Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!


Online.net kidechire ?! - Page 5
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

Online.net kidechire ?!

1235

Comments

  • connercg said: Can you access more than 160GB of it?

    Filesystem      Size  Used Avail Use% Mounted on
    rootfs             -     -     -    - /
    sysfs              0     0     0    - /sys
    proc               0     0     0    - /proc
    udev             10M     0   10M   0% /dev
    devpts             0     0     0    - /dev/pts
    tmpfs           396M  5.3M  391M   2% /run
    /dev/sda2       458G  1.6G  433G   1% /
    
    

    I can do dd and write 200 Gigs but I'm too lazy for that. SMART data also shows it's a 500GB hard drive. I guess I got real lucky.

    Thanked by 1vimalware
  • budi1413budi1413 Member
    edited September 2015

    @black said: I got real lucky.

    Maybe there is no stock anymore but you already paid they give you Dedibox SC gen2 instead.

  • I saw this earlier and it was already gone . shait.
    Sheet a mobile chrome error. I was sayin I already has 3x online boxes (e3v4)so I can live without one of this ones and its a good excuse to try scaleways arm

  • black said: I guess I got real lucky.

    Seems like it. This server probably is a keeper with that much HDD space!

  • Good news, you can stop with the unfunny jokes about reselling. They made it impossible to order too many and even if you do, they will be retracted.

  • Redirects to the SC Gen 2 now at €5.99

    Thanked by 1netomx
  • a lot more people would buy the sc gen 2 if it wasnt for the 20 dollar setup fee for such a small dedi

  • Many ordered many.

  • @hostnoob said:
    They're ideal for downloading "Linux ISOs"

    To the tune of 15-20TB/mo for the past year, yes :)

  • @apdo said:
    a lot more people would buy the sc gen 2 if it wasnt for the 20 dollar setup fee for such a small dedi

    Especially when you can snag the Kimsufi KS1s with half the setup cost and a bit cheaper.

    Thanked by 2scy asf
  • @mikmak : will there be more available in a close future?

    Thanks

  • The kidechires are awesome. Not had a single downtime with 1 minute checks from 20 locations.

    Mine are running since I first got them:

    root@dedi01:~# uptime 13:30:43 up 281 days, 14:28, 1 user, load average: 0.66, 0.88, 1.04

    root@dedi02:~# uptime 13:30:45 up 233 days, 14:48, 1 user, load average: 1.26, 1.38, 1.30

  • I have a couple and never had downtime either, only once recently due to a broken hard disk. And I expect them to break again anytime soon as they're quite old... touches wood

  • tarasistarasis Member
    edited September 2015

    Damn, missed it by a day. I was actually looking at Online.net yesterday by chance, but hadn't seen the offer. I already have one of the Dedi XC's from last year and its service has been flawless, so I'd have jumped on one of these in a heartbeat.

  • They probably just relisted the cancelled stock.

    Thanked by 2netomx 4n0nx
  • DeanDean Member
    edited September 2015

    I stuck mailcow on one of these yesterday and they seem pretty nippy. Much better than the VPS I was using which was similarly priced..

    The other one is going to be a backup server as the drive is plenty big enough, then copy the backups onto their free FTP space for safety :-D

    Thanked by 2netomx 4n0nx
  • tomletomle Member, LIR

    Damn damn... Thought that this was a thread about someone wanting to sell/buy a kidechire so I didn't even check it. Damn again...

  • geekalotgeekalot Member
    edited September 2015

    @scy said:
    Interesting. Have you been able to find a way to use FDE with them or do you store the system unencrypted and log in via ssh to be able to open the encrypted container where the files are stored?

    If you've been able to run a FDE setup, would you mind sharing how that works?

    Thanks!

    ...

    @scy (sorry just seeing this for the first time), yes it is "FDE" (LUKS). (But technically it is actually Full Partition Encryption in that /boot is unencrypted; while the rest is an LVM sitting on top of an encrypted partition.)

    SSH login during bootup then unlocks the encrypted LVM.

    I haven't gotten around to writing a howto yet, but there are plenty out there. I can lookup a link if you need it.

