On the NES, I always enjoyed Base Wars. It was baseball, except not boring. Instead of a player being “out” when you got the ball to the base ahead of him, you fought for the base.
On the NES, I always enjoyed Base Wars. It was baseball, except not boring. Instead of a player being “out” when you got the ball to the base ahead of him, you fought for the base.
Have you considered just beige boxing a server yourself? My home server is a mini-ITX board from Asus running a Core i5, 32GB of RAM and a stack of SATA HDDs all stuffed in a smaller case. Nothing fancy, just hardware picked to fulfill my needs.
Limiting yourself to bespoke systems means limiting yourself to what someone else wanted to build. The main downside to building it yourself is ensuring hardware comparability with the OS/software you want to run. If you are willing to take that on, you can tailor your server to just what you want.
I didn’t actually think about what all these wild AV systems could do, but that’s incredibly broad access.
Always has been. I’ve clean Symantec A/V off way too many systems in my time, post BSOD. That crap came pre-loaded on so many systems, and then borked them. The problem is, that in order to actually protect system from malware, the A/V has to have full, kernel level access. So, when it goes sideways, it usually takes the system down. I’ve seen BSODs caused by just about every vendor’s A/V or EDR product. Shit happens. Everyone makes mistakes, but when that mistake is in A/V or EDR, it usually means a BSOD.
Maybe I’m just old, but it always strikes me as odd that you’d spend so much money on that much intrusive power that on a good day slows your machines down and on a bad day this happens.
I get that Users are stupid. But maybe you shouldn’t let users install anything. And maybe your machines shouldn’t have access to things that can give them malware. Some times, you don’t need everything connected to a network.
It’s tough. The Internet and access to networks provides some pretty good advantages to users. But, it also means users making mistakes and executing malware. And much of the malware now is targeted at user level access; so, you can’t even prevent malware by denying local admin/root. Ransomware and infostealers don’t need it. A/V ends up being a bit of a backstop to some of that. Sure, it mostly is a waste of resources and can break stuff when things go bad. But, it can also catch ransomware or alert network defenders to infostealers. And either of those can result in a really, really bad day. A ransomed network is a nightmare. And credentials being stolen and not known about can lead to all kinds of bad stuff. If A/V catches or alerts you to just one or two of those events and lets you take action early, it may pay for itself (even with this sort of FUBAR situation) several times over.
Oddly, one of CrowdStrike’s selling point is that it provides pretty good EDR for Linux and Mac. If you want crap EDR, which pushes you towards Windows, Microsoft Defender for Endpoint is the ticket.
I do agree with what you are saying, but for a complete beginner, and a very general overview, I didn’t want to complicate things too much. I personally run my own stuff in containers and am behind CG-NAT (it’s why I gave it a mention).
That said, if you really wanted to give the new user that advice, go for it. Rather than just nit pick and do the “but actshuly” bit, start adding that info and point out how the person should do it and what to consider. Build, instead of just tearing down.
No, but you are the target of bots scanning for known exploits. The time between an exploit being announced and threat actors adding it to commodity bot kits is incredibly short these days. I work in Incident Response and seeing wp-content
in the URL of an attack is nearly a daily occurrence. Sure, for whatever random software you have running on your normal PC, it’s probably less of an issue. Once you open a system up to the internet and constant scanning and attack by commodity malware, falling out of date quickly opens your system to exploit.
Not saying Windows isn’t trash, but considering what CrowdStrike’s software is, they could have bricked Mac or Linux just as hard. The CrowdStrike agent has pretty broad access to modify and block execution of system files. Nuke a few of the wrong files, and any OS is going to grind to a halt.
Short answer: yes, you can self-host on any computer connected to your network.
Longer answer:
You can, but this is probably not the best way to go about things. The first thing to consider is what you are actually hosting. If you are talking about a website, this means that you are running some sort of web server software 24x7 on your main PC. This will be eating up resources (CPU cycles, RAM) which you may want to dedicated to other processes (e.g. gaming). Also, anything you do on that PC may have a negative impact on the server software you are hosting. Reboot and your server software is now offline. Install something new and you might have a conflict bringing your server software down. Lastly, if your website ever gets hacked, then your main PC also just got hacked, and your life may really suck. This is why you often see things like Raspberry Pis being used for self-hosting. It moves the server software on to separate hardware which can be updated/maintained outside a PC which is used for other purposes. And it gives any attacker on that box one more step to cross before owning your main PC. Granted, it’s a small step, but the goal there is to slow them down as much as possible.
