Calculator Manipulator

  • 0 Posts
  • 22 Comments
Joined 6 years ago
cake
Cake day: April 16th, 2019

help-circle









  • Yes, failing to safeguard keys is fatal, but that applies to everything. But if fs you’re storing keys on is behind luks and they’re readable by root only - you’re as safe enough. There’re also LSMs like selinux that can increase the complexity of attack.

    I don’t know about nitrokey specifically, but TPM is an option (not good enough, imo) and a simple luks encrypted usb. You could get some convenience by storing the key to unlock it somewhere on the encrypted root.

    In general - you cannot stop a targeted attack no matter what, but staying safe from all the automated ones is doable.




  • in case you want to tell me what I have is fine and I don’t need an upgrade

    What you have is fine and you don’t need an upgrade 😁

    But we’re not looking for fine, are we? :)

    I would keep the gpu and get as many cpu cores and ram as my budget allows. Once you cross into “stupid amount of RAM” territory you can start utilising tmpfs for transient things such as jellyfin transcode directory to:

    • preserve those precious ssd writes (not really relevant anymore)
    • make it more efficient (feels-good kind of relevant)
    • running a filesystem in ram is really cool (most relevant, naturally :D)


  • In general - things that are colourful and/or have special effects.

    Blue Planet, Top Gun Maverick, Fast and Furious saga (not the first few, 4k made no difference there) come to mind first atm.

    Things that have acting and script itself as the main selling point generally are perfectly fine in 1080p. The Office and Slow Horses would be a good example of that, I suppose.

    Personally, I get everything I want my son to watch in the highest quality I can - Shawshank Redemptiom and Shutter Island are the latest additions to my library that, I think, would absolutely fine in 1080p, but… 4K HDR it is :D






  • No, comercial IPs are fine. You’ll have trouble with some of them - Digital Ocean is a notorious example - where the provider itself blocks outbound port 25 and there’s nothing you can do. I think DO only does that for new accounts.

    I myself am running it on Linode - it did get purchased by Akamai a couple of years ago, so I can no longer blindly recommend it - but so far it’s been working fine. One thing I did recently discover was the ability to request a /56 block on Linode - my pre-assigned IPv6 got blacklisted somewhere as at least the whole /64 and simply generating another IP from the same /64 did not help. Getting a fresh block solved it for me, though, and now I know that if this /56 gets blacklisted - it’s my fault. Unless, of course, I get caught up in a /48… 😳