Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

> 3) automated security updates or some sort of failsafe procedure to install security updates very regularly (this is by far the most common error)

This isn't clear. Are you saying you think automating these updates is good or bad?

> 5) Avoid storing anything that makes you a particularly desirable

Well, in some cases your user's uid and pwd is the most valuable chunk-o-data a would be attacker wants.

> Most extensive security procedures contain a lot of questionable advice

List?

> and few will prevent human error which most compromise can be traced back to.

I think this would be the power of having a canonical auto-provision script on Github that many can review and contribute to. The script could certainly take the form of sections that could be commented out as needed. In other words, a well documented and reviewed set of recommendations that someone could edit based on pier-reviewed information in the comments and then use to automatically configure a server. That, I think, could be of value.



Consider applying for YC's Fall 2026 batch! Applications are open till July 27.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: