Absolutely essential is using a firewall and set it as strict as possible. Use MAC like SELinux or Apparmor. This is extremely overkill for a personal server, but you may also compile everything yourself and enable as many hardening flags as possible and compile your own kernel with as many mitigations and hardening flags enabled (also stripped out of features you don’t need)
I’ve never heard of nsjail, so I wouldn’t know. But there’s also bubblewrap which is used by Flatpak for sandboxing. It’s very small, although a bit annoying to use.
That’s very wholesome to hear! :) Thank you for sharing. I’m glad it’s not the case.
You can’t teach old dogs new tricks.
“There are so many things you can do. Don’t accept doing nothing, be a stubborn fuck and do something to alleviate the sadness.”
Good words to live by. :)
Speaking of which, Debian users, how safe are distribution upgrades?
I know. And that’s reasonable of course. I’m sure most of us would agree that proprietary blobs are bad. I’m optimistic that firmware will become more open in the future though.
That’s true. I didn’t think about that. Thank you. :)
Sidenote: If you just want a nice web frontend for others to view your Git repositories, you can use cgit instead.
I’m not a fan of GrapheneOS, but the point they bring up here is valid. There is already proprietary firmware on your computer. There’s no reason why you shouldn’t be updating it to protect yourself from serious exploits. The FSF takes an ideological stance rather than a practical one, unfortunately.
We get around it! :)
I’m not sure if this is a good idea. Would people seriously pay just to access some subreddit? Why wouldn’t they go on another forum?
I can understand why this may be a issue to some people. I think if they asked Windows users this, there wouldn’t be as much of a strong reaction to this. Maybe it comes off as exploiting the good will of the Linux community, but I can’t read minds.
I’m personally ok with this. If someone willingly volunteers and enjoys doing this, then what’s the problem? But again, I’m not sure if that’s the core issue at hand here.
Codeberg for public repositories, cgit (if that even counts) on my own server for private ones