on windows it would be to scan your stuff,make sure its the real site etc

It’s the same on Linux (*), with two big differences:

1. you’ll install most (all?) of your software from the repos of your distro of choice, so most of the times you don’t have to worry
2. linux is inherently more secure than Windows (and AFAIK there are less viruses targeting it, either because they are harder to write or because it’s a smaller target), so you are not as likely to catch viruses.

If you install niche software from app stores (even reputable ones), you’ll have to make sure to check it’s the real deal (I think both the snap store and flathub had fake cryptowallets?), but if you stick to relatively mainstream software you’ll be fine (I mean, it’s not like you’ll find fake versions of steam or blender on flathub).

That said, the risk is there just as with Windows (or your phone, or anything else): a good operative system helps, but ultimately you are the real line of defense.

(*) well, IDK about scanning… generally speaking, if you feel like you have to scan something before opening it, just don’t open it :) (yeah I know it’s not possible if - eg - you receive files from customers)

i use an hp printer,and need to be able to use it on linux.

Then research if your specific model has compatibility issues (AFAIK HP stuff generally works well, but… it’s up to you to check before buying)

i expect to be able to use the laptop and not think about the os too much

That will happen, if you are lucky or if you buy hardware that specifically supports linux.

Would you expect macos to run on a dell computer? would you expect windows to run on a mac? linux has much broad compatibility but is no different: if it doesn’t work on your PC it’s not linux’s fault.

my goal of using linux is being far from malware

Just follow basic hygiene and you’ll be fine. Most importantly, don’t install malware yourself (chrome is available on linux too and, sadly, it’s also widely used).

I’ve not looked into it much yet, but https://radicle.xyz/ seems interesting.

It’s kinda a bittorrent-powerd codeberg and it looks like it’s worth playing around with (even though it might not get you rid of much bandwidth… IDK how popular it is, but source usually doesn’t weigh that much).

I just meant that anything can happen eventually - debian wasn’t the happiest example

could Red Hat eventually take control of the project?

Yes, and they could eventually take control of debian too.

Why bother mitigating such far-fetched risks though?

The mitigation cost is similar to the remediation one (ie. you’ll just have to switch distro either way), and it’s also likely to go down as the risk increases (ie. people will fork off fedora far sooner than the risk of it actually doing whatever bad things you fear Red Hat is gonna do to it becomes a practical concern).

BTW: are you aware the Linux Foundation is an US entity and funded by (among others) most US IT megacorps? (interestingly, amazon/aws is only a silver member - Bezos must really be a cheapskate)

…or we could just stop paying attention to him (which we will do when it’s no longrr funny). He can do as he wants :)

…and to think I used to actually be excited about bcachefs (back in the day)

┐(´-｀)┌

I actually like Debian’s slow update cycle, as I don’t want to be bothered often with setting up my system again.

I’ve been there too!

Updating to a new version is such a chore: you have to follow the news, then wonder how long to wait before updating, then you have to set aside at least a few hours for the actual update (well, for fixing what may go wrong - not that stuff actually goes wrong, but you still set aside some time just in case).

The solution to this is in the exact opposite direction you’d imagine.

For a few years (since last time I got a new PC), I’ve been running a rolling distro (tumbleweed *) and… it’s been great: no big updates, just incremental ones.

If anything breaks (and it never happened to me: there has been times where errors prevented the system to update, but never has it broken on me), you just boot the snapshot before the last update and try again in a few hours/days.

I want something as close as “set it and forget it” as possible.

That’s nixos :) It takes a long time to “set” (and you never really finish doing it) but you can switch to a new PC at any time and have your exact system on it (bar what the few things you have to change to account for the different hardware, of course).

* I hear that with arch&co you actually have to follow the release notes as sometimes there are manual tasks to do - it’s not so in tumbleweed (at least, as much as i know and as far as me experience goes) - IDK about other rolling distros (or debian testing/sid)

Getting the router to actually assign an IP address to the server

You would typically want to use static ip addresses for servers (because if you use DHCP the IP is gonna change sooner or later, and it’s gonna be a pain in the butt).

IIRC dnsmasq is configured to assign IPs from .100 upwards (unless you changed that), so you can use any of the IPs up to .99 without issue (you can also assign a DNS name to the IP, of course).

all requests’ IP addresses are set to the router’s IP address (192.168.3.1), so I am unable to use proper rate limiting and especially fail2ban.

Sounds like you are using masquerade and need DNAT instead. No idea how to configure that in openwrt - sorry.

A NAS is just a computer and TrueNAS is just Linux (ok, TrueNAS CORE is Bsd).

You can run zfs on any machine: they recommend loads of RAM for optimal performance, which you don’t need at home (or at work, unless your job is running a data center).

You can choose from a number of FOSS NAS-specific operating systems, plus all linux distros (since you post here, I’d assume you either can or aim to administer a home sever?)… why would you go with a proprietary OS?

