3·
4 days agoYou’re just missing the part where I want to be on vacation without the need to find a decent Internet connection to boot my server because the power went off. What’s the plus of encrypting the OS partition too?
- 9 Posts
- 136 Comments
Joined 1 year ago
Cake day: June 13th, 2023
You are not logged in. If you use a Fediverse account that is able to follow users, you can follow this user.
That’s interesting, but that won’t help if I’m away or on vacation on the other side of the world
If you tick the encryption box during install, you will have to enter the decrypt password at every boot and that means that if the power goes out for long enough (UPS doesn’t keep the server up for hours), I (and my family) will not have access to the self hosted stuff until I’ll be home and this is why I encrypt only the data partition and not the boot one.
I do bind mount data folders of the containers, I do backups, I have a notification system that alerts me if a container is not up, but a container can be up but have problems and, most importantly, I (and I guess a lot of other people) don’t always have time to solve problems. When I a few spare minutes a do a snapshot, I update the containers and if something goes wrong if I have time I troubleshoot it, otherwise I just roll back the snapshot and I’ll have a look at the problem when I’ll have time.
Nothing, it’s just an extra check.
But from the moment that the script updates and breaks something and the moment he realizes it may be too late for some applications.
For example I host Traccar to track car/vans and in this case some tracks would be lost. Or maybe SyncThing, he may realize days/weeks later that a sync is not working and if he was synching his smartphone pictures with his server and the smartphone is lost/broke/stolen, he may lose days/weeks or even months of pictures.
I wouldn’t trust a script. Use Watchtower or What’s up Docker
So it’s the use of a browser within a browser? Is it any different than just using Firefox containers (they are AWESOME!!!) and a VPN add-on?
Or just point secret.local.mydomain.com to the LAN IP of the server.
Wasabi have similar pricing to glacier, but without the limitation
32·13 days agoYes, but for your job you’ve given to your employer your ID and your home address. If you mess something up they know ehere to get you. These guys can’t get these warranties and they need to know you better.
Why do you distinguish on premises from self hosting? If the server is in a server farm or in my basement, I’m still hosting myself my services.
From Wikipedia:
Self-hosting is the practice of running and maintaining a website or service using a private web server, instead of using a service outside of someone’s own control
A private web server is not defined by its location.
WhatsApp bridge? How does it work?
How do you convince your family/friends to switch to a new app on their smartphone and use one just to talk with you/others in the crew?
Well, if you use the CloudFlare WAF with login protection (available in the free tier), you’re pretty much safe since the connection doesn’t arrive at your server if you don’t authenticate in CF first (with Gmail, Microsoft, OTP, etc.) @foremanguy92_@lemmy.ml
8·1 month agothere must be a horde of MSFT employees holding back the urge of saying “told you so” to their boss right now lol
🤣
Even for PCs that come with Windows preinstalled, there’s still the need to set it up at the first start (account, privacy and such), so I think that the option to enable Recall will be there.
Microsoft has already taken a step back: Microsoft implements drastic changes to Recall after criticism
- Recall needs to be enabled during installation
- Windows Hello is needed so that only the users can view it’s own screenshots
- Recall database will be encrypted
how do we fix this?
With startpage.com!
Because you can’t just copy the files of a running DB (if I got what you mean).
Thanks for your point of view. All of my services are containers that have config and data folder bind mounted from an encrypted partition. After power on, a script download from a website half of the key needed to decrypt data, the other half is in the boot partition. In this way if my server gets stolen I can delete the half key stored on the website and the data disk can’t be decrypted. About swap, you’re right, but that doesn’t worry me at all since I don’t think that there’s anybody that would goes into that trouble just for my data. If someone is able enough and takes the trouble to read it, I guess that’s going to be the last of my problem: it would mean that I’m already in biiiiig troubles! 😆