Boo fuckin’ hoo… Good riddance.
- 0 Posts
- 28 Comments
Joined 2 years ago
Cake day: September 14th, 2023
You are not logged in. If you use a Fediverse account that is able to follow users, you can follow this user.
5·6 months agoDoesn’t “digital” imply “electricity”?
The integration part is because we would like for anyone to fit in, and not be confined to your ‘hood’
We don’t mind you not speaking the language, but English is usually not a first language, sometimes not even a second, and sometimes omitted. Especially in rural areas.
So yeah, it’s nice if we can actually have a conversation about the local soccer team, or town buffoon who thinks the government is conspiring about pricing covid shots too high…
The problem with SELinux/nftables/cgroups is that they don’t come with a centralised log aggregator, and they don’t do much blocking beyond the defaults for 99% of deployments.
You must not have heard of ®syslog.
Also, SELinux is a massive pain to set up (even compared to AppArmor), and setting it up correctly is even worse.
I beg to differ, I find SELinux easy to setup. But your mileage may vary, depending on one’s experience.
CrowdStrike does a lot of what SELinux does but it’s easier to configure, works on every operating system, and comes with tools to roll out configuration across an organisation. There’s nothing close to that in the open source world. Even if you set up something yourself, you’ll need to continuously tweak your setup not to get in the way of employees and to prevent alert fatigue from all of the false positives. Apparently, recent events show it doesn’t work on every OS… 😜
When talking about ease of use… Configuration is configuration. If you do not take the time to learn how to use your product, the product you know will always be better than the one you don’t. I’ve used Crowdstrike. I’ve battled them to get their kernel modules signing certificate to be signed by RedHat. I’ve battled them to have the possibility to have the auto update disabled. So no, I am not impressed by the quality of their product. I’ll bet any day a vanilla RHEL with the correct security related software and the latest updates outperforms and outclasses Crowdstrike.
I think a preconfigured solution like Security Onion combined with tons of group policy and Ansible can form an open source alternative, but that only monitors, whereas CrowdStrike also blocks. To block behaviour, you’ll need to write code for most platforms, and that’s just as likely to take down your org as an auto update from CrowdStrike. I can’t speak of MS products, as I have not managed them for 20 years, but all of this is not needed on a decent Linux distro.
What CrowdStrike is actually selling, is someone who actually looks at the system logs and who pushes a button when something pops up. Roughly.
There are better solutions on the market. Unfortunately CrowdStrike has the more aggressive sales team.
For those wondering, I’m referring to *nix based solutions like SElinux, appArmor, iptables, nftables, cgroups, … But you need to monitor your logs if you want to take appropriate action.
34·1 year agoIse kde, not gnome.
Aside from the obvious (company providing all the necessary tools) why not using libreoffice and saving it as M$ excel?
Surprise… Surprise… It’s a snap!
dnf upgradeAndpackage-cleanup --cleandupesShould have fixed it.
You may also want to check up on regulations and laws of your country.
In Belgium, for instance, I am responsible for any and all attacks originating from my PC. If you were hacked and said hackers used your computer to stage an attack, the burden of proof is upon you. So instead of hiring very expensive people to trace the real source of an attack originating from your own PC, enabling a firewall just makes sense, besides making it harder on hackers…
PostmarketOS might be a possibility…
I honestly have no idea. But I discovered it a decade ago when I needed to process a short film. Haven’t touched it since.
Maybe he has yours?
The question is not which tool should I use?
The question is what is it that you want to achieve? That will drive your choice of tools.
I want to mirror my drive can be achieved by a lot of tools. But I want to be able to restore a file I accidentally deleted up to 24 hours with a 1 hour interval is a totally different game.
For backups I am very fond of restic as it does a lot of things in a simple way: encryption, (incremental) snapshots, mounting of said snapshots, support various storage backends, policy based purging, tagging, …
Your tool may not be able to do all you need, like automated scheduled backups, so you will need to also learn cron (or whatever scheduler you may have)
And finally, what about maintenance? What should happen to all those files you’ve synced? How long do you want to keep them?
I came here to say this!
I tip my hat to you!
It’s how dns should have been.
And it is perfect. Now at least I can fork Firefox and not cause issues with the one maintained by mozilla, but have both on my system!
What kind of backup do you want to take? A config backup or a live system backup?
Live system backups are difficult, as you typically have locked files and files being written to. You would need agents which allow your apps to be suspended is a consistent state. Besides that you have mounted pseudo file systems which you don’t need to backup like /tmp, /sys, /proc. You could use file system snapshots, but not all fs support this. And knowing the default fs used on rpi, you’re out of luck.
Config backup on the other hand can be done rather easily. You list the dirs and files and you’re off. I use restic, which is a very flexible backup tool leveraging compression, snapshots and encryption. It even allows you to use cloud storage natively to store your backups.