Conversation

Notices

1. Embed this notice
   JP (jplebreton@mastodon.social)'s status on Monday, 13-Jan-2025 12:49:22 JST JP

   Still researching various options for a new host (on a new domain) for my personal website. My needs are very modest (a ~1GB, totally static website), I just want a simple setup with a company that is trustworthy and will still be in business in 10+ years. Any recs?

   • Embed this notice
     Rich Felker (dalias@hachyderm.io)'s status on Monday, 13-Jan-2025 12:49:21 JST Rich Felker

     in reply to

     @jplebreton Your own VPS, not managed hosting. On a respectable but cheap host.

   • Embed this notice
     Rich Felker (dalias@hachyderm.io)'s status on Monday, 13-Jan-2025 12:50:26 JST Rich Felker

     in reply to

     @jplebreton Pure static with nothing but http(s) & ssh open can run for decades without OS updates.

   • Embed this notice
     Rich Felker (dalias@hachyderm.io)'s status on Monday, 13-Jan-2025 14:14:39 JST Rich Felker

     in reply to

     • Daniel Gibson
     • LisPi

     @Doomed_Daniel @lispi314 @jplebreton None affecting OpenSSH. The OpenSSH bugs of relevance are almost exclusively integration with junk like PAM. Unless I'm mistaken, in a reasonable single user or small server pubkey only config, OpenSSH from 20 years ago would be fine.

   • Embed this notice
     Daniel Gibson (doomed_daniel@mastodon.gamedev.place)'s status on Monday, 13-Jan-2025 14:14:41 JST Daniel Gibson

     in reply to

     • Rich Felker
     • LisPi

     @lispi314 @dalias @jplebreton
     openssl bugs also appear every once in a while

   • Embed this notice
     LisPi (lispi314@udongein.xyz)'s status on Monday, 13-Jan-2025 14:14:42 JST LisPi

     in reply to

     • Rich Felker
     @dalias @jplebreton Though given how there are a few exploitable kernel bugs in the network stack every few years, it can be a good idea to apply OS updates periodically.
     
     This wouldn't be an issue with either high-isolation kernels or microkernels, of course, but we can't have nice things.
   • Embed this notice
     Rich Felker (dalias@hachyderm.io)'s status on Monday, 13-Jan-2025 14:15:50 JST Rich Felker

     in reply to

     • LisPi

     @lispi314 @jplebreton Have there been any that weren't use of niche features, i.e. in core IP stack, in recent history? I don't recall any.

   • Embed this notice
     Rich Felker (dalias@hachyderm.io)'s status on Monday, 13-Jan-2025 14:17:27 JST Rich Felker

     in reply to

     • Daniel Gibson
     • LisPi

     @Doomed_Daniel @lispi314 @jplebreton Oh. All those are weird cryptographic things relevant only with dynamic sites where you can control payloads. Not RCE, not relevant to static sites.

   • Embed this notice
     Daniel Gibson (doomed_daniel@mastodon.gamedev.place)'s status on Monday, 13-Jan-2025 14:17:28 JST Daniel Gibson

     in reply to

     • Rich Felker
     • LisPi

     @dalias @lispi314 @jplebreton
     maybe not openssh, but most probably whatever provides HTTPS

   • Embed this notice
     Rich Felker (dalias@hachyderm.io)'s status on Monday, 13-Jan-2025 14:30:11 JST Rich Felker

     in reply to

     • Daniel Gibson
     • LisPi

     @Doomed_Daniel @lispi314 @jplebreton Only recent RCE I found was CVE-2022-3602 which is client side validating malicious cert chains not relevant to static server.

   • Embed this notice
     Daniel Gibson (doomed_daniel@mastodon.gamedev.place)'s status on Monday, 13-Jan-2025 14:30:12 JST Daniel Gibson

     in reply to

     • Rich Felker
     • LisPi

     @dalias @lispi314 @jplebreton
     Ok, I don't know enough about how the usual OpenSSL vulnerabilities can be exploited, so I'll take you word for it, as I think you know way more about this