Perhaps I’ve been naieve.

I have local incremental backups and rsync to the remote. Doesn’t syncthing have incremental also? You have a good point about syncing a destroyed disk to your offsite backup. I know S3 has some sort of protection, but haven’t played with it.

I have tailscale mostly set up. What’s the issue with USB drives? I’ve got a raspberry pi on the other end with a RO SD card so it won’t go bad.

This reminds me that I need alerts monitoring set up. ; -)

I’ll have to check this out.

I attended some LUGs before covid and could see something like this being facilitated there. It also reminds me of the Reddit meetups that I never partook in.

That’s something that I hadn’t considered!

I wasn’t aware of the untrusted setting. That sounds like a good option.

Yes. It’s the “put a copy somewhere else” that I’m trying to solve for without a lot of cost and effort. So far, having a remote copy at a relative’s is good for being off site and cost, but the amount of time to support it has been less than ideal since the Pi will sometimes become unresponsive for unknown reasons and getting the family member to reboot it “is too hard”.

Take some time and really analyze your threat model. There are different solutions for each of them. For example, protecting against a friend swiping the drives may be as simple as LUKS on the drive and a USB key with the unlock keys. Another poster suggested leaving the backup computer wide open but encrypting the files that you back up with symmetric or asymmetric, based on your needs. If you’re hiding it from the government, check your local laws. You may be guilty until proven innocent in which case you need “plausible deniability” of what’s on the drive. That’s a different solution. Are you dealing with a well funded nation-state adversary? Maybe keying in the password isn’t such a bad idea.

I’m using LUKS with mandos on a raspberry PI. I back up to a Pi at a friend’s house over TailScale where the disk is wide open, but Duplicity will encrypt the backup file. My threat model is a run of the mill thief swiping the computers and script kiddies hacking in.

You’re doing God’s work!

Over my career, it’s sad to see how the technical communications groups are the first to get cut because “developers should document their own code”. No, most can’t. Also, the lack of good documentation leads to churn in other areas. It’s difficult to measure it, but for those in the know, it’s painfully obvious.

🤔

I haven’t been out there in 15 years. I’ll have to check it out again!

I don’t know the legal side, but employers don’t want you to talk about your compensation with anyone. Maybe it’s legal, but definitely frowned upon.

Garden & walks fix a lot. Also, if you eat it off the plant directly, it doesn’t count against your diet!

I wanted to quit nagging my kids to close the pantry door. It conflicts with the fridge door and they’re both getting banged up pretty bad. I replaced one of the pantry door hinges with a spring hinge (and removed the latch mechanism from the handle) and now the pantry door closes on its own. Sometimes, I hear them fling the door open and hit the fridge anyways, but I giggle just a little when it bonks them on the head.

Consider what would happen if employees across the globe posted to an open database about their employer, position title, salary bonus and health care information. I’m sure we’d all be sued. How is this legal?

In the US, I’ve noticed several places, mostly restaurants that now charge a convenience fee for credit card transactions. Double bonus for cash. I’ve even started using checks again as they don’t have a fee.

Jeff? Is that you, son? I told you that it was nonnegotiable, now get off the internets, I’m expecting an important telephone call and don’t want you tying up the lines.

While there are a lot of good technical suggestions here, I’ve found that a conversation goes a long way. In my experience, when talking with loved ones, explain your emotions. Not “I hate this” or “the governments are listening!”, but those core emotions. “Having a device in my room that is always monitoring me makes me feel anxious and I don’t feel comfortable in a place where I should feel safe.” Make sure that the dialog is calm and remains about your feelings until you know that you’re being heard. If you aren’t, try other phrases or examples.

Once you’ve established your feelings, address their concerns and feelings (active listening). It sounds stupid at first, but it works. “I hear that you are frustrated when I don’t come down for dinner immediately.” Finally, propose some solutions that meet everybody’s needs and that the parties can select one to try out for a week and evaluate it’s effectiveness, trying new things until a mutually beneficial solution is found.

Good luck. Please post the outcome!

I’m not as enraged by this as most, but I think the true test will be to see if this feature is disabled by default in future releases. If they actually do listen to their users, that’s better than any of the other big players.

I read a bit about the new “feature” and it seems to me that they’re trying out a way to allow ad companies to know if their advertisement was effective in a way that also preserves the privacy of the user. I can respect that. I did shut it off, but am also less concerned because I have multiple advertisement removal tools, so this feature is irrelevant.

The fact that it’s enabled by default isn’t comforting, but who would actually turn this on if it were buried in about:config? In order to prove its effectiveness to promote a privacy respecting but advertisement friendly mechanism, this is what they felt that they had to do.

Of course, I could easily be all wrong about this and time will tell.

I don’t know if this applies directly, but in my early days of hosting a server for fun, I installed a telnet server because my phone didn’t have SSH at the time. I forgot to close it when i was done and someone got in and installed a password sniffer. This was a Slackware box, IIRC. My only indication that there was a problem was that the “.” & “…” directories didn’t appear from an “ls -Alf”. I pulled the network cable and booted to a boot image and discovered that many key system utilities were replaced with imposters that would mask that there was an intruder. The '“ps”, “ls” and other utils were symlinked to the “…” dir in /usr/local/lib.

I didn’t trust anything on that server and nuked it. Now, anything that’s internet facing is built from ansible and the config is stored in a repo and the repo is backed up on a drive that’s physically disconnected except when backing up. I’ve messed up the initrd from time to time and it’s usuall easier for me to reimage than try to fix it.