Server - Usage?

[VocalFan]

@ultimaweapon

I now have a 2nd PC available for usage as a server for us. Perhaps we can use it to boost Windows compilation speeds? Or do you have some other use in mind for it?

[ultimaweapon]

The problem with self hosted CI is security and transparency as we discussed before.

[VocalFan]

That is only in theory, plus I believe we can find secure ways in some research... If it somehow isn't already secure.

After all, a runner can only build, not modify the REPO.

[VocalFan]

The problem with self hosted CI is security and transparency as we discussed before.

Looking into it, it seems it only uses a very short-lived temp token to setup the runner, afterwards, the token is discarded and the runner is handled backside by Github.

[ultimaweapon]

That is only in theory, plus I believe we can find secure ways in some research... If it somehow isn't already secure.

I don't think we can make our self-hosted runner secure than GitHub hosted runner.

After all, a runner can only build, not modify the REPO.

The attacker don't need ability to push the code to the repository. If your server is compromise all they need is inject the malicious code to every build, thus we will spread malware to everyone who download the pre-built binary.

[VocalFan]

Looking into it, it seems it only uses a very short-lived temp token to setup the runner, afterwards, the token is discarded and the runner is handled backside by Github.

^ Besides, I'll do all the possible security security measures I can.

[VocalFan]

Besides from keeping Windows 11 Pro up to date, I'll have Memory Integrity, Tamper Protection, all Exploit Protections, and monthly Full scans enabled. (With Microsoft's included daily quick scans.)

And, what would be a good time to have the system reboot if there's a major update?

Do note, it has a NVMe SSD, so updates should be speedy. I was thinking I should set it to reboot if needed every tuesday at 10:30am PT to comply with Patch Tuesday and allow time for downloading of updates, with daily Windows Defender updates (that are rebootless).

Patch Tuesday: Patch Tuesday occurs on the second Tuesday of each month in North America. Critical security updates are occasionally released outside of the normal Patch Tuesday cycle; these are known as "Out-of-band" releases. As far as the integrated Windows Update function is concerned, Patch Tuesday begins at 10:00 a.m. Pacific Time.

For account access, I'll use a Yubikey/Security Key for login.

[VocalFan]

A Yubikey is a physical key. So basically... Someone would have to physically get the key from me to even be able to log in.

[VocalFan]

Windows 11 Pro installed successfully, security has been set up and has been fully updated. Basic non-critical updates are scanned for every 12 hours, large updates are installed every Tuesday at 11AM PT (As windows only allows 1 hour intervals...), along with no ability to pause updates, and the basic TPM/Secure Boot.

[VocalFan]

New addition: Any User-Account-Control (UAC) prompts now explicitly require my Yubikey to be entered in order to continue. (Instead of a Yes/No prompt.)

[ultimaweapon]

What is the point of decreasing the build time that is not currently a major issue by increasing the risk for both us and our users? Another problem with this is transparency that I already mentioned. With self hosted runners the users need to trust us instead of GitHub that the binary they got is not malware.

[VocalFan]

There is the difference between theory and practice but... Then what other use might you have for the server? We don't exactly have a website yet.

[VocalFan]

Besides, this allows us to prevent any problems with building by that I mean it not building at all sometimes. By being able to maintain our own build tools unlike Github where their changes suddenly break builds where the fix is out of our control.

[VocalFan]

And I'm not sure what has you traumatized about malware but you need to calm down x3. Do I believe cyber-security is important? Yes. I've been making this server as secure as I can. Even now, my Google Nest router auto-updates every night. Are servers as easily hackable as you think? ...No. Or else no company would use servers.

Only security measure needed here is for us to approve runs for any changes to build .ymls

Github has been improving self-hosted runner security and speed. You think the Runner would allow dirty/non-committed changes to be compiled? Nope. It doesn't allow this. Plus, the Runner gets a fresh copy of the code every time.

[VocalFan]

There is the difference between theory and practice but... Then what other use might you have for the server? We don't exactly have a website yet.

But... Yes. If you wish, I can try to get people from our Discord and see if they wish to make a website for us.

[ultimaweapon]

Website is okay.

[VocalFan]

Yeah, seeing as Github only allows static sites and is pretty bland when it comes to really customizing. I'll most likely use Cloudflare to aid with website speed and DDOS protection/secure connection

[VocalFan]

Found a website dev. Question, what should our Issue Template be for reporting game compatibility?

[ultimaweapon]

Is the compatibility list actually useful? I think the only thing people care about is what games work and what does not work. When people find some games not working better to let them report the issue here instead of the compatibility list.

[VocalFan]

Is the compatibility list actually useful? I think the only thing people care about is what games work and what does not work. When people find some games not working better to let them report the issue here instead of the compatibility list.

It allows people, especially later on, to possibly discuss specific issues.

Like: Oh, it works on Windows, but not MacOS or Linux!

Plus, it promotes people to test more games, which allows us to get a larger sampling size. It also allows the emulator to get more attention, which can let the emulator grow as other developers also become interested. I mean, if it isn't useful, then I sure wonder why a very high majority of emulators have them :P

[VocalFan]

...Not like I can make the repository myself anyways...

[VocalFan]

https://obliteration.net/

Just the beginning -w-

[VocalFan]

Server CPU upgraded, back online! Now rocking a simple 5800X

[VocalFan]

@ultimaweapon As I cannot make a repository due to the lack of permissions 3:<

I request a repo for compatibility... I'll add the issue template.

[ultimaweapon]

https://github.com/obhq/compats

[VocalFan]

I hope my labeling and issue-form works for ya :P

[VocalFan]

@ultimaweapon https://obliteration.net/

Wip, but it does have a page now!

[ultimaweapon]

I think this one can be closed now.