FrederikNJS

Dunno… Somehow that seems like a feature to me 😉

deleted by creator

Well… That depends entirely on your threat model…

In my setup, the backup is encrypted locally, and then uploaded to Backblaze. If I leak my encryption key, then yes, Backblaze and any state actor that can compel Backblaze, might be able to read my backup (and the same goes for an encryption vulnerability). But since the connection to access the backup is also authenticated, the rest of the public would not be able to read my backup. If I leak my access credentials, then everyone could get my encrypted backup data, but not be able to decrypt it. Of course if I leak both the access credentials and the encryption key, then yes anyone that obtains both can read my backup.

Many regular people use Microsoft Onedrive or Google Drive, which offers even less protection, but it’s certainly sufficient and well enough protected to keep your dissertation protected.

In most backup services you have the option to choose what gets backed up, and what does not. But sure, it entirely depends on who you want to protect yourself from.

If your main concern is state actors, then yeah… You probably shouldn’t use something like Backblaze. You should keep everything on your own hardware. And convince a friend or some family to have a NAS sitting somewhere that can host your backup destination.

For my case I’m mostly concerned about data continuity (not losing data). But privacy is certainly also a concern, and here I have chosen to believe that the encryption is sound enough, and that my ability to keep my encryption key safe, is sufficient for the data it protects.

Nice to hear… However I haven’t figured out how to get my HTC Vive to behave nicely on Linux…

1. Find online backup service
2. Pay for subscription
3. Install backup software
4. …
5. Still have your data

I use Backblaze myself… But there are many other straightforward and easy backup solutions out there.

Then against the Factorio devs publicly said they much prefer that you pirate the game over using a shady grey market key seller…

And when you set up a multiplayer server there’s even a checkbox to choose whether it should validate that players have a user account… Untick that and you can play with anyone who pirated the game.

To me it’s a pretty clear from the devs message: If you want the game, and want to support the developers, and can afford it, you buy it at full price. If you don’t want to support the devs or can’t afford it, but still want to play, you pirate it. And they even have a free demo, so you can try the game before making your purchasing decisions.

It’s rather dry humor but I had a pretty good amount of laughs and chuckles from “Thomas Was Alone”

Or in some cases ONLY allowing them to reach the Internet. So they can’t access your other devices…

Yep

I realised a while ago that it’s way cheaper to hunt for second-hand intel NUCs, and the resulting machine is way more powerful… And the RAM and storage is upgradeable, if the NUC didn’t come with plenty of storage or RAM already…

https://immich.app/

Immich is a self-hosted photo and video management system. It’s heavily inspired by Google Photos.

“Codebase drag” formerly known as “technical debt”.

The “routing” can still refer to routing to devices attached via a switch. So no need for a third port to qualify as a router.

https://docs.renovatebot.com/

All my docker images are in code in Github.

Renovate makes a PR when there are image or helm chart updates.

ArgoCD sees the PR merge and applies to Kubernetes.

For a few special cases I use ArgoCD-image-updater.

I have my Firefox configured to force HTTPS, so it’s rather inconvenient to work with any non-HTTPS sites.

Because of that I decided to make my own CA. But since I’m running in Kubernetes and using cert-manager for certs, this was really easy. Add a resource for a self-singed issuer, issue a CA cert, then create an issuer based on that CA cert. 3 Kubernetes resources total: https://cert-manager.io/docs/configuration/ca/ and finally import the CA cert on your various devices.

However this can also be done using LetsEncrypt, with the DNS01 challenge. That way you don’t need to expose anything to the Internet, and you don’t need to import a CA on all of your devices. Any cert you issue will however appear in certificate transparency logs. So if you don’t want anyone to know that you are running a Sonarr instance, you shouldn’t issue a certificate with that in it’s name. A way around that is a wildcard cert. Which you can then apply to all your subservices without exposing the individual service in logs. The wildcard will still be visible in the logs though…

I’m just gonna leave this here: https://developer.valvesoftware.com/wiki/Valve_Time

In the current political environment, you might want to fix that typo 😉

In addition people often use VLANs for security segregation. For example you might buy a bunch of cheap Chinese security cameras, but want to ensure that they can’t send anything back to the manufacturer. Then you can make a VLAN with no Internet access for the cameras.