There are several FOSS operating systems for network equipment too (keyword “NOS”), but as far as I’m aware none that work on small soho/edge switches. OpenWrt runs both my router (mikrotik) and WAPs (tplink), but the two 8-port switches I have at home (also tplink) run their proprietary firmware.

I really don’t get your reasoning, but I recommend helix (because I recommend it to everybody).

It’s a pleasure to use, and it’s… also not widespread or old enough to have any reported CVE ;)

Oh, it’s written rust IIRC, so it probably doesn’t suckless.

Don’t tear down your server just to have fun - setup a vm (or get one of those minipcs), call i “playground” and have fun there.

Redo your server after you’ve tried different things, and only if you feel like you found something that is worth it.

Experimenting with different distros can teach you a lot (especially if you try very different ones - mint and debian aren’t that much different) and I do recommend you do it, just don’t do it in production :)

I’d say it’s because:

1. the people who ask for recommendations won’t like (or understand) debian? (it’s just “old packages this” and “outdated that” for most people)
2. the people who do use and appreciate debian don’t read “I hate windows pls recommend me a distro” posts (or at least don’t reply as often as the <insert popular distro> fanboys)

And, no, I don’t use debian myself.

but when I finally switched over to Debian, everything just worked!

That’s most probably because you learned how to use your system without breaking it in the meantime :)

Is MacOs “absolutely no cli”? It wasn’t when I was using it (admittedly, some 10yrs ago), except maybe for the basic things which any mainstream linux distro also provides.

What about Windows? Back in the day I would have paid to have a semi-decent CLI instead of being forced to use regedit (I hear regedit is still going strong, but I’ve not touched windows for an even longer period than MacOs)

Honestly, do we need a legal definition of what “self hosting” is and what isn’t?

I didn’t see your post and in the modlog I can only see it’s title: “Apparently I’m into Web3, says Netcup” [ed: Netcup is a hosting company].

If your post was discussing stuff specific to your hosting provider, then the mods did well in removing it - if you were talking about things that would have interested this community, then they have probably been too rash in removing the post.

IDK how much I’d trust them with tech stuff (not much, definitely). However I don’t see how encrypted storage may become an attack vector?

I mean, they could clog up the HDDs with crap, but they can already do that via non-encrypted network storage (and in several other ways).

(I missed the first part so I’m not sure I follow)

How are the the subdomains resolved? If you registered them on a public DNS that might be what leaks them. Otherwise… maybe your browser?

IDK where I’ve read that… should have double checked before posting, my bad.

Quick fact checking:

US police kills some 1,281 people last year (wikipedia).

1,281/340,110,988*100,000 gives around 0.38 police killings/100,000 people, which is below homicide rate in EU.

I couldn’t (be bothered to) find out what the overall European homicide rate actually is (it also depends on what you count as “Europe”), but Germany is at around 0.8, France at 1.8, Italy at 0.57, Spain at 0.9 and Poland at 0.8 (these are the five most populous countries). So… let’s guesstimate it at around 1? (numbers are from this random source).

We can conclude that US policemen are roughly 38% as deadly as European criminals (if it wasn’t clear, this last statement is a joke)

TLDR: Protesting or resisting privately inside your house does not lead to social change and is not the most rational way of protecting yourself if you feel threatened by your government.

Self-hosting is not “resistance”: at most, it’s prepping for nerds, with computers instead of guns.

Self-hosting is not even a rational/efficient way of making a statement. If that’s what you want, it’s far more efficient to follow the established tradition of declaring you are moving to Canada and not following up with actual actions.

Don’t get me wrong: I can relate to the nerdy way of coping with the ugliness around us (I say “us”, but thankfully I don’t live in the US), but - the way I see it - it’s that your society that needs change, and self hosting won’t help with that.

Frankly, the shit you US people are putting up with is unreal.

It has always been (US police forces kill far more people than the overall homicide rate in Europe - read that again and pause a second to think about it this isn’t true - see comments below), and it’s just getting worse.

If you feel threatened you can essentially respond by fighting, fleeing, or cowering.

If you wanna FIGHT (this is what “resistance” is about), try to use whatever power you have and apply your energies to bring actual change. If you don’t feel comfortable acting outdoors, this could include lending your nerd skills to protesters or (nonviolent) resistance groups. Heck, even being a keyboard warrior is more useful to changing society than being a hobbyist sysadmin.

If you wanna FLEE, just leave the country. Honestly, there are better places to live than the US, and (if you have or plan to have any) better places to raise your children.

If you wanna COWER, then be a prepper or a self-hoster or whatever, but be aware that, while misrepresenting your reaction as “resistance” may make you feel more heroic than you are, spreading the misrepresentation can also lead others to cower instead of fighting. Is that what you want?

By that reasoning, backup isn’t redundancy because you’ll lose your data if the backup gets corrupted while restoring.

That said, there’s nothing wrong in redefining “redundant” to mean “having two or more duplicates”… you should however tell people if you do, to avoid misleading people that assume the dictionary definition.