|
fyi i've been using https://rdiff-backup.net/ for over a decade now for periodically making mirrors, it's insanely good uses the rsync protocol over ssh, but on the mirror end, it keeps the current mirror, and then an increments directory with diff files to all the previous mirrors so you can restore any file to any point in time in just a couple seconds, and takes barely any extra space for changes e: there's smarter solutions these days, but imo none yet that are both as simple and work on p. much any hardware from ancient embedded poo poo to modern servers
|
#
?
Jul 1, 2022 15:49
|
|
|
|
| # ? Apr 26, 2024 18:33 |
|
|
Subjunctive posted:oh gosh that’s the worst reason to do anything. hope it works out for you! me too
|
|
#
?
Jul 1, 2022 15:50
|
|
|
Beeftweeter posted:yeah i just edited it because i realized the way i worded it made it sound dumb as hell lol. thanks, some turbonerd is trying to advocate for sftp and i'm trying to shut them down I know sftp has been around as long as about ssh2 but I have never seen it used in any documentation or testing or production stuff. I think I've seen gui based file transfer clients for windows that might have used it, but that's about it. I use rsync for everything, since it does both local and remote copy. But I'll use scp in edge cases or if I feel like it. The only reason I could see a recommendation for sftp is maybe to reduce attack surface. But if everyone is using rsync anyway, it would just be easier to configure authorized_keys to restrict commands to rsync only or something
|
|
#
?
Jul 1, 2022 16:04
|
|
|
sb hermit posted:I know sftp has been around as long as about ssh2 but I have never seen it used in any documentation or testing or production stuff. I think I've seen gui based file transfer clients for windows that might have used it, but that's about it. yeah towards the end it was more "there are windows guis" than anything, but when i pointed out rsync has way better transfer characteristics simply because it's not going file by goddamn file that seemed to settle it they were initially agitating about it being less secure so i was basically like, okay, so sftp is also? lol
|
|
#
?
Jul 1, 2022 16:10
|
|
|
sftp is just a module for the ssh server isn't it? mostly replaces scp by not being awfully slow is what i got from it, but if you're already using rsync i don't think it matters you can limit ssh connections to sftp only which doesn't let you access a real shell, but if you're doing that you can also make it so your backup ssh key can only access rsync and is read only 
|
|
#
?
Jul 1, 2022 16:13
|
|
|
Truga posted:sftp is just a module for the ssh server isn't it? mostly replaces scp by not being awfully slow is what i got from it, but if you're already using rsync i don't think it matters it seems to differ based on the implementation actually. some of the guis sftp guy was yelling about didn't work with dropbear, but openssh was ok. tbh i'm not sure there's an actual standard, which is another mark against it
|
|
#
?
Jul 1, 2022 16:22
|
|
|
z/os, at least the testing vms i use occasionally, are set up so that sftp transfers files as is and scp converts files to/from ebcdic as they are transferred. only time i've really used sftp. also funny when i forget which is which and download an ascii file from the z system using scp and it's unreadable because it was helpfully translated from "ebcdic" on the way over.
|
|
#
?
Jul 1, 2022 16:32
|
|
|
it depends on what you're trying do do. if you need to repeatedly copy the data and want to take advantage of the benefits rsync brings to the table, use rsync over ssh. if you aren't using trying to synchronize directories between two machines, and aren't taking advantage of incremental transfers (if you're moving tarballs, it sounds like you aren't), then getting rsync involved is needlessly complex and you really should just be using the sftp subsystem built in to ssh.
|
|
#
?
Jul 1, 2022 16:39
|
|
|
Beeftweeter posted:tbh i'm not sure there's an actual standard, which is another mark against it lolwat https://www.sftp.net/specification
|
|
#
?
Jul 1, 2022 16:40
|
|
|
nudgenudgetilt posted:it depends on what you're trying do do. if you need to repeatedly copy the data and want to take advantage of the benefits rsync brings to the table, use rsync over ssh. if you aren't using trying to synchronize directories between two machines, and aren't taking advantage of incremental transfers (if you're moving tarballs, it sounds like you aren't), then getting rsync involved is needlessly complex and you really should just be using the sftp subsystem built in to ssh. nah, that was worded poorly. i've got the rsync output being piped to tar on the client
|
|
#
?
