White hat attackers do not take down infrastructure, that is by definition a black hat act. White hat attackers would merely discover exploits and report them to owners.
You don't need to necessarily centralize to defend against DDos or similar attacks. You can add things like Cloudflare for DDos mitigations, CDN and maybe something like Kubernetes for horizontal scaling of servers (spin up more servers to handle extended load) transparently behind the scenes. This can also get you the benefits of low geographical latency, so a load-balancer fetches you data from the closest replica of a database geographically, etc.
Of course, all this adds up in terms of cost, but I think this might be worth it for the largest instances. I suppose that can still be considered centralization.
If we wanted to encourage small many small instances instead, perhaps there could be a transparent load-balancer layer for the fediverse that instances could sign up for, that is managed by a devops group. Alternatively, lemmy could have built-in load-balancing, caching, etc. as part of its codebase that instance operators can set up with their own accounts at Cloudflare, etc.
Windows Defender is great, and MS has been adding really advanced protection including machine learning heuristics, etc. that make it really competitive. It is not 100% foolproof though, there's a lot of old and new viruses it will not detect.
Check out some of the virus gauntlets this channel runs Windows Defender (and other AVs) through: https://youtu.be/1DG3y3q8_9M. Even the latest Defender will often fail to detect a lot of threats. Of course, this channel is running known bad infected executables, and the best line of defense is just not to run executables from unknown sources. It's possible to just visit a malicious URL and get infected through JS though, so it gets a bit trickier.
I'm not familiar with the argument that antivirus software will increase your attack surface. That sounds interesting, do you have any links I could read up on?
BitDefender is actually really bad about giving you useful information to go off. Ideally it should tell you exactly what malicious action or malware it's detecting. If your AV does this, you can see if the particular type of detection makes sense.
For example, if it's an executable file with a clearly displayed malware name "Trojan.BadTimes.X" or something, that's really bad news. Same for URLs. However, sometimes AVs will flag "malicious behaviour", which gets trickier. They will often flag qBittorrent or other legit apps that are used to download pirated software, etc.
What you can do is to submit the file or URL that was flagged to VirusTotal. This shows you a comprehensive list of whether any other antivirus software is also marking the file/URL as infected.
Generally though, I'd play it safe. I'd get in touch with the page owner or google around to see if this is a known issue, and unless I can be completely sure it's actually safe, I wouldn't use it.
I hear what you're saying, but personally I feel like bot posts are worse than no posts. Every time I see a bot submission, it feels artificial. When I see a silly little post about somebody's cat, or their attempt at an original meme, it feels far more genuine.
Good point. Most containers I've used do seem to use Alpine as a base. Found this StackOverflow post that compared native vs container performance, and containers fair really well!
Makes sense! I have a bunch of services (plex, radarr, sonarr, gluetun, etc) on my media server on Armbian running as docker containers. The ease of management is just something else! My HC2 doesn't seem to break a sweat running about a dozen containers, so the overhead can't be too bad.
Out of curiosity, is there much overhead to using docker than installing via curl and bash? I'm guessing there's some redundant layers that docker uses?
White hat attackers do not take down infrastructure, that is by definition a black hat act. White hat attackers would merely discover exploits and report them to owners.