MicroOS is a decent choice, because it can cold boot off a configuration that uses ignition and combustion files. https://microos.opensuse.org/
And they have this file configurator so you don’t have to manually type all the syntax for your configs.
There are some sites dedicated to suggestions, or if you download the pi image burner tool it has a bunch of OS suggestions in the menu, like Pihole, Kodi media box, home assistant, etc.
I have a few running. One was setup as NAS and dlna music server using OpenMediaVault, one is a Volumio music player, my other one is Home assistant.
If you like old 80s-90s games there is RetroPi.
Too many choices really :)
Yes 2FA is good, but most people default to their phone being the tool, but your phone number can be ported by scammers, or is often the target of theft
The solution to that is you purchase a backup key and enroll both when presented with the QR image for new OTP links, or add a secondary FIDO key on some accounts. Then you store the other one in a fireproof box.
Or you use a cryptographic key and print it out using shard tool. The shard tool lets you specify how many splits and how many required for a tebuild. It prints out the shards and you distribute to safe places or people. They are useless by themselves but if you scan in the required amount of pieces the tool will rebuild your cryptographic key
Use a yubikey hardware device, only the person with the hardware in hand and password can unlock your accounts
Just takes a brute force or 0 day vulnerability to get master password access, then they have everything.
Something that seems secure never is online, like the 2017 Intel managetment vulnerability where remote attackers could access your computer by sending a null password, and access your keyboard and camera etc
Not sure about the distro being used, opensuse makes a docker zone to put docker interfaces on, those have their own ports and rules separate then the Ethernet assigned zone ports/services to allow. For me I had the opposite issue, I couldn’t reach my docker containers from my lan, onky from the local machine because the Ethernet was on an internal zone and Docker was on its own zone. I’m not a superskilled networker dude so I just turned on forwarding and masquerade so the incoming LAN zone would forward to doocker zone and pretend to be the local machine connecting and not a LAN or remote IP. I guess if you moved your dockers too the public zone you could get in trouble
Hardware raid is fine as long as you can still get the same hardware RAID card or Motherboard.
Wireguard between you and remote device like a pi. Set pi to portfowarding and masquerading on. It will then let you be on say a 10.x.x x network remotely but will send info on the remote LAN like it came from that pi local IP
They are still weird
For mine, not TrueNAS, I boot to a live USB stick, so drives are not in use and do an full gparted copy to a back up drive, so it is a clone. Should the system die I swap the whole drive out.
Are you using the CLI importer tool?
Depends, on how critical something is…since we deal with servers / customers at work that often are purposely not adjusted for years…because introducing a different behaviour (even if better) would grind production to a halt, I take a not careful approach.
I was using OpenSUSE Leap, and with zypper you can review which patches are available, whether they are critical or run recommended or not needed. You can then apply which specific patch you want be CVE if necessary.
But with Leap’s path seaming messy at the moment, I moved to Tumbleweed, since you have snapshotying built in. If an update did mess something up you just rollback to the previous snapshot and in less than a minute it is fixed
Volumio is a great tool for Pi or PC and has phone app to control music selection remotely. You can add music to the volumio player, or access dlna shares, as well as add on music services and internet radio
After trying a bunch I settled on trillium, it seemed the best of the bunch. My only complaint would be the cloning note wasn’t working like I expected. I think I expected the Clone to make a copy, but it was more of a symlink duplicate
I thought that was how pull requests worked, its a branch if you’veade a departure to edit code, you have the pull request and ask them to merge into the main branch. It should be visible to everyone so everyone can review the change.
They can try to argue that latency issue and the stale state were an unknown / unanticipated problem. Like when half of Canadas Rogers network went down affecting most debit payment systems. Testing of routing showed it OK, realworld flip went haywire.
Most services have a clause that they are not liable for unforseen issues… Depends how good the lawyers were when formalizing the contracts.
Oh shit, that’s terrible.
Yes, I bought a rocketfish drive enclosure years back, so dropped a drive in that, and attached vias USB. Never had issues with it.
Assign as data drive in Openmediavault.
Openmediavault had some plugins and settings to set folders2ram so that the initial SDcard OS is writting to RAM instead of constant writes to the SDcard.