Jul 1, 2022 16:40
|
|
|
so its... not standardized? lol
|
|
#
?
Jul 1, 2022 16:41
|
|
|
if it's secure enough and the systems administrators are familiar with it, I see little reason to change from rsync to sftp
|
|
#
?
Jul 1, 2022 16:42
|
|
|
Beeftweeter posted:so its... not standardized? lol that page links to the twenty year old ietf standard implemented by pretty much every server https://datatracker.ietf.org/doc/html/draft-ietf-secsh-filexfer-02
|
|
#
?
Jul 1, 2022 16:42
|
|
|
chatting with our it sec guys today about something and said "I mean look, if you want to treat it like that just go and cut the cables so there's no internet access at all" and the response was "if I could cut every connection to this building, i would". can't disagree with them tbh
|
|
#
?
Jul 1, 2022 16:45
|
|
|
sb hermit posted:if it's secure enough and the systems administrators are familiar with it, I see little reason to change from rsync to sftp the biggest issue with rsync these days is that it's relatively heavy weight and isn't everywhere. it especially isn't often found on systems running dropbear as op has mentioned -- not due to lack of compatibility, but because you run dropbear on resource constrained machines like embedded devices.
|
|
#
?
Jul 1, 2022 16:45
|
|
|
nudgenudgetilt posted:that page links to the twenty year old ietf standard implemented by pretty much every server true enough, but lots of the newer features dont seem to be widely implemented it doesn't really matter anyway rsync won the day
|
|
#
?
Jul 1, 2022 16:46
|
|
|
nudgenudgetilt posted:that page links to the twenty year old ietf standard implemented by pretty much every server except, apparently, dropbear
|
|
#
?
Jul 1, 2022 16:47
|
|
|
sb hermit posted:except, apparently, dropbear dropbear happily supports sftp using the sftp component from openssh. dropbear just doesn't ship with it's own sftp component.
|
|
#
?
Jul 1, 2022 16:49
|
|
|
Powerful Two-Hander posted:chatting with our it sec guys today about something and said "I mean look, if you want to treat it like that just go and cut the cables so there's no internet access at all" and the response was "if I could cut every connection to this building, i would". 
|
|
#
?
Jul 1, 2022 17:05
|
|
|
We get good cell reception. Maybe everyone should just run spotify on their smartphones.
|
|
#
?
Jul 1, 2022 17:05
|
|
|
sb hermit posted:We get good cell reception. Maybe everyone should just run spotify on their smartphones. if you're really serious you ban phones too.
|
|
#
?
Jul 1, 2022 18:02
|
|
|
Powerful Two-Hander posted:chatting with our it sec guys today about something and said "I mean look, if you want to treat it like that just go and cut the cables so there's no internet access at all" and the response was "if I could cut every connection to this building, i would". i guy i know had his workplace do exactly that after repeated hacking attempts
|
|
#
?
Jul 1, 2022 18:08
|
|
|
Just created a rule to report every email I receive as phishing. What are the implications of this rule?
|
|
#
?
Jul 1, 2022 18:11
|
|
|
3hands posted:Just created a rule to report every email I receive as phishing. What are the implications of this rule? the people receiving the reports get mad at you; you never receive any emails because they’re automatically removed as part of the report - the implications of this are up to your organization
|
|
#
?
Jul 1, 2022 18:17
|
|
|
Powerful Two-Hander posted:chatting with our it sec guys today about something and said "I mean look, if you want to treat it like that just go and cut the cables so there's no internet access at all" and the response was "if I could cut every connection to this building, i would". That's always the problem isn't it? Some dumb environment or dev or C-suite guy or whatever says "We need this server to be isolated from everything." Me responding hopefully. "Everything, really?" Dev "Yes everything, this needs to be it's own environment isolated from everything." "Great!" Create an unrouteable vlan with the server on it and a bastion host for access. 2-weeks later....Actually we need access to github, the internet, my home IP address, our AD envrionment, full access to prod, and an incoming webhook so we can get to it from a customers AWS account. 
|
|
#
?
Jul 1, 2022 20:06
|
|
|
ate poo poo on live tv posted:That's always the problem isn't it? Some dumb environment or dev or C-suite guy or whatever says "We need this server to be isolated from everything."
|
|
#
?
