[dguido]

Hi! Author of Algo here. The beauty of Algo is that it takes care of all the server security for you, including deleting the keys used to access it if you want. There's nothing additional to secure after you install the server. Try it out! The server has no extra services, everything is AppArmor'd, and all unnecessary features are removed.

[the_common_man]

Does algo auto update?

[dguido]

Yes, we offer the option to turn those on during the install. It's one of only about 5 questions we ask.

In general, the configuration is so minimal, so hardened, and intended to be ephemeral that updates are rendered somewhat moot. For example, StrongSwan is highly modular and we only enable precisely the extensions needed for it to operate in the _single_ configuration we offer. That extremely limited functionality is then constrained by both custom cgroups and AppArmor policies. So, you might find an issue in StrongSwan, but it's unlikely to affect this configuration of it.

If you have any issues, our recommendation is typically to just rollover the server every once in a while and deploy a new one. Or just check that box during install for automated updates.

As for why it's not turned on for everyone: turning on automated updates will literally lock up certain VPS's if too many updates are sent down at once. We have observed this problem, repeatedly, on 512mb VPS's. Second, kind of remote, risk is backdoored patches. In many cases, I'd just rather deploy software on my server and lock it in stone at the point of its creation, especially if I know I'm going to trash it in 1 month anyway.