I was also with a provider that didn’t offer API access for the longest time. When they then increased prices, I switched, now paying a third of their asking price per year at a very good provider.
I guess migrating is difficult if the provider doesn’t offer a mechanism to either dump the DNS to a file or perform a zone transfer (the later being part of the standard).
Can only recommend INWX for domains, though my personal requirements aren’t the highest.
A lot of paid cert providers were not so great before LE put the spotlight on the issue; it was more of a scheme to extract money from operators who couldn’t afford to not offer TLS / SSL. https://bugzilla.mozilla.org/show_bug.cgi?id=647959 was a famous post that made fun of / criticized the system before LE. This hurt security, and if not free, LE wouldn’t have worked.
Also wildcard certificates are more difficult to do automated with let’s encrypt.
They are trivial with a non-garbage domain provider.
If you want EV certificates (where the cert company actually calls you up and verifies you’re the company you claim to be) you also need to go the paid route
The process however isn’t as secure as one might think: https://cyberscoop.com/easy-fake-extended-validation-certificates-research-shows/
In my experience trustworthyness of certs is not an issue with LE. I sometimes check websites certs and of I see they’re LE I’m more like “Good for them”
Basically, am LE cert says “we were able to verify that the operator of this service you’re attempting to use controls (parts of) the domain it claims to be part of”. Nothing more or less. Which in most cases is enough so that you can secure the connection. It’s possibly even a stronger guarantee than some sketchy cert providers provided in the past which was like “we were able to verify that someone sent us money”.
Open source firmware doesn’t mean anything as long as tivoization is happening.
Which I don’t know whether it’s the case, but legislature might make this a requirement.
The R in LLM stand for Return on Investment
Which means you can sell support in addition to the service itself. Mission accomplished!
I actually have an account on there with almost nothing, just my nix configuration, plus a repo I cloned to commit a bug fix on software I used. But it seemed like the most responsible solution as in the price is reasonable, plus I actually like the interface. Codeberg also looks good and claims to be better in some regards, but these are the only choices nowadays.
Anyhow, I’m still waiting for Pijul to have a final 1.0 release and independent hosting solutions to appear.
Not exactly a stealthy name
Nice until you’re at a hotspot that blocks most ports but the most common ones.
I use HTTPS for all stuff, that has given me the best results overall. But of course, you can offer multiple options simultaneously
Also game servers because they’re generally very easy to host at home, and due to generally high RAM and storage needs paying for hosting can be quite pricey.
Really?
I thought this was more the case with flexible providers like DigitalOcean. My current provider charges 5,36€ per month for 4 cores (though I assume this corresponds rather to 2 SMT-enabled cores), 6 GB of RAM and a 400 GB SSD. It offers better latency for most players (obviously not for myself) and in most cases has been sufficient regarding performance.
Ah, ACLs, had the pleasure of working with these again last weeks.
It gets really curious when even the Arch wiki doesn’t really know what’s going on (talking about mask and effective permissions):
The factual accuracy of this article or section is disputed.
Reason: The original note about the --mask option (which was taken from setfacl(1)) was determined as inaccurate, but the new note does not seem correct either. See the talk page for details.
From trying, I can confirm that the info presented further down is wrong.
Once you read what it actually does and why it’s the way it is, it makes more sense - not that I remember it now - but at least there was a coherent design decision behind it
You’re not supposed to “sudo everything” though. It’s mostly for changing the system configuration (editing config files in /etc/, running your system package manager etc.). It shouldn’t be a “oh, I got a permission error, better sudo the same command again olol”
Maybe not the best acronym, with Node Package Manager around
I worked in software certification under Common Criteria, and while I do know that it creates a lot of work, there were cases where security has been improved measurably - in the hardware department, it even happened that a developer / manufacturer had a breach that affected almost the whole company really badly (design files etc stolen by a probably state sponsored attacker), but not the CC certified part because the attackers used a vector of attack that was caught there and rectified.
It seemingly was not fixed everywhere for whatever reason… but it’s not that CC certification is just some academic exercise that gives you nothing but a lot of work.
Is it the right approach for every product? Probably not because of the huge overhead power certified version. But for important pillars of a security model, it makes sense in my opinion.
Though it needs to be said that the scheme under which I certified is very thorough and strict, so YMMV.