Jul 1, 2022 20:10
|
|
|
ate poo poo on live tv posted:That's always the problem isn't it? Some dumb environment or dev or C-suite guy or whatever says "We need this server to be isolated from everything." sounds familiar. needs more ipsec tunnels to other random networks it has no business being connected to, just for futureproofing sake tho.
|
|
#
?
Jul 1, 2022 21:34
|
|
|
Truga posted:fyi i've been using https://rdiff-backup.net/ for over a decade now for periodically making mirrors, it's insanely good I like GoodSync, cross platform-ish with nice UI and it can do SFTP and differential backups but also supports all kinds of cloud poo poo too
|
|
#
?
Jul 2, 2022 05:01
|
|
|
holy poo poo this has gotta be the weirdest investment I've ever heard of. Back in 2019, the University of Maastricht was hit by cryptolocker malware. After a week the university decided to pay the 200K eur ransom in bitcoins because they were about to permanently lose a lot of important data. The police managed to track the bitcoins and found a way to seize a crypto wallet from a mondey launderer recently. They returned the original bitcoins to the university, but since the bitcoins had a net rise in value since 2019, they're now worth 500K eur.
|
|
#
?
Jul 2, 2022 09:05
|
|
|
They only recovered 4.54 of the 30 bits coin that were paid as ransom, but in euro it's 2.5x as much
|
|
#
?
Jul 2, 2022 09:14
|
|
|
Carbon dioxide posted:holy poo poo this has gotta be the weirdest investment I've ever heard of. they're not worth that much now lol
|
|
#
?
Jul 2, 2022 10:06
|
|
|
Beeftweeter posted:they're not worth that much now lol Apparently they seized the wallet last year so maybe they managed to cash out just before the crash, news only came out now.
|
|
#
?
Jul 2, 2022 11:26
|
|
|
the numbers don't really add up. if they've recovered 4.54 bitcoin like dutch media is reporting, and it's worth €500k, then the price should have been €110k per coin and it never went anywhere near that high.
|
|
#
?
Jul 2, 2022 11:48
|
|
|
oh wait the 4.54 were from the university but tye wallet they seized had other coins on it too, and they seized all of it.
|
|
#
?
Jul 2, 2022 11:50
|
|
|
Carbon dioxide posted:holy poo poo this has gotta be the weirdest investment I've ever heard of. thank you, heartwarming ransomware stories are so rare i think the last one was the ukrainian that leaked a ton of chatlogs from a ransomware group
|
|
#
?
Jul 2, 2022 18:11
|
|
|
sb hermit posted:I wish to push this 500k merge into your source tree but I require 10K lines from you as a good faith investment Criminally undernoticed post
|
|
#
?
Jul 2, 2022 20:23
|
|
|
Volmarias posted:Criminally undernoticed post Thank you! I also hope someone picked up on sb hermit posted:The SMS should say "You are transferring $5000 to Kirk to purchase a ticket to the Razor afterparty. To confirm, repeat the following code to the service agent: 80085"
|
|
#
?
Jul 2, 2022 20:31
|
|
|
Ah yes, the classic Nigerian PRince scam
|
|
#
?
Jul 2, 2022 20:31
|
|
|
sb hermit posted:Thank you! I also hope someone picked up on should be razer edit: actually kirk spelled it razor, it's canon https://forums.somethingawful.com/showthread.php?threadid=3459842&userid=42391 ymgve fucked around with this message at 20:43 on Jul 2, 2022 |
|
#
?
Jul 2, 2022 20:36
|
|
|
|
| # ? Apr 26, 2024 18:33 |
|
|
 https://twitter.com/campuscodi/status/1544417552843116545 Severity: High The OpenSSL 3.0.4 release introduced a serious bug in the RSA implementation for X86_64 CPUs supporting the AVX512IFMA instructions. This issue makes the RSA implementation with 2048 bit private keys incorrect on such machines and memory corruption will happen during the computation. As a consequence of the memory corruption an attacker may be able to trigger a remote code execution on the machine performing the computation. SSL/TLS servers or other servers using 2048 bit RSA private keys running on machines supporting AVX512IFMA instructions of the X86_64 architecture are affected by this issue.
|
|
#
?
Jul 5, 2022 22:57
|
|
