Hacker News new | ask | show | jobs
by hopeless 3270 days ago
Congratulations! You've now secured your connection — now you have a server to secure.

Honestly, it frightens me how many people run their own servers without monitoring, security precautions, keep patches up to date, etc. And all the save a few $. Even if you can do it professionally, you probably shouldn't do it as a hobby. The idea of a transient / throwaway instance is more appealing but I still think most people will fire it up, leave it running, forget about, and not notice when it's been compromised.

But those botnets have got to live somewhere, I suppose
1 comments
dguido 3270 days ago
Hi! Author of Algo here. The beauty of Algo is that it takes care of all the server security for you, including deleting the keys used to access it if you want. There's nothing additional to secure after you install the server. Try it out! The server has no extra services, everything is AppArmor'd, and all unnecessary features are removed.
link
the_common_man 3270 days ago
Does algo auto update?
link
dguido 3270 days ago
Yes, we offer the option to turn those on during the install. It's one of only about 5 questions we ask.

In general, the configuration is so minimal, so hardened, and intended to be ephemeral that updates are rendered somewhat moot. For example, StrongSwan is highly modular and we only enable precisely the extensions needed for it to operate in the _single_ configuration we offer. That extremely limited functionality is then constrained by both custom cgroups and AppArmor policies. So, you might find an issue in StrongSwan, but it's unlikely to affect this configuration of it.

If you have any issues, our recommendation is typically to just rollover the server every once in a while and deploy a new one. Or just check that box during install for automated updates.

As for why it's not turned on for everyone: turning on automated updates will literally lock up certain VPS's if too many updates are sent down at once. We have observed this problem, repeatedly, on 512mb VPS's. Second, kind of remote, risk is backdoored patches. In many cases, I'd just rather deploy software on my server and lock it in stone at the point of its creation, especially if I know I'm going to trash it in 1 month anyway.

link