shakedown.social is one of the many independent Mastodon servers you can use to participate in the fediverse.
A community for live music fans with roots in the jam scene. Shakedown Social is run by a team of volunteers (led by @clifff and @sethadam1) and funded by donations.

Administered by:

Server stats:

289
active users

#backups

0 posts0 participants0 posts today

~2003 I asked my friend about good Linux backup software.

He told me to use rsync in a script, with cron or whatever, and basically roll a solution myself. I thought that was such a hack-y way of doing it.

But he was right. Rsync rules.

Also, software using rsync like rsnapshot and BackupPC, and countless others, are very good.

Replied in thread

@duckyfella @MaliciousCarp Depends on the exact config and whether or not one just needs a stupid #dlna server (even the OG #RaspberryPi Model B can run minidlna fast enough to stream 1080p video with ease.

  • There should also be some hardware transcoding stuff even on older #AMD Embedded SoCs with Radeon HD graphics.

As for other #Server tasks, the #fanless #ThinClients are perfect for offloading tasks like #Backups, #Filesharing and "#Homelab|bing" aka. doing some "#FuckAroundAndFindOut" - kind of #testing.

I just need to pause for a moment and say THANK FUCK for backups. Thank you, past self, for being smart and setting up backups... and for always backing up your work... even though it's been years since you needed to recover anything. Go you, me.

#backups

Today it suddenly occurred to me, "Hmm, I bet #rclone supports a compression backend. If so, then I could be compressing my cloud backups to save on storage costs." So I went and looked it up, and indeed it does, and I could.
There's even a "union" backend I could use to migrate gradually to compressed backups rather than paying download and upload costs to recompress everything.
Seems like a great idea, right? Or _is_ it?
#tech #backups #hacking
🧵 1/2

So, #backups on #Linux. Which tool do I want, preferably with a GUI?

I want to back up 3-4 Linux laptops to a remote server at Hetzner. My key requirement is that the whole thing is stable, easy to configure, and easy to automate. Backups must be encrypted.

Extra points for versioning.

So I've been trying to figure out the answer to a theoretical problem: what would I do if I was in a foreign country and had my phone and laptop seized / stolen?

I'm not too concerned about the shit on them, but nowadays everything is 2FA. Even my password manager needs second factor auth on a new device, and the second factor is email which... You guessed it needs a second factor. I feel like I'm one lost device from disaster.

How do you go from zero to re-equipped with your logins without access to your own desk and devices?

Would it be insane to post an encrypted binary blob in like a public git repo? Random webpage? What encryption would be sufficient to confidentiality drop an entire password vault, ssh keys, etc into a public space?

(Encryption not my area of expertise)

#Introduction

I've programmed computers since 1984 (liw.fi/40/). I was part of #Linux from the beginning. I was a #Debian developer for about 20 years (1996-2018). I care about #SoftwareFreedom and #CivilLiberties. I think about #backups. My main hobby is #OpenSource development. I have too many personal projects (app.radicle.xyz/nodes/radicle.). I work on #Radicle (radicle.xyz/).

My other hobby is classic European men's style. I like to wear a #suit. Preferably with a vest.

liw.fi40 years of programming
Replied in thread

@alper : forget the marketing blah about public key encryption; it's advantages are extremely exaggerated.

Just think of each passkey as an extremely strong and unique password tied to the domain name of a website.

The strength of passkeys (the WebAuthn protocol actually) lies in the fact that software (not the user):

1) Insists that the connection uses https;

2) Uses the passkey only if the domain name of the website (as shown in the browser's address bar) is the same (*) as the one used when the passkey was created.

(*) It's a bit more complicated than that: subdomains may be permitted under certain conditions.

Unintentionally logging into a fake website with a look-a-like domain name (phishing) is impossible (an "Adversary in the Middle" attack is possible only if a fake website possesses a certificate deemed valid by your browser, like I wrote about in infosec.exchange/@ErikvanStrat).

However, passkeys suck in practice (Dan Goodin is right), see infosec.exchange/@ErikvanStrat.

@schwa
@dangoodin

Infosec ExchangeErik van Straten (@ErikvanStraten@infosec.exchange)🌘DV-CERT MIS-ISSUANCE INCIDENTS🌒 🧵#3/3 Note: this list (in reverse chronological order) is probably incomplete; please respond if you know of additional incidents! 2024-07-31 "Sitting Ducks" attacks/DNS hijacks: mis-issued certificates for possibly more than 35.000 domains by Let’s Encrypt and DigiCert: https://blogs.infoblox.com/threat-intelligence/who-knew-domain-hijacking-is-so-easy/ (src: https://www.bleepingcomputer.com/news/security/sitting-ducks-dns-attacks-let-hackers-hijack-over-35-000-domains/) 2024-07-23 Let's Encrypt mis-issued 34 certificates,revokes 27 for dydx.exchange: see 🧵#2/3 in this series of toots 2023-11-03 jabber.ru MitMed/AitMed in German hosting center https://notes.valdikss.org.ru/jabber.ru-mitm/ 2023-11-01 KlaySwap en Celer Bridge BGP-hijacks described https://www.certik.com/resources/blog/1NHvPnvZ8EUjVVs4KZ4L8h-bgp-hijacking-how-hackers-circumvent-internet-routing-security-to-tear-the 2023-09-01 Biggest BGP Incidents/BGP-hijacks/BGP hijacks https://blog.lacnic.net/en/routing/a-brief-history-of-the-internets-biggest-bgp-incidents 2022-09-22 BGP-hijack mis-issued GoGetSSL DV certificate https://arstechnica.com/information-technology/2022/09/how-3-hours-of-inaction-from-amazon-cost-cryptocurrency-holders-235000/ 2022-09-09 Celer Bridge incident analysis https://www.coinbase.com/en-nl/blog/celer-bridge-incident-analysis 2022-02-16 Crypto Exchange KLAYswap Loses $1.9M After BGP Hijack https://www.bankinfosecurity.com/crypto-exchange-klayswap-loses-19m-after-bgp-hijack-a-18518 🌘BACKGROUND INFO🌒 2024-08-01 "Cloudflare once again comes under pressure for enabling abusive sites (Dan Goodin - Aug 1, 2024) https://arstechnica.com/security/2024/07/cloudflare-once-again-comes-under-pressure-for-enabling-abusive-sites/ 2018-08-15 Usenix-18: "Bamboozling Certificate Authorities with BGP" https://www.usenix.org/conference/usenixsecurity18/presentation/birge-lee Edited 2024-09-05 14:19 UTC: corrected the link for the "jabber.ru" incident. #DV #LE #LetsEncrypt #Certificates #Certs #Misissuance #Mis_issuance #Revocation #Revoked #Weaknessess #WeakCertificates #WeakAuthentication #Authentication #Impersonation #Identification #Infosec #DNS #DNSHijacks #SquareSpace #Authorization #UnauthorizedChanges #UnauthorizedModifications #DeFi #dydx_exchange #CryptoCoins