Skip Navigation

InitialsDiceBearhttps://github.com/dicebear/dicebearhttps://creativecommons.org/publicdomain/zero/1.0/„Initials” (https://github.com/dicebear/dicebear) by „DiceBear”, licensed under „CC0 1.0” (https://creativecommons.org/publicdomain/zero/1.0/)S

ShortN0te

@ ShortN0te @lemmy.ml

Posts
0
Comments
528
Joined
3 yr. ago

  • How to create Windows system image with incremental backups and only backup "user data" ?

    Jump

  • That for example dependa on how you want to do your backups. You could for example run the Windows Backup then feed it into a backup tool lime restic and your done.

  • How to create Windows system image with incremental backups and only backup "user data" ?

    Jump

  • You want to use the Windows Iso as a Reference? That is like 5 GB of data. Why do you want to have such an incomplete Backup to save just 5 GB?

  • How to create Windows system image with incremental backups and only backup "user data" ?

    Jump

  • So you want a system image without the system and just the user data.

    Then why not just backup the userdata?

  • Notes on full disk encryption on a Hetzner cloud VPS

    Jump

  • Notes on full disk encryption on a Hetzner cloud VPS

    Jump

  • Stupid me, missed the IP whitelisting part.

  • Notes on full disk encryption on a Hetzner cloud VPS

    Jump

  • LUKS may not make your server meaningfully more secure. Anyone who can snapshot your server while it's running or modify your unencrypted kernel or initrd files before you next unlock the server will be able to access your files.

    This is a little oversimplified. Hardware vendors have done a lot of work in the last 10-20 years to make it hard to impossible to obtain data this way. AMD-SEV for example.

    There are other more realistic attacks like simply etrackt the ssh server signature and MITM the ssh connection and extract the LUKS password.

  • Notes on full disk encryption on a Hetzner cloud VPS

    Jump

  • The whole port range can be scanned in under a second. A real attack does not care if your ssh port is 22 or 69420. Changing Port is just snake oil.

  • Notes on full disk encryption on a Hetzner cloud VPS

    Jump

  • use ddns or similar to keep track of tour IP?

  • They Said Self-Hosting Was Hard! - arthurpizza

    Jump

  • Honestly, the time i had to manually intervene since ~2 years is less then 5-10 times, and that is way before the stable release. So I doubt that.

  • Signal Founder Moxie Marlinspike: Telegram is not private. There is nothing private about it. They've done a really amazing job of convincing the world that this is an encrypted messaging app

    Jump

  • The Pin is not designed and used for such an authentication. Also can be changed at any time:

    How do I manage or change my PIN?

    On your phone, go to Signal Settings > Account > Change your PIN

  • Signal Founder Moxie Marlinspike: Telegram is not private. There is nothing private about it. They've done a really amazing job of convincing the world that this is an encrypted messaging app

    Jump

  • Its not about being complicated, its about dumping the whole chat history with just a few seconds of physical acceas to the device.

    LEA has used this method with messangers like Whatsapp for years to quicly exfiltrade the data from a victims phone to other software.

  • Open Source Cloud Storage

    Jump

  • It is less intuitive to set up, but it is extremely lightweight and very fast. That is the one I recommend.

    I highly question the decision process to only include the lightweight and speed. There are much more important criterias to consider, like for example stability, maintainability, support etc.

    I do not need yet another service that gets abonded 1-2 years after launch or goes subscription only etc.

  • Open Source Cloud Storage

    Jump

  • While lots of ppl will hate on Nextcloud, its pretty good. When you do the setup right, with cache and so on set up it's fast and serves its purpose not only as cloud storage but as a collaboration platform where you can edit files with other ppl and much more.

    If you only want a simple Web App to up and download files there are probably other solutions for that.

  • How do you effectively backup your high capacity (20+ TB) local NAS?

    Jump

  • That should be part of the backup configuration. You select in the backup tool of choice what you backup. When you poose your array then you download that stuff again?

  • A sneaky demonstration of the dangers of curl bash

    Jump

  • Yes, the secrets to submit to the distribution system got compromised and therefore the system got compromised.

  • A sneaky demonstration of the dangers of curl bash

    Jump

  • To achieve a compromised update you either need to compromise the update infrastructure AND the key or the infratstructure AND exploit the local updater to accept the invalid or forged signature.

    As i said, to compromise a signature checked update over the internet you need to compromise both, the distributing infrastructure AND the key. With just either one its not possible. (Ignoring flaws in the code ofc)

  • A sneaky demonstration of the dangers of curl bash

    Jump

  • After gaining initial access, the malicious cyber actor deployed malware that scanned the environment for sensitive credentials.

    So as I said, the keys got compromised. Thats what i said in the second post.

  • A sneaky demonstration of the dangers of curl bash

    Jump

  • No you cannot, the pub key either needs to be present on the updater or uses infrastructure that is not owned by you. Usually how most software suppliers are doing it the public key is supplied within the updater.

  • A sneaky demonstration of the dangers of curl bash

    Jump

  • This is incorrect. If the update you download is compromised then the signature is invalid and the update fails.

    To achieve a compromised update you either need to compromise the update infrastructure AND the key or the infratstructure AND exploit the local updater to accept the invalid or forged signature.