The Server

Security Through Obscurity is Not Security At All

For years, makers of proprietary and closed software claimed that their software was more secure because no one knew how it worked. They believed hackers would be less likely to break in to their systems because they would simply not know how to attack it. Today, we know that the moniker "security through obscurity" is simply untrue. When software tightly controled and closed to only a small group of people, a mistake or vulnerability in their code can go unnoticed for years. Even worse, the mistake could be found, but the cost of fixing it would be so high (or the developers too lazy), that they would try to cover up the existance of the vulnerability all together. When we use open source software that has been reviewed and maintained by hundred or even thousands of developers, we can rest assured that a serious vulnerability will not go unfixed for very long. Further, algorithms should be built to be secure by nature, not to be secure because no one understands how they work. To this end, I believe transparency is important, so here is some information about how the EzIsland server works.

EzIsland

Today approximately 96.4% of the top 1 million web servers in the world use Linux as their operating system. Unlike Windows or MacOS, Linux is open source meaning that all of the source code (some 20+ million lines of code) is free for anyone to look at (in fact you can find it all on the linux kernel's github page). Naturally, EzIsland uses linux as well. More specifically, EzIsland runs on Debian 10 stable, a particular linux distribution that is often considered to be the most stable and open of all linux flavors.

In order to keep the site running smoothly, I rent what is known as a virtual private server (VPS) from a Linode, a hosting provider that specializes in linux servers. The physical server itself is just a small part of a large compute and data center that Linode runs in Newark, New Jersey. Unlike many hosting providers, Linode does not hold your hand or artificial restrict what you can do with their server. Instead, they simply give you a clean install of the linux distribution of your choice and a root ssh login and let you go at it.

In order to run each of the various services that EzIsland provides, I use a different open source software package. The Jabber/XMPP chat uses a project called , voice over IP is powered by kamailio, the VPN uses openvpn, and email uses a combination of postfix, dovecot, opendkim, opendmarc, and spamassassin. The website is served by nginx and powered by technologies such as html, css, javascript, bootstrap, and php. Finally, most of the data for each of these services is stored in a mariadb database. Setting up all these services in such a way that they mesh well together is a complicated task and requires careful configuration.

Beyond the visible services that EzIsland offers, the server also runs a bind9 server for manages EzIsland's DNS and DNSSEC records as well as a nftables based firewall.