Arch: I need reproducible setups. Also bleeding edge is not for me.
I have to give credit to their documentation though!
Arch: I need reproducible setups. Also bleeding edge is not for me.
I have to give credit to their documentation though!
What put me off selinux is that the officially documented way of generating a new policy is to run a service unconfined, and then generating the policy from its behaviour. This is backwards on so many levels… In contrast policy-based admission control in kubernetes is a delight to use, and creating new policies is actually doable outside of a lab.
Dual CPU lets you have more cores of a particular family of processors. If you run a large amount of busy VMs concurrently then it might be handy.
However, this does not come for free. Compared to a single CPU with an equivalent number of threads, dual CPU has more complex memory access, and you don’t want VMs and their memory to bounce between CPUs.
If you need it you’ll know it. If you don’t know if you need it then I would not recommend it.
Unless you run samba on them you won’t see the Linux machines on Windows as a network computer.
That thing is going to be chugging power. Also note that it uses SAS drives, so you can’t just use consumer SATA drives in it. ALSO 410s are from the 2009-2011 era. Do you really want to depend on a 10+ year old PSU? What’s the cost going to be for you to find replacement parts?
Legally it is quite clear. Taking a description of a closed source program and writing a new one is ok in most cases (unless that description is API docs - see Cisco vs Arista). Taking a look at closed source software and then implementing your own version is poison as far as OSS goes. OP implemented the first version, so that’s already a problem. They may get away is they describe what the program does to someone else and let them implement it, but OP would not be able to touch the source code
Depending on the capabilities of your network you should be able to set up QoS classes to prioritize certain traffic. Many off the shelf systems have out of the box rules for streaming content.
Depends on the ratio. Producing and shipping new hardware has its cost too.
So… Seven Samurai in space?
An open port is like a door on a building. It allows people from outside (the Internet) to go to the attached room on the inside (the service you’re exposing).
Now is that’s the only room in the building (the computer is not used for anything else), and the building is alone in the middle of an island with no land access (the computer is separated from the network, like in a DMZ) then the second worst thing an attacker can do is squat in in and rifle through your papers (the configuration files). The worst thing they can do however is start using your address and the utilities you paid for to start some unsavoury business (make it part of a botnet).
But if the server is not segregated from the rest of your network, they’ll start running into other rooms/buildings, getting their hands at anything they can. Your accounts, your identity, etc. You’ll be living in a really bad neighborhood, being shaken down for everything you have at every corner.
Now for the type of door you’re putting on a building: if you just port forward it’ll be like a screen door. It keeps the bugs out, but any person can open it with ease or crash through it, and they can see what’s inside by just standing in front of it (server fingerprinting). If the services you run have a vulnerability it will be exploited. If you don’t have a firewall or intrusion detection it’ll be like putting a combination lock on the door and never checking if someone is trying all the numbers. The attackers WILL just keep trying until they succeed, and they’re really fast at it.
So it’s not like you should never put a door on a building, but the door should be reasonably secure, with the appropriate strength, deadbolt, and depending on what you run a receptionist (reverse proxy) and security guard.
Looking at the 2023 Q2 BackBlaze report, it seems you should absolutely avoid 10TB drives.
Wasabi. Backups is literally their use case
Wasabi position themselves as a backup service. Their contract stipulates that downloads should not exceed uploads.
Can you have the cert be generated on a server and then sync it to your hardware with scripts or ansible?
Consistency with their previous default desktop environment, Unity.