There have been multiple accounts created with the sole purpose of posting advertisement posts or replies containing unsolicited advertising.

Accounts which solely post advertisements, or persistently post them may be terminated.

ShortN0te

@[email protected]

This profile is from a federated server and may be incomplete. Browse more on the original instance.

ShortN0te ,

Everyone knows what the blue screen is. This makes the implication when the screen does appear really obvious.

No need to reinvent the wheel.

ShortN0te ,

You missed the point. It is not about if it is private or not, it is how they use it. You are allowed (on some pages) to read news article. Are you allowed to copy and publish them on your own site? No. You have a Copyright on your posts same as a author has on his books.

If it is legal or not is still to be discussed.

Similar to how data was mined (or even still is) about users without consent. Now there is for example the GDPR.

ShortN0te ,

I write a book that gets published. I still hold copyright over it even if it is in someone else’s bookshelf. What rights the copyright holder and the person has is regulated by law. For example a physical book can be resold or lent to someone else, but it is not allowed to copy it and sell the copies.

I can cite text from the boom, that falls under fair use but I cannot use whole chapters in a derived work.

I still hold copyright over my messages online, even when it is public or published, that is basic copyright law in most relevant legislations. If the training of an LLM and later selling access to the LLM with copyright infringed data is fair use is yet to be determined.

ShortN0te ,

Sure there is, most messages are probably too short but in general yes. There is no difference to an online article.

ShortN0te ,

Or just cat file.img > /dev/…

ShortN0te ,

Why? I am free to use whatever I want. This is not Microsoft Windows.

ShortN0te ,

No, cat is not for writing files. Cat is for reading files and directing the data to standard output.

With “>” you are directing standard output to a file, in this case a blockdevice.

ShortN0te ,

Yes. But it allows to define a custom storage layout based on user date time filename typ and album.

ShortN0te ,

They would not be able to really. In theory every contributor (or at least the vast majority) would have to agree to that license change.

ShortN0te ,

Absolutely yes. Even if it is not disguised executable.

It could contain an exploit which targets the video player you are opening it with.

ShortN0te ,

No they can’t, that is basically illegal in every jurisdiction. Will not even click on that click bate title.

ShortN0te ,

That would depend on the context. How the logo looks like does not matter most of the time, only when the logo itself is the topic.

ShortN0te ,

I self host because i do not trust companies. I will not even consider giving tailscale the keys to my kingdom.

The company Tailscale is a giant target and has a much higher risk in getting compromised than my VPN or even accessible services.

Understand the technology that you use and assess your use case and threat model.

Looking for emotional support: I lost all my WhatsApp chats

I was so confident that WhatsApp was backing itself up to Google ever since I got my new pixel but I just wasn’t. Then yesterday I factory reset my phone to fix something else and I lost it all. Years worth of chats from so many times in my past just aren’t there, all my texts with my mom and my family, group chats with old...

ShortN0te ,

You can just backup the Whatsapp directory yourself. Whatsapp creates a message backup file every day or two, even when Google Drive is disabled. To recover them you need to copy them over. Not well documented.

ShortN0te ,

but I guess that most of them are about 2/4GB.

Do you watch your Linux ISOs on a phone or what? Even Netflix has higher quality in HD

ShortN0te ,

Took them long enough. Most Linux distros have a simple toggle for Disk encryption for years. And as far as i am aware Apple has it too. And basically every mobile OS is encrypted by default as well. iOS and Android

ShortN0te ,

You didn’t store the key anywhere but on that disk.

Windows does not let you store the recovery key on an encrypted drive.

The rest only means, we need to deal better with our data. All the above basically also applies when you HDD or SSD dies, which can happen any time.

Backups is what you need, not an unencrypted drive.

ShortN0te ,

Yep but at this point it is obvious to the user that this is not the way it is supposed to be. When you want to shoot yourself in the foot…

ShortN0te ,

You can not find that Option via the default Settings menu, you have to search for it or use the outdated control panel.