That said, the process is generally straight forward. Though, there will be some variations depending on what you are hosting (e.g. webserver, nextcloud, plex, etc.) And, your ISP can throw a massive monkey wrench in the whole thing, if they use CG-NAT. I would also warn you that, once you have a presence on the internet, you will need to consider the security implications to whatever it is you are hosting. With the most important security recommendation being “install your updates”. And not just OS updates, but keeping all software up to date. And, if you host WordPress, you need to stay on top of plugin and theme updates as well. In short, if it’s running on your system, it needs to stay up to date.
The process generally looks something like:
Optionally, you may want to consider using a Dynamic DNS service (DDNS) (e.g. noip.com) to make reaching your server easier. But, this is technically optional, if you’re willing to just use an IP address and manually update things on the fly.
Good luck, and in case I didn’t mention it, install your updates.
I started using Summit and it was good enough that I stuck with it.
Reddit is (no longer) Fun.
Like others, the API change was the final straw. I used Reddit is Fun (RIF) for years, even paid for the full version, because both the official Reddit app and the mobile web interface were terrible. I was also using the old web interface with the Reddit Enhancement Suite, and that went on “maintenance mode”. Overall, Reddit just reached a point that the enshitification was getting to be too much for me to stomach. So, here I am.
At the time I stood my server up, I was supporting RHEL at work and support for docker seemed a bit spotty. IIRC, it took both setting up the docker yum repo directly, along with the EPEL repo. And every once in a while, you could end up in dependency hell from something which was at different versions between EPEL and the official repos. Ubuntu, on the other hand, had better docker support in the official repos and docker seemed more targeted at .deb distributions. So, I made the choice to go Ubuntu.
I suspect this is long since all sorted. But, I see no compelling reason to change distributions now. The base OS is solid and almost everything the server does is containerized anyway. If I were to rebuild it, I would probably use something more targeted at containerization/virtualization, like Proxmox.
I had dabbled with Linux before, both at home and work. Stood up a server running Ubuntu LTS at home for serving my personal website and Nextcloud. But, gaming kept my main machine on Win10. Then I got a Steam Deck and it opened my eyes to how well games "just worked’ on Linux. I installed Arch on a USB drive and booted off that for a month or so and again, games “just worked”. I finally formatted my main drive and migrated my Arch install to it about a week ago.
I’m so glad that I won’t be running Windows Privacy Invasion Goes to 11.
Probably running half the US Government’s systems.
The US Navy famously paid Microsoft to keep supporting Windows XP well after it’s End of Life. There’s probably some highly critical mainframe running in a basement somewhere, with no backups, spare parts cobbled together from failing systems and some gray beard wizard keeping it all spinning.
My experience has been pretty similar. With Windows turning the invasive crap up to 11, I decided to try and jump to Linux. The catch has always been gaming. But, I have a Steam Deck and so have seen first hand how well Proton has been bridging that gap and finally decided to dip my toes back in. I installed Arch on a USB 3 thumbdrive and have been running my primary system that way for about a month now. Most everything has worked well. Though, with the selection of Arch, I accepted some level of slamming my head against a wall to get things how I want them. That’s more on me than Linux. Games have been running well (except for the input bug in Enshrouded with recent major update, that’s fixed now). I’ve had no issues with software, I was already using mostly FOSS anyway. It’s really been a lot of “it just works” all around.
Sort of yes, sort of no. This is one of those places where the US Federal system of government would be beneficial. For the most part, Homicide is a State crime. This means that the State where the crime occurred would have jurisdiction and The US President would not have the power to pardon for that crime. So, let’s say that Biden sends a private hitman (and not Seal Team 6, the FBI or whatever fevered dream part of the US Government Trump comes up with next) to kill Trump. Said hitman would be indicted in New York under New York law for the homicide. President Biden’s power to pardon would not be able to help the hitman. By contrast, New York Governor Kathy Hochul probably could (I can’t be arsed to look up the power of pardon in New York). Where this breaks down is in DC or other Federal land (e.g. military bases). Since those are Federal lands, the Federal Government would have jurisdiction and the President probably would have the power of pardon.
While I’m a fan of Kali, some work environments see anything Kali related and go full “zomg! WTF!” Mode. Even in less restrictive environments, it’s often easier to just go with the flow and avoid making life harder for the security folks, without a good reason.
Microsoft tried a mobile version of Windows. And, it was actually not terrible. However, it suffered from a major problem.
But, the coupon says, “half off”!