“Someone alread took a shit in the victims head so its okay if i piss on his leg no?”

Exactly

Dunno about your country but mine is far from 100% reneable

Well, i never argued against the clearly powerfull capabilities, those are obviously huge, my point was that as a hobbyist you should consider having the important stuff (finances, official documents, biometrics) in cold storage or on a separate machine as well as stuff like security cameras or doorlocks if you do stuff like this out of it until you fully understand the risks, which are not that easy to grasp for people without experience.

Ofc proxmox and qubes are incredible useful tools of technology, but their high versatility and customizability gives you a lot of tools you need understand and use properly on top of what you are already doing. (More so with proxmox as with qubes, qubes is a little less industry focused IMHO)

Valuable insight, thanks :)

Why is a hypervisor the best we got? Why would better than a dedicated bare metal server? Why would the attack surface if a hypervisor be smaller than the attack surface without one?

Honest question

Thanks for evaluating! The exploit was explained to me that an unpriviliged user/Programm could use it to get root access on the whole system, which I my mind included the hypervisor. Further reading seems to proof you right, while containers were broken VMs were not.

My point still remains, although weaker: If you know exactly what you are doing you can get a system quite secure, if you are a hobby server owner like me, its not that easy. I would have not know that the use of VMs instead of containers has sooo major security implications, that something so fundamental as ssh could be exploited in such large scales, and clustering would have been needed to avoid being unsafe.

Sure, noone would use an zero day on me targeted, the thing is: I am not working in the field, from publishing of the exploit till learned about it and had the time to patch, there were a few weeks. If in those few weeks someone deploys a tool going for mass and not for single targets, I would probably be infected and added to some botnet, cryptominer or whatever.

If I have a bare metal dedicated server, which has only access to IPs contained in my whitelist on a dedicated opnsense, I have less to wory about. Sure, someone could still find a openbsd/opnsense exploit and get me, but my point is: complex systems break in complex ways, the more complex systems you use, the more attack surface u have, need to know and understand to control and mitigate it.

Not that its impossible, but for a hobbyist who tries to self teach with man pages, tutorials and forums, you can get pwnd in unexpected ways (like because you used a container for dodgy Chinese smart home devices and expected that your production environment would be safe even if one of them was malicious, but in fact you were not, because that would have needed to be a VM. AND: before copy fail was published, users would have probably also told you that containers are safe.

Eternity is really nice

I was going to build my system like that, but recently learned that host client isolation is not as strong as people make you believe.

just a few weeks ago we learned that copy fail (security vulnerability) was on major distros for years until it was fixed, it would allow containers and VMS to infect the host system. Xz utils could also lead to a broken host client separation, as proxmox uses ssh for clustering and the like.

So for really important stuff I am going to have a dedicated physical server or put it in cold storage altogether.

That said, I am by no means an expert so feel free to correct me if I got something wrong.

Hate to be that guy, but brave is spyware packaged as browser, it not running is for the best…

Dude there is someone asking for a “lighting fast browser experience” on specs which will not deliver that for most websites most people use.

An honest reply IMHO is to state what will work and what will not.

You set false expectations when basically telling him “yeah no problem”.

I try to differentiate this picture by showing what caviots there are.

The reality is: if you are a tech savy person, only use a subset of websites, to which most of the popular websites (youtube, Netflix, prime, insta, etc.pp.) don’t belong, you can get something to work. Do I use silicon-valley websites or think they are good? No! But someone who asks such questions is probably not someone who only thinks of HTML only websites and the like when wanting a fast browser.

I try to give honest advise and show that a lighting fast browsing experience is not the same as “you can visit some websites with very light loads and need to close the browser, open terminal and yt dlp, download the video and watch it in a lightweight video player”.

Its not about competition it’s about actually helping the person looking for advice.

He didnt explicitly, but watching media is one of the main things people do in browsers no?

When someone asks about a lighting fast browser experience for his specs, and you say “no problem” one would expect one can use websites, including ones that serve videos no?

Saying yeah, fast browser? no problem! But then referring to yt-dlp for videos is a little misleading no?

I’d don’t think you find most videos on peertube at this point of time, and I’m hesitant if it will run fast with those specs, even considering peertube is less bloated than YouTube.

Where to cache to? The HDD? The two gig ram?

So what site do you use with this Setup to watch HD Videos fast, responsive and without Stutter, lag oder tearing? Cant be youtube

Well thats what op asked for.

And it is “lighting fast” when using modern bloated java script websites? I doubt it

To be real, this Maschine with HDD and 2gig RAM isnt going to be lightning fast at all

Thanks

Dunno the face of the old guy, but in general it would be advantageous to the struggle if I would (if he actually is an oligarch like other comments suggest).

I dunno about the women either but knowing kanye is helping me nothing in my live while knowing my enemies would.

Can someone explain for us people at work who cant watch a video?