Also Windows Home edition does not have this option.

Edit: you can find it actually under Windows security.

Still, it never pops up during installation.

ShortN0te ,

github.com/…/Microsoft-Activation-Scripts

look here

ShortN0te ,

There are even reported cases where Microsoft support used that tool to activate Windows Licenses when there are problems with the License of a customer.

ShortN0te ,

Why not file a bug report when it does not find all your photos?

Also may file a feature request to delete photos after set period from your device via immich?

ShortN0te ,

You could use things like ray tracing to determine if one player can be seen by another on the serverside and only send packages when they can see.

But to resource heavy to do that.

Edit: Thinking about it, you simply have to render the whole map with all players server side and based on that determine which players can see each other and based on that send the information to the clients.

ShortN0te ,

That’s exactly what i said.

Still no reason to put a root kit on the customers PC.

ShortN0te ,

Passkeys are not passwords. When you authenticate using passkeys you will proof that you have the secret (passkey), but you will never reveal that secret to the service you are authentication against.

So even if someone is able to steal that package containing the answer, that answer will not be valid a second time.

ShortN0te ,

The difference is, that even if you enter the “password” on a phishing site, it is useless. Or when the server is compromised.

The only way the passkey can get compromised, is when the device that holds it gets compromised.

The same reason why hardware tokens for things like FIDO or U2F are recommended.

ShortN0te ,

The user does not need to understand it. A user does not understand https or hashing and salting. Still, every one of these is important these days for online security.

I am not a huge fan of passkeys themself, especially when the secrets are held by big tech, but they promise better security and protection against command n attacks like phishing.

ShortN0te ,

Its like the key in the Chip. But yes fundamentally it is like that. Now the Key needs to be stored somewhere safe like in your Phones secure enclave or in the case of your credit card a so called smart card (or sim card etc.)

ShortN0te ,

DoT also encrypts the request, so the ISP cannot spy on the Domain Name you have requested.

And thanks to Https the ISP only sees the IP address which cannot in every case be resolved to a unique Domain, especially large sites that are hosted on service providers like Cloudflare, amazon etc etc

ShortN0te ,

That is correct. HSTS helps to some degree but the very first request is still unprotected.

ShortN0te ,

Security by obscurity is no security.

ShortN0te ,

Imagine that the xz exploit actually made it into your server, so your sshd was vulnerable. Having it on another port does seem helpful then.

Nope. Your entire server can be scanned in less than a second for an open ssh port.

IPv6 does not change the fact since when your server is attacked the hist IP is already known.

ShortN0te ,

disable root login

That does not do much in practice. When a user is compromised a simple alias put in the .bashrc can compromise the sudo password.

Explicitly limit the user accounts that can login so that accidentally no test or service account with temporary credentials can login via ssh is the better recommendation.

ShortN0te ,

guess a username and a password.

Security by obscurity is no security. Use something like fail2ban to prevent brute force. When you use a secure password and or key this also does not matter much.

ShortN0te ,

Who the hell is pulling the docker-compise.yml automatically every release? I find myself already crazy by pulling the latest release but the compose file is just a disaster waiting to happen.

ShortN0te ,

An independent driver moves control out of nvidias hand. While for now it is not problematic, it could be in the future if for example the project gets major funding.

Do you encrypt your data drives?

Fellow selfhoster, do you encrypt your drives where you put data to avoid privacy problems in case of theft? If yes, how? How much does that impact performances? I selfhost (amongst other services) NextCloud where I keep my pictures, medical staff, …in short, private stuff and I know that it’s pretty difficult that a thief...

ShortN0te ,

I use full disk encryption for every server (and other computers).

Encrypting your data drives is a must for everyone imho. Encrypting the OS is a must for me🤷‍♂️

ShortN0te ,

How do you even encrypt a server so that it doesn’t require human intervention every time it goes down/restarts?

