Thats the only (sane without tons of work) way how you can have a rolling release distro without the need to compile everything yourself, everytime. Dependency issues will occure when glibc gets updated (or any other library) and you only update some programms but not all, its possible that those programms work or not.

Yes but that is on Manjaro if they do not follow basic rules from their upstream and not on arch. If you ignore design desicions then thats on you.

Why should that be a flaw on Arch’s side, when it ooses no issue on Arch’s side? Partial updates are explicitly not supported. That would be fine for Manjaro if they would not encourage the use or for some cases even enable the use of AUR by default.

Yes, it is called multithreading. Just one example: https://github.com/BrandonBerne/masscan

Stupid me, missed the IP whitelisting part.

LUKS may not make your server meaningfully more secure. Anyone who can snapshot your server while it’s running or modify your unencrypted kernel or initrd files before you next unlock the server will be able to access your files.

This is a little oversimplified. Hardware vendors have done a lot of work in the last 10-20 years to make it hard to impossible to obtain data this way. AMD-SEV for example.

There are other more realistic attacks like simply etrackt the ssh server signature and MITM the ssh connection and extract the LUKS password.

The whole port range can be scanned in under a second. A real attack does not care if your ssh port is 22 or 69420. Changing Port is just snake oil.

use ddns or similar to keep track of tour IP?

Honestly, the time i had to manually intervene since ~2 years is less then 5-10 times, and that is way before the stable release. So I doubt that.

That should be part of the backup configuration. You select in the backup tool of choice what you backup. When you poose your array then you download that stuff again?

Yes, the secrets to submit to the distribution system got compromised and therefore the system got compromised.

To achieve a compromised update you either need to compromise the update infrastructure AND the key or the infratstructure AND exploit the local updater to accept the invalid or forged signature.

As i said, to compromise a signature checked update over the internet you need to compromise both, the distributing infrastructure AND the key. With just either one its not possible. (Ignoring flaws in the code ofc)

After gaining initial access, the malicious cyber actor deployed malware that scanned the environment for sensitive credentials.

So as I said, the keys got compromised. Thats what i said in the second post.

No you cannot, the pub key either needs to be present on the updater or uses infrastructure that is not owned by you. Usually how most software suppliers are doing it the public key is supplied within the updater.

This is incorrect. If the update you download is compromised then the signature is invalid and the update fails.

To achieve a compromised update you either need to compromise the update infrastructure AND the key or the infratstructure AND exploit the local updater to accept the invalid or forged signature.

Not completely correct. A lot of updaters work with signatures to verify that what was downloaded is signed by the correct key.

With bash curl there is no such check in place.

So strictly speeking it is not the same.

Simple put, no. In order to be save with a LLM that can execute stuff on its own it needs to be completely sandboxed.

A very nice talk about flaws in agentic AI can be found here: https://media.ccc.de/v/39c3-agentic-probllms-exploiting-ai-computer-use-and-coding-agents

I can also recommend the object storage from hetzner for backups. Quite price competitive.

It actually does both. Not really tested the multimonitor features but its there and it works, not sure if to the same degree as in rdp.

There is a box for manually added monthly savings. But yes, hard to classify what you would actually subscribe to if you would not have a server already.

But same for video. I would never buy 3 streaking service at a time.