|
RFC2324 posted:It seems like something that would be more efficiently solved in another way, to me. One of those 'can we do things in a sane reliable engineered way, or come up with some wacky ssh solution?' situations. For one, if those boxes server as backups for each other(you mean clustered, right?) wouldn't you want them to have a shared backing datastore? You're thinking redundancy, This is for backups. Backups sharing the same datastore would be nonsensical. As far as why do it this way, it's probably partially historical and partially Unix philosophy. Remote differential backups are often done using rsync over SSH. ZFS snapshot backups are basically that at the filesystem level. SSH provides a trustworthy, secure, reliable, and compression-capable tunnel even over the open internet, so why reinvent the wheel on that part? The Unix philosophy part comes in there too, do your thing and lean on other tools to do their part. If SSH ever falls out of favor for whatever reason it can be replaced relatively easily by whatever takes its place.
|
# ? Sep 4, 2017 03:55 |
|
|
# ? May 22, 2024 08:12 |
|
wolrah posted:You're thinking redundancy, This is for backups. Backups sharing the same datastore would be nonsensical. Also keeping backups on a different machine makes it much harder to gently caress them up. If you know server BACKUP-GOKU-CLOUD-420 will only every contain backups and nothing else ever, it's much easier to reconize you should be super careful with everything in there. Compare this to keeping it on the same data store and you unknowingly make a linked directory to your backup directory inside the same directory as your file server. You forget to perform a 'rm' recursively while setting the option to not follow hardlinks and backups are gone super quick. Mainly another system for backup is for a user to properly feel "we are not in Kansas anymore" and realize they have to do things different. At least that is my experience from IT and dev work.
|
# ? Sep 4, 2017 04:08 |
|
How I Accidentally Framed Myself for a Hacking Frenzy
|
# ? Sep 4, 2017 04:31 |
|
EVIL Gibson posted:Also keeping backups on a different machine makes it much harder to gently caress them up. If you know server BACKUP-GOKU-CLOUD-420 will only every contain backups and nothing else ever, it's much easier to reconize you should be super careful with everything in there. yes, but this is all true, but why wouldn't you use an actual backup solution instead of copying snapshots across the network via ssh?
|
# ? Sep 4, 2017 06:58 |
|
RFC2324 posted:yes, but this is all true, but why wouldn't you use an actual backup solution instead of copying snapshots across the network via ssh? As long as it can be proven the backup data is on a separate system (one bad power supply killing both redundancy and backups is something I don't want to worry about )and then be able to tested and used to rebuild back to a state representative of the data; I really don't care if you are using flocks of parakeets to carry 64gig micro SD cards to do the restoration just as long as it is back.
|
# ? Sep 4, 2017 07:14 |
|
RFC2324 posted:yes, but this is all true, but why wouldn't you use an actual backup solution instead of copying snapshots across the network via ssh? If you're using ZFS you're probably already taking a snapshot as part of your backup process, so why not skip the middleman, at least for your primary backups? Also useful for DR sites.
|
# ? Sep 4, 2017 07:41 |
|
Started out with the Georgia Weidman book and oh my god this is much funner and kind of easier than I thought. It helps that I know a lot of scripting and have worked with assembly. It's like everything I've learned points here BTW, I had no idea there were these many tools to attack something
|
# ? Sep 4, 2017 11:05 |
RFC2324 posted:It seems like something that would be more efficiently solved in another way, to me. One of those 'can we do things in a sane reliable engineered way, or come up with some wacky ssh solution?' situations. For one, if those boxes server as backups for each other(you mean clustered, right?) wouldn't you want them to have a shared backing datastore? In this situation, a friend and I have agreed to serve as additional backup (in addition to whatever other backup solutions we use; I have spideroak and an off-line disk - dunno what he uses) for each other, for stuff that's not private but is nevertheless stuff that we'd like to keep even if our houses spontaneously burst into flames, and not have to restore from cloud since +5TB has a habit of taking a rather long time. We use zfs send | receive, ssh and mbuffer to transfer between each of our servers, after the initial backup which was done at a LAN party. The incremental reverse delta nature of ZFS snapshots ensure that it's only changed data at the byte level as well as any new data that's actually transferred, which means it's even faster than if rsync was being used (because that works at a file level). All that being said, I've also seen it used for fail-over in case of disaster-recovery for actually-critical data, which is where I got the idea.
