@PostWatchBot@lemy.lol
Hey! Please contact me at my primary Fedi account: @lemann@lemmy.dbzer0.com
@PostWatchBot@lemy.lol
Flash drive hidden under the carpet and connected via a USB extension, holding the decryption keys - threat model is a robber making off with the hard drives and gear, where the data just needs to be useless or inaccessible to others.
There’s a script in the initramfs which looks for the flash drive, and passes the decryption key on it to cryptsetup, which then kicks off the rest of the boot mounting the filesystems underneath the luks
I could technically remove the flash drive after boot as the system is on a UPS, but I like the ability to reboot remotely without too much hassle.
What I’d like to do in future would be to implement something more robust with a hardware device requiring 2FA. I’m not familiar with low level hardware security at all though, so the current setup will do fine for the time being!
I’m in the same boat as @shnizmuffin@lemmy.inbutts.lol, lab has been nice and stable and have nothing to contribute as of yet.
At the beginning of the migration I was popping in and out of r/homelab, but as it stands now I haven’t visited there in ages!
I think so, assuming these malicious packages are all primitive enough to just look for the single file in a user’s home folder lol. The only downside here is needing to provide the keyfile location to ssh every time you want to connect… Although a system search would pretty much defeat that instantly as you mention
SSH keyfiles can be encrypted, which requires a password entry each time you connect to a SSH server. Most linux distros that I’ve used automatically decrypt the SSH keyfile for you when you log in to a remote machine (using the user keyring db), or ask you for the keyfile password once and remember it for the next hour or so (using the ssh-agent program in the background).
On Windows you can do something similar with Cygwin and ssh-agent, however it is a little bit of a hassle to set up. If you use WSL i’d expect the auto keyfile decryption to work comparably to Linux, without needing to configure anything
I think they would start obfuscating the relevant code to get around it
Many ad networks and AABs do something similar (especially Admiral) in an attempt to evade ad blocking extensions
From GoG specifically, as they patch the older games on their store to “just run” on modern Windows
For me it’s the ability to set up a shared instance with the base request URL, and set headers for things like the user’s token, allowing all requests made with that shared Axios instance to be sent to the right path with the token without needing to define them for each individual request.
To be honest though something similar can be done with spread syntax in the Fetch API’s options parameter
it’s got telemetry on by default.
Very, very hard pass. Might even blow out my suspension doing so
A lot of jQuery’s features are now available in native JS - would also suggest just using native JS anyway because jQuery won’t throw any errors into the console if a selector matches no elements etc.
The only additional library I’ve needed recently for (personal work) is Axios for requests - easier than working with the Fetch API in some cases
@PostWatchBot@lemy.lol
BTRFS has encryption now? Yay!! I have been wrapping it inside a LUKS partition for years at this point…
Holy moly that is an absolute sh*t ton of ads!
Second this. Zorin OS, and Mandriva Linux (before they went bankrupt, and the community picked up development) were my first exposure to Linux over a decade ago, and the ux familiarity really helps a ton.
A lot of the other distros had funny stuff going on with multiple docks, open apps showing in the top dock, others looked like a Stardock Special and it was just a little confusing for younger me lol
X.509 certs are commonly used in TLS/HTTPS.
Why is one needed in your boot process?
Don’t know why but I found this funny
Edit: sorry, I may have misunderstood your post - free email != email masking.
My original post below…
Curious why you consider email address masking services as for those with “drastic anonymity” requirements?
I personally don’t think so: they are pretty much just a digital P.O. box, and are typically not anonymous in any way (subpoena/court order to the provider). They are built-in to Firefox too, it will automatically create new ones OOTB as you sign up on websites, if you click the autofill.
They are however IMO one effective tool out of many to restrict the ability of data brokers and hacking groups (aggregated breach datasets) alike from making money from your online presence without your consent.
In almost all cases this data is freely searchable for law enforcement and private investigators, allowing them to avoid going through the legal system to investigate and possibly detain you for things you’re not guilty of
I delete them from the ssh config folder after installation, along with the DSA and ECDSA keys. No ed25519? No auth.
Also prevents a handful of bots from attempting SSH login into your cloud infra, a lot of them don’t support ed25519 kex
Probably a good idea to look for a different client, call me tinfoil but I wouldn’t want to touch a very old mechanism that is supported/pushed by a very recognisable 3 letter agency
If they’re easy to get, why not have them 😉
Dang, that thing is the bees knees!
Would make more sense to replace just the batteries rather than the whole unit IMO. Looks like it takes standard 12v 7Ah sealed lead acid batteries, so should be doable for under $120 (if you buy them individually and use the existing battery harness)
I have three other UPSes, but none of them are as good as yours lol:
Edit: fix bullet list formatting