Unless the system is kept up to date automatically it's going to be vulnerable to something.
All the web applications also seem to be exposed to the Internet directly which makes things even more dangerous. They all seem to be running PHP, presumably under the same user, so it probably takes only one security hole to compromise the whole thing.
Yeah, having to keep a bunch of third party applications up-to-date seems at odds with "install a bunch of applications with no work". Sandstorm.io seems like the right way to go here, I wish it would gain more traction.
A system like this, at least the parts that are not public needs to be put behind an authenticating proxy, in the style of Google's BeyondCorp system. That way, there's a very hardened authentication gateway that all the other various implementations can sit behind. The auth implementations of the individual components doesn't multiply your exposure. With CORS implemented, it could be pretty decent out of the box ....
Yes, they have been around for quite a while already, although I don't know if they have since updates their tech stack. Back when I played with it apps were formed from a bunch of bash scripts that simply automate install and uogrades. One nice thing though was the self made SSO module for nginx, so everything supporting http basic authentication could easily be integrated.
Nowadays I am running Cloudron for these use cases. Here the big plus in apps is that each app runs on docker and has to use the Cloudron docker vase image (with very few paths having write access), through that apps and the server can easily backed up and restored in exactly the same state (user, data, apps installed).
I looked at Cloudron after comment. It is well done. Cloudron seems to have a monthly charge on top of what you might pay for your cloud hosting provider. Is my understanding correct?
But it's open source, so if you can life without the automatic updates and the app store (install apps and updates manually through their cli utility) you can still install more apps.
That is a server operating system. I suppose it would be more precise to call it a respin or something, but it would also be more verbose and harder for the general public to grok.
> I'd just like to interject for a moment. What you're referring to as Debian, is in fact, GNU/Debian, or as I've recently taken to calling it, GNU plus Debian. Debian is not an operating system unto itself, but rather another free component of a fully functioning GNU system made useful by the GNU corelibs, shell utilities and vital system components comprising a full OS as defined by POSIX.
An operating system provides the lowest stable level of a userspace API to the underlying hardware capabilities. This might be a bare kernel, or a kernel plus bundled runtime libraries. Debian is a versioned and tested copy of GNU/Linux, which is an operating system consisting of the Linux kernel and the GNU libc.
Linux can be also be an OS on its own, because its kernel<->userspace API is stable. This is not true of all kernels, for example macOS does not guarantee stability below libSystem.
Some people extend "operating system" up into userland tools that are bundled by the vendor or specified by a standard like POSIX, for example `ls` or `initd`. I think this is stretching the meaning a bit, because to the kernel there's no difference between `ls` and (for example) Firefox.
Dumb meme for the name.
Dumb memes all over the site.
No information about who created it.
Major contributors who work on altcoins.
Mastodon and Diaspora for social media accounts.
That is why I no host.
Unless the system is kept up to date automatically it's going to be vulnerable to something.
All the web applications also seem to be exposed to the Internet directly which makes things even more dangerous. They all seem to be running PHP, presumably under the same user, so it probably takes only one security hole to compromise the whole thing.