• 0 Posts
  • 8 Comments
Joined 11 months ago
cake
Cake day: November 4th, 2023

help-circle
  • I see some comments recommending wordpress but wordpress is a security problem, especially if you’re using 3rd party plugins. It is such a bad problem that their are ‘wordpress security’ applications but even then wordpress sites get hacked all the time. If you are going to use it, it is best to let some other host handle it for you if you don’t know a whole lot about what you’re doing.

    There are many, many other content management systems out there. Some are lighter than wordpress and some heavier. They are all about posting and managing content. Most of them have some sort of user and authoring system. Once you’re webserver is set up, many are written in a mixture of php and python so setting them up is generally drag and drop with either minor configuration file edits or wizards. Many of them have sections that you can set up using a labeling/tagging system. Most of them allow you to have the ‘stories’ as private or draft where you have to actually click publish before people can view them. Some have user roles systems where you can limit viewing and even editing between different roles for sections.

    Generally, once their setup is done, they are point and click to do everything.

    Here’s a nice list of FOSS CMS’ (which includes Wordpress of course).




  • I accidentally overwrote /etc/passwd once and I allowed /boot to run out of space during a kernal update and I created a local user with the same user that was also on the realm/domain that I had joined and various bash script issues.
    Some stuff I’ve had to fix that someone else did:

    • named a file rm -rf
    • rm -rf /bin instead of ./bin – Also the fact that they had sudo was crazy and also I guess this was the second time
    • chmod -R 777 /
    • Various software bugs running swap out of space or hitting the inode limit by creating files over and over again with a timestamp in the filename and having to remove all of them because there was no backup to the OS
    • Someone disabled SELinux because something wasn’t working but didn’t tell anyone – ugh
    • Compiled java because they googled some issue and followed some old tutorial without understanding anything instead of using alternatives and symlinked the old java from /bin to /home/theiruser/java – had sudo because he was a Windows domain admin.
    • Cybersecurity guy didn’t know what some VMs did so he turned them off and figured he’d find out if/when someone complained. Caused a massive core services outage.
    • Same Cybersecurity guy deleted a bunch of data because he wanted to see how the sysadmins would respond and witness backup restorations. He did not inform anyone.
    • Cybersecurity guy above still has Domain Admin and sudo everywhere. I would have personally removed his privileged access regardless of what ‘CyberSecurity’ management thought but I was leaving for a new job by then anyway so I figured I’d just let them eventually lie in the bed they made.

    There’s more but I don’t want to keep going because it is Sunday and I don’t want to ruin it.






  • A 30% cut for steam games sold on steam and a 0% cut for steam keys sold by the publisher wherever they want with the caveat that they must give steam users the same sales at around the same time. They get their games hosted on Steam’s industry best CDN, a page with support for images and videos, an API with features users like, workshop API for mod hosting and delivery, and other SteamWorks API stuff for stuff like multiplayer, patch management without charging a fee for it, forum hosting to hit the highlights. Pretty much all of that drives engagement and is mostly turn-key though you do have to programmatically interact with their API when it makes sense.

    Steam provides a lot of benefit for a 30% cut of what is sold on their store front and a lot more benefit for getting all of the above for a 0% cut if they sell steam keys outside of steam.