I don’t entirely agree but I recognize that it really depends on each person’s use. You can run a blog that auto-publishes to Twitter, Facebook, etc. so that you, personally, don’t have to be logged in or visit. But if you want to use the services and and be invisible to them you’re going to need either separate browsers or use private browsing modes.
I didn’t say Linux was less secure, I said OpenBSD focuses on security. I use FreeBSD for my NAS because it natively supports ZFS, which I like. Though I may move the NAS to Debian because ZFS has some performance issues when the drives get full or RAM gets tight, and I want some consistency across the servers I use.
BSD distros just tend to keep things a little more reigned in and their development process puts security at the forefront. You will find much fewer packages available for them and might even find yourself compiling source code for a particular program you want because it’s not included or available in any other fashion.
Mail is your primary identity , why would you try and save a few euros per year using a ‘cheap hoster’ and risk being compromised ?
I suggest you signup for a free 30 day trial and see what services servermx.com offer.
Wallabag allows me to save long articles for reading later , usually on a more comfortable device.
It is also nice to have an archive so that later I can re-read and share.
More useful than bookmarking and not reading.
I ran OpenBSD, FreeBSD, CentOS, Fedora, Debian, and Ubuntu as desktops and severs for years. They are all irritating in some way, good in others. One tool does not fit all needs and it is a good thing™ that we have such a rich ecosystem to choose from.
If you don’t use whatsapp, then you don’t exist, if you don’t exist, then I must be hallucinating running TT-RSS, since it can’t exist, if you don’t exist… right?
This is pure paranoia. SELinux is major PITA and life is too short for SELinux, but claiming that you don’t want to use it, since it was designed by the NSA puts you right in the tinfoil hat category.
Also, your claim that you don’t want to use SELinux and then you start about cheap webhosting? Do you have a well connected 4096 bit RSA PGP key which you use for everything? Something does not compute here.
“Not in Education, Employment, or Training” It has nothing to do with Linux, but everything with employment statistics.
Also fox’s advice is very good. Use Centos for servers.
Chose something that has a long end of life and you do not need to update the server (apart form security) for a while. By then, you might have changed your mind about what to run:
CentOS-7 updates until June 30, 2024.
Debian 8 “Jessie” until end of April 2020. Or Debian 9 “Stretch”, which will get you well into 2022…
Admittedly Debian 9 “Stretch” is now stable, but it will be supported until 2022. Centos still wins.
I have talked about this with friends and colleagues and the conclusion is that unless people have specific requirements, you should advice Centos for servers. If people know more, then obviously not, but then they won’t ask.
Can you tell me more about the security stuff? I don’t understand what exactly does a webhoster do wrong? How exactly is it not secure to send e-mails over those cheap hosters?
Would a provider like @markwaters suggested (servermx.com) would be more secure? If yes, why? Could I send and receive e-mails without a 4096 RSA PGP key with a provider like servermx?
I don’t understand why my e-mails are my primary identity. I have changed my e-mail address a lot, because of spam or to have a more anonymous e-mail address. I just want to communicate with a lot of people (anonymously) and secure. Ok, the secure part could be a problem with my cheap hosters, but I still don’t get why it isn’t secure?
Can you please explain to me what this exactly means: “long end of life”? Even if I install a Windows 98 SE it could run the next 20 years. I seriously don’t know what this “long end of life” means and how it could help to manage a server?
Does the package manager of those operation systems have a function which allows me to update only security related stuff? What if the security leak is in apache or php? If I have to update it, how do I know if everything else will still run?
What exactly do you like on ZFS? Wasn’t it the file system which was created for 128bit systems, but we still “only” have 64bit systems? It doesn’t make sense for me, why is this file system so special?
In my opinion ZFS is the epitomy of file systems. It encompasses multiple levels of the storage system that were previously separate (e.g. RAID and File System).
ZFS makes it easy to create, destroy, copy entire “datasets” (think of them as partitions but much more flexible). It supports snapshots which freeze the file system in place and allow you to rollback the whole thing or recover just parts (i.e. files) of it. It handles the redundency (RAID) itself.
Snapshots can be sent/received remotely, making backup/restore even easier. It has copy-on-write, etc.
The biggest selling point for me though is that it’s self-healing. It checksums individual blocks on the disk to ensure data integrity and if you have copies (either mirror or parity) it can recover damaged blocks (if you don’t have a copy, it will notify you what information was lost).
That’s just a high-level overview… The perks go beyond what I’ve written.
I’m not going to delve into everything you discussed because it’s outside the scope of this forum.
Just to be clear: All email is insecure. Period. Unless you digitally encrypt each message you should assume at some point it’s sent across the Internet in plain text.
End of life is the time in which it’s supported. You could install Windows 98 SE but your machine would be compromised in a few minutes as there are no security updates for that operating system. Operating systems that have a long end of life are ones that provide security updates till their end of life date. CentOS is great for this. Debian is better now but still not quite as a good.
If your operating system’s end of life is still in the future, you’ll get the update.
This part sounds really interesting, because I was looking for a solution to roll back whole partitions or even disks without copying the whole disk (e.g. with CloneZilla). The reason for it was, that I always wanted a clean system, because almost every time I try software from the package manager, I am not able to remove everything again (completely) and with time I just pollute everything. And it might be a good thing for security reasons.
But how does it work with files? Is it just like git or does it only hold two versions of a file? The one on the disk and one temporary version?
I know the scope is outside the forum, but we have such a nice discussion here. I can rarely find such nice people in other forums. But can you suggest a forum were I can discuss those topics even more and get similar answers?
It operates at a lower level than git. Git tracks files. ZFS tracks blocks of data. If you snapshot a dataset, that snapshot takes up 0 bytes, more or less. If you add a 1 GB file, the snapshot is 1 GB. If you delete a file, it tracks that as well. It tracks everything from the point of the snapshot onward. This also means if you delete 30 GB, you don’t gain that space back; it’s needed to restore the file system to that point. But the idea is that you’d keep rolling snapshots. If you restore to a snapshot you cannot, however, restore again to a future snapshot. Once you rollback, you are rolled back. You can, though, pull individual files out of the previous snapshots using a hidden .zfs directory in each dataset’s root directory.
A large company might want to keep snapshots at 15-minutes intervals for a few days and daily snapshots for a month. So old ones are constantly getting removed and new ones created.
Snapshots are also cheap (performance wise). It takes virtually no time or CPU effort to create one.
Again, it’s also very low level so it happens quickly and works efficiently.
ZFS does need a fair bit of free space to operate well. I’ve experienced noticeable performance drops when my array got to 70% capacity. Thankfully growing the array is pretty easy by either adding new drives or slowly replacing existing ones.
ZFS will do this but that’s not its primary point. What you want is something like VirtualBox to play around in and restore the whole OS, create different branches of experimenting, etc.
e: Use the right tool for the right job.
No, sorry. I’m not hear to promote other forums and in all honesty I don’t even frequent that many. You might have to learn like the rest of us… by breaking things along the way.
Haha Nah, *BSD is cool too