🤮

I do for work but not for my self hosting operation, I don’t think it makes sense at least in my case. My recommendation is not to use full disk encryption on a home server, but to encypt specific directories as needed (I use fscrypt on an ext4 file system).

The accusation that Jarczak bypassed their authorization controls in violation of section 1201 of the Digital Millennium Copyright Act.

Why the fuck is the DMCA even a factor when the parties are in Poland and China?

I’ll check out sli.dev, I’ve been using Reveal.js for years now and highly recommend, I love how hugely customizable that is, but one issue for perfectionists is that it’s relatively hard to perfectly convert to a PDF, these days I use DeckTape that does a decent job. I used to be one of those nerds that used LaTeX (Beamer) but fell out of love with it.

Some time ago I tried Abrechnung and it was quite good actually.

When you run out of local storage…

If you have a single node, external USB storage is 100% fine. Even if you have more machines, if you don’t actually need a massive amount of storage, you can share that external drive as NFS.

Sounds doable, will need a bit of scripting, but I don’t really get the use case.

The fundamental difference between GPG encryption and encrypted partition is that of asymmetric vs. symmetric encryption. Whether you mount encrypted storage or decrypt a file with GPG, there’s some “effort” in putting in the passphrase and in both cases the system’s keyring is briefly aware of it and the plaintext is saved to memory (volatile, unless you have encrypted swap or other edge cases).

Asymmetric encryption is not normally used for personal stuff but mostly to exchange material with one party holding the private key, and other having access to the public key (which is public). Of course you can act as both parties if you like. If you do, keep in mind:

1. Asymmetric encryption algorithms may be vulnerable to quantum computing attacks in the coming years. There are quantum-resistant algorithms, but to my understanding they are not necessarily quantum-proof and could potentially be broken in the more distant future.
2. If you do choose to use GPG, make sure that the plaintext never touches the disk, for example save it to /dev/shm before encryption.
3. You can also protect your private key with a passphrase.

Personally I use Joplin. On the clients it’s secure because the database is saved on encrypted storage secured by my login phrase. On the server it’s secure by Joplin encrypting the files saved to WebDAV storage. Is it 100% safe? Probably not, but probably good enough to stop all but a nation-state level actor.

I use Baïkal for card and cal and Apache for webDAV, they provide all the features I need and were easy enough to set up, never tried alternatives.

I also bought into the Duolingo hype in the early days, watched it enshittified into oblivion, and not shedding a tear for investors punishing it, even if it’s for the wrong reasons.

I’m now doing comprehensible input (reading + videos) and flash cards in my target language. Even though some people poo poo flash cards, I find it a good complement for CI (when I encounter a word from flash cards in the “wild”, it does click better). I definitely need to work on speaking ability.

Personally I don’t go with full disk encryption for backups. I use Borg that encrypts its repositories on a plain ext4 partition, and the key is saved in the config file (wrapped in passphrase of course). Obviously it just moved the problem of what to do with the passphrase… I also have Vaultwarden (with a separate backup mechanism).

I watched 28 minutes and decided I’m gonna let this show go. I feel like I gave it a shot, the first two episodes weren’t terrible. I wouldn’t even say this episode was terrible (the ½ I watched), I just got very bored.

If like Lower Decks this show turns around to be great, do let me know and I might go back and watch it.

Episode 1: with expectations at the bottom of the Mariana Trench (because I watched Discovery), I was not too disappointed by this episode. Was it good? Also no. I think the story is fine in principle, it doesn’t unfold in a believable way, but not the worst we’ve seen in Star Trek. Other than that I was irked by what the captain says at 41:55:

make eh(?) your speed maximum impolt

Really, impolt, you couldn’t do a second take on that?

Episode 2: quite a bit worse, the plot progressed for like 3 minutes in total, and there was a lot of that teen drama that wasn’t interesting or amusing.

Overall felt like these were written by people who know a lot about Star Trek at a very surface level, and have a very TV-idea of what college life is like. I’ll keep watching, for now. Out of franchise loyalty more than actual interest.

Agree except that having your web crawler hiding itself by pretending to be Googlebot is bad. Preferable to Google search monopoly. For search, Brave is not actually a terrible option (but I won’t touch the browser with a 3 metre pole)

I have elaborate Procmail rules that sort out the mail. It’s not a very modern solution and the syntax is quite horrible, but it works quite well.

Full fat 😂

Yeah, I know there are much better ways to seal a leak (temporarily or permanently), I just had nothing else at hand.

I suppose it’s just physical wear and tear combined with years of exposure to all kinds of nasty stuff going through the drain. There’s a plastic hook there that’s directly in the flow, that’s what eventually broke off, leaving a hole where it was attached.

It’s only downhill from there for Discovery.

The exact opposite is true for Lower Decks, I hated it in the beginning, but it ended up being my favourite show in 20 years.

still it is concerning, that any program can know about the sites I visit

As other noted, that’s the case in Linux, by default all processes are equal, so if your shell process can access a file, the Firefox process can access that file.

But there are in fact many ways to sandbox processes and prevent exactly what you are worried about. One way is to install applications via Flatpak (or Snap), that can limit what files the app can see, while still running as your user.

If there is an app you need and don’t trust that’s not available as a flatpak (or snap), there are ways to sanbox it manually. It does require some tinkering, but people can help you on !linux@lemmy.ml

I don’t really need the encryption

In this case I’d say, LUKS is an overkill and just complicates your life. Try to think of a worst case scenario and what you are trying to protect against. Full disk encryption protects you against someone physically and clandestinely tampering with your server to compromise you by altering your OS, I’d say most selfhosters aren’t at risk of this (I do use LUKS on my laptop, because if I’m not available to decrypt the drive then there’s no reason for it to get decrypted). My approach to the server is to have encrypted directories as needed. For example the SFTP directory, the logic being that some of what’s there may be sensitive, so encryption at rest prevents leakage after the drive is eventually disposed of. But my Git repos (including private ones) and calendar aren’t encrypted at rest. Other services (e.g. Matrix, Borg, Vaultwarden) provide E2E so don’t really need further encryption.