Let’s Encrypt is just as secure as paid certs. They’re held to the same security standard.

Doesn’t it do dx12 translation?

Yes, they are.

I believe this replaces esync and fsync. IIRC it’s slightly faster and has the benefit of being mainlined.

I also just learned this and I work in tech.

I promise you full size ovens can have exposed heat elements.

Ceph is a huge amount of overhead, both engineering and compute resources, for this usecase.

Sometimes I think this community should be called homelab instead of selfhosted based on the kinds of questions

What’s the cost and impact of downtime for you? If you’re doing this for personal use it’s probably minimal for both so doesn’t really matter. If you want to try the new thing and you’re not afraid of the time investment or potential downtime then go for it

Fair enough. Personally I’d start with their documentation then: https://docs.openstack.org/install-guide/

For OS it looks like they support RHEL/CentOS, Ubuntu, Debian, and SUSE so I’d stick with one of those.

Openstack is like self-hosting your own cloud provider. My 2 cents is that it’s probably way overkill for personal use. You’d probably be interested in it if you had a lot of physical servers you wanted to present as a single pooled resource for utilization.

How does one install it?

From what I heard from a former coworker - with great difficulty.

What is the difference between a hypervisor/openstack/a container service (podman,docker)?

A hypervisor runs virtual machines. A container service runs containers which are like virtual machines that share the host’s kernel (more to it than that but that’s the simplest explanation). Openstack is a large ecosystem of pieces of software that runs the aforementioned components and coordinates it between a horizontally scaling number of physical servers. Here’s a chart showing all the potential components: https://upload.wikimedia.org/wikipedia/commons/a/a5/Openstack-map-v20221001.jpg

If you’re asking what the difference between a container service and a hypervisor are then I’d really recommend against pursuing this until you get more experience.

Neat

How is this different from Fail2Ban?

Typically there’s a period of responsible disclosure to give the software maintainer an opportunity to fix it before it’s widely announced. After that period is up or the fix has been released the vulnerability discoverer is able to announce it and take credit for finding it.

I don’t really get the comparison to vagrant. It doesn’t seem like it feels the same role? Can distro box be used to share environments with other developers or used in CI/CD processes?

Heartbleed was a thing that happened.

A lot of ISPs and hosting providers block outbound email by default.

You’re making it that much easier for someone to brute force logging in or to exploit a known vulnerability. If you have a separate root password (which you should) an attacker needs to get through two passwords to do anything privileged.

This has been considered an accepted best practice for 20+ years and there’s little reason not to do it anyways. You shouldn’t be running things as root directly regardless.

One. Use a switch for networking.

You can only do 100M runs max anyways, just replace the whole thing? 100M of CAT6 is pretty cheap if you already have a box for it.

Or is this an academic question?