It's likely only showing autocomplete for commonly used works, or maybe words that are statistically likely to be next, otherwise the list would be enourmous. There is a setting to not show offensive words, disabling that make is show pedophile as an option.
notabot
joined 6 months ago
The general process would look something like:
- Find all of the SSH keys you want to replace.
- For each of thise keys, identify everywhere you use it to authenticate, and write this down! This list will form the basis of the rest of the plan. Make sure you list all of the accounts/servers you log in to, and don't forget things like github or other external systems if you use them.
You'll need to perform the following steps for each SSH key you are replacing:
- Rename the public and private keys to something like
old_id_rsaandold_id_rsa.pub(obviously use the same type name as your key, just prefixold_) - In your
~/.ssh/config, add a line telling SSH to use the old key as well as the new ones:IdentityFile ~/.ssh/old_id_rsa(change the key filename as aporopriate) - Check you can still log in to the servers you could log in to before. It should still be using the old key, just with a different filename, so it should still work.
- Generate your new SSH keys
ssh-keygen -t ed25519 - Log in to each server and ADD the new
~/.ssh/id_ed25519.pubkey to theauthorized_keysfile or equivalent mechanism. Do not remove the old public key yet. - Remove the
IdentityFileline from your~/.ssh/config - Check you can log in to all your systems. This will validate that your new key is working.
- Remove your old public key from the
authorized_keysfile on each server you log in to.
Depending on your threat model you're going to want to do this more or less often, and so you may want to consider automating it with sonething like ansible if it'll be a regular job.
That's certainly an option, but depending on how paranoid you are that still typically means that a compromised server can overwrite all of its backup images on the NAS, which could leave you in trouble. If you can configure your NAS to only allow creation of new backups but not allow changing old ones, you might be ok.
The big difference between pull and push is which system has keys to access the other, and what an attacker could do with them. With your home network you might ultimately decide this isn't too important, but it's worth at least thinking about anyway.
In a push setup, each machine has some way (likely an SSH key) to authenticate to the NAS and push backup files to it. Each server has a different key to access a different path on the NAS, so if a server is compromised the attacker only gets access to that part of the NAS data, and if the NAS gets compromised, the attacker can't connect to anything but has access to the encrypted backups (you do encrypt the backups you care about, right?). This limits how much extra data the attacker can read, but has the downside you mentioned.
In a pull setup, the NAS has to have a way to connect to each server, typically as root for file access permissions. This means that if a server is compromised the attacker doesn't gain a way to access even a limited portion of the NAS, but if the NAS is compromised they gain access to keys to root access on every server, which is likely catastrophic.
A compromise solution can work. Have each server back up to a local file, then give the NAS permission to retrieve only that file, rather than root access. Whilst rsync isn't going to work for creating the single file backup, something like borg or restic would. This does mean you need more disk space on each server, but it also means that the server doesn't need direct access to the NAS, and the NAS only needs unpriviledged access to each server, mitigating the risk of a compromise.
Most of us are polite enough not to call you that publicly, but we're all thinking it really, really loudly.
Well, I'm no PugJesus, but I believe this is a reference to the ill fated Donner Party expedition of pioneers attempting to make the east to west journey to California. They became stranded in the Sierra Nevada region during the winter of 1846-47, and ended up resorting to eatting the bodies of the party members who'd perished in order to survive.
These are all very cute, but Junior really loves their stocking.
I wonder how many times we can get the money?
I very much doubt there would be a secobd time, or that you'd get to enjoy your split of the initial bounty. They're trying to turn the population against each other, and already vanishing people. This isn't rule of law stuff, this is "decades later their remain were found in an unmarked mass grave" stuff.
The best documents would be birth certificates for each generation, but there was a massive fire at the Dublin records office in 1922, which destroyed a lot of genological records from before then. If you have any information about where in Ireland your great grandparents were from, you may be able to find local records however. Things like parish registers and birth records for sone denominations were stored outside Dublin, so you may be able to find them, although it'll probably mean going there, or hireing to go there, as most of those records haven't been digitised.
Weirdly, staring at a bright light is one of the things that's almost guaranteed to put me to sleep. A phone screen works pretty well for that.
Fire the start, didn't we?
It's Yoda admitting to arson.
view more: next ›
I was initially of the same opinion, but actually, which of those would you be most offended to be called? I wonder if that's the scale they're using?