The cli.
I have used management interfaces like coxkpit in the last but i do not really like it that much. I have E-Mail Notifications setup for updates via aptitude and monitor using prometheus and grafana and get additional notifications via prometheus alarm manager.
For an easy to use docker interface i use dockge, since i found it in this use case to be faster with a good, working, independend Interface.
But for the Linux underneath, for all 10-20 servers i managae, CLI.
Looking at the research they are doing and actually looking critical and scientific on their own product, it is actually believable.
I am actually more worried about the USA honoring any contract or licensing agreementa on their end.
That should be part of the backup configuration. You select in the backup tool of choice what you backup. When you poose your array then you download that stuff again?
Yes, the secrets to submit to the distribution system got compromised and therefore the system got compromised.
To achieve a compromised update you either need to compromise the update infrastructure AND the key or the infratstructure AND exploit the local updater to accept the invalid or forged signature.
As i said, to compromise a signature checked update over the internet you need to compromise both, the distributing infrastructure AND the key. With just either one its not possible. (Ignoring flaws in the code ofc)
After gaining initial access, the malicious cyber actor deployed malware that scanned the environment for sensitive credentials.
So as I said, the keys got compromised. Thats what i said in the second post.
No you cannot, the pub key either needs to be present on the updater or uses infrastructure that is not owned by you. Usually how most software suppliers are doing it the public key is supplied within the updater.
This is incorrect. If the update you download is compromised then the signature is invalid and the update fails.
To achieve a compromised update you either need to compromise the update infrastructure AND the key or the infratstructure AND exploit the local updater to accept the invalid or forged signature.
Not completely correct. A lot of updaters work with signatures to verify that what was downloaded is signed by the correct key.
With bash curl there is no such check in place.
So strictly speeking it is not the same.
Simple put, no. In order to be save with a LLM that can execute stuff on its own it needs to be completely sandboxed.
A very nice talk about flaws in agentic AI can be found here: https://media.ccc.de/v/39c3-agentic-probllms-exploiting-ai-computer-use-and-coding-agents
I can also recommend the object storage from hetzner for backups. Quite price competitive.
It actually does both. Not really tested the multimonitor features but its there and it works, not sure if to the same degree as in rdp.
The ‘immediate attacks’ ppl mention is just static background noise. Server / scripts that run trying to find misconfigured, highly out to date or exploitable endpoints/servers/software.
Once you update your software, set up basic brute force protection and maybe regional blocking, you do not have to worry about this kind of attack.
Much more scary are so called 0-Day attacks.
As i already said, no one will waste time on you, there are so much easier targets out there that do not follow those basic rules or actually valuable targets.
There is obviously more that you can do, like hiding everything behind a VPN or advanced thread detections. Also choosing the kind of software you want to run is relevant.
The discussion is about low effort Link only Video and or others Posts. If you are not reffering to them then you missed the point.
It seems, the majority does not want it.
If ppl do not like it they can use another selfhosted from another instance. Thats what lemmy or the fediverse is build for.
Most ppl seem to agree with me.
But how would you know before watching?
“Based on the upvotes and comments” Oh then others doing the work to watch it and rate it on lemmy for you.
Imo, when a link to a video or forum or whatever is posted, then at least a summery or a discussion should be included.
Brother we have the opposite problem. You are not putting yourself in my shoes, or other people like me.
Bold claim. But no i am putting myself in your shoes and yes there was also a time were i tried to work around to host mail myself. But its easy and no headache to set up.
None of those things are necessary. Like I don’t even have email configured on my server because I don’t need it at all except when the developer unnecessarily integrates it to the extent that it breaks it.
Depending on the view, a functioning service something like password reset is necessary. To design the software that it can ship without functioning password can or cannot make sense, depening on the design choices. Depending on what else got send via e-mail designing the software around that can be challenging and burdening for the future of developing.
If the setup required you to setup e-mail, the software and then also the developer can always assume there is a communication path to the individual user.
As i said, it can and cannot make sense, but saying
That makes no sense.
and not even trying to put yourself into other shoes just does not make sense.
Yes.
And then the maintainers of the package on the package repository you use will release the patch there. Completely standard operation.
I recommend younto read up on package repositories on Linux and package maintainers etc.