|
|
# ? Sep 4, 2017 12:39 |
|
D. Ebdrup posted:I've obviously mis-phrased myself, and made it sound more mission-critical than it is. Sure. I get you, but understand that it isn't normal to use a backup as a or part of live environment except for the times it needs to be talked to when backing up things. How frequently do you do this back up? Even if you just roll off the 'backup' zpool (is backup on it's own vdev?) to an external drive every once in awhile and be able to say, 100%, your data is safe and can be recovered no matter if the zpool had multiple drives just fail at the same time (much more common than you would think in any raid especially if using hard drives from the same batch)
|
# ? Sep 4, 2017 16:39 |
EVIL Gibson posted:Sure. I get you, but understand that it isn't normal to use a backup as a or part of live environment except for the times it needs to be talked to when backing up things. Believe me, I'd love to not have had a cancer diagnosis and have been able to find a job so that I could do things in a more sane way, but that's not how things turned out.
|
|
# ? Sep 4, 2017 17:39 |
|
So...yeah. That happened. https://twitter.com/GossiTheDog/status/905946778608050176 https://twitter.com/x0rz/status/906046732722679808 https://twitter.com/mrjohnkelly73/status/906048026665472001 https://twitter.com/Daniel15/status/905953979934187520 Potato Salad fucked around with this message at 14:08 on Sep 8, 2017 |
# ? Sep 8, 2017 14:01 |
|
July 29th, they knew that they had a breach. Three managers dumped stock shortly afterward but it was totally coincidental. August 22nd, they register a domain as outreach regarding the breach. September 7th, they announce the breach. For the first time in my career, I am way more interested in how the bureaucracy played out than the technicals of the breach.
|
# ? Sep 8, 2017 14:49 |
|
I'm not sure data security regulations are a good idea, but maybe those are worth a try and this fuckup will prompt some action on that front.
|
# ? Sep 8, 2017 14:55 |
|
Lain Iwakura posted:July 29th, they knew that they had a breach. Three managers dumped stock shortly afterward but it was totally coincidental. It wasn't just "three managers," it was the CIO, CEO, and another dude. Insider trading is something that we actually still seek justice for in this country, so expect them to be at least investigated.
|
# ? Sep 8, 2017 15:05 |
|
Lain Iwakura posted:For the first time in my career, I am way more interested in how the bureaucracy played out than the technicals of the breach. You're growing up so fast, girl.
|
# ? Sep 8, 2017 15:07 |
|
Subjunctive posted:You're growing up so fast, girl. I blame some recent projects at work for making me get over my aversion to policy.
|
# ? Sep 8, 2017 15:10 |
|
Lain Iwakura posted:I blame some recent projects at work for making me get over my aversion to policy. I kind of like it that way, there's something about working with people that get you a most satisfying feeling than just the technical aspect. Especially when you show just how dumb some people are with their data.
|
# ? Sep 8, 2017 15:45 |
|
People can change technology. Technology can't change people.
|
# ? Sep 8, 2017 15:47 |
|
Subjunctive posted:Technology can't change people. Depends on the technology really.
|
# ? Sep 8, 2017 16:18 |
|
Sure, prosthetics are a good example, or ECT. And not all people can change technology.
|
# ? Sep 8, 2017 16:19 |
|
potentially dumb question: If I put a veracrypt volume in my google drive, then make changes on the drive (mount it, add/remove files etc, unmount it) would google drive sync those changes?
|
# ? Sep 8, 2017 16:47 |
|
I have little doubt that I'm a different person now than I would have been without the internet over the past 30 years. It seems like the hard part is to make intentional (particularly social / psychological / behavioral) changes in people with technology, though.
|
# ? Sep 8, 2017 16:48 |
|
Yeah, our lives would be different without electricity as well. That's not quite where I was headed.
|
# ? Sep 8, 2017 16:56 |
|
well why not posted:potentially dumb question: Yes, once you unmount it. But they won't be able to upload the diff only because, being encrypted, the differences in the files will be all over the place (whereas for unencrypted files they can just do that, to save bandwidth). So chances are your whole volume will have to be re-uploaded fully each time, so don't make it too large.
|
# ? Sep 8, 2017 17:09 |
|
Subjunctive posted:Yeah, our lives would be different without electricity as well. That's not quite where I was headed. I know, I wasn't disagreeing with you, I was just contributing to the conversation.
