Take some time and really analyze your threat model. There are different solutions for each of them. For example, protecting against a friend swiping the drives may be as simple as LUKS on the drive and a USB key with the unlock keys. Another poster suggested leaving the backup computer wide open but encrypting the files that you back up with symmetric or asymmetric, based on your needs. If you’re hiding it from the government, check your local laws. You may be guilty until proven innocent in which case you need “plausible deniability” of what’s on the drive. That’s a different solution. Are you dealing with a well funded nation-state adversary? Maybe keying in the password isn’t such a bad idea.

I’m using LUKS with mandos on a raspberry PI. I back up to a Pi at a friend’s house over TailScale where the disk is wide open, but Duplicity will encrypt the backup file. My threat model is a run of the mill thief swiping the computers and script kiddies hacking in.

You’re doing God’s work!

Over my career, it’s sad to see how the technical communications groups are the first to get cut because “developers should document their own code”. No, most can’t. Also, the lack of good documentation leads to churn in other areas. It’s difficult to measure it, but for those in the know, it’s painfully obvious.

I’m not as enraged by this as most, but I think the true test will be to see if this feature is disabled by default in future releases. If they actually do listen to their users, that’s better than any of the other big players.

I read a bit about the new “feature” and it seems to me that they’re trying out a way to allow ad companies to know if their advertisement was effective in a way that also preserves the privacy of the user. I can respect that. I did shut it off, but am also less concerned because I have multiple advertisement removal tools, so this feature is irrelevant.

The fact that it’s enabled by default isn’t comforting, but who would actually turn this on if it were buried in about:config? In order to prove its effectiveness to promote a privacy respecting but advertisement friendly mechanism, this is what they felt that they had to do.

Of course, I could easily be all wrong about this and time will tell.

I had one from Sony a long time ago. It even had a cable you could attach between two of 'em (600 CDs!) so that it could seamlessly start playing another track while loading the next song. I dropped it during a move and the next time I opened the door, it spit gears at me. I had intended to fix it some day, but started watching Hoarders and decided it wasn’t worth it.

Hi! I’m not having any problems with linux. I just thought you’d like to know.

There. Now there’s a message in the support forums about a person not having problems!

Can you elaborate on the scenario this is solving for? Isn’t software RAID a performance hit?

I have the Debian netinst disk, but it doesn’t include the dm-cache modules, so I downloaded the live DVD last night. I only get about an hour a day to work on stuff.

🤦‍♀️ I’ve never considered this, but it’s the simplest solution and makes perfect sense. I’m always so diligent to keep my system clean to save a few megs.

This particular server is an old PowerEdge server I’m using to learn server stuff on and a practice home lab. Unfortunately, it won’t boot from SD card, so I have a few DVD RW’s in a drawer. I’ve read that there’s a SD slot inside that you can emulate a floppy, but haven’t explored it.

This may be the push I need to migrate to Nextcloud. I’m struggling to identify my use cases, though and am wondering if all I really need is Syncthing.

I’m using mandos with the server on a raspberry pi. Unfortunately, mandos doesn’t work with my Fedora boxes as far as I know.

It depends on what you do with Docker. Podman can replace many of the core docker features, but does not ship with a Docker Desktop app (there may be one available). Also, last I checked, there were differences in the docker build command.

That being said, I’m using podman at home and work, doing development things and building images must fine. My final images are built in a pipeline with actual Docker, though.

I jumped ship from Docker (like the metaphor?) when they started clamping down on unregistered users and changed the corporate license. It’s my personal middle finger to them.

I’m using Kubernetes and many of the apps that I use require environment variables to pass secrets. Another option is the pod definition, which is viewable by anybody with read privileges to K8s. Secrets are great to secure it on the K8s side, but the application either needs to read the secret from a file or you build your own helm chart with a shell front end to create app config files on the fly. I’m sure there are other options, but there’s no “one size fits all” type solution.

The real issue here is that the app is happy to expose it’s environment variables with no consideration given to the fact that it may contain data that can be misused by bad actors. It’s security 101 to not expose any more than the user needs to see which is why stack dumps are disabled on production implementations.

It references a sort of partnership with K9 Mail on android, but later says they’re looking to expand Thunderbird into the iOS & Android space. Either they’ll be direct competitors of each other or they’ll start to blend into each other. I’m wondering which.

In the early kernel (think pre 1.0), I “fixed” the CPU scheduler for performance. I gave too much privilege to user processes, who refused to relinquish control back to the OS.

Another time I was working on a multiprocess bootup configuration (before systemd) in a configuration where the main process would orchestrate the workers. Well, the main process would fork a child to do the work, then the child process would fork a child process to do it’s work. It was infinite delegation and I ran out of pids.

This is the only answer for me. Bonus points if your .login file does a background git pull.

I started down this path after discovering that iTunes was flagging some of my music that I ripped from my own CDs or my dad’s old records (that I now own). It shows on the iPod as “not available in this region” despite purchasing the physical CD from the record store across town!

The iPod is used 99% of the time in my car hooked to the radio, but I’ll bring it into the office from time to time. I’ve been thinking to build something with a raspberry pi and big SD or SSD so that it shows up on my home WiFi when I park and I can syncthing or drag and drop music, but I don’t have a lot of time to play. The iPod was a Xmas gift from my dad and (I know it’s stupid) but I want to keep using it if I can.

I have a windows VM for a couple of other applications but iTunes wouldn’t detect the device was plugged in inside the VM. This was several years ago and maybe the VM landscape has changed. I could try it again.

I was not binding to specific adresses, but was probably a problem with a specific release of Java (Oracle Java maybe.) My distro’s Java was doing weird video things, but the Oracle version was not, but then it could not reach outside the local computer. Debugging logs showed that it tried IPv6 and failed, then quit trying instead of falling back to IPv4. Disabling IPv6 in the Java JRE configuration solved the issue, but set me on the path to “modernize” my network stack. In hindsight, it’s probably not something that I really have the time to take on right now.

I’m trying to be progressive, but after thinking outside of my little network and reading the posts here, it seems like there’s still a long way to go before I should consider it. I don’t have a split network at home and it would potentially affect everyone in the house. Additionally, I don’t have serious needs for production-grade network equipment, so the chancs of that cheap usb-to-ethernet adapter with more Chinese characters than English in the instruction sheet has a high probability of biting me.

This was sort of a wild hare thought of disabling IPv4 vs disabling IPv6 to solve a problem that’s more of an inconvenience. I am probably not ready for this undertaking. Maybe I’ll revisit it when I get around to partitioning my network.

Can you elaborate? Hardware or software or both? Other than one network appliance, most of my stuff isn’t too old.

Now that I start thinking about it, my work stuff may be impacted.