I decided to switch to Debian.
I’ve been using Ubuntu as my primary operating system since 2005. Back then it was truly amazing. Before I started using Ubuntu I tried out Red Hat, Mandrake (and later Mandriva), Slackware, Gentoo, and even Debian. In all of them, something didn’t work. Usually it was wifi, but sometimes it was audio or video, or weird X config problems. But when I switched to Ubuntu, all of that went away. Rather than being frusturated that I was still a Linux noob and couldn’t even connect to the internet, Ubuntu helped me get past the initial barriers so I could really dive in. I’m eternally grateful to Ubuntu for this, and I’m very impressed at how successful they’ve has been at fixing bug #1 (though there’s still a long way to go).
However, a lot of Ubuntu’s recent decisions have been turning me off. It started a couple years ago when they changed the default desktop environment from GNOME to Unity. I had played with Unity when it was called “Ubuntu Netbook Remix” and I thought it was a fun toy, and might be easier to use on a touchscreen device than GNOME. But they made it the default before it was ready. Still, I saw where they were going with it and respected them for being so ambitious.
I’ve talked to many people who assume that the NSA, the world’s most powerful and well-funded spy agency, can easily crack the encryption on messages they intercept by brute force. They speculate: “What if Big Brother has a massive cluster of supercomputers guessing keys at full power in a top secret and shadowy lab a mile beneath Maryland?” Even then, they still can’t crack your crypto.
Don’t get me wrong. There are many implementation flaws, bugs, misconfigurations, user errors, and rubber hose attacks that could lead to crypto being compromised. I’m referring to the NSA’s ability to use massive computing power to guess a crypto key.
Lately I’ve been thinking about setting up a blog to talk about tech things I find interesting, particularly web security, since that’s how I spend a lot of my work and free time. Since I had an under-used VPS sitting around, I figured I ought to set up WordPress on it and start blogging. What better topic to blog about than how I’m securely setting up this website?
I’m going to start by talking about how to harden SSH. In later posts I’ll talk about how I set up Apache, install an SSL certificate and configure it for maximum security, and some WordPress security tricks. I’m using Debian, but it shouldn’t be hard to adapt this to any Linux distro. I’m assuming you have root access to your server.