The only time my Server goes down, is when i manually reboot it. So waiting a minute or two, to ssh into it and entering the passphrase is no inconvenience.

ShortN0te ,

This answer here covers it quite nice imo.

unix.stackexchange.com/…/ssh-to-decrypt-encrypted…

Important is that you update your initramfs with the command after you edited the dropbear initramfs config and or you copied the key over.

For the client it is important to define 2 different known hosts files since the same host will have 2 different host keys, 1 when encrypted with dropbear, and 1 when operational with (usually) sshd.

Also you need to use root when you connect to your server to unlock it. No other user will work with the default setup.

Which *arr for file hosters?

I’m German and seems ‘we’ rely more on file hosters than torrenting. There are lots of tv series and movies with both the original audio track and the dubbed one on sites like funxd, serienjunkies, serienfans… They mostly redirect to a filecrypt.cc folder and then I get a DLC file to download the parts from turbobit or...

ShortN0te ,

I recommend pyload.net over jdownloader, but have not used it in years.

ShortN0te ,

It had its quirks back when i used it so you are probably doing everything right and are just encountering bugs.

Left one click hosters behind a long time ago. Not worth the effort. Sad to not get german dubs but it is how it is.

Wireguard in docker, no way of password authentication?

I am running wg-easy and there is a way to passport protect the GUI used for creating Wireguard connections. Is there a way to prohibit connection to be made if not a password is entered? I don’t want someone to be able to access my VPN if for example my phone would be stolen unlocked. I don’t mind if it is client side only

ShortN0te ,

Password protect your phone?

When a private key gets compromised just delete the public one from the allow list?

ShortN0te ,

Let’s not forget this here.

www.youtube.com/watch?v=bRdL0StldJM

Wired headphones do not have the need for replaceable batteries.

ShortN0te ,

The simple point is, no one forces you to use wires. Bluetooth has been a thing for decades.

But basically every (yes some exceptions) company that makes phones forced you to use wireless ones.

And in the case of Fairphone it is just simply hypocritical.

ShortN0te ,

They are now a small fraction cause this trend is already 8 years old.

How should I do backups?

I have a server running Debian with 24 TB of storage. I would ideally like to back up all of it, though much of it is torrents, so only the ones with low seeders really need backed up. I know about the 321 rule but it sounds like it would be expensive. What do you do for backups? Also if anyone uses tape drives for backups I am...

ShortN0te ,

One of the main reasons why I avoid softwares such as Kopia or Borg or Restic or whatever is in fashion:

  • they go unmantained
  • they are not simple: so many of my frienda struggled restoring backups because you are not dealing with files anymore, but encrypted or compressed blobs
  • rsync has an easy mental model and has extremely good defaults

Going unmaintained is a non issue, since you can still restore from your backup. It is not like a subscription or proprietary software which is no longer usable when you stop to pay for it or the company owning goes down.

The design of restic is quite simple and easy to understand. The original dev gave multiple talks about it, quite interesting.

Imho the additional features of dedup, encryption and versioning outweigh the points you mentioned by far.

ShortN0te ,

Until they hit a hard bug or don’t support newer transport formats or scenarios. Also the community dries up eventually

That is why you test your backuo. It is unrealiatic, that in a stable software release there is suddenly, after you tested your backup a hard bug which prevents recovery.

Yes unmaintained software will not support new featueres.

I think you misunderstood me. You should not use unmaintained software as your backup tool, but IMO it is no problem when it suddenly goes unmaintained, your backup will most likely still work. Same with any other software, that goes unmaintained, look for an alternative.

ShortN0te ,

We talk about software that is considered stable. That has verification checks for the backup. Used by thousands of ppl. It is unrealistic.

  • All
  • Subscribed
  • Moderated
  • Favorites
  • random
  • lifeLocal
  • goranko
  • All magazines
    •