During that time, your data is encrypted but you don’t know because when you open a file, your computer decrypts it and shows you what you expect to see.
First time i hear of that. You sure? Would be really risky since you basically need to hijack the complete Filesystem communication to do that. Also for that to work you would need the private and public key of the encryption on the system on run time. Really risky and unlikely that this is the case imho.
Would it be not much easier (and more portable) if you create a Linux VM in for example VirtualBox? From there you could just follow any Linux guide.
The cheap models can not be flashed with openwrt since they use some proprietary drivers or something.
The complete Opal series is not supporte iirc.
You should have read the post more carefully. The CVE affects every OS. Just the first shown example is Windows only.
Also, the relevant commits are outlined in the first paragraph. This article is not for the stupid user it’s a technical analysis on a few ways to exploit it and for those cases the commits are more relevant than the version. Also saying which versions are affected is not that easy, commits can be backported into an older version by for example the packager.
This is not really correct. Those companies take complete control of the secret keys. And no, it is not the same effect when you use tailscale compared to wireguard cause of various reasons. CGNAT, no port forwarding, funnels etc.
Netmaker, Tailscale or Zerotier
No way in hell i am giving a company complete remote access to my servers and clients.
This is not the invention of an IP KVM, those are old. This product just offers the functionality of an IP KVM for very little money.
It is based on completely different hardware. A Raspberry Pi CPU is much more expensive than the CPU that is used here.
Power issues can cause problems that the hardware glitches into states it should not be. Changing something in the BIOS or updating it. Hardware defects. OS upgrade fails (Kernel bug causes the network driver to fail) Etc. Etc.
Those devices are not for the weekly “oh my setup failed” its for the once in 10 years “i am on vacation and the server is not reachable and for some reasons my system crashed and has not rebooted by its own”
And for below 100€ it’s a no-brainer.
You want the mail-crypt-plugin in dovecot.
I just set it up. Yes i dislike the fact, that you need another party for syncing it, but i doubt it would be possible otherwise, just too much work to support everyone.
I read up on GoCardless and they do not sound that evil
But not sure if i will keep the connection up. Will see i guess.
Really disliking that discord is used as helpdesk/forum. Not really searchable via the web.
Also no link to the repo.
And how often. have you said stuff that you have not received advertising for? You will notice it when you get a positive match but not on a negative.
Data collecting companies can predict/rate your behavior for more then 20 years based. Since then. it has been perfected. They know that you are interested in those topics without having the need to waste resources on recording and analyzing every single audio stream.
Extracting the key from a TPM is actually trivial but immense time consuming.
Basically this with probably more modern chips and therefore even smaller cells. https://youtu.be/lhbSD1Jba0Q
Also sniffing is a thing since the communication between CPU und TPM is not encrypted.
Wasn’t the CVE fixed in a reasonable time frame? I seriously doubt that the maintainers would have ignored it if it wouldn’t have been discussed so publicly.
AFAIK, to exploit it, you need network access to CUPS then add the printer and then the client needs to add/select a new printer on the client device and actively print something.
If CUPS is reachable from the internet, then the system/network is misconfigured anyway, no excuse for ignoring the issue but those systems have other sever issues anyway.
TPM is not only used by the system encryption. But no i do not use it for it. Not because of privacy, cause of security reasons.
As for a backup, I figured I would have to raid it.
RAID is not a backup. Never ever consider having the data on a RAID to be backed up.
Basically, when you do not run server side transcoding and instead rely on client side support you will run from time to time into issues. Jellyfin does not have the ppl to get every client to work with all the different formats on every hardware.
1080 h264/h265 does not say much about the media format. Those codec differentiate in things like Chroma (4:2:0; 4:4:4, etc) or in color depth like 8 or 10 bit. So not every h264 media file does run on the same hardware. Audio codecs are even more complicated.
I think since i setup my hardware transcoding I ran into a not playable file once. But depending on the hardware it can be worse. On android TV you may have to play around with the settings.
I understand that this can be a deal breaker for some ppl.
I doubt that this is the case, whether it is encrypted or not. The complexity and risks involved with decrypting it on the fly is really unrealistic and unheard of by me (have not heard of everything but still)
Also the ransomware would also need to differentiate between the user and the backup program. When you do differentiated backups(like restic) with some monitoring you also would notice the huge size of the new data that gets pushed to your repo.
Edit: The important thing about your backup is, to protect it against overwrites and deletes and have different admin credentials that are not managed by the AD or ldap of the server that gets backed up.