• 1 Post
  • 11 Comments
Joined 1 year ago
cake
Cake day: August 21st, 2023

help-circle



  • While what you’re saying is theoretically true, don’t forget that as far as I know, most attacks are perpetrated by bots. And while it is true that in a fedora based version one could run ostree admin unlock etc… this particular command would need to be included in the attack script.

    Now if the script has to be modified to include all possible different immutable systems that could possibly run it would increase the complexity and most importantly the size of said script making it easier to detect.

    I’m not saying that its a bulletproof method, I’m just saying that by itself it greatly minimizes the risk, at least until all servers run immutable systems. And even then it still complicates matters for potential attackers quite a bit. So therefore reducing or at least greatly minimizing the potential of the system being compromised.







  • Not for myself but a client who was running a game server. He wanted to tweak the number of ticks/second that the kernel interacted with CPU. Didn’t even know that this was a parameter and after a few attempts, according to him, never went on that server myself, made a huge difference and he claimed having grabbed a good part of the market because of that.

    After that familiarized myself more with the stuff in there. But that was a good while ago, before most of you guys were born.