Kind of - a personal website that I post articles on for various things. I like to share what I've learned, but it never gets much interest and less now. It's something I've been doing in various forms for over two decades.
"Good" or "trust my life with"? The two can be mutually exclusive. If I was in the wrong, would a good person defend me?
I've met a few people with genuinely good morals in my life. They do exist and are almost incorruptible. Most people are flexible in that we can make justifications for almost anything.
It sounds like your issue is more with having to migrate to a new laptop. Firstly - buy laptops that are more linux compatible and you'll have fewer niggles like with sound, suspend and drivers.
Secondly - use "dpkg --get-selections" and "--set-selections" to transfer your list of installed software across to your new laptop. Combined with transferring your /home directory, user migration can be speeded up.
Kids confused it with good because it was the equivalent of running around an abandoned building throwing dog shit and broken glass at each other while spraying paint on the walls, because no adults told them not to. But when you tire of that, it's just an empty husk full of dog shit and glass.
For me, the Royal Enfield motorbike forums are exceptionally good, and that's largely down to the admin. There's also a Series 2 Land Rover forum that has a unique collection of people with a phenomenal combined knowledge about that car.
I've hosted a few in my time - since the early 90s and Fidonet when BBSs were the thing. But things change. Facebook killed of a whole bunch way before Reddit and Lemmy just because that's where people were already, and it was easier for them to feel involved. Facebook is impossible to search, though, so the post history of a forum that was so useful has gone entirely.
It's sad, but things change. What's constant is people's desire to socialise and discuss topics they are interested in. I'm kind of curious what that will be next.
I think you make a good point, but it's one that affects any anti-malicious protection. How do you know that the anti-virus warning you get on Windows is legitimate and not a false alert? Or that the Apparmor block wasn't a misfire? Selinux is no better nor worse in principle than those.
In all cases, you need to stop and figure out what's actually going on. That's one benefit of all these things - they make you pause and, hopefully, think, when something is outside the norm.
And yep, they can be bypassed and they need to be able to be bypassed. If someone is lazy or not knowledgeable enough to make the right decision, or even just in a hurry, then they are at risk. No automated system can protect entirely against that.
Permissive mode, and yes, you absolutely can. That shows warnings but doesn't actively block. But you still benefit from running setroubleshoot to actually figure out what and why it's blocked something, and how to mitigate that.
Permissive is also good in that you can get a bunch of blocks reported at once, instead of having to step through one at a time, which can be useful.
I have a saying, "If it's not DNS, then it's Selinux". It blocks stuff so frequently it's a major time sink for us.
It is overly complex and difficult to understand, especially if you're developing and deploying software that does not have correct pre-rolled policies. A regular job for me is to help developers solve this - which generally means running their service, seeing what Selinux blocks on, and then applying a fix. Repeat 2-8 times until every way Selinux is trying to access a file is explicitly allowed. And sometimes, even software that comes via official repos has buggy selinux policies that break things.
Fortunately, there are tools to help you. Install setroubleshooter amd when something doesn't work, "grep seal /var/log/messages" and if it's selinux causing the problem, you'll find instructions showing you what went wrong and how to create an exception. I absolutely consider this tool essential when using any system with selinux enabled.
Already done, along with a bunch of other stuff including cloudflare WAF and rate limiting rules.
I am still annoyed that it took me over a day' of my life to finally (so far) restrict these things. And several other days to offload the problem to Cloudflare pages for sites that I previous self hosted but my rural link couldn't support.
this advice is just for “unintentional” DDoS attacks, not intentionally malicious ones.
And I don't think these high volume AI scrapes are unintentional DDOS attacks. I consider them entirely intentional. Not deliberrately malicious, but negligent to the point of criminality. (Especially in requesting the same pages again so frequently, and all of them ignoring robots.txt)
TLDR; you can't. At least not if you're running any kind of business.
I did a quick audit at work a few weeks ago. Over 90% of our stack is US based. Windows, office, 365, vmware, even our linux distros. And that's without even thinking about supply chain. And most of the the hardware we use and has support licences.
Surprised at the level of negativity here. Having had my sites repeatedly DDOSed offline by Claudebot and others scraping the same damned thing over and over again, thousands of times a second, I welcome any measures to help.
Fuck this project, but… their source code can be free and open source even if they distribute binaries which aren’t.
An example of how this didn't work for one project. (From memory, and it was a long time ago - 2005/2008 ish)
Xchat was once the best IRC client for Windows (after Mirc). It was free software, but the developer started charging for the Windows builds of it. Linux binaries were still free, but he claimed that it was time consuming to build on Windows and etc etc (A bit rich considering it was mostly his code - and there were suspicions he made it deliberately so)
Some people were pretty pissed off about this, especially as it used some other code that was foss and it was felt against the spirit.
Anyway, it was cloned into Hexchat which is fully free on all platforms and apparently not so difficult to build binaries after all.
15 years later to today, Hexchat is thriving and Xchat has been completely dead for 15 years.
Fair point about systemd, or any of the other core components - I don't know.
But I don't think we'd be fucked - we're ingenious and motivated and have a proven record of adapting and innovating to solve problems that stop us playing with our toys.
Kind of - a personal website that I post articles on for various things. I like to share what I've learned, but it never gets much interest and less now. It's something I've been doing in various forms for over two decades.