Just a simple hole renders them useless. The only method to reconstruct them from there would be any kind of SEM or AFM which would still take weeks to months to years depending on the size/density of the drives.
Even just opening them up and smacking the disks would be sufficient
Next time just encrypt them.
Just because there is no update does not mean there are security vulnerabilities to worry about, or do you have a specific one that is not fixed?
The attack vector seems very narrow to me. It checks the container registry downloads the containers and runs some docker commands.
It has no interface, so in order to attack it you either have to compromise the container registry (but then it would be easier to compromise the containers you download) the secure connection used to download the containers (https is quite stable) or something on the server side.
Also the project does not really look that abundant to me.
EDIT: So i have not checked this, but watchtower is probably using docker for most steps anyway? So basically the only thing that could be attacked is via the notifications watchtower is sending?
Years out of date
What problems does it have? Never ran into an issue for my usecase.
Automatic updates. Works like a dream. Depending on what you are running it can obviously cause issues, either server side breaking or server,client communication issues
Most critical infrastructure like my mail i subscribe to the release and blog rss feed. My OSs send me Update notifications via Mail (apticron), those i handle manual. Everything else auto updates daily.
You still need to check if the software you use is still maintained and receives security updates. This is mostly done by choosing popular and community drive options, since those are less likely to get abandoned.
Was not aware ECH was actually in TLS 1.3 thanks for that. But yes it will take a long time for widespread adoption.
Actually no. The SNI is still not encrypted. So every site you are visiting can still be sniffed.
I encountered it now multiple times that new TLD are discriminated against. They are more likely to get blocked. This applies not only to Mails also to any more controlled network like free wifi networks or business networks.
Go with a classic .com .net .org or a country TLD if you can.
Btw, also applies to registrations on online services.
I am not understanding the issue you have with DNS?
Just have a script that updates the DNS entry to your current public IP. If you do not like Cloudflare there are plenty of other services that offer a free API with their DNS service.
I think you are misunderstanding something here.
Just subscribe to the release channel. That varies from OS to OS or Software, but is worth it.
Use tools that are universal. For example, I have not used TrueNAS Scale because they did not support native docker at the time. OS specific solutions are more likely to break then universal once (truecharts vs docker)
To get up and running again after a complete failure i can just download the latest config and data from my backup and set up any distro that supports docker and my system is running again.
I do OS upgrades when they are available, usually within 1 or 2 days and containers are updated with watchtower daily.
Then swap you nameservers to a DNS provider that allows that?
Immich requires to be run on a server to function, but a lot of (or even all) of its functions are things that could reasonably done entirely on-device. Aves combined with some automatic backup solution such as Nextcloud gets (from what I can tell) most of the functionality Immich offers.
How would you backup Immich on device?
And if you backup to Nextcloud than you already have a served?
So you are arguing that having a file server is enough? And processing is done on client side?
That would be in this case very inefficient.
I could come up with other points but this should give you an idea. Yes, for some use cases a server-client approach does not make sense but for a dedicated photo backup and indexer it absolutely does.
Really disliking that discord is used as helpdesk/forum. Not really searchable via the web.
Also no link to the repo.
All random data have high entropy, same for encrypted data.
That is exactly what i said.
If random or deleted or fragmented or corrupted files will lead to me being questioned, then every data carrier will lead to a lotof questions.
You cannot differentiate between random data or encrypted data, when it is done right. That is one of the reasons why you should initialize an encrypted drive with random data beforehand
The most relevant part is 5.18 and it only talks about partitions not files. A file can be way more easily hidden in a partition then a partition.
That is the point. They cannot find it. Yes they can try to force it out of you but then they would need to know it is there.
When you get searched for drugs and they do not find any, what does lea do?
On most systems copy pasting is heavily insecure since a lot of processes have access to the clipboard. autotype and thinga like browser extensions are considered more secure.