• 0 Posts
  • 25 Comments
Joined 1 year ago
cake
Cake day: June 20th, 2023

help-circle





  • Depends on specific machine setup and how good the backup is.

    Backup requirements for /usr there are sticky bits set on some binaries. That needs to be preserved. In all cases soft links likely need to be preserved for things to work correctly on future package installs. Hard links can be problematic, but if you have a large enough drive or not that many it wont matter. Running package verification can be help after restore to make sure everything looks right. If running a Linux system with SELinux in enforcing mode (RHEL on many derivatives), then the security context will also need to be preserved BUT running a relabel will probably work if the security context was not included in backups. Sometimes running the relabel process wont work if there are files that needs a specific security context but are not listed in the security context database. Can’t provide more details because most of my experience with that is on systems we just replace (LSPP custom labeling resulted in systems that if you booted into permissive would then be unbootable, so they were just reinstalled once any debugging was done).

    For /boot things can get tricky depending on the distribution, what boot manager is used, and /boot was a separate partition or not. Basically the boot manager (probably grub) needs to know how to find the files in boot so it can load the kernel. In most cases if you restore /boot and rerun the tools to update the boot manger everything will be fine. BUT some distributions, hardware setups, or dual boot configurations are more complicated, so extra work might be needed.

    You didn’t mention /dev, which is all special files. These don’t need to be restored, just make sure the right processes recreate them. There are tools to do this, hopefully the packages are installed. Or boot from a rescue disk and fix it. Look up instruction for your specific distro.




  • This is a response to the very bad kids online safety act. See EFF’s post for details on why it is bad: https://www.eff.org/deeplinks/2022/03/kids-online-safety-act-heavy-handed-plan-force-platforms-spy-young-people

    EFF’s article is better, but here are some of the details of why it is bad. The effect of kids online safety act will be censorship and tracking of kids online when research suggests that is counterproductive for the age group being added. Would require more detailed tracking of everyone, not just kids. Services likely would need to block certain content from everyone to reduce liability to a reasonable level. They would potentially be liable if kids got access to content even when it wasn’t for kids no matter how the kids got access (lying, using someone else’s account, bypassing filters, etc.). Content to be blocked is vague and open to be interpretation by the most conservative people in the US, which is obviously problematic. The previous COPPA needs updating, but the version of kids online safety act has so far been financially flawed.




  • Over a long enough term it will be worth it.

    But as a said elsewhere neither electricity nor phone being run to rural US homes was cost effective for companies. So the US decided that was shit and paid for it to get done. Started to do the same for internet access. Phone companies refused, used the money for other purposes, inflated prices faster the inflation, etc. and yet neither FTC nor congress held them accountable. Other countries have done the same thing for power and phone, there is nothing fundamentally different about physical internet access stopping anyone from doing the same thing.




  • Depends on environment.

    Real hardware separate for a server partitions for: /home, /var, swap, sometimes /usr, sometimes /var/log/audit Depends on deployment requirements, and if a system is expected to run after filling up audit.

    Real hardware for a at home desktop: /var, swap, maybe /home, or just one partition for / and one for swap.

    Cloud: all one partition, put swap in a file if it is needed. Cloud images are easy to grow if it is just one partition. Cloud-init will handle that automatically with the right packages installed, no configuration needed. Swap partitions are unlikely to be the right size as they vary according to memory and memory varies according to instance/guest sizes. Swap makes auto growing root partition harder (cloud-init custom config injection required). Best practice is to size workload and instances to not need swap whenever possible.