I'm surprised this strategy was approved for a public server
The goal was to avoid getting hacked on a server that could have many vulnerable services (there are more than 20 services on there). When I set this up I was basically freaked out by the fact I hadn't updated mastodon more than a week after the last critical vulnerability in it was found (arbitrary code execution on the server). The quantity of affected users, compared to the impact it would have if hacked, made me choose the option of auto-updates back then, even if I now agree it wasn't clever (and I ended up shooting myself I'm the foot). These days I just do updates semi-regularly and I am subscribed to mailing lists like oss-security to know there's a vulnerability as early as possible. Plus I am not the only person in charge anymore.
“Capitalism is the extraordinary belief that the nastiest of men for the nastiest of motives will somehow work together for the benefit of all.” - John Maynard Keynes
(You can also apply this one to proprietary software vs. Free software (don't say open source in my presence))
“The tyrants are only great because we are on our knees.” - Étienne de La Boétie
“Those who do not move, do not notice their chains.” - Rosa Luxemburg
If you don't mind around 4 hours of downtime per month (for now) I could host it for you at renn.es (contact info is there, just send us an email and we'll send you an invite to a matrix room or something). We basically have a great server with nothing on it, so having one more service running wouldn't really have any impact (we have 2-3 gigs of ram usage avg. out of 32).
EDIT: the server is in france with 6gbps down and 2 gigs up
I wasn't born back then, but it would have been the fact that search results weren't total crap like today: only reddit seems to offer decent results if you don't want sites like wikihow to come up... I wrote a more elaborate blogpost partly about it.
tarneo @ tarneo @lemmy.ml Posts 5Comments 31Joined 2 yr. ago
The goal was to avoid getting hacked on a server that could have many vulnerable services (there are more than 20 services on there). When I set this up I was basically freaked out by the fact I hadn't updated mastodon more than a week after the last critical vulnerability in it was found (arbitrary code execution on the server). The quantity of affected users, compared to the impact it would have if hacked, made me choose the option of auto-updates back then, even if I now agree it wasn't clever (and I ended up shooting myself I'm the foot). These days I just do updates semi-regularly and I am subscribed to mailing lists like oss-security to know there's a vulnerability as early as possible. Plus I am not the only person in charge anymore.