I have a UPS designed to run long enough to shutdown my server gracefully. I can manually turn it back on if the outage is extended.
If I was designing a critical service the ups would have enough runtime to switch over to some other power system (solar batteries, generator, second circuit, etc)
The key is defense in depth. Don’t trust anything more then you need to. Even if your router is compromised the hosts should be hardened, the traffic should be encrypted, etc
!yepowertrippinbastards@lemmy.dbzer0.com
Is generally the community where people alert others to mod abuse
Kde connect is also a option
That’s awesome!
Fair enough;
Do a dry run for a CLIENT key, make sure you have the libfido2 middleware installed and working; Ensure you have set your sshd_config file properly with no-touch-required
From the documentation " Note: not all tokens support disabling the touch requirement." so do a test client side before banging your head on it.
Can you explain to me the workflow you have envisioned for the host identity key in /etc/ssh being keyed of a FIDO2 secure element? You plug a secure element into a server?
Sounds like you want something like a HSM that integrates into your sshd to pull the certificates. Even then you have the chicken and egg problem, how do you identify the hardware to the HSM? You need some trusted boot environment, and now your down into vender specific implementations to “trust” the booted hardware.
https://developers.yubico.com/SSH/Securing_SSH_with_FIDO2.html
I followed this guide and works fine for me, macos client.
Lemme tell you about Lemmy, the community of loquacious learning
I just tell people about open source reddit, it’s called Lemmy.
Pop it into a different machine and use a tool like dban to wipe it.
Openstack has a huge ecosystem
I don’t have a solution for you, but I hacked together a kinesis keyboard and a trackpad using industrial velcro (since the kinesis 2 has a usb hub built in) it worked great.
3:2:1 - Cattle not pets - If your data is backed up in multiple sites, the death of one site shouldn’t overwhelm you, and give you time to recover.
If your primary site drives are getting above their designed lifetime, rotate them out, sure - but they could be used as part of the backup architecture else where (like a live offsite sync location with enough tolerance for 2 disk failures to account for the age).
3 copies of your data; 2 types of media; 1 copy offsite.
Why are you thinking about Lemmy if you don’t want to use Lemmy? Why does Lemmy live in your head rent free?
I can go months/years without thinking about 4/8 chan… (also, BTW you just lost the game)
Scenario 1.5
Pin a sensitive VM to a specific CPU that has no other VMs on it. This providers more isolation against known side channel attacks across VMs.
There is a bunch of angry brigading here for any of a multitude of reasons, and that shear wall of vitriol thrown at people doesn’t help lemmy grow.
Be well, have fun on your next adventure. You will be missed.
Get a slot adapter first, to male sure your use case works before doing the physical mods others are talking about