This happens in other countries as well. I’ve been told to speak the local (non-English) language when visiting friends overseas when having a private conversation.
Generally, it seems to be nosy old people who are upset about not being able to eavesdrop
Or how bumblebee did an “rm -rf” on uninstall without a quoted path, which ended up nuking important directories
Server or desktop, and what types of files? I find that a self-hosted version of NextCloud does pretty well for keeping contacts, images, and videos in sync.
(You could run it on a Pi as an intermediary to both if desired)
I used to use stuff like AndFTP in the past for similar functions
It depends on where the encryption data is stored. If the bootloader and bios/efi are locked down and the data to unlock is stored in an encrypted enclave or one is using a TPM (and not an external chip one that can be sniffed with a pi), that’s a reasonable protection for the OS even if somebody gains physical access.
You could also store the password in the EFI, or on a USB stick etc. It doesn’t help you much against longer-term physical access but it can help if somebody just grabs the drive. It’s also useful to protect the drive if it’s being disposed of as the crypto is tied to other hardware.
Even just encrypting the main OS with the keys in the boot/initrd has benefit, as ensuring that part is well-wiped makes asset disposal safe®. Some motherboards have an on-board SDCard or USB slot which your can use for the boot partition. It means I don’t have to take a drill to my drives before I dispose of them
Not too many users, but an ever changing variety of devices and services :-)
Update: Based on some other sources, it sounds like giving another shot at freeIPA might be worth investigating. It’s still got Samba etc and the last time I tried it things weren’t more RedHat exactly friendly to my favored flavor (Debian) but it sounds like it might be better supported now
Update #2
OMFG it’s years after I tried and FreeIPA on Debian is even more of a pain. Docker container issues galore, and it basically won’t start without adding a bunch of options that reduce the container security to a smoldering ruin
I haven’t played with tailscale, and most of my wireguard shenanigans have involved connecting to others’ systems. Wouldn’t those mostly control the network-level access but not the account-level access (centralized account/UID/gid and remote permissions) part?
I do actually have a NextCloud instance, which I primarily use for editing Documents (via Collabora) or syncing backups of folders like Pictures etc from the phone.
SMB/Samba by itself for just sharing folders I’ve had little issue with. Samba as a domain controller with domain-joined clients tied to domain logins is a more complicated beast and - in my experience -prone to breakage in my experience (expired tokens, certificate lifetimes, DNS integration, upgrade issues, etc) BUT it can provide a fairly complete package end-to-end when it works. I just feel that there should be a more Linux-centric/friendly and less bloaty solution that still others decent account-level security.
When you ask “only on LAN” the answer is yes with the caveat that I do also work through VPN, but that’s often functionally the same thing save that the VPN login occurs after the user-login
Yeah that was what I said.
The upside over Snaps is that they’re not so controlled by a central source
I’d say they still share a couple downsides: a) use a lot of them and stuff is gonna get bloaty vs native packages
b) updating a library etc for security on your system can still leave you with vulnerable apps where the packages aren’t updated
Yup. Sales numbers good, but brand loyalty down which isn’t good for future sales
Partly, but scalpers buying up what inventory there was for reselling was absolutely rampant as well
RustDesk is pretty simple and has a fairly friendly interface. I’m hoping they bring back the play store installer though since getting relatives to install from an APK wouldn’t be much fun
I tried that one as well recently. It seems decent but the Android client is a tad broken (crashes on screen share).
Yup. Literally just set up a VM with that one last night to test out since a bunch here have recommended it
I’ll keep that in mind next time I’ve got relative with a Windows machine they need help on. Thanks
Linux Desktop, Android Phone, sometimes Windows if I’m hitting something from work etc
So virt-manager binary run locally but connecting to the remote host. I’ve done that before on Linux but haven’t seen a binary/client available for other OS’s
Yup
It even works most of the time. No self-hosted server though. AFAIK it connects via an MS host as the intermediary.
Yeah, I’d tend to agree on that. Even beyond the security issues, nuclear has the potential to be a safe, but it also has the potential to be disastrous if mis-managed.
We see plenty of issues like this already, including what occurred here: https://world-nuclear.org/information-library/safety-and-security/safety-of-plants/fukushima-daiichi-accident
Now imagine a plant in Texas, where power companies response to winter outages has basically been “sucks to be you, winterizing is too costly”.
Or maybe we’d like to go with a long-time trusted company, who totally wouldn’t throw away safety and their reputation for a few extra bucks. Boeing comes to mind.
I like nuclear as a power source, but the absolutely needs to be immutable rules in place to ensure it is properly managed and that anyone attempting to cut corners to save costs gets slapped down immediately. Corporate culture in North America seems to indicate otherwise.