Conversation

Notices

1. Embed this notice
   kaia (kaia@brotka.st)'s status on Monday, 21-Apr-2025 17:12:20 JST kaia
   if you have a home server, do you have a mechanism that switches it off when someone tries to tamper with it?
   • Embed this notice
     Haelwenn /элвэн/ :triskell: (lanodan@queer.hacktivis.me)'s status on Monday, 21-Apr-2025 17:15:57 JST Haelwenn /элвэн/ :triskell:

     in reply to

     @kaia Nah, just full disk encryption on system disks (including the /boot, which is why I really wish the PC motherboards I have would come with a serial port…).

   • Embed this notice
     lainy (lain@lain.com)'s status on Monday, 21-Apr-2025 17:15:59 JST lainy

     in reply to
     @kaia just do harddisk encryption, there's practically nobody sophisticated enough to work around that even with access to running hardware.
     kaia likes this.
   • Embed this notice
     kaia (kaia@brotka.st)'s status on Monday, 21-Apr-2025 17:17:07 JST kaia

     in reply to

     • lainy
     @lain but if I do LUKS on the server, then attacker can just keep it running and it's "unencrypted" though?
     
     I thought about doing cryptomator on the server
   • Embed this notice
     noodle (noodle@aus.social)'s status on Monday, 21-Apr-2025 17:17:30 JST noodle

     in reply to

     @kaia Tamper how? it is in such an inaccessible location it is hard to remove without toppling other things. internally it is mayhem too.

     kaia likes this.
   • Embed this notice
     翠星石 (suiseiseki@freesoftwareextremist.com)'s status on Monday, 21-Apr-2025 17:19:51 JST 翠星石

     in reply to
     @kaia It's called me deep in the GNU/Cave that can smell the glowers coming.
   • Embed this notice
     lainy (lain@lain.com)'s status on Monday, 21-Apr-2025 17:19:55 JST lainy

     in reply to
     @kaia who are you defending against? what's the attack vector? or is it just about trying cool stuff?
     kaia likes this.
   • Embed this notice
     kaia (kaia@brotka.st)'s status on Monday, 21-Apr-2025 17:21:31 JST kaia

     in reply to

     • lainy
     @lain just trying stuff. I want to build local server for 'immich' and maybe storing personal documents, maybe with syncthing again since nextcloud is so bulky
   • Embed this notice
     lainy (lain@lain.com)'s status on Monday, 21-Apr-2025 17:26:22 JST lainy

     in reply to
     @kaia the thing with all these defenses is they make things harder to use. if you make it megaquantum supersecure to prevent the CIA, FBI, BND and the aliens from accessing your data even if they stand in front of your server, you'll never use it for your documents because you accidentally shut it down one time and then it's too much hassle to get it up again.
     Haelwenn /элвэн/ :triskell:, kaia, Phantasm and Another Linux Walt Alt like this.
   • Embed this notice
     Legion495 (legion495@mk.absturztau.be)'s status on Monday, 21-Apr-2025 17:43:08 JST Legion495

     in reply to

     @kaia@brotka.st There is intrusion detection but I have motherboard which does not support it. Either way...
     
     If someone is able to get to the server physically I have other issues to worry about.

     Haelwenn /элвэн/ :triskell: and kaia like this.
   • Embed this notice
     cell classic (cell@shitposter.world)'s status on Monday, 21-Apr-2025 17:46:47 JST cell classic

     in reply to

     • lainy
     @lain @kaia aaah the good old CIA (confidentiality integrity availability) triad dilemma, have to balance all of them
     
     tfw can’t have your cake and eat it too
     kaia, lainy and Phantasm like this.
   • Embed this notice
     lainy (lain@lain.com)'s status on Monday, 21-Apr-2025 17:47:28 JST lainy

     in reply to

     • cell classic
     @cell @kaia i didn't even know that one lol, just speaking of my own experience of configuring things in such a cool and exciting way that i'd just not use it in the end.
   • Embed this notice
     Phantasm (phnt@fluffytail.org)'s status on Monday, 21-Apr-2025 17:47:48 JST Phantasm

     in reply to
     @kaia I don't currently have any space for a server at home, but if I did, I would probably have some path for SSH that I can quickly access and shut it down remotely with one command. If that isn't enough, maybe a door sensor that shuts it off when you aren't home might be a good solution too.
     
     Full disk encryption can be a pain to use when you have frequent long power outages, since you need SSH remote access to even unlock the drives. And only Debian supports that without doing janky setups.
     kaia likes this.
   • Embed this notice
     cell classic (cell@shitposter.world)'s status on Monday, 21-Apr-2025 18:01:11 JST cell classic

     in reply to

     • lainy
     @lain @kaia like all models it just formalizes something that was probably intuitive to anyone who had to deal with securing their setup :cat_si:👍
     kaia and lainy like this.
   • Embed this notice
     Protoss (cyrillic@lab.nyanide.com)'s status on Monday, 21-Apr-2025 18:20:56 JST Protoss

     in reply to
     @kaia disk encryption and an arduino on the door to the room that triggers a shutdown is how I would do that if I had one
     Phantasm likes this.