Perhaps I’ve been naieve.

I have local incremental backups and rsync to the remote. Doesn’t syncthing have incremental also? You have a good point about syncing a destroyed disk to your offsite backup. I know S3 has some sort of protection, but haven’t played with it.

I have tailscale mostly set up. What’s the issue with USB drives? I’ve got a raspberry pi on the other end with a RO SD card so it won’t go bad.

This reminds me that I need alerts monitoring set up. ; -)

I’ll have to check this out.

I attended some LUGs before covid and could see something like this being facilitated there. It also reminds me of the Reddit meetups that I never partook in.

That’s something that I hadn’t considered!

I wasn’t aware of the untrusted setting. That sounds like a good option.

Yes. It’s the “put a copy somewhere else” that I’m trying to solve for without a lot of cost and effort. So far, having a remote copy at a relative’s is good for being off site and cost, but the amount of time to support it has been less than ideal since the Pi will sometimes become unresponsive for unknown reasons and getting the family member to reboot it “is too hard”.

Take some time and really analyze your threat model. There are different solutions for each of them. For example, protecting against a friend swiping the drives may be as simple as LUKS on the drive and a USB key with the unlock keys. Another poster suggested leaving the backup computer wide open but encrypting the files that you back up with symmetric or asymmetric, based on your needs. If you’re hiding it from the government, check your local laws. You may be guilty until proven innocent in which case you need “plausible deniability” of what’s on the drive. That’s a different solution. Are you dealing with a well funded nation-state adversary? Maybe keying in the password isn’t such a bad idea.

I’m using LUKS with mandos on a raspberry PI. I back up to a Pi at a friend’s house over TailScale where the disk is wide open, but Duplicity will encrypt the backup file. My threat model is a run of the mill thief swiping the computers and script kiddies hacking in.

You’re doing God’s work!

Over my career, it’s sad to see how the technical communications groups are the first to get cut because “developers should document their own code”. No, most can’t. Also, the lack of good documentation leads to churn in other areas. It’s difficult to measure it, but for those in the know, it’s painfully obvious.

I had one from Sony a long time ago. It even had a cable you could attach between two of 'em (600 CDs!) so that it could seamlessly start playing another track while loading the next song. I dropped it during a move and the next time I opened the door, it spit gears at me. I had intended to fix it some day, but started watching Hoarders and decided it wasn’t worth it.

Can you elaborate on the scenario this is solving for? Isn’t software RAID a performance hit?

I have. I was kindergarten-aged and my friend was over and she didn’t flush. That was also the day that I learned that girls poop…a lot!

I made one of these when I was a kid using a ton of rubber bands. One of the “arms” flew off and hit me in the face. It was definitely not as fun as the cartoons advertised.

This may be the push I need to migrate to Nextcloud. I’m struggling to identify my use cases, though and am wondering if all I really need is Syncthing.

I’m using mandos with the server on a raspberry pi. Unfortunately, mandos doesn’t work with my Fedora boxes as far as I know.

I switched to Brother after my HP updated itself when I forgot why I had a particular firewall rule, deleted it and let the printer onto the internet to roam. It pulled down a patch which added an amazing security feature to block the use of the toner that I bought. I bricked it while trying to downgrade the firmware (after placing an order for their “certified” toner). I tried returning the toner, but couldn’t and eventually took it tongue recycling center, swearing to never buy HP again.

It depends on what you do with Docker. Podman can replace many of the core docker features, but does not ship with a Docker Desktop app (there may be one available). Also, last I checked, there were differences in the docker build command.

That being said, I’m using podman at home and work, doing development things and building images must fine. My final images are built in a pipeline with actual Docker, though.

I jumped ship from Docker (like the metaphor?) when they started clamping down on unregistered users and changed the corporate license. It’s my personal middle finger to them.

Y’all crack me up with many of these comments!