https://en.wikipedia.org/wiki/Zalgo_text

The letters of CC BY-NC-SA 4.0 appear normal, but there's extra stuff between the characters where the spacing and hyphens are

How did you make the creative commons license punctuation look zalgo like?

I'm still lost... I've been following the XZ thing since it broke, so I get the context, but I'm not sure how the meme at the bottom is connected?

https://xkcd.com/2347/

Good thing the timeout was long enough :)

As others said, depends on your use case. There are lots of good discussions here about mirroring vs single disks, different vendors, etc. Some backup systems may want you to have a large filesystem available that would not be otherwise attainable without a RAID 5/6.

Enterprise backups tend to fall along the recommendation called 3-2-1:

• 3 copies of the data, of which
• 2 are backups, and
• 1 is off-site (and preferably offline)

On my home system, I have 3-2-0 for most data and 4-3-0 for my most important virtual machines. My home system doesn't have an off-site, but I do have two external hard drives connected to my NAS.

• All devices are backed up to the NAS for fast recovery access between 1w and 24h RPO
• The NAS backs up various parts of itself to the external hard drives every 24h
  • Data is split up by role and convenience factor - just putting stuff together like Tetris pieces, spreading out the NAS between the two drives
  • The most critical data for me to have first during a recovery is backed up to BOTH external disks
• Coincidentally, both drives happen to be from different vendors, but I didn't initially plan it that way, the Seagate drive was a gift and the WD drive was on sale

Story time

I had one of my two backup drives fail a few months ago. Literally actually nothing of value was lost, just went down to the electronics shop and bought a bigger drive from the same vendor (preserving the one on each vendor approach). Reformatted the disk, recreated the backup job, then ran the first transfer. Pretty much not a big deal, all the data was still in 2 other places - the source itself, and the NAS primary array.

The most important thing to determine about a backup when you plan one - think about how much the data is valuable to you. That's how much you might be willing to spend on keeping that data safe.

ToS I'm using as a bit of a nebulous phrase. If there is filtering involved, there exists a list of dos and donts - in your example, that base filtering case seems to have a lot of leeway in defining what "objectionable advertising and content" is. They could (not a great move but could) say "VPNs are objectionable".

I still stand by that the correct move to contact IT - if the network isn't showing it's ToS on launch, either as the flyer with the password, captive portal, or equivalent, they could request the network terms from IT (or equivalent service desk/management). If there is not in fact a ToS,...... Then it's really become a lawyer matter. I am not a lawyer - I'll defer that discussion of a network that enforces a policy without showing a ToS to the experts in the field.

I hesitate to say if OP has the green light if they're not advertising terms. Clearly there is some policy the network is enforcing against OP, and a (as they put it) a faceless network admin making the changes. Even if it's not a formal legalese policy, it could be just a simple list of what not to do. Communication between OP and their faceless network admin is going to be the key to successful resolution.

Guest networks are in a bit of a different category for that because we (collectively as IT in general) expect people to be placing tunneling protocols to protect themselves on a guest network, but a company may object to and block any non-standardized VPN that isn't run by corporate on their internal network.

I work IT professionally.

For the love of all that is still sane in this world, PLEASE STOP. If you are in a building under ANY kind of professional IT organization (government or corporate), there probably is a network access terms of use. If you violate that, many of these ToS have teeth to at minimum ban you from the network. I hope you can get your job done without a computer or on cellular reception (if you still have a job after they find out). Since it's a government site, there may be additional legal penalties for fussing with a government network without authorization. If you think you need us to help you bypass this, you may be needing a lawyer.

If IT is blocking something, they probably have a reason. It might not be a good reason, but it's a reason. Doesn't matter if it is right, it matters what they set in the policy. If you believe the policy is wrong, the correct answer is ALWAYS to submit an IT ticket, then raise an escalation with your supervisor/point of contact with the building if that doesn't work, or HR if neither of the first two options work. In that order. Do not skip processes, do not pass go, do not collect $200. There is a minor exception where you can skip steps of the management chain in certain situations (like going to your boss's boss etc) if such an individual is open to such communication.

