But…an onion address doesn’t need a cert?
But…an onion address doesn’t need a cert?
You create a (self-signed) CA certificate, put its certificate as the client ca in your web server.
Then you can create certificates using this CA that you distribute to your devices, only devices that have a certificate signed by your CA are allowed to connect.
see systemd.unit(5), systemd.service(5), systemd.socket(5), systemd.device(5), systemd.mount(5), systemd.automount(5), systemd.swap(5), systemd.target(5), systemd.path(5), systemd.timer(5), systemd.slice(5), systemd.scope(5) systemd.link(5), systemd.netdev(5), systemd.network(5) and honorable mentions podman-systemd.unit .container, .volume, .network(…again), .kube, .image, .build and .pod
The problem with that would be that it would make switching to another linux ditribution very, very easy. They would have 99.99% compatibility so a lot of people would switch to another distro if they add stuff like recall.
They would also be opening the can of worms that is massive software support for linux (which is arguably already opening.)
I doubt the os switch is happening too, some will probably switch but that will be a small amount, either they get Linux or afaik all other “popular” options require new hardware anyways (Macos)
I think many will just stay on windows 10 if their hardware doesn’t support 11 but ehh
Difficult to say, that’s why I’m waiting on the EOL for headlines like “millions of pcs vulnerable due to missing updates” or “maybe we were a little hard on crowdstrike”
They moved to Switzerland due to the reasons listed here.
Linton said that last year the Australian Federal Police (AFP) visited a Session employee at their home in the country. “There was no warrant used or meeting organised, they just went into their apartment complex and knocked on their front door,” Linton said. The AFP asked about the Session app and company
But why
I’m just waiting for the EOL of window 10 to see which of the following will happen:
If it actually were FOSS instead of source available(do not copy), yes.
Well, on linux I’d use systemd’s resolved which would listen on localhost:53 (it would also point resolv.conf there) and then set resolved’s uplink server to your custom port. I don’t have the exact config in mind but it seems to support custom uplink ports(“expects IPv4 or IPv6 address specifications of DNS servers […] optionally take a port number separated with “:”[…]”)
Edit: found this: https://en.opensuse.org/Network_Management_With_Systemd
Just set the DNS server to localhost:1053 for the nas?
checkmate atheists
Use -B instead.
Sets Advanced Power Management feature. Possible values are between 1 and 255, low values mean more aggressive power management and higher values mean better performance. Values from 1 to 127 permit spin-down, whereas values from 128 to 254 do not. A value of 255 completely disables the feature.)
Hasn’t ended yet, as soon as we reach 75% the simulation will end.
Define “sandboxed”
Application can only access a limited part of the system? = use flatpak or build a container/VM image using the nix pkgs.
Application can be uninstalled completely and has separate libraries? I prefer nix.
Especially since they don’t talk about how they secure the local data
They don’t because they don’t
All the data you import is indexed in a SQLite database and stored on disk organized by date, without obfuscation or anything complicated.
Probably because this is still in early alpha and “the schema is still changing”.
How does mergefs compare to btrfs and bcachefs in using multiple partitions?
Drives connected to usb have an unstable connection in my experience, this is very annoying and gets worse with hubs.
RAIDs reduce the time a system is offline and reduce data loss, if a drive fails and you can afford to wait for the new disk and the backup to restore, and have regular backups that ensure no important data gets lost (though remember the data added between backups may be lost) then you don’t need a RAID.
I don’t use RAIDs cause if my disk fails then I can stomach the 2-4 days it takes to buy a new one and restore the backup
Very important: use S.M.A.R.T and a filesystem with checksums to make sure you’re not backing up corrupted data and know to get a new one
For encryption at rest you may want to look at clevis and tang, though you need a server in your home network for this to work. The client (with clevis) then decrypts the disk at boot if it can reach the server (tang). The server can’t decrypt the data without the client secret and the client can’t decrypt it without the server public key.
Don’t know what your server could be though, maybe a router with custom firmware?
You should also look into cloud storage/rclone, that way you can automate your backups more and reduce the need for manual intervention.
I use rclone and restic to automatically backup my servers daily which takes a few seconds most of the time due to them being incremental backups.
Heresy