This is about unprivileged users - privileged ones can see everything. The idea is to make figuring out what's the surface of the attack harder (for those attackers who are less than skilled) by making it less obvious that 10 years old game server process is running on this OS.
The sysctls affect all non-root users. If you have them set, you have to do all the admin work as root.
If you have them unset, you can login to the server as you, see what your service user is up to, and only have to do interventions as the service user or root depending.
If you don't want your service to see what else is going on on the server, you can put it in a jail and not allow jailed processes to see out; not a bad idea to do that anyway, although it does mean starting the service needs root when it likely wouldn't otherwise (you can drop the high priviledged port to 79 and then your service can listen on port 80 without root)
Yeah talk about reinventing the wheel so Linux people don’t have to learn a slightly different system (one that is ironically easier to use and better organized than Oci containers).
I think the point here is that free beats easy peasy, especially when learning a new skill, where your easy peasy isn't their easy peasy. And getting something up and running on Oracle Cloud with Terraform is nowhere near easy peasy for someone who never did anything with Terraform ;)
You can submerge recent iPhones completely in water for few years now. Every year I make some quite fun and surprisingly looking underwater pictures with mine, that's just fine afterwards given I'm still able to write this comment on it.
So you haven't purchased it from Apple but instead you've purchased it from Amazon. This may change things. In Europe you have two ways of dealing with it, either by manufacturer warranty (completely good will and on terms set by the manufacturer) or by consumer rights (warranted you by law, overruling any warranty restrictions).
Sellers often will try to steer you to use warranty as it removes their responsibility, Amazon is certainly shady here. Apple will often straight on give you a full refund or a new device (often newer model), that happened to me with quite few iPhones and MacBooks.
Amazon helped instantly however my mistake was talking to Apple. They didn't even ask if I'd spoken to the retailer. I was, at the time, focused on just getting it fixed as I needed to get the data off of it (the entire Apple + external monitors thing is also a shit-show, terrible UX, terrible design and terrible documentation).
I'll keep buying from Amazon as their support is great and prices competitive. I don't trust Apple buying from them directly.
I don’t think it’s the case even on a paid tier, if it is I can’t find any reference to it. There are a lot of posts on their community support form where the recommendation is to use another registrar. https://community.cloudflare.com/t/use-cloudflare-registrar-...
That option means "your nameservers are now ns1/ns2 on your domain but they still map to Cloudflare", not "you get to pick your own third-party nameservers".
what do you if you get mugged and you laptop and phone and keys are taken or stolen from you? or lost?
After this party, this guy needed help, he lost his wallet and his phone, his sister also went to the party and gave him a ride there but had left. he didn't know her number to call her, and she'd locked down her socials so we couldn't use my phone to contact her. we were lucky that his socials weren't super locked down and managed to find someone that way, but priv keys are only good so long as you have them.
You can and you should back up your keys. There isn't a 100% safe, secure and easy method that shields you from everything that can possibly happen, but there are enough safe, secure and easy ones to cover vast majority of cases other than a sheer catastrophe, which is good enough not to use outdated and security prone mechanisms like passwords on network exposed service.
I use a yubikey. You need a password to use the key. It has it's own brute force management that is far less punishing than a remote SSH server deciding to not talk to me anymore.
My keyboard has a built in USB hub and ports. They key lives there. They keyboard travels with me. It's hard to lose.
I have a backup key in storage. I have escrow mechanisms. These would be inconvenient, but, it's been 40 years since I've lost any keys or my wallet, so I feel pretty good about my odds.
Which is what the game here is. The odds. Famously humans do poorly when it comes to this.
If I present the incorrect key fail2ban locks me out as well. Two incorrect auth attempts locks out a device for 72 hours. The idea is for regular services which depend on ssh (on port 22) to work regularly (because of key auth) but to block anyone attempting to brute force or otherwise maliciously scan the system.
Doesn’t change the advice, if this is your only management interface, don’t enable it :)
Also you know you can have MFA even with pw authentication right? :)
I guess with the dell xps 13 having tandem oled now, this might arrive eventually. However, right now the screens are big differentiators between the ipad pro and macbook air.