Probably the easiest one is to ask IT about the Lemmy instance. It might have gotten blocked by accident, or it didn't show up in whatever domain reputation database they're using. I know my own personal homelab domain got hit with that - reason screen said "potential malware", and when I filled out the lil request exception form with my personal email asking why the domain was blocked for malware and saying I owned the server, turns out that didn't go to our third party network vendor (despite the logo) it went straight to IT and I got called into my boss's office to confirm my story. I confirmed it was me, indicated why I did what I did, and what the domain was used for - it was a subdomain hosting a Minecraft server control panel. Site was unblocked in a manner of hours. The worst thing they can say is no. And if they block reddit or other Lemmy instances afterwards, well, I guess that was against policy. See earlier remarks about policy.

Lastly, and I cannot say this in loud enough text

DO NOT HIDE A PHYSICAL DEVICE ON A NETWORK YOU DO NOT HAVE AUTHORITY TO DEPLOY TO

See paragraph 1 about network access policies. Most forbid this kind of thing. <3 Plus you're just going to get yourself into an arms race between detection and hiding. Please do not the cat network. They will find you. It's not an if it's a when. And the longer it hides there the worse your consequences will likely be when it is found.

Running nextcloud (non docker version) and I don't see near so many client updates - usually once every few weeks, which would be a reasonable expected pace. Server updates are less frequent.

On Windows (all of my primary devices), I just install the NC client update and skip the explorer restart, pending full reboot later. Tis the nature of literally anything that deeply integrates with Explorer. I've seen explorer "death" during updates from several vendors that have similar explorer plugins, not just NC. Explorer sometimes just decides to nope out even without NC updating.

Now on one device I hadn't opened for a while, I saw NC run two updates in a row, but that was my fault for procrastinating the first one.

Here's the desktop release history: https://github.com/nextcloud/desktop/releases
I don't see a "one every day" within the block of time between Dec 6 and today, unless you had the release candidate builds which may have been more frequent in a few spots.

Much easier to scroll through a HTML layout formatted to my phones font than clicking on several images in sequence

While I don't disagree can we not editorialize titles on the news community?

It being a laptop will almost undoubtedly make that endeavour more challenging. Off hand, I can't think of a single non -proprietary internal connector from a major vendor that doesn't already have a protocol established.

If there's spare I/O, it's most likely either not hooked up, was only used as a debug header, or fused off as a feature not available on that model. If it is indeed connected to something, you'd need to find documentation on that exact model of laptop since boards can sometimes vary even within the same series (such as whether a GPU is available). Chances are, whatever your find will need a specific vendor library that may or may not work on your version of the OS.

Unlike RPi and similar devices, you won't find many consumer x86 devices that leave GPIO available and documented.

Off-hand, I think almost every LCD display I've encountered on x86 is plugged in to either a serial (for character displays) or higher-level protocol (for more complex displays)

Possibly important detail - what type of computer do you propose running this? Most methods that are common if you search the internet or ask here will likely apply to Raspberry Pi and it's clones, but if you have something more esoteric it might not work.

Man this was a depressing post to read.

In the IT world, we just call that a server. The usual golden rule for backups is 3-2-1:

• 3 copies of the data total, of which
• 2 are backups (not the primary access), and
• 1 of the backups is off-site.

So, if the data is only server side, it's just data. If the data is only client side, it's just data. But if the data is fully replicated on both sides, now you have a backup.

There's a related adage regarding backups: "if there's two copies of the data, you effectively have one. If there's only one copy of the data, you can never guarantee it's there". Basically, it means you should always assume one copy somewhere will fail and you will be left with n-1 copies. In your example, if your server failed or got ransomwared, you wouldn't have a complete dataset since the local computer doesn't have a full replica.

I recently had a a backup drive fail on me, and all I had to do was just buy a new one. No data loss, I just regenerated the backup as soon as the drive was spun up. I've also had to restore entire servers that have failed. Minimal data loss since the last backup, but nothing I couldn't rebuild.

