So how can I as a new user make sure to have the most secure machine as possible?

That’s not what you want. You want a reasonable level of confidence that your system is secure.

The process is similar to Windows - keep it up-to-date, use good passwords, don’t run things as root (admin), and don’t install things that are questionable.

The package manager under linux is where you should start, and that varys by distro some. But generally speaking things installed from there are “safe” and will be updated by the package manager when you do updates.

NT even “back in the day” was very much NOT compatible with DOS.

Like those ‘curl | sudo bash’ abominations that have become strangely popular lately.

“I run an immutable distro, BTW”

Proxmox or Docker?

It’s not mutually exclusive? I have a 3-node proxmox config on which I have 3 VMs running as kubenetes nodes to which I deploy containers. I also have some VMs setup for things which either don’t work well as containers or which I simply don’t want as containers (e.g. a couple Windows VMs for doing Windows things). Also home assistant runs in a VM since it was just easier to do USB passthrough this way.

I understand that running things in a VM provides better security than running them in a container.

Not sure what you mean by this - containers are typically easier to secure as they’re minimalist. But I doubt anyone is using VMs because they think they’re more secure.

And I still don’t care. Bad is bad even if a community is doing it.

Edit: Sorry if that was aggressive. This is a horrible practice and that community is the worst. They use HTTP by default? Encourage running scripts pointing to GH repositories controlled by community members? It’s just aching for the sort of supply-chain attacks we’re seeing with things like NPM has been enduring.

I have a very no-exceptions rule about encouraging people to do a curl|bash install and would just remove that. Provide a link to the script, people can run it if they want. Encouraging the behavior of just directly running scripts off the internet is a bad habit.

In your Proxmox console, enter the following command: bash -c "$(curl -fsSL https://raw.githubusercontent.com/…)

Do not do this. Never run scripts like this directly without inspecting them first. Do not tell people to run your exciting new script like this. Provide a link to the script and encourage users to inspect it first then run it.

Same? HTTP/1.1 ran the entire internet for 20 years and is used by a ton of sites. It’s fine for a personal website.

There is zero question about it. It will be absolutely fine for some dude’s static website over a residential internet connection.

HTTP 1.1 is more than good enough for serving a static website.

Read the comments. Self hosters are little more than users anyway.

At this point I’m just happy if they’re all using a dark theme at least.

Maybe computers just aren’t for you.

It’s not just this site though is it? I have been seeing a proliferation of curl | shell bullshit for some time now. Lots of sites doing it and people are posting those commands in forums, etc. telling others how easy it is to install that shiny piece of software! “But people should know better” I hear you whine, “They should read scripts before executing them.” But we all know people won’t do that. Especially not the sort of people who are arguing in favor of this practice, and certainly not the newbs these are targeted at.

This wasn’t satire?

🤣 🤣

Sure, but many of those use GPUs as well. Consider things like CAD, photo or video editing. And “office suite” things tend to have Linux-friendly alternatives or are usable through web browsers. I’m sure there will be some niche applications this would be usable for but honestly I can’t think of… any.

The developer explains it should run basically everything unless “it requires strong GPU acceleration or kernel-level anticheat”.

That is a lot of use cases people have for Windows only applications.

🤣

OMG this is so dumb.

Edit: I’m thinking this was satire?

Until then, people who have sacrificed enough of their weekend to the linux gods will be pipe internet text into their root consoles

“I’ll do what’s easy even if it’s not good” is a terrible approach to, well, anything. I would expect people in this community to look for guidance on what the best way to do things is. Seems I’m wrong.