h3ndrik

Why don't you consider encrypting your NAS, if I might ask? Inconvenience on boot? Because that's one inconvenience I currently live with... After a power outage I have to fetch a keyboard and type in the password, since the mainboard doesn't have remote-management and I've never set up an automatic way to transfer/fetch the encryption key...

Somehow they don't trust the software developers with operating heavy machinery 😆

Anyways, I think we're moving away from the topic... At work I didn't encrypt harddisks anyways. They just put the servers into a special area in the datacenter that has a fence and a separate lock.

At home I just encrypt stuff so I don't have to remember what I put where and handle things differently. Of course everything depends on the specific scenario and threat model. I have a bit of stuff archived on my server that isn't around anymore, could be a copyright violation. I also have my complete life stored there, documents, finances, emails of a decade, pictures, backups for family members, passwords for emergency access to things. Admin stuff and logfiles that I'm required by law (GDPR..) not to share. I also used to travel a lot with my laptop in the backpack and that can get stolen. At some point a long time ago I decided to encrypt my harddisks and stop worrying. Since at least 10 years there isn't any speed penalty anymore and it takes like 20 seconds to set it up on Linux...

But I can also see why not everyone wants to do it this way.

Hehe, now I get you. But I don't think there is something like "total active..." 😆 It's either the active users or the total amount... You just confused me by using both opposing words in a row.

Idk. The software most people here use is made by a small group of specific people. It affects us all as this defines the interaction and moderation tools that are available. And dictates what admins and mods can and cannot do.

Also the large instances have a dysproportionate amount of say. For example the largest communities are on lemmy.ml and lemmy.world. They run most of Lemmy.

Technically it's all distributed over several different people. But they're not equal in opportunity or reach.

The total user count is meaningless. Look at the monthly active users. That gives a good picture. And those are the correct links and graphs.

(The total users mainly show how the Reddit exodus happened. Lots of people made an account and used it once. Thus the steep incline in users. But they're not real, just zombie records. Also it's heavily affected by instances moving, shutting down or doing maintenance. Also lots of people here have multiple accounts. And there is some degree of farming and bot activity...)

Sure. It's just effort. I have to go fetch the power tools, fetch the drills, if I want to do it correctly also mount a vise or go fetch a piece of scrap wood and some clamps... After that clean up and remove the metal chips from my apartment...

At work I'd additionally need 3 training courses to be allowed to operate the drill press and visit the workshop. The whole process is going to take half a year. And it'll still not be certified that the information is now gone.

And it has other benefits. For example a dying disk. You can just throw that out. I once tried to wipe such a disk and it's a chore. It makes weird clicking noises and slows down to the point where it'd take years to overwrite it. Occasionally the SATA controller resets etc. And it won't succeed at overwriting stuff. Sure I could go to the garage, get the power tools, put the hdd into a vise and delete everything with a combination of hammer and drill... But it's much more convenient to have it encrypted and not care.

Good question. I don't have a clue either. It doesn't contain any personal information. (Unless it's self-made.) Usually isn't unique. And nobody cares as there's an abundance of porn available everywhere on the internet.

Sure. I believe that nogroup behaviour is a failsafe. Otherwise every misconfiguration would result in privilege escalation.

Unfortunately I'm not really familiar with that podman setup. I'm not sure if that --group-add keep-groups helps. I'm not sure what kind of groups are defined inside of the container. If the render group is even there and attached to the user that runs the process. Also I'm not sure if it's the group's name or number that counts... The numbers can be different from container to container.

Maybe you can peek at the container, see how it's set up inside? Maybe something like the --device-cgroup-rule helps to give access to the user within the container?

Yes.

I encrypt about everything. Laptop, server, backups, external hdds that are just for me. (Only thing I don't encrypt is a VPS. It's hosted on somebody else's hardware and they'd be able to break the encryption anyways if they wanted.)

I just put LUKS on it before formatting a filesystem. For the OS I use the good old approach with LUKS and a LVM inside.

I mean if you don't encrypt the backups, the encrytion of the system is kind of meaningless, isn't it?

Have you verified it is a permission issue? Maybe you're looking at the wrong place. Does it work if you set them 666?

Yeah, we need another blog post once things change.