Saturday, June 10, 2023

Were can you find cheap domain registrar services, hosting, and email services?

Were can you find cheap domain registrar services, hosting and email services?



PorkBun

NameCheap

That's not too bad, but not really cheap either 😢 

Some word of advice: before using any service, I would always check what my peers say (many of whom are way more involved/smarter/more opinionated than me) about these companies. Has their service deteriorated recently? Have their prices gone up without warning? Have they been bought and turned evil? It's good to check.

How? Very easily: 

A warning about doing these searches: If you look long enough and hard enough, you discover that all new companies make rookie mistakes and all companies that have been around longer become more formalised, more corporate, and more inclined to make money off of you in unwanted or unexpected ways. My point is: All companies suck in their own way, domain registrars and hosting providers are no exception. 

"Desktop Linux is insecure" - bjornpagen



Let's take an example of Chrome's browser. The GUI, HTML renderer, V8 JavaScript engine, browser extensions—all these parts of Chrome individually are heaping behemoths of code. So, all these components are separated and live in different operating system processes, and can only speak to each other via an IPC mechanism.

This way, a rogue website isn't able to access your home directory, since only the GUI part of Chrome has access. The GUI (officially called the Browser process), is the only part that has access to your home directory. So, the Renderer is "Sandboxed".

Sandboxing is a very logical next step to make systems more secure. If you can't possible check all code and what it does, then running that code in a place were at least it can't do much damage is the next best thing.

MacOS, OpenBSD, and even Windows have all made serious progress in sandboxing. 

Here, we find every other desktop Linux distribution. Debian, Fedora, Ubuntu, Arch, Gentoo, have zero meaningful system level sandboxing.

So there we have it. Linux is very insecure because out-of-the-box it doesn't do any kind of sandboxing.

ChromeOS (not the browser, mind you, but the linux distro) does it better:

A modern "Linux distribution" that actually does sandboxing incredibly well is ChromeOS. There are a whole bible of strategies that ChromeOS implements to keep Chrome in it's own little world. Among the strategies involve cgroups, namespacing, seccomp, etc… This technologies basically do what Docker does (corrected). Chrome cannot see your files unless you give it explicit permission to do so, nor can it execute other programs, or wipe your hard drive.

Not only is Chrome sandboxed—every important system process is sandboxed in ChromeOS. The system logger, the display server, the wifi daemon… A lot of architecting has gone into minimizing the attack surface of these various services by giving them the least amount of privilege possible to do their job. This is the principle of least privilege.

Conclusion? The newer a system is, the better the sandboxing capabilities are (probably). That is why I would trust iOS over macOS, for example. Because it's newer.