Either you are heavily misinformed about how difficult arch is, or you lack any confidence in your ‘Linux skill’.
Choose the system you want to achieve, follow the wiki and choose the software you want to use using it and you are good to go, it really is not that hard. You can always use archinstall.
But the fragmentation on SSDs does not really matter, does it? Yes you need to keep track of all the fragments but this is not really a problem as far as i am aware. To my knowledge, increasing latency on bigger storage is a problem that faces all storage technologies we hqve atm.
You do not even need a port based firewall when the server is open on the internet.
When you configure the software to not have unnecessary open ports over the internet connected interface then a port based firewall is providing zero additional security.
A port based firewall has the benefit that you can lock everything down to the few ports you actually need, and do not have to worry about misconfigured software.
For example, something like docker circumvents ufw anyway. And i know ppl that had open ports even tho they had ufw running.
I can see where they are comming from, but i do not understand it. Remote streaming was free and is now only available via a subscription or the lifetime pass. So it is locked behind a subscription. Ofc it is more nuanced, but the title expresses really cleanly what the topic is.
Clickbait (also known as link bait or linkbait) is a text or a thumbnail link that is designed to attract attention and to entice users to follow (“click”) that link and view, read, stream or listen to the linked piece of online content, being typically deceptive, sensationalized, or otherwise misleading.
https://en.wikipedia.org/wiki/Clickbait
Title is not really deceptive or misleading.
That is not really covering the topic for everyone, this only covers the article for ppl who are paying already for the pass.
Not seeing how this is clickbait. The title sums it up on point.
At the same time crowdsec heavily benefits of the big free userbase since they ‘crowdsource’ their thread detection.
Just a simple hole renders them useless. The only method to reconstruct them from there would be any kind of SEM or AFM which would still take weeks to months to years depending on the size/density of the drives.
Even just opening them up and smacking the disks would be sufficient
Next time just encrypt them.
Just because there is no update does not mean there are security vulnerabilities to worry about, or do you have a specific one that is not fixed?
The attack vector seems very narrow to me. It checks the container registry downloads the containers and runs some docker commands.
It has no interface, so in order to attack it you either have to compromise the container registry (but then it would be easier to compromise the containers you download) the secure connection used to download the containers (https is quite stable) or something on the server side.
Also the project does not really look that abundant to me.
EDIT: So i have not checked this, but watchtower is probably using docker for most steps anyway? So basically the only thing that could be attacked is via the notifications watchtower is sending?
Years out of date
What problems does it have? Never ran into an issue for my usecase.
Automatic updates. Works like a dream. Depending on what you are running it can obviously cause issues, either server side breaking or server,client communication issues
Tbf, winget is a god sent and works surprisingly well, took them what? 30 years to get it done?!
Just today I logged into a Workstation at work, just to see 2 versions of Teams being auto launched. And no, no one installed 2 Versions, it was Windows.
Yep. The difference is simply put just ppl are used to the quirks on Windows but not on Linux.
Most critical infrastructure like my mail i subscribe to the release and blog rss feed. My OSs send me Update notifications via Mail (apticron), those i handle manual. Everything else auto updates daily.
You still need to check if the software you use is still maintained and receives security updates. This is mostly done by choosing popular and community drive options, since those are less likely to get abandoned.
Is adding a URL too much? Jellyfin is also just login in addition to enter the server URL.
You have basically two options.
Symmetric Encryption. That means you use the same password/key for writing the Backup and for reading the backup. Here you have to write the password somewhere, depending on the OS there are options like keychains or similar that can hold the password so that the password is only available once you are loged in or have unlocked the keychain.
Asymmetric Encryption. That means you have different passwords/keys to read and write the backup. PGP is an example here. Here you can just simply use one key to write the backup, this key can become public and you do not have to worry about your backup since it will only be readable with the 2. key.
I personally use Restic with a password that is only readable by the system root user stored on the filesystem. Since I use Full Disk Encryption i do not have to worry too much about when the secret is available in clear text at runtime.
If I decide to put up with this type of attitude
Your the one insulting me.
Would you say pointing the finger at the linux devs and maintainers saying they should work harder does improve anything and drives ppl to volunteer?
Do you want to prevent brute forcing or do you want to prevent the attack getting in?
If you want to prevent brute forcing then software like fail2ban helps a little, but this is only a IP based block, so with IPv6 this is not really helpfull against a real attack, since rotating IP addresses is trivial. But still can slow down the attacker. Also limiting the amount of sessions and auth tries does significantly slow down the attacker.
If you just want to not worry about it set strong passwords, and when it is a multi user system where other ppl might access it, configure Public Key Auth so you can be sure the other users have strong passwords (or keys in this case) to authenticate.
With strong passwords or keys it is basically impossible to brute force your way in with ssh.