lorentz

@lorentz@feddit.it

This is a remote user, information on this page may be incomplete. View at Source ↗

⁨Comment⁩ on ⁨Synology/QNAP/Asustor⁩ ⁨⁨1⁩ ⁨month⁩ ago⁩:
QNAP sells extensions unit www.qnap.com/en/product/tr-004

They usually connect with USB (at least for home grade devices), but my understanding is that they are not seen as block devices so the nas has access to all the single drives like they were internal.
⁨Comment⁩ on ⁨Whats on your USB stick? Looking for recommendations for handy tools⁩ ⁨⁨2⁩ ⁨months⁩ ago⁩:
Back to the days I was fixing a lot of computers of friends and relatives, my Swiss army knife of Linux was www.system-rescue.org

Very lightweight but with a full set of recovery tools. I’ve tried it recently and I still find it up to the expectations.

I’ve also used a fair amount of clonezilla.org to (re)store images of freshly installed OSes (mostly windows XP and 7 to give you an idea of the timeframe) for people who I know would have messed up faster.
⁨Comment⁩ on ⁨Adding storage - Best options? (External USB drives, automatic decryption, media, etc.)⁩ ⁨⁨2⁩ ⁨months⁩ ago⁩:
For automatically unlock encrypted drives I followed the approach described in …stapelberg.ch/…/2023-10-25-my-all-flash-zfs-netw…

The password is split half in the server itself and half in a file on the web. During boot the server retrieves the second half via http, concatenates the two halves and use the result to unlock the drive. In this way I can always remove the online key and block the automatic decryption.

Another approach that I’ve considered was to store the decryption keys on a USB drive connected with a long extension cable. The idea is that if someone will steal your server likely won’t bother to get the cables too.

TPM is a different beast I didn’t study yet, but my understand is that it protects you in case someone steals your drives or tries to read them from another computer. But as long as they are on your server it will always decrypt them automatically. Therefore you delegate the safety of your data to all the software that starts on boot: your photos may still be fully encrypted at rest so a thief cannot get them out from the disk directly, but if you have an open smb share they can just boot your stolen server and get them out from there
⁨Comment⁩ on ⁨Dynamic IP - Self hosting⁩ ⁨⁨3⁩ ⁨months⁩ ago⁩:
Not anymore, it supports txt records now
⁨Comment⁩ on ⁨Which RSS aggregator do you use? I cannot seem to find one that works for me.⁩ ⁨⁨6⁩ ⁨months⁩ ago⁩:
I tried a few and eventually settled on commafeed. It has categories, can be executed from a single docker image (in other words, can run without the hassle of an external database), and the responsive UI works well both on pc and phone.
⁨Comment⁩ on ⁨Do you encrypt your data drives?⁩ ⁨⁨6⁩ ⁨months⁩ ago⁩:
I remember this blog post (I cannot find right now) where the person split the decryption password in two: half stored on the server itself and half on a different http server. And there was an init script which downloaded the second half to decrypt the drive. There is a small window of time between when you realize that the server is stolen and when you take off the other half of the password where an attacker could decrypt your data. But if you want to protect from random thieves this should be safe enough as long as the two servers are in different locations and not likely to be stolen toghether.
⁨Comment⁩ on ⁨Do you encrypt your data drives?⁩ ⁨⁨6⁩ ⁨months⁩ ago⁩:
TPM solves a sigthly different threat model: if you dispose the hd or if someone takes it out from your computer it is fully encrypted and safe. But if someone steals your whole server it can start and decrypt the drive. So you have to trust you have good passwords and protection for each service you run. depending on what you want to protect for this is either great solution or sub optimal
⁨Comment⁩ on ⁨Looking for a good, cheap backup solution.⁩ ⁨⁨7⁩ ⁨months⁩ ago⁩:
I use backblaze and rclone to encrypt and sync. It was the cheapest and most flexible solution when I checked a few years ago and I didn’t find any reason to change it so far
⁨Comment⁩ on ⁨Recommendations for lightweight wiki servers?⁩ ⁨⁨7⁩ ⁨months⁩ ago⁩:
I use mycorrhiza.wiki it is not very fancy but it is a single executable file and stores pages in a git repository, so no database is needed and doing the export is as simple as reading some files.
⁨Comment⁩ on ⁨Self-hosted VPN that can be accessed via browser extension⁩ ⁨⁨10⁩ ⁨months⁩ ago⁩:
shadowsocks.org should be a good option, easy to install, encrypted, and password protected
⁨Comment⁩ on ⁨[deleted]⁩ ⁨⁨11⁩ ⁨months⁩ ago⁩:
For a simple dynamic DNS, I have been using www.duckdns.org for a few years and been happy so far
⁨Comment⁩ on ⁨How do you backup your data?⁩ ⁨⁨1⁩ ⁨year⁩ ago⁩:
The main storage is a Nas that is mounted in read only most of the time and has two drives in raid mirror. Plus rclone to push a remote and client side encrypted backup to backblaze.