Not your admin but I suspect you can just go ahead and make the community. It’s part of the default lemmy kit.

I imagine you might be thinking of making the sign of the cross. Basicly people touch their heads, their chest of their heart, then the left and right shoulders. All with the tips of two fingers.

https://en.m.wikipedia.org/wiki/Sign_of_the_cross

As an ex catholic (now secular) you had me in the first half. I’ve never seen any chest beating though. That seems more of a Protestant thing to do.

TIL. Very cool.

Solaris was beautiful. But it could have been more secure if it had Mandatory Access Controls. One compromised app running as root, or one privilege elevation exploit and without mandatory access controls you’re done.

Even with user contained exploits without MAC you expose way too much.

Edit: Turns out Solaris had a MAC enabled variant called Trusted Solaris! I could have seen myself using this if Sun was still around and OpenSolaris had panned out.

https://en.m.wikipedia.org/wiki/Trusted_Solaris

In conclusion Solaris was not junk.

I like the fact that it is a solid mandatory access control system. With SELinux you are substantially more safe than without.

For example. Let’s say you are running a compromised version of OpenSSH. Threw a XZ style back door a hacker gets in as OpenSSH (which runs as root).

Without SELinux the system is fully owned. With SELinux the attacker can only access what OpenSSH needs to access even if they have root. They can’t just chmod files and folders wherever. That means your photos and application data are still secure. With the pre written SELinux policies this applies not just for OpenSSH but for every piece of software installed on your system. Everything is limited to the exact folders, ports, and system capabilities that it needs and no more. Even stuff like seperate websites being served under Nginx. You can have Nginx-subgroup-1 and Nginx-subgroup-2 where the applications can’t see each other even though they are being run as the Nginx user.

I don’t trust any Linux distro without this security layer.

It’s a little difficult to learn and master, but it’s totally worth it if you care about security.

Redhat put out a comic about it a few years ago explaining the basics. https://people.redhat.com/duffy/selinux/selinux-coloring-book_A4-Stapled.pdf

Thank goodness for selinux. Without it Linux would not be a secure OS.

And no AppArmor does not do the same thing. You need the mandatory part for mandatory access controls to work.

Kind of the opposite actually. PTX is in essence nvidia specific assembly. Just like how arm or x86_64 assembly are tied to arm and x86_64.

At least with cuda there are efforts like zluda. Cuda is more like objective-c was on the mac. Basicly tied to platform but at least you could write a compiler for another target in theory.

This seems really pedantic. Recommending 9gag because someone does not want to see constant bad news is just a but out there.

I mean they’re synced super fast to every file system. It works really well. Wayyy wayyy faster than nextcloud too. You can access them on that file system. If you want to “directly” access them you can always use the fuse driver. This being said there isn’t really a need to because all the files just are synced to your file system.

https://manual.seafile.com/latest/extension/fuse/

Another one is that if you delete a file on an encrypted drive it can’t be undeleted later on. Lots of benefits.

I mean if you have an angle grinder and a space to safely use it sure. But it’s still harder than just dropping the HDD off at an e-waste bin.

Fair. If you have access to a crusher then maybe I can see not encrypting. But even then with non encrypted drives files can be recovered even after deleting etc.

This is why backups are important. But even if the drive is encrypted recovering data is exactly as easy as recovery from a non encrypted drive.

1. Do a ddrescue of the drive.
2. Re apply the luks header.
3. decrypt all non corrupt sectors
4. Use appropriate tools to recover files.

Like you lose the same sectors if those sectors are encrypted or not.

Just backup the LUKs header files. No need to encrypt them as they’re inherently secure as the hard drives they would originally reside on.

True. This does work. But it is less secure and much harder than just tossing an encrypted HDD into an e-waste bin. It probably is more fun though. 🤔

I would strongly encourage people to encrypt their on site data storage drives even if they never leave the house and theft isn’t a realistic thing that can happen.

The issue is hard drive malfunction. If a drive has sensitive data on it and malfunctions. It becomes very hard to destroy that data.

If that malfunctioning hard drive was encrypted you can simply toss it into an e-waste bin worry free. If that malfunctioning drive was not encrypted you need to break out some heavy tools tool ensure that data is destroyed.

Talk about living in your head rent free.

But for the record I feel the same way. If it was a for profit company I would think there is a problem. But a non profit in a reputable legal system doing a donation drive for a good cause isn’t really “sus” at all.

That is a good reason to backup, but has nothing to do with encryption.

(For real though I have a backup of all of my drive LUKS headers stored on several media types on and off site.)

I think you need to relax a little here. Proton is a literal privacy focused non profit that follows the laws of where they are based. You can’t get much better than that.

Even in an ideal post scarcity would a non profit privacy focused organization that follows the laws of where it’s based is pretty ideal.