Some dingbat that occasionally builds neat stuff without breaking others. The person running this public-but-not-promoted instance because reasons.
Makes sense, I’m so accustomed to making virtual machines and such that it becomes just a thing but inevitably at some point admin access was required to create the hypervisor, the vnic, a virtual switch, etc. Without that restriction a piece of malware could readily exfiltrate data past a local protection by just making it’s own new pathway through on the fly or any number of other unpleasant things.
I recall using an app way back when I used to root and haxor all the mobiles that would do this. Kind of a virtualbox for the Nexus phones/tablets, but it needed root to do it. Will have to look into this, would be interesting if it can do so in user space somehow.
Edit: Damn, still needs root. Was a longshot to be able to hook into system resources without it but was hoping for some bridge function.
It’s the only version I’ve come across as a pre-installed option for bought systems, particularly from Dell. A big thing going for it is if you search ‘how to do X in Linux’ you can pretty safely bet some or even most top hits are Ubuntu related.
True, but privacy hardly seems like a controversial community to get that kind of attention.
That’s where some of the other lines come into play. Stop the bad domains with some lists in pi-hole/ad-guard, IP reputational blocking tools, proxies can be used for decrypting traffic if you want to go that route, IPS systems can help identify behavioral patterns for known bad actors.
I like to think of a basic firewall as the very efficient big dumb first line. You block everything except what is needed and it doesn’t matter what app or vulnerability is in play those ports are dead to the world. Then the more refined tools dig through the rest to find the various evil bits and needles in the needle stack.
A large part of this is only thinking of a firewall as preventing inbound connections. A big part of securing a net comes from preventing things like someone establishing an outbound connection on some random port and siphoning off everything to a home base.
A firewall in itself won’t cover everything, that’s just ports, protocols, and addresses. Tack on an IPS for behavioral scanning, reputation lists for dynamic ‘do no allow connections to/from these IPs’ and some DNS filters or a proxy to help get vision into the basic 80/443 traffic that you can’t just block without killing the internet and you’ve got something going.
A firewall is not security on a box, although most think of it that way. A lot of commercial security-suite products actually do a few things but it’s just easier to market it to grandma if they simply call it a firewall, it’s a term well embedded in the public concesness.
Also to note in, there are a few ‘subscriber bots’ out there on github to help a new instance get some seed communities out there. It can make the DB and loval storage swell like crazy but is nice when you don’t feel a need to manually sub to everything.
I’ve had mine up since 6/15 and in total between attachments, DB, and misc other stuff it uses just under 30 GB of space. I’ve also ran one of the subscriber bots for a couple days so there’s who knows how many communities subscribed in total at this point.
Between the major parts, the DB is about 6GB the rest is attachments and such that could be wiped without any real harm. I’m hoping to see a ‘purge data after X days’ function at some point, or even better a ‘after last interaction’ so active posts don’t get purged. No use keeping the data from some some simple meme that had 2 comments forever though.
I looked about for it and the PG update basically involves creating a new folder to initialize and then exporting/importing the old DB, but haven’t successfully done so yet here.