according to him, never went on that server myself, made a huge difference and he claimed having grabbed a good part of the market because of that.
After that familiarized myself more with the stuff in there. But that was a good while ago, before most of you guys were born.
IMO best newsletter for self hosting. Lots of stuff and updates on updates. Very good.
Second Zabbix. Been using it for years and it just works.
Started with Mandrake a long time ago and when it went away turned to Ubuntu and have stuck with it ever since. Surprised no one mentioned LTS (long time support) which I think is 5 years. This means for servers you don’t have to worry about frequent upgrades (think fedora) and for desktops my setup stays stable for a good while.
I try other disros in VMs just to try sexier stuff but for production stick to Ubuntu.
I often see wireguard and adguard or pihole mentioned. There’s a service that provides a combination of wireguard and pihole in 1 docker compose file and has a web interface for wireguard clients (wgeasy) called wirehole. Been using our for 2 years or so, very happy with it.
In my opinion the most elegant solution for an ad blocking VPN.
Why not try docker rootless? Been using it for 2 years and does everything docker does.
Agree Magicearth not so accurate on traffic info. But my biggest problem with Google is that it focuses so much on commercial info that takes most of the map’s real estate (shops, stores, malls, etc) ,which it’s not usually what I’m looking for, that it causes some kind of allergic reaction.
Magic is great, better than Google, for navigation and clarity in directions and graphically much more appropriate to driving.
Not sure why this post doesn’t have a ton of comments. It illustrates the fundamental problem with KPIs and performance measurement. When it comes to measuring human production with digital tools, because the binary measure is so restrictive, it leaves out a universe of values and information that is just ignored as a result. And this very often has dramatic consequences.
Surprised nobody mentioned Yakuake. Just discovered it’s just for kde. Been using it for years. It hides at the top of my screen and slides down when the cursor hits the top. Full desktop when not used and can access it no matter which app I’m using.