That should be part of the backup configuration. You select in the backup tool of choice what you backup. When you poose your array then you download that stuff again?

Yes, the secrets to submit to the distribution system got compromised and therefore the system got compromised.

To achieve a compromised update you either need to compromise the update infrastructure AND the key or the infratstructure AND exploit the local updater to accept the invalid or forged signature.

As i said, to compromise a signature checked update over the internet you need to compromise both, the distributing infrastructure AND the key. With just either one its not possible. (Ignoring flaws in the code ofc)

After gaining initial access, the malicious cyber actor deployed malware that scanned the environment for sensitive credentials.

So as I said, the keys got compromised. Thats what i said in the second post.

No you cannot, the pub key either needs to be present on the updater or uses infrastructure that is not owned by you. Usually how most software suppliers are doing it the public key is supplied within the updater.

This is incorrect. If the update you download is compromised then the signature is invalid and the update fails.

To achieve a compromised update you either need to compromise the update infrastructure AND the key or the infratstructure AND exploit the local updater to accept the invalid or forged signature.

Not completely correct. A lot of updaters work with signatures to verify that what was downloaded is signed by the correct key.

With bash curl there is no such check in place.

So strictly speeking it is not the same.

Simple put, no. In order to be save with a LLM that can execute stuff on its own it needs to be completely sandboxed.

A very nice talk about flaws in agentic AI can be found here: https://media.ccc.de/v/39c3-agentic-probllms-exploiting-ai-computer-use-and-coding-agents

I can also recommend the object storage from hetzner for backups. Quite price competitive.

It actually does both. Not really tested the multimonitor features but its there and it works, not sure if to the same degree as in rdp.

There is a box for manually added monthly savings. But yes, hard to classify what you would actually subscribe to if you would not have a server already.

But same for video. I would never buy 3 streaking service at a time.

The other answer is already good but I answer more general.

Rate limiting. Do not allow as many requests as your CPU can handle but limit authentication requests. Like a couple requests per second already goes a long way.

The ‘immediate attacks’ ppl mention is just static background noise. Server / scripts that run trying to find misconfigured, highly out to date or exploitable endpoints/servers/software.

Once you update your software, set up basic brute force protection and maybe regional blocking, you do not have to worry about this kind of attack.

Much more scary are so called 0-Day attacks.

1. No one will waste an expensive exploit on you
2. It sometimes can happen that 0-Days that get public get widly exploited and take long time to get closed like for example log4shell was. Here is work necessary to inform yourself and disable things accorsing to what is patched and what not.

As i already said, no one will waste time on you, there are so much easier targets out there that do not follow those basic rules or actually valuable targets.

There is obviously more that you can do, like hiding everything behind a VPN or advanced thread detections. Also choosing the kind of software you want to run is relevant.

Who says that it is no longer maintained? https://github.com/containers/podman-compose Looks fine to me?

I am aware of vdev expansion since i am following it closely but not heard about docker support, thanks for that new, i will read into it. Would be actually a game changer for a project i am planning.

• Truenas Scale - Comercial NAS OS. I bit of work to get started, but very stable once going.

• Unraid - Enthusiast focused NAS OS. Not as stable as Truenas, but easier to get started and a lot of community support.

Since OP wants to use Docker i would not recommend either. Trunas scale does not support it usefully and the implementation in Unraid is also weird. Also the main benefit of unraid is the mixing of drives, OP wants to raid.