Rule of thumb in dealing with domain and hosting vendors - always gauge how educated their support staff is. They should be at least slightly more educated than the average developer who admins their own stuff. And do judge based on website design - if their design looks like it'd would also be appropriate for selling quick ways to lose fat, you should know to stay away.
But it's not a retina display until apple signs off on it. I don't think most manufacturers are going to think the ROI on the time/effort/money is worth it.
Fun fact, apple gets a cut when you buy any MFI certified chargers or cables.
Would you also say there are no other smartphones on the market if apple had to sign off on approvals? That's the same thing as you're saying here. The panels have a greater DPI than what apple calls "retina"
Just because apple doesn't call it something doesn't mean it doesn't exist, that's patently absurd
Correct, its a trademark owned by apple. Apple has to sign off on anything using it. And until apple does that, its not a retina display. That's how brands/trademarks work, right?. Its just a label. Isn't that what I said in my original post?
It seems like you are reading words I didn't write. That's patently absurd!
It might be slightly easier to use sshguard instead of fail2ban for protecting against ssh attacks.
Using passwordless (key only) login is a given.
As soon as your server is provisioned, log in with the password, first setup ssh, and disable password login.
You can use fail2ban jails for different services (like nginx). You need to decide how strict you need to be.
On FreeBSD, using blacklistd might also be a better idea than using fail2ban.
To quote from the internet - "fail2ban and sshguard are both log scrapers. Log scrapers are gross hacks.
blacklistd as an integrated solution is what should have
happened many years ago."
FreeBSD jails also provide excellent protection. It can be a good idea to run each service in its own jail. E.g. a separate jail for nginx, one for your webserver, another for your db servers. This way you can also limit the resources that are allocated/dedicated to each jail.
Also, while running pf (or whatever firewall you have), you can limit the number of requests (rate limiting) to somewhat protect yourself.
Using Cloudflare or something else on the front can help against ddos. Also, some providers like OVH and Hetzner have ddos protection built in for free. Some like Vultr have it as a paid service, iirc.
SSHGuard looks cool, wasn't aware that existed. Haven't messed with FreeBSD jails, but I use unprivileged lxc containers on Linux, iirc that's the closest Linux equivalent? Those help me sleep better at night.
lxc was rather new when I started looking into this stuff. Since jails were much older, I just went with FreeBSD. Also because I was a little biased against Linux because on my personal computers Ubuntu and Fedora had crashed occasionally.
Now I think lxd is supposed to be a better user experience than lxc. Same backend better frontend. Like ezjail or iocage for FreeBSD makes the management easier than doing it all directly.
Surely, you're not suggesting invading a nuclear power to seize their natural assets.