For many places, it’s operational inertia. If you’ve had a hosting account at the same place since 1998, you’re bound to still have username/password access to services like FTP even though other (and better) options exist.

And then there is the issue of sole control. Many greybeards like myself still run traditional username/password auth on services because,

1. We have whitelisted our IP address, and if dynamic, keep that whitelist updated
2. That outside of said whitelisting, the service is a quasi-honeypot meant to protect the machine as a whole. Any connection made from outside the address space of my ISP, by anyone else, is by default considered malicious, and is banned instantly as a precaution. They don’t even get the opportunity to attempt a login; merely connecting to said service is sufficient evidence of hostile intent.

So while my setup is not ideal, it is ideal for myself. if I had anyone else as co-admin, or even clients, things would get stupidly complicated very quickly. But since it’s just me…

Research RAID more effectively.

RAID-10 is far more efficient not only as a transfer speed but also as redundancy across large arrays. It’s only nerf is storage inefficiency.

RAID-6 requires serious computing oomph to create the parity bits, which dramatically slows down writes and rebuilds. It also needs only two drive losses across any one array before the whole array dies. Conversely RAID-10 has only duplication, no parity, so compute load is far lower and writes/rebuilds are a lot faster, and it can have up to half of all drives fail before the array is irretrievably broken.

For the last decade I have been using IISCrypto to neuter older and obsolete algorithms. I just apply the most recent PCI profile and restart.

Now granted, this program is unknown to many security professionals I talk to, which is why I mention it here: it works on all NT versions of Windows after Vista. Super-easy to restrict a system to the stronger and more secure algorithms.

Doesn’t exactly help when most Android phones more than a year old won’t get these patches for many months or even years – if at all.

OpenBSD does not have a docker engine. Can this be installed without docker?

Another reason why, while AI might be a fun toy, no one who is serious about getting work done will touch it with a dirty barge pole. The gratuitous hallucinations alone ought to be a sufficient deterrent.

Considering how I have seen some servers configured, this is a very real problem.

RustDesk all the way, baby.

All of the mainstream router manufacturers have critically insecure firmware. Nearly all routers ship with hundreds of vulnerabilities, and sometimes even zero-days, even when initially released.

It’s why it is so important to find and acquire routers that are capable of being re-flashed with third-party firmware such as DD-WRT or OpenWRT.

Check with the router database of each project to see if what you currently own is eligible. DD-WRT enjoys wider support but is more limited in functionality. OpenWRT is more powerful but needs more capable hardware to run on.

I kept reading about people having trouble during the restore process.

It is Duplicati, and IMHO restores work best if they aren’t restores-in-place. As in, dump the restores in a central location then drag-and-drop the data into place. Most of the issues I have heard of involve restoring data and settings back to where it originally was backed up from, and restoring directly back to those places - other than fully user-controlled directories, such as Documents or Photos - seems to be problematic.

Other than that, I have been using it for nearly a decade and have done a number of restores - after total drive deaths, so not just accidentally deleted files - to great success.

The downside is that tweaking backups from within the hidden C:\Users\[username]\AppData\ directory involves many days of whack-a-mole to exclude untouchable normally-in-use files so you don’t get scads of errors in the backup process. Plus, there are a fair number of entries in there that don’t really need backing up. But once you get that to settle down, it’s largely smooth it’s-set-so-forget-it sailing.

As a security professional… yeah, nope. Nope, nope, nope.

Win11 has many usability issues, and Windows seems to accumulate more with every design decision, but reaming your arse open for someone else to bugger you via an exploit run under your own account is not one of them.

Thank you for that link.

Honestly, I don’t know why Lemmy doesn’t pester people to use Archive links when posting, or use an internal API call to auto-convert any link to an Archive link. It could make linkrot a thing of the past for this site.

Yyyyyup.

And I self-host precisely because of the money I save using surplussed hardware. I have a symmetrical 1Gb SOHO fibre connection from my ISP, so I can host whatever the hell I want, I just need to stand it up. And a beefy older system with oodles of RAM is perfect for spinning up VMs of various platforms for various tasks. This saves me craploads of money over even a single VM on cloud platforms like Vultr. Plus, even if I were to support a “heavy” service sufficiently in demand to warrant its own iron, it still costs me less than a year’s worth of hosting to obtain a decent platform for that service to run on all by it’s lonesome.

My only cloud costs end up being those services which are distributed for redundancy and geographical distance, such as DNS and caching CDNs.

even if the kernel has extra chromosomes.

Okay, that is a hilarious way of saying those forks are back of the short bus “ssssspecial”.

Will have to look into that, thanks.

One of my key implementation requirements, however, will be resiliency, which means simplicity will be a core feature. The more “moving parts”, the easier it will be to break.

flip phone

Almost all such phones are actually smart phones in a flip phone Edgar Suit. Especially if it has maps or YouTube or any kind of an App Store. I see a crapton of flip phones that run Android, which has all sorts of Google spyware piggybacking along.

I think there may be only two or three dumb flip phones or feature flip phones left on the market, and IIRC two are locked to specific networks.

If you want a bona-fide dumb phone, you might be limited to something like the rotary un-smartphone.

or toaster can’t do its basic job offline

pats my 1962 Sunbeam Radiant Toaster

Obligatory Red Dwarf toaster scene

Go for older laser printers. They’re bulletproof, cheap on toner, free of DRM, and even if they only come with an LPT port you can always build your own print server that gives you all the bells and whistles like AirPrint.

About 3-4 years ago I took a bit of a dive into the firmware of IoT devices. The utter lack of security and the amount of information being hoovered up to the mothership made me swear to never build anything “smart” into the renovations of my current home. Sure, there will be automation. There will be CCTV. There will be solar with battery backup for essentials. There will be conveniences of all kinds. But virtually all will be air gapped, incapable of remote rooting, and under my full control.

Hell, even my laser printers are HP models over two decades old - an HP 4050DTN and an HP 5000DTN - that are totally devoid of any DRM or “smart features” and can trivially take generic overstuffed cartridges that can do 20,000 sheets at 5% coverage.

VM

That still doesn’t solve 99.9% of my issues, it just tries to solve a problem for which I already have a solution actively in-place: a KVM.