DDoSing cost the attacker some time and resources so there has to something in it for them.

Random servers on the internet are subject to lots of drive-by vuln scans and brute force login attempts, but not DDoS, which are most costly to execute.

Other efficiency benchmarks place Apple Silicon and AMD chips ahead of Intel chips:

https://www.cpu-monkey.com/en/cpu_benchmark-cpu_performance_per_watt

I’ve donated to marcan to work on Asahi Linux, which gets upstreamed. That’s direct.

What has better performance per watt than M1 at a better price?

I didn’t pay a premium, I got a great deal.

The reverse engineering work was already complete, and all the containers I needed for ARM were available.

These have great performance per watt.

I host using an M1 Mac Mini using Fedora Asahi Linux. Installed easily, no problems. Fast and quiet!

I ran a Minecraft server for a while. Worked fine.

There are plenty of Linux containers available for ARM in part because a lot of developers want to run Linux containers within macOS on Apple Silicon.

That has had the effect improving the experience of running Linux directly on ARM servers.

All the hardware support for the Mac Mini is complete and working.

I’ve had no problems running Asahi Linux on an M1 Mac Mini.

Considering the database itself is relatively small, PostgreSQL could end up largely caching it in memory, so even hosting the DB on an HDD might not feel much slower.

As someone who has done e-commerce development and supports FLOSS and self-hosting, this is something I would outsource.

It’s complex, and you can’t really handle payments yourself anyway. That requires certification.

And people really don’t like it when their e-commerce is down and may able to quantify lost business due to an outage or bug in dollars or sense. It doesn’t feel great to realize something on your end resulted in hundreds of dollars of lost business.

If the business is very small, places like Shopify have cheap starter tiers.

Are you installing this for someone else?

Exactly what is the auto prompt you see?

It’s the age-old choice between old and stable vs new and shiny.

The meme’s opinion is that old stable is the better choice, although that’s not always true.

Former professional email host here. Email is like 90% spam.

If want to spend your free time battling the ever evolving landscape of spam, enjoy.

Otherwise, work with a pro mail provider you trust.

As someone who has had a career in hosting: good luck.

Don’t forget backups, logging, monitoring, alerting on top of security updates, hardware failure, power outages, OS updates, app updates, and tech being deprecated and obsolete at a rapid pace.

I’m in favor of a decentralized net with more self-hosting, but that requires more education and skill. You can’t automate away all the unpleasant and technical bits.

Ghost is working on adding ActivityPub to their self-hostable blog software now.

I’ve generated HTML before and then used an HTML to PDF converter as a second step. If you were already familiar with building building webpages, this might be a good option.

In both cases of rootless and rootful-with-non-root process your process is running as a non-root user with respect to the host.

To break out the container will require two steps. First, adguard itself must be exploited. A second exploit is then required elevate privileges from the adguard user to root.

If your attacker successfully gets that far, then having a rootless container would matter, because in a rootful container, root in the container equals root on the host. In a rootless container, “root” only gives you the abilities of the user running the rootless container.

But as you’ve found, rootless containers can be a pain.

Making sure your container is running as non-root user in a rootful container is better than giving up.

You can get similar security in rootful mode, by making sure within the container the adguard binary is not running as root.

My dog authenticates access to back yard with a Yubark Key that works over the wireless audio network.

I mean, had it been rewritten in Rust yet?