Edit: I'm not saying what your asking for is wrong or bad, I'm just saying "backup" isn't the right word to ask about. It'll muddy some of the answers as to what you're really looking for.

What platform?

Another user said it - what your asking for isn't a backup, it's just data transfer.

It sounds like you're looking for a storage backend that hosts all your data and can download data to the client side on the fly.

If your use case is Windows, Nextcloud Desktop may be what you looking for. I have a similar setup with the game clips folder. It detects changes and auto uploads then, while deleting less recently used data that's properly server side. This feature might be in Mac but I haven't tested it.

Backup wise, I capture an rsync of the nextcloud database and filesystem server-side and store it on a different chassis. That then gets backed up again to a USB drive I can grab and run.

Nextcloud also supports external storage, which the server directly connects to: https://docs.nextcloud.com/server/latest/admin_manual/configuration_files/external_storage_configuration_gui.html

Oh I am in fact giving the giant auto complete function little credit. But just like any computer system, an AI can reflect the biases of it's creators and dataset. Similarly, the computer can only give an answer to the question it has been asked.

Dataset wise, we don't know exactly what the bot was trained on, other than "a lot". I would like to hope it's creators acted in good judgement, but as creators/maintainers of the AI, there may be an inherent (even if unintentional) bias towards the creation and adoption of AI. Just like how some speech recognition models have issues with some dialects or image recognition has issues with some skin tones - both based on the datasets they ingested.

The question itself invites at least some bias and only asks for benefits. I work in IT, and I see this situation all the time with the questions some people have in tickets: the question will be "how do I do x", and while x is a perfectly reasonable thing for someone to want to do, it's not really the final answer. As reasoning humans, we can also take the context of a question to provide additional details without blindly reciting information from the first few lmgtfy results.

(Stop reading here if you don't want a ramble)

AI is growing yes and it's getting better, but it's still a very immature field. Many of its beneficial cases have serious drawbacks that mean it should NOT be "given full control of a starship", so to speak.

• Driverless cars still need very good markings on the road to stay in lane, but a human has better pattern matching to find lanes - even in a snow drift.
• Research queries are especially affected, with chatbots hallucinating references that don't exist despite being formatted correctly. To that specifically:
  • Two lawyers have been caught separately using chatbots for research and submitting their work without validating the answer. They were caught because they cited a case which supported their arguments but did not exist.
  • A chatbot trained to operate as a customer support representative invented a refund policy that did not exist. As decided by small claims court, the airline was forced to honor this policy
  • In an online forum while trying to determine if a piece of software had a specific functionality, I encountered a user who had copied the question into chatgpt and pasted the response. It was a command option that was exactly what I and the forum poster needed, but sadly did not exist. On further research, there was a bug report open for a few years to add this functionality that was not yet implemented
  • A coworker asked an LLM if a specific Windows powershell commands existed. It responded with documentation about a very nicely formatted command that was exactly what we needed, but alas did not exist. It had to be told that it was wrong four times before it gave us an answer that worked.

While OP's question is about the benefits, I think it's also important to talk about the drawbacks at the same time. All that information could be inadvertently filtered out. Would you blindly trust the health of you child or significant other to a chatbot that may or may not be hallucinating? Would you want your boss to fire you because the computer determined your recorded task time to resolution was low? What about all those dozens of people you helped in side chats that don't have tickets?

There's a great saying about not letting progress get in the way of perfection, meaning that we shouldn't get too caught on getting the last 10-20% of completion. But with decision making that can affect peoples' lives and livelihoods, we need to be damn sure the computer is going to make the right decision every time or not trust it to have full controls at all.

As the future currently stands, we still need humans constantly auditing the decisions of our computers (both standard procedural and AI) for safely's sake. All of those examples above could have been solved by a trained human gating the result. In the powershell case, my coworker was that person. If we're trusting the computers with at much decision making as that Bing answer proposes, the AI models need to be MUCH better trained at how to do their jobs than they currently are. Am I saying we should stop using and researching AI? No, but not enough people currently understand that these tools have incredibly rough edges and the ability for a human to verify answers is absolutely critical.

