bumpusoot [any]

  • 0 Posts
  • 28 Comments
Joined 1 year ago
cake
Cake day: July 11th, 2023

help-circle
  • But… basically every email provider or hosting service is legally obliged to give the information they collect to the government. It’s not like this is exclusive to Proton in any way whatsoever. If anything, subpoenas are evidence Proton tell the truth and do at least stop themselves from having most of the important data so they can’t give it away.


  • If there’s a serious security bug, like Heartbleed, you should totally update and reboot the service. That is basically the only “must” for staying atop things. The rest is mostly personal preference.

    In my job I maintain publically exposed Linux servers, and many of them don’t get rebooted for years. I think our record is about five years.

    Yes, if you want your server to be theoretically the rootinest tootinest securest setup ever, you should update about every 6 hours, but even then you’re just more vulnerable to repo attacks (which have happened a few times lately). Apt upgrade every month or three is probably good practice to keep on top of bugs.

    So really, how frequently do you need to reboot? Eh. So long as it works, there are no critical kernel vulnerabilities, and updates are available, I really would argue you should never “have” to.

    Servers are horses for courses, if you’re being heavily targeted by hackers, obviously stay on top of updates, but if your server is pootling along without harassment and doesn’t contain life-altering stuff if it got leaked, then don’t worry too much. A standard, barely-changing, ‘stable’ build is usually a very secure one.




  • It’s interesting reading. Seems a lot of sole maintainers have been removed, so lots of important parts will start breaking. There’s also a lot of acknowledgement in the comments that chinese developers are an essential part of Linux development nowadays. And the US just gave China a very good reason to not collaborate on their projects, and there’ll be plenty rightly pissed off Russian developers who’ll be looking for something else to work on…

    Just as the US is losing economic dominance, I wonder if this is the beginning of similarly losing its dominance in software development.