🤮

I do for work but not for my self hosting operation, I don’t think it makes sense at least in my case. My recommendation is not to use full disk encryption on a home server, but to encypt specific directories as needed (I use fscrypt on an ext4 file system).

I’ll check out sli.dev, I’ve been using Reveal.js for years now and highly recommend, I love how hugely customizable that is, but one issue for perfectionists is that it’s relatively hard to perfectly convert to a PDF, these days I use DeckTape that does a decent job. I used to be one of those nerds that used LaTeX (Beamer) but fell out of love with it.

Some time ago I tried Abrechnung and it was quite good actually.

When you run out of local storage…

If you have a single node, external USB storage is 100% fine. Even if you have more machines, if you don’t actually need a massive amount of storage, you can share that external drive as NFS.

That’s a shitpost

Sounds doable, will need a bit of scripting, but I don’t really get the use case.

Arch on desktop since 2020, RH-flavoured on servers.

Used Kubuntu from 2012ish to 2020, distro-hopped in the decade before that.

The fundamental difference between GPG encryption and encrypted partition is that of asymmetric vs. symmetric encryption. Whether you mount encrypted storage or decrypt a file with GPG, there’s some “effort” in putting in the passphrase and in both cases the system’s keyring is briefly aware of it and the plaintext is saved to memory (volatile, unless you have encrypted swap or other edge cases).

Asymmetric encryption is not normally used for personal stuff but mostly to exchange material with one party holding the private key, and other having access to the public key (which is public). Of course you can act as both parties if you like. If you do, keep in mind:

1. Asymmetric encryption algorithms may be vulnerable to quantum computing attacks in the coming years. There are quantum-resistant algorithms, but to my understanding they are not necessarily quantum-proof and could potentially be broken in the more distant future.
2. If you do choose to use GPG, make sure that the plaintext never touches the disk, for example save it to /dev/shm before encryption.
3. You can also protect your private key with a passphrase.

Personally I use Joplin. On the clients it’s secure because the database is saved on encrypted storage secured by my login phrase. On the server it’s secure by Joplin encrypting the files saved to WebDAV storage. Is it 100% safe? Probably not, but probably good enough to stop all but a nation-state level actor.

I use Baïkal for card and cal and Apache for webDAV, they provide all the features I need and were easy enough to set up, never tried alternatives.

I wonder how many countries’ laws every Linux distribution violates by existing (e.g. North Korea, Turkmenistan) but these bozos at Arch Linux 32 don’t proactively block.

That is the way. I just don’t understand open source projects that have no ties to regions where these dumb regulations exist blocking users from said region. Why is it your problem? If California (for example) wants to block your website, let it be their problem.

Akahually at my work we used a third party authentication PAM module that uses the gecos field for username mapping.

+1 for the headphone jack

It’s worse than both of them being the wing way

There are jobs with flexible hours and partial or full work from home arrangements, and more importantly jobs where you can feel some amount of purpose and personal growth instead of just making money (mostly for someone else, i.e. shareholders). To get such a job you might have to get some specialized skill, or just get lucky.

Personally I don’t go with full disk encryption for backups. I use Borg that encrypts its repositories on a plain ext4 partition, and the key is saved in the config file (wrapped in passphrase of course). Obviously it just moved the problem of what to do with the passphrase… I also have Vaultwarden (with a separate backup mechanism).

That’s definitely quantity over quality

Hey, hope you are recovering from this ordeal. I attribute some of the oddities in your post to panicked writing, but it would be great if you can clarify these points:

listed as .BRM for windows 6

What does that mean?

As soon as they saw me, they wiped everything from my home folder, everything that wasn’t a base part of kde was gone

What do you mean base part of KDE? Did they delete more than just the home directory?

because since they schroot, none of those processes were available to me to view

Why wouldn’t you be able to view processes running in schroot? Doesn’t it use the same pid namespace and uses the same /proc as the init process?

I went digging and found the schroot under /run/ I took a look at the properties and the env showed 128.7TB of storage

You wrote in a comment “that was the server farm rooted into me”. Why do you think that is the case?

Also, it’s not quite clear what the screenshots are meant to show. The first two are a list of files in your home directory, showing it’s not empty. So did they wipe everything or not? How are we supposed to know what those files are and what you expect should be there… And then the other screenshots are of you trying to recover files from the disk image.

I understand if you don’t, but do you actually have any evidence of an attack? Like cellphone video of the screen while you are seeing suspicious activity on Wireshark? I can definitely understand being more concerned with minimizing the damage once you realize files are being deleted than gathering evidence. But can you for example fish out that .dll file from the disk image?

Same 😜