• 1 Post
  • 50 Comments
Joined 5 months ago
cake
Cake day: June 21st, 2024

help-circle

  • For a start, try hosting something in your own home. A raspberry or an older PC or laptop should be enough.

    My first projects were a print server (so I can print via wifi) and a file server. Try to find something that is useful for you.

    Only start hosting on the internet when you’ve learned the basics and have more experience.







  • I believe there are several Linux-related topics that could be valuable for this cybersecurity community. While I’m not a Linux expert, here are a few suggestions:

    • Security features in the Linux kernel: An overview of features like ASLR and cgroups, including their strengths and limitations.
    • Securing Linux servers: Practical guides, how-tos, and tools (e.g., Auditd, Sysdig) for hardening Linux systems.
    • Vulnerabilities and detailed writeups: Sharing in-depth analyses to learn from real-world mistakes. (But please, let’s avoid posting every CVE. 😉)

  • cron@feddit.orgtoSelfhosted@lemmy.worldPaid SSL vs Letsencrypt
    link
    fedilink
    English
    arrow-up
    12
    ·
    edit-2
    2 months ago

    You’re right, Google released their vision in 2023, here is what it says regarding lifespan:

    a reduction of TLS server authentication subscriber certificate maximum validity from 398 days to 90 days. Reducing certificate lifetime encourages automation and the adoption of practices that will drive the ecosystem away from baroque, time-consuming, and error-prone issuance processes. These changes will allow for faster adoption of emerging security capabilities and best practices, and promote the agility required to transition the ecosystem to quantum-resistant algorithms quickly. Decreasing certificate lifetime will also reduce ecosystem reliance on “broken” revocation checking solutions that cannot fail-closed and, in turn, offer incomplete protection. Additionally, shorter-lived certificates will decrease the impact of unexpected Certificate Transparency Log disqualifications.












  • cron@feddit.orgtoSelfhosted@lemmy.worldPaid SSL vs Letsencrypt
    link
    fedilink
    English
    arrow-up
    56
    ·
    2 months ago

    AFAIK, the only reason not to use Letsencrypt are when you are not able to automate the process to change the certificate.

    As the paid certificates are valid for 12 month, you have to change them less often than a letsencrypt certificate.

    At work, we pay something like 30-50€ for a certificate for a year. As changing certificates costs, it is more economical to buy a certificate.

    But generally, it is best to use letsencrypt when you can automate the process (e.g. with nginx).

    As for the question of trust: The process of issuing certificates is done in a way that the certificate authority never has access to your private key. You don’t trust the CA with anything (except your payment data maybe).