those disks were not spinning for maybe 3 weeks total

This is actually a good thing for longevity. Start up and stopping is the hardest part of a drive’s life. So you will see more failures on a personal PC that you turn off every night than a server drive running 24/7. Laptop drives will typically fare the worst as they may be power cycled many times a day, often fully stop when idle for power saving and get shaken much more than other drives.

Yeah, the music industry gets it and nearly everyone happily pays for Spotify as a result. Spotify is slowly enshitifying but it is still fairly convenient and has most things you would want to listen to.

I was on this train. I paid for Netflix for a handful of years. Really my only complaint is that I couldn’t share screenshots because of the DRM (you don’t want free advertising?). But then the selection went downhill, new seasons of shows I was watching started appearing on other services. The UI got worse and slow. I eventually started getting pissed off and was wondering why I was paying for a frustrating service.

I had a very similar arc for YouTube Premium a few years after that one, I must have been a subscriber for 5 years at least. But then it got worse and worse.

I don’t think this is a major “this is why people pirate”. Pirate sites also regularly get cracked (possibly more often the the average streaming service). It isn’t like bank details were leaked here so the only real difference is that in some pirate sites you don’t need a login at all.

Tumblr blogs all have feeds.

Ah great, so a messenger run by a data hoarding giant that resists usage of anything but the proprietary non-free client.

IDK, what else do they use? Email has to be the least bad option. At least with email you can choose your provider (or be your own).

YAML is fine as a configuration language and ok data input language.

YAML is absolutely cursed as a programming language. As in Ansible has created a really shitty programming language inside of YAML. Should be burned with fire.

Yeah, I don’t think there are many benefits when keeping the key on the same drive. Other than a bit of obfuscation. It does still help with erasing, as you can wipe the keyslots (rendering the key useless) but with modern storage media deletion is fairly hard to ensure. But still better than unencrypted.

The short answer is that Docker (and other containerization technologies) share the Linux kernel with the host. The Linux kernel is very complicated and shouldn’t be trusted to be vulnerability free. Exploitable bugs are regularly discovered in the Linux kernel (and Windows and Darwin). No serious companies separate different tenets with just container technology. Look at GCP, AWS, DigitalOcean… they all use hardware virtualization which is much simpler and much more likely to be secure (but even then bugs are found on occasion).

So in theory it is secure, but it is just too complex to rely on. I say that docker is good for “mostly trusted” isolation. Different organizations in the same companies, different software that isn’t actively trying to be malicious. But shouldn’t be used to separate different untrusted parties.

IMHO Arch is actually a great choice. They do have a minimum update frequency you need to maintain (I don’t recall exactly, I think it is somewhere between 1 and 3 months) but if you do, and read the news before updates (and you are usually fine if you don’t, usually the update will just refuse to run until you intervene) things are pretty seamless. I had many arch machines running for >5 years with no issues and no reason to expect that it would change. This is many major version updates for other distros which are often not as seamless.

That being said I am on NixOS now which takes this to the next level, I am running nixos-unstable but thanks to the way NixOS is structured I don’t need to worry about any legacy cruft accumulating from the many years of updates.

And after all of that I don’t think it really matters. I think any major distro you pick, weather stable, release-based or LTS will be fine. They all have some sort of update path these days. (unlike in the past where some distros just recommended a re-install for major updates).

Only if they gain possession when the device is running with the drive decrypted and they keep it running the whole time. That is a lot higher bar then being able to turn the machine on at any time and then recover the key. For example if this is a laptop that you are flying with. Without auto-decryption you can simply turn it off and be very secure. With auto-decryption they can turn it on then extract the key from memory (not easy, but definitely possible and with auto-decryption they have as long as they need, including sending the device to whatever forensics lab is best equipped to extract the key).

1. Wiping the drive is a lot easier, just overwrite the root key a few times.
2. If you store the key on a different drive you can safely dispose of the drive just by separating the two. (I do on my home server, keeping the decryption key on a USB drive. If I need to ship the server or discard old hardware I can just hold onto the thumb drive and not worry about the data being read.)

Security is always about tradeoffs. On my home server unattended reboots are necessary so it needs to auto-decrypt. But using encryption means I don’t need to worry about discarding broken hardware or if I need to travel with the server were it may be inspected. For my laptop, desktop and phone where I don’t need unattended reboots I require the encryption key on bootup.

Depending on the attacker of course. If they can read your RAM after auto-decrypt they can just take the encryption key.

I hope they are using more than just docker for isolation 😅 Each user should be running in a different VM for security.

That’s true. And I’m not saying B2 is bad, it is just something that you should be aware of.

Their automatic replication isn’t quite as seamless as GCS or S3 though. For example deletes aren’t replicated so you will need a cleanup strategy. Plus once you 2x or 3x the price B2 isn’t as competitive on price. My point is that it is very easy to compare apples to oranges looking at cloud storage providers and it is important to be aware.

For me B2 is a great fit and I am happy with it, but I don’t wan to mislead peope.

I think it depends on your needs. IIUC their storage is “single location”. Like a very significant natural disaster could take it offline or maybe even lose it. Something like S3 or Google Cloud Storage (depending on which durability you select) is multi-location (as in significantly distinct geographical regions). So still very likely that you will never lose any data, but in the extreme cases potentially you could.

If I was storing my only copy of something it would matter a lot more (although even then you are best to store with multiple providers for social reasons, not just technical) but for a backup it is fine.

I’ve been using Restic to Backblaze B2.

I don’t really trust B2 that much (I think it is mostly a single-DC kind of storage) but it is reasonably priced and easy to use. Plus as long as their failures aren’t correlated with mine it should be fine.

It’s really nice of them to collect the best piracy sites into an easy to navigate list! They even have proper linking between the index and PDF pages, that is some quality work.

Pacific Mall, Toronto

You know, they aren’t wrong. (Well at least this was well known when I was younger. IDK I thought it was cleaned up a bit in the last decade.)