|
# ? Sep 8, 2017 17:11 |
|
Potato Salad posted:So...yeah. I honestly feel like giving up on this industry sometimes. It doesn't matter what we do from an infosec perspective, this poo poo is only getting worse. It's disheartening as gently caress that still, after all these breaches, including new ones like this, it feels like we're fighting an uphill battle.
|
# ? Sep 8, 2017 17:31 |
|
CLAM DOWN posted:I honestly feel like giving up on this industry sometimes. It doesn't matter what we do from an infosec perspective, this poo poo is only getting worse. It's disheartening as gently caress that still, after all these breaches, including new ones like this, it feels like we're fighting an uphill battle. Its okay. It has always been on fire, everyone everywhere is running around with their hands on fire right now, and especially with the commoditization of IT, people will be running around with their hands on fire in the future. https://twitter.com/awoodash/status/906193650421551105 This one reminded me of The Phoenix Project
|
# ? Sep 8, 2017 17:43 |
|
|
# ? Sep 8, 2017 17:47 |
|
Here's my cynical take on this: https://twitter.com/KateLibc/status/906187950974689280 If the insider trading didn't occur, this would be far, far less worse for them. Now they'll have to deal with having the SEC go over a decade of trades from their organisation. TransUnion is going to take a lot of notes from this to ensure that they ride this out better.
|
# ? Sep 8, 2017 17:52 |
|
Thermopyle posted:I know, I wasn't disagreeing with you, I was just contributing to the conversation. Yeah, sorry. Sick and cranky today.
|
# ? Sep 8, 2017 18:03 |
|
The Phoenix Project is a good book, I would highly recommend to anyone in this thread. This is good.
|
# ? Sep 8, 2017 18:12 |
|
Subjunctive posted:Yeah, sorry. Sick and cranky today. It happens to everyone!
|
# ? Sep 8, 2017 18:14 |
|
CLAM DOWN posted:I honestly feel like giving up on this industry sometimes. It doesn't matter what we do from an infosec perspective, this poo poo is only getting worse. It's disheartening as gently caress that still, after all these breaches, including new ones like this, it feels like we're fighting an uphill battle. Infinite job security
|
# ? Sep 8, 2017 18:32 |
|
CLAM DOWN posted:I honestly feel like giving up on this industry sometimes. It doesn't matter what we do from an infosec perspective, this poo poo is only getting worse. It's disheartening as gently caress that still, after all these breaches, including new ones like this, it feels like we're fighting an uphill battle. As long these companies are seen as victims only it'll keep happening. My opinion is that they are only partly victim. They have their fair share of responsibility and they should somehow be held accountable for that. After all, if I leave my door open (or don't put enough locks on it, even) my home insurance isn't going to compensate me when somebody breaks in. This is the exact same thing.
|
# ? Sep 8, 2017 18:36 |
|
Cup Runneth Over posted:Infinite job security
|
# ? Sep 8, 2017 18:40 |
|
Furism posted:After all, if I leave my door open (or don't put enough locks on it, even) my home insurance isn't going to compensate me when somebody breaks in. This is the exact same thing. According to this post thats not exactly the case: Thomamelas posted:They treat them exactly the same as burglary claims made because someone forgot to lock the door. They try to nickle and dime you over the replacement value of the items lost and then cut a check. Very few home owners insurance policies require forced entry. And something like 40% of all burglaries don't involve forced entry. They also pay out if you leave the keys in the ignition and the car is stolen. The claims adjuster might try to screw you more but that's a personal choice on their part rather than a legal one.
|
# ? Sep 8, 2017 18:41 |
|
My insurance requires a 5 points-lock for the front-door otherwise if it's breached they don't compensate me (or not fully). It's not a 100% comparison, ok, but I think you get my analogy
|
# ? Sep 8, 2017 18:43 |
|
Cup Runneth Over posted:Infinite job security
|
# ? Sep 8, 2017 18:43 |
|
This is me doing infosec
|
# ? Sep 8, 2017 18:58 |
|
|
# ? May 22, 2024 08:12 |
|
So literally any info, even fake garbage, was likely at risk? Dang I guess we should all sign up for the credit monitoring. Borrowed this from another thread: quote:You give up your right to sue Equifax. If you get the credit monitoring service, you must agree to submit any complaints against Equifax to arbitration. You can’t sue on your own behalf, and you can’t join a class-action case or benefit from any class-action settlement that Equifax agrees to. Well alright then.
|
# ? Sep 8, 2017 22:06 |