In the middle of some throes now

Avoids tariffs if you print them yourself

Probably not a lot of space savings, but certainly a reduction in complexity, which helps programmers keep everything together and frees their time to work on the newer stuff

Trademark suit from the premium cable channel in 5…4…

A lot of what Linux lacks is UI design, and at least 50+% of that is just because of what we got used to using other products.

Linux doesn’t work on TV

proceeds to name 3 distros that not only work but do gaming

My brother in Christ…

I had a double NAT setup like that. Run a firewall like OPNSense as a Proxmox VM, and give it a WAN interface on the ISP router’s IP range; then run everything else on a different subnet, using OPNSense as the gateway. On the ISP router, put OPNSense’s WAN IP in the DMZ. Then, do all your hardening using OPNSense’s firewall rules. Bonus points for setting up a VLAN on a physical switch to isolate the connection.

The ISP router will send everything to OPNSense’s WAN IP, and it will basically bypass the whole double NAT situation.

That is absolutely not the reason ANYONE recommends it, unless you are a complete noob and entirely unfamiliar with computer security at all, and are just pulling assumptions out of your ass. Don’t fucking do that, don’t post with confidence when you’re just making shit up because you think you know better. Because you don’t.

If there is a vulnerability in SSH (and it’s happened before), attackers could use that to get into root directly, quickly, and easily. It’s an instant own.

If root login is disabled, it’s way less likely that whatever bug it is ALSO allows them to bypass root login being disabled. Now they have to yeah, find a user account, compromise that, try to key log or session hijack or whatever they set up, be successful, and elevate to root. That’s WAY more work, way more time to detect, to install patches.

If the effort is higher, then this kind of attack isn’t going to be used to own small fry servers; it’s only be worth it for bigger targets, even if they’re more well protected.

If you leave root enabled, you’re already burnt. You’re already a bot in the DDoS network.

And why? You couldn’t be bothered to type one extra command in your terminal? One extra word at the start of each command?

Sorry bitch, eat your fucking vegetables

This is terrible advice.

“Just turn off your firewall bro, please bro, everyone just paranoid please bro enable remote root login bro 😢”

Then you can’t gain root privileges on your server. Are you really arguing for less security because it’s inconvenient?

This is end-user behavior and it’s honestly embarrassing. You should realize your security posture is much more important than “I left my phone on the other room”

The orange menace apparently just defunded it so we’ll see

Does Caddy use certbot to do the renewal? A long time ago DNS was a pain but now it seems like a lot of providers are supported.

If you are really looking for hassle-free this is it. LetsEncrypt root certificates are already trusted by most devices so when your friends come over and wanna control the media library or whatever you don’t need to install your locally hosted CA’s self-signed certificates on their phone.

Also certbot and a cron or systemd timer is all you need; people have rolled all these fancy solutions but I say keep it simple.

Can’t wait for the thing I bought and own to suddenly cost $5 a month

Yeah but if you remake a game and don’t include all the original characters then it’s not really a remake now is it?

Bam’s a shitty little attention whore but he’s not like, molesting kids, is he? I’m not sure there’s enough of a reason to exclude him from a remake of a game he was originally in.

Hehehehe yeah you put it on full blast in your buddy’s dorm when he’s down the hall in the bathroom

“Akshully, net neutrality is BAD because it lets the GOVERNMENT censor the internet!”

BitWarden now supports passkeys and has a free 2FA app.

No excuses not to be as secure as possible anymore.

The whole of the “www.pitchshifter.com” album is great. I honestly haven’t listened to much else of their stuff myself

If someone runs an auth server, and I use it to identify me, and then it goes away, then I’m out of luck, my account is gone. This is the same problem we have now (with logins being tied to instances), except that it introduces a new place for a failure to occur. Rather than just relying on a lemmy instance, I also need to rely on an auth server to be maintained, safe, and secure.

If I went to another auth server, then it’d give me a different identity and that would not make much sense.