Have you ever tried Linux on photosynthesis?

Bold of you to assume they read the book.

I use Debian for any of my servers. Its stability is unparalleled.

My personal computers are a playground though.

deleted by creator

You’re right, my bad.

OP’s security concern is valid. Different CAs may differ in the challenges used to verify you to be the domain owner. Using something that you could crack may lead to an attacker’s public key being certified instead.

This could for example be the case with HTTPS verification (place a file with a specific content accessible through your URL) if the website has lacking input sanitization and/or creates files with the user’s input at an unfortunate location that collides with the challenge.

This attack vector might be far-fetched, but there can certainly be differences between different signing authorities.

Do you still need help with docker?

How close to vim’s functionality is evil mode? I’ve been toying with the idea of learning Emacs but I rely on Vim’s langmap and that is rarely implemented in Vim emulations / bindings.

You can learn Emacs in one day. Every day.

Even if you use arrows, you still have to reposition your hand.

Which of us didn’t crack the school firewall multiple times as they made in more and more annoying each time!

You can actually (for now) just replace gitea with forgejo while keeping all the files in place and it just works. Really easy then using docker, cause all it takes is changing the container image.

It’s always the DNS!

Setting up synapse is particularly painful.

For a server for hosting services like in this meme? I always go Debian. Incredibly stable.

But but but virtual DOM /s

I was a huge C++ fan back when I was doing a bunch of competitive programming. If I need a performant project nowadays, I look to golang first. It gives me the speed of a compiled language with the usability of high-level language. I still solve the occasional Advent of Code in C++, though :)

There are free services that let you send and receive on your own domain. I use zoho. I can send emails with SMTP, but unfortunately, you cannot read them other than by using their web interface in the free tier.

You don’t need to click anything suspicious. Remote code execution has in the past been done through images, PDFs, comments on some webpage, or supposedly trustworthy games. Just recently, Minecraft would let an attacker run anything on the victim’s computer due to a vulnerability in Log4j.

If your computer is not directly exposed to the internet, you might get away with some security updates that for example fix vulnerabilities that target the system firewall. But the point is, you’re constantly exposing yourself to attackers without knowing so.

A few example vectors:

• Cross-Site Scripting (XSS) allows an attacker to run arbitrary code on the victim’s browser. All that’s required is a website that doesn’t validate its input properly. That is, an attacker can write executable code into a YouTube comment and when you view that comment, your computer will execute that code. Obviously YouTube is secured against that, but there are plenty of websites where this attack can be done. Therefore, modern browsers isolate the code execution to only that “browser tab”, so the attacker can’t access some sensitive data (unless the browser has some undiscovered vulnerability or for example the page itself contains sensitive information, say your bank account details). While modern browsers should provide sufficient protection against such attacks, the take-away point is that you don’t necessarily need to click any “suspicious links”. A vulnerability in a well-known website you frequent could be discovered any day.

• An attacker can easily make your PC go to their website when typing google.com. DNS (how your computer is able to tell which web address is which computer) is not encrypted. It is incredibly easy tamper with. Why you don’t get scammed everyday is because of TLS encryption. Your computer is able to tell that the website is not Google, because it doesn’t have Google’s cryptographic “keys”. Assume that we discover a vulnerability in TLS (encryption of webpages) tomorrow and you refuse to update your operating system. Suddenly, an attacker can route any traffic they’d like back to them and you would be none the wiser. Same thing would happen if some vulnerability is discovered in X509 certificates, if ICANN’s private keys are leaked, and so on.

There are a lot of things that could go wrong. And they go wrong daily. Security updates fix vulnerabilities that we constantly find. They may be updates for your browser, your games, or indeed your operating system, depending on where that vulnerability is. The examples I gave are exaggerated, because they’re meant to be simple to understand. We do not find vulnerabilities in TLS every single day. Still, weak points are being discovered and fixed constantly. One of the bigger exploits were Spectre/Meltdown (attacks on the CPU) that let an attacker read any data they want, provided they can simply run some code on your computer in some way.

Also, obviously, if you expose yourself to the internet directly (e.g. port forwarding) or connect to an unsecure WiFi network, you’ll be bombarded with automated attacks that exploit holes found in firewall and the likes. If you open a port on your computer right now, you’ll get around a few hundred such knocks per day.

There are plenty of videos online that display what happens if you for example use a Windows 95 computer, either directly exposed to the internet or not. Might be worth watching to see just how easy it is for attackers to take over in the case of such an ancient system. Same principles apply to newer systems as well, the attacks are just more complex.

That computer better be air gapped. Security updates are essential.