While lots of ppl will hate on Nextcloud, its pretty good. When you do the setup right, with cache and so on set up it’s fast and serves its purpose not only as cloud storage but as a collaboration platform where you can edit files with other ppl and much more.
If you only want a simple Web App to up and download files there are probably other solutions for that.
Looking at the research they are doing and actually looking critical and scientific on their own product, it is actually believable.
I am actually more worried about the USA honoring any contract or licensing agreementa on their end.
That should be part of the backup configuration. You select in the backup tool of choice what you backup. When you poose your array then you download that stuff again?
Yes, the secrets to submit to the distribution system got compromised and therefore the system got compromised.
To achieve a compromised update you either need to compromise the update infrastructure AND the key or the infratstructure AND exploit the local updater to accept the invalid or forged signature.
As i said, to compromise a signature checked update over the internet you need to compromise both, the distributing infrastructure AND the key. With just either one its not possible. (Ignoring flaws in the code ofc)
After gaining initial access, the malicious cyber actor deployed malware that scanned the environment for sensitive credentials.
So as I said, the keys got compromised. Thats what i said in the second post.
No you cannot, the pub key either needs to be present on the updater or uses infrastructure that is not owned by you. Usually how most software suppliers are doing it the public key is supplied within the updater.
This is incorrect. If the update you download is compromised then the signature is invalid and the update fails.
To achieve a compromised update you either need to compromise the update infrastructure AND the key or the infratstructure AND exploit the local updater to accept the invalid or forged signature.
Not completely correct. A lot of updaters work with signatures to verify that what was downloaded is signed by the correct key.
With bash curl there is no such check in place.
So strictly speeking it is not the same.
No this is just wrong.
Like almost all FOSS and closed source software
How do you know if they sell your data? How do you know the data is secured enough, so no data breach occurs? How do you know if everyone on the company developing it act in good faith?
That they collect completely useless metrics (except for marketing) like connected servers, says a lot about the company and the ppl behind this. Are the keys to your sever even stored locally? How could you know.
Why are you defending those ppl? What is you self intrest here? Enough companies have proof in the past that privacy policies are just text.
So they track you?
Have you been on social media? A lot of ppl acting up participating in racism, transphobia, hate speech etc. do not give a shit about protecting their identity. If the real name is not already on their profile, then their post makes them easily identifiable.
Also, there are enough laws out there that force social media providers to give out information about the users who do illegal stuff online. That would make almost everyone identifiable.
The reality is that law enforcment gives a shit about doing their job. And Social Media providers give a shit about actively protect users of those points, even tho they are obliged to in many jurisdictions.
And those handwritten notes are secure random passwords and never repeat?
Just too much work for the average person and too inconvenient to type.
Yes in this case i would not disagree. The overall stats look no good and if it is a single drive then yes. Get the data off.
I take issue with the general statement of yours:
If that number stays anything not 0, that means it’s toast. Can’t rely on it.
For data integrity you do not rely on single drives but on for example FS that handle that.
As i said in another post, the important thing about smart is not the values itself but if they are start to increase or not.
And even if an read error occurs, the sector gets remapped and you can restore the block/file from backup or the fs will handle it without interference.
Thats bullshit. I have multiple drives that have pending sector count higher then 1 and they perform perfectly fine after that for years now.
It is much more important if the numbers are increasing then how high the numbers are. You can have multiple bad sectors or on SSDs Media Errors and the drive will be good for years to come.
I would recommend data hygiene in the first place. Have a working backup! And if you can afford it (can you afford to loose your data) some kind of redundancy like raid zfs or therelike.
I have as of now multiple drives at home and work in operation that have some form of error but have not changed their error values in literally years. Could i have afforded to replace the drives? Sure, but i also could have had a drive as a replacement that fails during the first resilver of the array.
Simple put, no. In order to be save with a LLM that can execute stuff on its own it needs to be completely sandboxed.
A very nice talk about flaws in agentic AI can be found here: https://media.ccc.de/v/39c3-agentic-probllms-exploiting-ai-computer-use-and-coding-agents
I can also recommend the object storage from hetzner for backups. Quite price competitive.
I highly question the decision process to only include the lightweight and speed. There are much more important criterias to consider, like for example stability, maintainability, support etc.
I do not need yet another service that gets abonded 1-2 years after launch or goes subscription only etc.