I was surprised too. But a lot of the current NAS devices basically operate as hosting devices. It makes sense the hard drives are there the power is there the RAM is there the CPU is there. So for the low intensity containers and VMs you want to run like a Plex server, or DNS server, or tail scale it’s all right there
At this point, it might be easier just to buy a supported UPS. I’m glad the backups 850 is working. It’s a good data point
I followed your advice, and went through the settings, and try to enable the USB device. But it’s just not detected.
Oh the synology drive is a file system syncing utility, it provides local caching of a remote file system and then syncs the files back. It’s not the software that shuts down the computer
Right now when updates get applied to the NAS, if it gets powered off during the update window that would be really bad and inconvenient require manual intervention.
In memory caching, and the Amy cashing, well I think the file system would almost certainly be in a consistent state, you might lose data in flight if you’re not careful.
The real problem, that I need an nas for, is not the loss of some data, it’s when the storms hit and there’s flooding, the power can go up and down and cycle quite rapidly. And that’s really bad for sensitive hardware like hard disks. So I want the NAS to shut off when the power starts getting bad, and not turn on for a really long time but still turn on automatically when things stabilize
Because this device runs a bunch of VMs and containers as well closing down so that all of those rights get flushed is good practice
AND their Synology drive client requires administrative permission to install on Mac OS, and on Windows. Why? Why…
Well I’m ranting about this process, I have other complaints.
Synology.com - if you want to add a second factor to your account, requires a phone number to be the master factor, in case you lose your second factor. So if you’re worried about Sim jacking, or even just not having a consistent phone number for the lifetime of the deployment, it’s kind of a terrible practice. There’s no way to unlink all phone numbers from an account, you can only replace them with a new phone number.
Synology does actually support hardware USB keys, but only as a secondary factor behind SMS… Ai ya.
How will a vpn give away your location?
You don’t need a SIM card to have a TOTP app they’re totally independent
A VPN you pay for with crypto is probably more secure than driving to somebody’s public Wi-Fi for this use case. Driving to a location, sitting around while uploading a massive video on public Wi-Fi, it’s going to look very suspicious
Things like gapps are closed source, have full permissions, and cannot be installed only on some profiles.
Except in stock AOSP or grapheneos.
Agree that qubes is the gold standard. But not to let perfect be the enemy of good, the vast majority of people, the vast majority of people, the VAST majority, are going to be unable to run qubes, either by technical ability, availability of appropriate hardware, or portability reasons.
Mobile phones for all of their faults, are the most secure piece of general computing hardware most people have in their lives
The new Pixel phones get 7 years now. Things are improving
https://www.privacyguides.org/en/android/
There is no controversy. There’s a lot of people memeing. I haven’t seen a single security analysis, or survey of options, that didn’t put GOS at the very top. Look at privacy guides, they say graphene is great, but if you can’t use that divest is okay.
People may not like the leader, and the developers are very opinionated which turns other people off, but I don’t think there’s any questioning the pedigree and the level of security provided
I think lineage is a good operating system for a limited exposure use cases. Like a project phone on a safe network, or as a webcam, or is like a embedded hardware controller. But not on the raw internet, not processing raw internet data, not with open Wi-Fi, not with open Bluetooth.
Even with all of that, it should still be segmented from the rest of the network
I think it’ll generate 5 days converted into seconds number of operations.
To decrypt however, you have to do all those operations, so I think it would take 5 days to decrypt. Even if you wait 10 days to start the operation
You can use a hardware security key, like a yubi key, or a software fido2 equivalent.
That way it satisfies the two factor requirement, without using a phone number.
For initial registration you can use an SMS service like SMS pool or the others, you pay a little money, you receive a real text message to a real phone number. You just don’t have access to that number in the future
Your voice, vocabulary choice, lighting conditions, power interference frequency, can all give away parts of your location and identity. You have to choose what level of paranoia is sufficient
The most anonymous, would be to have a v-tuber like model, respond and parrot LLM generated voice audio, from a script that’s been translated a few times. Or pay a voice actor from Fiverr to read your script.
Of course this whole time, using a VPN.
This seems interesting. But for something so complex I would really like them to have a white paper to see how they achieve this.
https://eprint.iacr.org/2023/189 Other systems, for instance, use a third party network to broadcast the parts of the secret that are needed to decrypt over time. So you’re relying on a third-party service, and if that third party service disappears you can’t unencrypt
I think this person is just permanently a contrarian.
Randomizing the numbers does provide good security, because there’s no longer an oil imprint on the most frequently used numbers on the phone, making guessing the pin code much harder before the TPM locks the phone.
Phones are full fledged computers nowadays, with Android you can have different profiles. For their level of paranoia, they could have a profile they never use in public, and only login with a full password, only when they’re in a secure location.
For the randomized pin, and biometric two-factor use of a phone, that covers most use cases, and is quite secure compared to most models of data security average civilians use.
You can have different scopes, if you’re in a crowded place, reading Lemmy isn’t really a big security risk. But logging into your banking would be. All of that is possible on Android, the fact that they’re so staunchly pro computer, is difficult for me to take their analysis seriously
Google makes the most open and customizable phones. Unlocked bootloaders, the ability to sign your own code. Rapid security updates for baseband drivers.
Nobody else comes close.
https://grapheneos.org/faq#future-devices
Actually pine phone is really open, but it’s not android and nowhere ready to be a daily driver.
You see the boat in the photos? You see how it’s got a flat bottom, and a ramp that can be lowered? It is literally designed to land on beaches and offload cargo. No Pier needed
Hate to tell you, this is now the norm. Right now, today, thousands of corporate travelers!
Company creates a travel laptop, perhaps even just a completely empty kiosk laptop. Corporate traveler downloads critical data to the laptop in an enclave (like a presentation). They have a two-factor token with them. If they need to get back to the corporate network for whatever reason, they use remote desktop software and no data is stored on the local device. They’re given policies telling them that if the computer is out of their possession, or view at any time, that the device is not to be used whatsoever afterwards. Contact security and let them deal with it.
When the traveler comes back to the mothership, laptop is checked into IT, it’s completely wiped.
Does remote desktop software suck? Yeah. It’s better than the alternative though