Actually I don't think self-hosting is a viable solution for many people. Most server hosts are not security experts. IT security is really hard due to the many possible attack vectors you have to be knowledgeable about. In this article they assume that an attacker has compromised a server and I don't see how a layman can keep a server safe if experts want to compromise it in the long term if you just follow the reccomend maintenance. One day you will slip up.
You might get a security related update late, did not hear about the last breach and are not aware how that relates to you, all sorts of scenarios. The only way to make it much more difficult to be compromised is if you don't connect your self-hosted cloud solution to the internet. But then it's not a really a cloud solution anymore.
And that's before you have to consider that not everyone has the knowledge, time, interest to self host.
For the kind of person who wants to run NixOS on Apple Silicon or do Linux gaming on Apple Silicon in the first place, that's probably interesting and not too hard
but if you're allergic to that, you might be able to figure something else out with Box64, which is already packaged in Nixpkgs
x86_64 gaming on NixOS is of course well supported and has been for a long time. There's a 'native' package that I've always used and the Steam Flatpak is also available and works as well as it does anywhere
we are talking about asahi linux. i think it is pretty clear that nixos isn’t supported like a first class citizen because you have to do a fair bit of work to make all of the more recent userspace fixes work on NixOS. i run NixOS Asahi so I know.
it was easier when Arch was a first class citizen but the advice nowadays you get upon encountering a problem on Arch is to switch to Fedora
Using libredrive supported devices - would we get some other advantages? Like being able to read from old and broken CDROM and DVD devices more reliably?
No, it actually makes it "worse" in that most usual DVD players and drives will do a "best effort, but keep going" type of read which may result in a pop or skip or desync for a moment on playback - but these tools are archival and refuse to read if they can't read correctly.
It's actually quite annoying at times, for example it's often better to rip audiobooks with iTunes and then grab the files and delete it from iTunes than to use something like XLD directly.
In the mitigation section there is written 'Deploy Runtime Protection: Use advanced anti-malware and behavioral detection tools that can detect rootkits, cryptominers, and fileless malware like perfctl.' -- which tools can we currently use to detect perfctl?
Article mentions couple of const paths that are used, like /root/.config/cron/perfcc.
Also, it mentions that ~/.profile is modified (EDIT: and many others, actually), so IDS like AIDE, if operated correctly, should alert you on that. I don't see any mentions about attempts to circumvent locally run IDS. I wonder if/why malware author did not attempt any evasive actions here, given how much they try otherwise. Maybe cost/benefit ratio is too low?
Supposedly it tones down it's activity while a user is logged in and waits for the machine to go idle. Another reason to have centralized performance monitoring.
It is such a shame the RPi Zero2 does not support "traditional" sleep modes like the ESP32 for example - which is why we have to optimize the Linux boot process. https://forums.raspberrypi.com/viewtopic.php?t=243719
i don't believe that will work reliably. cron risks moving a file that is not complete or a race condition where the complete file is moved away before synching verified that it is complete causing it to transfer it again. this can be avoided by only moving files that are a few minutes old but issues like this just make the process more brittle.
i want to use a tool that is reliable, not hack together a custom solution. if i did that, why even bother with syncthing?
You could use Syncthing just to empty the incoming files from your phone (ingest) and then move the photos via cron to a second folder (also Syncthing) which is just shared with the replicas.
Another approach would be to push the files from Syncthing to borg (borgmatic can do replicas) https://torsion.org/borgmatic/
I import files from Syncthing folders into a git-annex on my NAS, where multiple copies are eventually guaranteed via sync to off-site mirrors (remotes).
reply