ZeDoTelhado @ ZeDoTelhado @lemmy.world

Posts

8

Comments

105

Joined

2 yr. ago

So what you want to do, effectively, is to have different security requirements for different accounts. Correct? And all in the same file.

For now I just want to get a few things out of the way:

• with this strategy, what are you protecting against?
• how likely is this to happen?
• what is your contingency plan?

I believe its good to have different levels of security for different things, but you also have to understand at what cost you need it.

I can propose a different thing altogether: for the very important passwords, like banks and such, use the pepper method. This means, you have on your password manager part of your password, and a small portion is something you know. Example: generate a 25 chars password, and have at the beginning or end, more 5 chars that you know (can be letters and numbers, and can be something you remember every day, like the first letters of your address plus house number).

With this approach, there are a couple of benefits:

• you can still have computacionaly heavy passwords
• if an attacker gets a hold of your open vault and try to login, it will fail since the password is effectively not complete

Biggest downside I see is remembering the pepper always. And make sure is not written anywhere. And of course, yo can always argue it is possible at some point to get the correct password with the base password known. But at this point, thus should give you enough time to change it and thwart the attack. Remember: there is no perfect security solution, only sufficiently good ones that can be usable and effective.

Yes e2e is a different beast. Pgp as an algorithm is actually quite solid, but the amount of effort to make it work on emails is straight up insane. And in the end, subject line does not get encrypted

That would be a fair concern. Until we collectively understand standards should be open and fairly documented for everyone to use, we are going to have a lot of these "standards but not really" pretty much everywhere (but again, we are asking this of people that also do not see security as being on the top list of considerations. I am sure interoperability is not even know to most)

One of the problems I personally see is the reliance on a standard that was done since the dawn of the internet and got stitches all these years.

Emails as a service is useful, and has several properties that make sense to exist. However, it is simply not easy nor intuitive to have encryption on it (and even then, there are limitations).

What we would need on the long run is simply replace email with a common standard that actually encrypts in transit (at very least) with auto negotiated keys on exchange.

But we would need to change the mind of a lot of people to make that a priority.... (For better or worse, it is the market that states the incentives and priorities. And it is abundantly clear security is not on the top list)

Never heard of pikvm, it actually looks like a very interesting solution.

From the previous point, what I mean by headless is basically to go the server, yank the GPU, press power button and it just boots.

I've tried several times, but bios straight up doesn't let me go on. I've seen in a couple of places some mobos simply refuse to boot without a GPU.

I can see if I can have a decent value for the GPU. If not, I guess it's doing its job as is. It just feels a waste to have this GPU be used as video for a server.

You are for sure right. I did find gaps on my solution right now which is:

• I have several external disks that only have the information once (some of then quite old).
• if I aggregate all of those in one spot I for sure need more space
• right now the ssds are grouped into a lvm to make a logical volume of 3TB (at the time this was OK since I was testing it out for a while). However, one disk fails and I have a problem on my hands.
• decided to look into ssd prices and my eyes started get watery at how expensive would it be (thus, coming to the realization regarding disk types. Didn't mention before since my post was getting WAY too long).

Since I get this now, I am trying to understand better the landscape of solutions that can potentially fit.

Thanks for the reply. The breakdown is very good and I can actually see a lot of reasoning on your situation that I also would share (I do not have vast amounts of money to throw at this + only one drive failing and 2 handle the boat sounds about right).

As for the way to do the software raid, I've seen MD somewhere before but I honestly forgot. Since people tend to talk about unraid a lot. From my perspective, I would probably go as simple as possible, although I will be studying how effectively MD works.

Great reply :) learned a lot

This is something I still don't fully understand because raid in itself has so many bizarre terms and configurations that for the initiated is just really hard to understand, unless you really take time to dive into it.

So my question is: when you tall about software raid, which configuration you mean? And also, how many drives are needed to do such configuration? Thanks in advance

Thanks for your insights. Yes you are for sure correct. There was a time I had friends of mine losing everything because of spinning drives. But then again, none of them were nas grade (and also, was a time having 128gb was an absolute luxury).

As for RAID, I was asking since it is something I hear people a lot doing. On my situation, my plan is to always have an external ssd with me plus a future remote like location for last ditch effort to save the data if really needed. So maybe it is OK for me to skip it. (And if I don't have access to my photos for a week, no one dies)

This was some great insight. I know some countries out there culturally the parents are "ashamed" they have disabled kids and simply the kids do not get out of the house often, but I was not aware how things can be on an institution level.

I think this is very much it yes. I run bazzite on my laptop as is such basically an atomic distro. That's it

He started using gentoo. Never came back to reality

Second play through of crosscode. This time, with the inflated damage glitch applied (option from new game plus)

Thanks for the response. Right now I do not have enough knowledge to judge for myself if systemd is effectively great or not. Once I have the time I will check closer kernel architecture (theoretical wise), then in how the Linux kernel is effectively organized and only after that understand the theory behind systemd. I've seen several threads where 2 very different camps exists, but I was not entirely sure of the information I was getting.

Cannot say I will get around this, but for sure peeks my curiosity

It may have been a thing discussed ad nauseum on certain threads. I just wanted to understand if there are facts that make systemd bad in general

I have actually seen some people with this kind of opinion regarding systemd, but I still do not get the hate about it.

Can you elaborate what is so terrible about systemd?

EDIT: typos

Either they are afraid of losing jobs, or afraid of not having hot single moms in their area. Make a pick

I never encountered this I have to say. Will bookmark it and save it for later when I need to double check this. But from what I see, FP 4 and 5 can be locked again after custom ROm imaging. This is actually good news. Thanks for the share!

This is also a good perspective. One thing I was thinking just now: at some point, side loading on iOS will be a thing. I wonder at that time we can truly use an iPhone without an account at all (not even to install stuff), but my guess is, considering their track record, they will do the wildest malicious compliance possible....