Lastly, are humans biased? Yes absolutely. You can probably see my own bias in the construction of this answer.

Seems a bit biased to ask an AI for the benefits of AI......
Not saying anything specific is wrong, just that appearances matter

I don't have an immediate answer for you on encryption. I know most of the communication is encrypted in flight for AD, and on disk passwords are stored hashed unless the "use reversible encryption field is checked". There are (in Microsoft terms) gMSAs (group-managed service accounts) but other than using one for ADFS (their oath provider), I have little knowledge of how it actually works on the inside.

AD also provides encryption key backup services for Bitlocker (MS full-partition encryption for NTFS) and the local account manager I mentioned, LAPS. Recovering those keys requires either a global admin account or specific permission delegation. On disk, I know MS has an encryption provider that works with the TPM, but I don't have any data about whether that system is used (or where the decryptor is located) for these accounts types with recoverable credentials.

I did read a story recently about a cyber security firm working with an org who had gotten their way all the way down to domain admin, but needed a biometric unlocked Bitwarden to pop the final backup server to "own" the org. They indicated that there was native windows encryption going on, and managed to break in using a now-patched vulnerability in Bitwarden to recover a decryption key achievable by resetting the domain admin's password and doing some windows magic. On my DC at home, all I know is it doesn't need my password to reboot so there's credentials recovery somewhere.

Directly to your question about short term use passwords: I'm not sure there's a way to do it out of the box in MS AD without getting into some overcomplicated process. Accounts themselves can have per-OU password expiration policies that are nanosecond accurate (I know because I once accidentally set a password policy to 365 nanoseconds instead of a year), and you can even set whole account expiry (which would prevent the user from unlocking their expired password with a changed one). Theoretically, you could design/find a system that interacts with your domain to set, impound/encrypt, and manage the account and password expiration of a given set of users, but that would likely be add on software.

1. Yes I do - MS AD DC
2. I don't have a ton of users, but I have a ton of computers. AD keeps them in sync. Plus I can point services like gitea and vCenter at it for even more. Guacamole highly benefits from this arrangement since I can set the password to match the AD password, and all users on all devices subsequently auto-login, even after a password change.
3. Used to run single domain controller, now I have two (leftover free forever licenses from college). I plan to upgrade them as a tick/tock so I'm not spending a fortune on licensing frequently
4. With native Windows clients and I believe sssd realmd joins, the default config is to cache the last hash you used to log in. So if you log in regularly to a server it should have an up to date cache should your DC cluster become unavailable. This feature is also used on corporate laptops that need to roam from the building without an always-on VPN. Enterprises will generally also ensure a backup local account is set up (and optionally auto-rotated) in case the domain becomes unavailable in a bad way so that IT can recover your computer.
5. I used to run in homemade a Free IPA and a MS AD in a cross forest trust when I started ~5-6y ago on the directory stuff. Windows and Mac were joined to AD, Linux was joined to IPA. (I tried to join Mac to IPA but there was only a limited LDAP connector and AD was more painless and less maintenance). One user to rule them all still. IPA has loads of great features - I especially enjoyed setting my shell, sudoers rules, and ssh keys from the directory to be available everywhere instantly.

But, I had some reliability problems (which may be resolved, I have not followed up) with the update system of IPA at the time, so I ended up burning it down and rejoining all the Linux servers to AD. Since then, the only feature I've lost is centralized sudo and ssh keys (shell can be set in AD if you're clever). sssd handles six key MS group policies using libini, mapping them into relevant PAM policies so you even have some authorization that can be pushed from the DC like in Windows, with some relatively sane defaults.

I will warn - some MS group policies violate Linux INI spec (especially service definitions and firewall rules) can coredump libini, so you should put your Linux servers in a dedicated OU with their own group policies and limited settings in the default domain policy.