  • geekalot said: SSH login during bootup then unlocks the encrypted LVM.

    Thanks for your answer.

    Ssh with dropbear being called by GRUB, something like that?

  • @scy said:
    Thanks for your answer.

    Ssh with dropbear being called by GRUB, something like that?

    Yep, the dropbear/busybox combo.

    Thanked by 1scy
  • geekalot said: Yep, the dropbear/busybox combo.

    Thanks! Is it stable, do kernel and/or grub update can happen with no trouble?

  • @scy said:
    Thanks! Is it stable, do kernel and/or grub update can happen with no trouble?

    Sure, no problem.

    Yes, totally stable for me: 160+ days uptime on one, 60+ on another. (Had a one reboot on the 2nd one not caused by me, but it booted right back up once I unlocked it.)

    Thanked by 1scy
  • scyscy Member
    edited September 2015

    geekalot said: Yes, totally stable for me

    Sweet, thanks. Never really thought of full partition encryption for a dedicated server.

    Did you by chance setup something to check /boot (automatic hash comparison with a table stored on the encrypted container or on another machine or something similar) after the boot to check if it has been tampered with (tinfoil hat mode!) - or know tools that would make that possible?

  • zevuszevus Member
    edited September 2015

    mine (the hdds) had 40,000 something hours. i dropped all 4 a few months ago though

    ed: over the course of... 6 months? 9 months? whenever they first appeared... one had a total HDD failure & had to be replaced

  • @scy said:
    Sweet, thanks. Never really thought of full partition encryption for a dedicated server.

    Did you by chance setup something to check /boot (automatic hash comparison with a table stored on the encrypted container or on another machine or something similar) after the boot to check if it has been tampered with (tinfoil hat mode!) - or know tools that would make that possible?

    No, didn't go that far. But, they are mirrors of other instances that I can use to verify integrity. (I also replied to your PM.)

    Cheers

  • I have 9 DEDIBOX® XC 2015 :) and I want to more

  • scy said: Did you by chance setup something to check /boot (automatic hash comparison with a table stored on the encrypted container or on another machine or something similar) after the boot to check if it has been tampered with (tinfoil hat mode!) - or know tools that would make that possible?

    This is not as useful as it sounds. If an attacker has gotten in as root (presumably needed to modify files in /boot), the attacker could also have modprobed a rogue kernel module that will printk the LUKS encryption keys. Not to mention the possibility of just streaming files out of the unencrypted view provided by the OS. And a cold boot attack will yield the encryption keys directly without having to hack into the system and without leaving any trace on the system.

    These measures are just a waste of time. I've heard it said that Capone didn't wear a bulletproof vest because he knew if any of his competitors wanted to kill him they'd be aiming higher anyways.

  • @singsing said:
    .... These measures are just a waste of time. ....

    You make decent points, but this isn't to thwart a skilled or sophisticated attacker; especially considering that no protection is perfect.

    It is all about thwarting the "average" (casual?) attacker or, for example, reducing risks from a failed hard drive that isn't properly disposed of, etc.

    Just part of defense in depth.

    Thanked by 1ucxo
  • geekalot said: thwarting the "average" (casual?) attacker

    Except there's no "thwarting", none of this prevents an attacker from getting on your system. It only does something against an attacker's rootkit carrying over unnoticed across between reboots. Problem with even getting that benefit is, kernel-based rootkits can easily trap reads of the kernel image / initrd or whatever has been tampered with to dynamically repatch it back to appearing legit when read from the OS side (and from what I gather this is not an uncommon feature of such softwares though I have never played with them personally).

    geekalot said: reducing risks from a failed hard drive that isn't properly disposed of

    LUKS alone does that. If you can't trust LUKS alone to do that when your key hasn't been tampered with, then you certainly can't trust Linux as a whole, or even OpenSSH or GnuPG. These softwares are much more complicated than LUKS to get right.

    geekalot said: defense in depth

    Sure, one can do it as part of "defense in depth", doesn't do any harm. However, the benefits are very, very slim.

Sign In or Register to comment.