Пользователь пока ничего не рассказал о себе

Достижения

Все достижения (5)

Наибольший вклад в теги

Все теги (101)

Лучшие ответы пользователя

Все ответы (87)
  • Запрет на частые подключения SSH?

    @Sha644
    Fail2ban

    [ssh]
    enabled  = true
    port     = ssh
    filter   = sshd
    logpath  = /var/log/auth.log
    maxretry = 3
    Ответ написан
  • Какие существуют объективные недостатки у systemd?

    @Sha644
    Много текста
    technical

    systemd appropriates the cgroup tree and takes control of it and completely messes with any other user of the cgroup tree and really wants them all to go through systemd, systemd was wirtten basically on the assumption that nothing but systemd would be using cgroups and they even tried to lobby to make cgroups a private prioperty of systemd in the kernel but that went no-where.

    systemd's usage of cgroups for process tracking is a fundamentally broken concept, cgroups were never meant for this and it's a good way to fuck resource usage up

    systemd has a hard dependency on glibc for really no good reason

    systemd relies on DBus for IPC, as the name 'Desktop bus' implies DBus was never written with this in mind and it shows. DBus was written to facilitate IPC within a single desktop session, not as a transport during early boot. This is why systemd wanted to push kdbus heavily beause kdbus solved some of the problems inherent to DBus being used as IPC during early boot.

    systemd's security and general code quality practices are less than stellar, a lot of security bugs pop up in systemd due to its insistence of putting quite a bit of code in pid1 and quickly adding new features and quickly changing things.

    political

    systemd creates dependencies and is a dependency of things for political reasons in order to encourage people to pick these things. This is not conjecture, Lennart has admitted multiple times that he creates dependencies to 'gently push' everyone to the same configuration

    systemd is monolithic for its own sake. It's basically product tying to encourage people to pick an all-or-none deal to again gently push towards this consistency

    personal

    Lennart Poettering, the face of systemd and its lead dev is the biggest primadonna FOSS has ever known who continues to shift blame and demand that entire world adapt to his designs.
    (с)/u/jij_je_walkman_terug
    Ответ написан
  • Можно ли автоматически проверять страницу на предмет обновления информации?

    @Sha644
    Можно. Curl.
    Много текста
    Hypertext Transfer Protocol -- HTTP/1.1 - 10 Statu...

    10.3.5 304 Not Modified

    If the client has performed a conditional GET request and access is allowed, but the document has not been modified, the server SHOULD respond with this status code. The 304 response MUST NOT contain a message-body, and thus is always terminated by the first empty line after the header fields.

    The response MUST include the following header fields:

    - Date, unless its omission is required by section 14.18.1

    If a clockless origin server obeys these rules, and proxies and clients add their own Date to any response received without one (as already specified by [RFC 2068], section 14.19), caches will operate correctly.

    - ETag and/or Content-Location, if the header would have been sent
    in a 200 response to the same request

    - Expires, Cache-Control, and/or Vary, if the field-value might
    differ from that sent in any previous response for the same
    variant

    If the conditional GET used a strong cache validator (see section 13.3.3), the response SHOULD NOT include other entity-headers. Otherwise (i.e., the conditional GET used a weak validator), the response MUST NOT include other entity-headers; this prevents inconsistencies between cached entity-bodies and updated headers.

    If a 304 response indicates an entity not currently cached, then the cache MUST disregard the response and repeat the request without the conditional.

    If a cache uses a received 304 response to update a cache entry, the cache MUST update the entry to reflect any new field values given in the response.
    Ответ написан
  • Как правильно организовать работу двух docker контейнеров?

    @Sha644
    Чтобы 1 контейнер - соберите все в общий контейнер через Dockerfile, но это как раз "не красиво".
    Возможно вас заинтересует такое решение как: docker compose
    Ответ написан
  • Безопасен ли VPN?

    @Sha644
    Безопасность любой сущности обратно пропорциональна доверию к данной сущности. Т.е., чем больше вы доверяете чему-то тем менее оно безопасно.
    P.s., Абстрактный вопрос - абстрактный ответ.
    Ответ написан