fmstrat

joined 2 years ago
[–] fmstrat@lemmy.nowsci.com 2 points 5 hours ago

Fry's. Some Microcenters. Al Lashers.

[–] fmstrat@lemmy.nowsci.com 5 points 5 hours ago

The drawers are the best everywhere. RadioShack? Component drawers. Home Depot? Fastener drawers. On and on.

[–] fmstrat@lemmy.nowsci.com 3 points 19 hours ago (1 children)

I wonder if it's so you can get a calendar of usage tines. Could be handy to ensure kids are brushing for the right amount of time?

[–] fmstrat@lemmy.nowsci.com 3 points 19 hours ago (1 children)

Tom's still around, he's just a photographer now: https://www.instagram.com/myspacetom

[–] fmstrat@lemmy.nowsci.com 10 points 1 day ago (5 children)

I have the same box fan

[–] fmstrat@lemmy.nowsci.com 6 points 1 day ago

Sometimes it's to artificially narrow the lane to slow traffic. That's what they did here.

[–] fmstrat@lemmy.nowsci.com 2 points 1 day ago

But.. your original comment is just.. wrong?

This isn't a critical security flaw unless you have the worst partition scheme on your encrypted volumes imaginable.

The default LUKS partition scheme is vulnerable.

It's not even a process flaw at that point, just "possible".

There is a successful POC, it is a flaw.

you can compromise disks once encrypted because everything is happening in an in-memory boot process.

This is not just in-memory. This is modifying the unencrypted part of initramfs on disk. Powering off the machine does not remove the exploit.

[–] fmstrat@lemmy.nowsci.com 4 points 1 day ago* (last edited 1 day ago) (2 children)

You always "boot something that is unencrypted." You then "mount" the encrypted volumes and load the OS.

This is how people can put an SSH server (dropbear) in initramfs so they can unlock remotely.

The attack is to initramfs, not the encrypted layer.

The order'ish:

  • Boot
  • Initramfs loads, gives you the LUKS prompt
  • Initramfs decrypts/mounts OS
  • OS loads
[–] fmstrat@lemmy.nowsci.com 1 points 1 day ago* (last edited 1 day ago) (4 children)

I'm confused.

Initramfs is unencrypted in /boot when using LUKS with RAID. It has to be, right?

The attacker uses a debug shell to modify the unencrypted boot, so the next time you boot and type your LUKS password, they can gain access.

This doesn't line up with your comment?

[–] fmstrat@lemmy.nowsci.com 8 points 1 day ago (1 children)

Everyone is waiting for this. There needs to be a party.

[–] fmstrat@lemmy.nowsci.com 5 points 1 day ago

A fun conversation starter is always "So do you have an internal monologue?"

[–] fmstrat@lemmy.nowsci.com 4 points 2 days ago* (last edited 2 days ago)

Agreed, and unfortunately articles like this are food for CEOs to do more under the guise of AI. "See, it works!"

 

The author of Holism and Evolution, Jan Smuts, used the Greek word "holos" as the root of "holism" instead of "whole" (the book was English, and "whole" was commonplace). In later years, wholistic was coined, but never caught on. While there could be other reasons for the choice than making it sound more scientific, it sure seems to be the case.

This is one of those examples of the English language that annoys me.

https://www.etymonline.com/word/holistic

https://en.m.wikipedia.org/wiki/Holism

10
submitted 3 weeks ago* (last edited 3 weeks ago) by fmstrat@lemmy.nowsci.com to c/games@lemmy.world
 

Really wish the DLC for this was still available. Slay away Camp is good, but this was so much better and I missed out on the DLC..

 

Hi everyone,

I've been a single-server built from whatever desktop I upgraded for years kind of guy, with a hostname of the street it is on (better than server, which is what it used to be).

However, at some point in the future my home lab will be located in a place I will not have immediate access to, and since it's getting on in age and due for an upgrade anyway, I'm going to build in some redundancy. So, current names:

  • OPNsense micro-router: ingress01
  • OPNsense backup: ingress02
  • Cluster micro-server with essential services: cluster01
  • Cluster micro-server with non-essential services and replicated essential services: cluster02
  • NAS: nas
  • Powered on remotely when needed:
    • Mac mini dev/release box: macmini
    • Primary remote development server (basically my old desktop): desktop

Bring on the Mini-MacMinifaces, and any other ideas you have.

 

cross-posted from: https://lemmy.nowsci.com/post/13005097

Hi all,

I've been running a bunch of services in docker containers using Docker Compose for a while now, with data storage on ZRAID mirrored NVME and/or ZRAID2 HDDs.

I've been thinking about moving from my single server setup to three micro-servers (Intel N150s), both for redundancy, learning, and fun.

Choosing Kubernetes was easy, but I'd like to get some outside opinions on storage. Some examples of how I'm using storage:

  1. Media and large data storage: Currently on the ZRAID2 HDDs, will stay here but be migrated to a dedicated NAS
  2. High IO workloads like Postgresql and email: Currently running on the NVMEs
  3. General low-volume storage: Also currently on NVMEs, but different use case. These are lower IO, like data storage for Nextcloud, Immich, etc

I'm a huge fan of being able to snapshot with ZFS, as I mirror all my data off-site with hourly pushes for some container data, and daily for the rest. I'd like to be able to continue this kind of block-level backups if possible.

Assume I'm a noob at Kubernetes storage (have been reading, but still fresh to me). I'd love to know how others would set up their storage interfaces for this.

I'm trying to understand if there's a way to have the storage "RAIDed" across the drives in the three micro-servers, or if things work differently than I expect. Thanks!

 

Hi all,

Working through some things like a Will (I am fine, just normal life planning), and debating on methods for digital management when I do die.

I run a lot of self-hosted services for family and friends, all on secured servers with ZFS and on/off site backups. Key ingredient is Vaultwarden for password management.

I'd like to put something in place so that encryption keys, some docs, and key passwords are released to a tech savvy friend. Anyone know of existing solutions for this?

Requirements of:

  • Not providing keys to a third-party beforehand
  • Not forgeable to open
  • If possible, no "weekly press a button"

I'm thinking some kind of key pair where my friend has the private key and the public key is provided to a family member, and when activated a timer starts where I could cancel the release.

 

Rewind to the beginning for the SP.

 

Almost 30 more minutes of dishwasher.

1
Truth (lemmy.nowsci.com)
submitted 1 year ago* (last edited 1 year ago) by fmstrat@lemmy.nowsci.com to c/pics@lemmy.world
 

Edit

To provide some context given the messages below. I was a professional photographer, and understand that getting a good photo is a skill. Exposure time, timing, location, and many other factors come into play when capturing a great image.

Seeing the aurora was a fantastic experience. The purpose of this post is to help reduce FOMO of those who could not see it. Many people who don't know these things will imagine dancing lights in the sky of brilliance, and will be saddened by what they missed. While they did miss something, it's important for them to know exactly what they missed.

Edit2 I should also note this is why I enjoy when photographers post gear, conditions, and settings alongside results. It tells viewers what was real.

 

When launching a new Lemmy instance, your All feed will have very little populated. Also as a small instance, new communities that crop up may never make their way to you. LCS is a tool to seed communities, so your users have something in their All feed, right from the start. It tells your instance to pull the top communities and the communities with the top posts from your favorite instances.

How to run manually and in docker is included in the repo.

Let me know if there's anything anyone needs it to do and I'll see if I can fit it in. I'm going to work on a "purge old posts that are unsaved and not commented on by local users" first, since small instances are sure to run out of disk space.

view more: next ›