New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Comments
I can do dd and write 200 Gigs but I'm too lazy for that. SMART data also shows it's a 500GB hard drive. I guess I got real lucky.
Maybe there is no stock anymore but you already paid they give you Dedibox SC gen2 instead.
I saw this earlier and it was already gone . shait.
Sheet a mobile chrome error. I was sayin I already has 3x online boxes (e3v4)so I can live without one of this ones and its a good excuse to try scaleways arm
Seems like it. This server probably is a keeper with that much HDD space!
Good news, you can stop with the unfunny jokes about reselling. They made it impossible to order too many and even if you do, they will be retracted.
Redirects to the SC Gen 2 now at €5.99
a lot more people would buy the sc gen 2 if it wasnt for the 20 dollar setup fee for such a small dedi
Many ordered many.
To the tune of 15-20TB/mo for the past year, yes
Especially when you can snag the Kimsufi KS1s with half the setup cost and a bit cheaper.
@mikmak : will there be more available in a close future?
Thanks
The kidechires are awesome. Not had a single downtime with 1 minute checks from 20 locations.
Mine are running since I first got them:
root@dedi01:~# uptime 13:30:43 up 281 days, 14:28, 1 user, load average: 0.66, 0.88, 1.04
root@dedi02:~# uptime 13:30:45 up 233 days, 14:48, 1 user, load average: 1.26, 1.38, 1.30
I have a couple and never had downtime either, only once recently due to a broken hard disk. And I expect them to break again anytime soon as they're quite old... touches wood
Damn, missed it by a day. I was actually looking at Online.net yesterday by chance, but hadn't seen the offer. I already have one of the Dedi XC's from last year and its service has been flawless, so I'd have jumped on one of these in a heartbeat.
They probably just relisted the cancelled stock.
I stuck mailcow on one of these yesterday and they seem pretty nippy. Much better than the VPS I was using which was similarly priced..
The other one is going to be a backup server as the drive is plenty big enough, then copy the backups onto their free FTP space for safety :-D
Damn damn... Thought that this was a thread about someone wanting to sell/buy a kidechire so I didn't even check it. Damn again...
@scy (sorry just seeing this for the first time), yes it is "FDE" (LUKS). (But technically it is actually Full Partition Encryption in that /boot is unencrypted; while the rest is an LVM sitting on top of an encrypted partition.)
SSH login during bootup then unlocks the encrypted LVM.
I haven't gotten around to writing a howto yet, but there are plenty out there. I can lookup a link if you need it.
Thanks for your answer.
Ssh with dropbear being called by GRUB, something like that?
Yep, the dropbear/busybox combo.
Thanks! Is it stable, do kernel and/or grub update can happen with no trouble?
Sure, no problem.
Yes, totally stable for me: 160+ days uptime on one, 60+ on another. (Had a one reboot on the 2nd one not caused by me, but it booted right back up once I unlocked it.)
Sweet, thanks. Never really thought of full partition encryption for a dedicated server.
Did you by chance setup something to check /boot (automatic hash comparison with a table stored on the encrypted container or on another machine or something similar) after the boot to check if it has been tampered with (tinfoil hat mode!) - or know tools that would make that possible?
mine (the hdds) had 40,000 something hours. i dropped all 4 a few months ago though
ed: over the course of... 6 months? 9 months? whenever they first appeared... one had a total HDD failure & had to be replaced
No, didn't go that far. But, they are mirrors of other instances that I can use to verify integrity. (I also replied to your PM.)
Cheers
I have 9 DEDIBOX® XC 2015 and I want to more
This is not as useful as it sounds. If an attacker has gotten in as root (presumably needed to modify files in /boot), the attacker could also have modprobed a rogue kernel module that will printk the LUKS encryption keys. Not to mention the possibility of just streaming files out of the unencrypted view provided by the OS. And a cold boot attack will yield the encryption keys directly without having to hack into the system and without leaving any trace on the system.
These measures are just a waste of time. I've heard it said that Capone didn't wear a bulletproof vest because he knew if any of his competitors wanted to kill him they'd be aiming higher anyways.
You make decent points, but this isn't to thwart a skilled or sophisticated attacker; especially considering that no protection is perfect.
It is all about thwarting the "average" (casual?) attacker or, for example, reducing risks from a failed hard drive that isn't properly disposed of, etc.
Just part of defense in depth.
Except there's no "thwarting", none of this prevents an attacker from getting on your system. It only does something against an attacker's rootkit carrying over unnoticed across between reboots. Problem with even getting that benefit is, kernel-based rootkits can easily trap reads of the kernel image / initrd or whatever has been tampered with to dynamically repatch it back to appearing legit when read from the OS side (and from what I gather this is not an uncommon feature of such softwares though I have never played with them personally).
LUKS alone does that. If you can't trust LUKS alone to do that when your key hasn't been tampered with, then you certainly can't trust Linux as a whole, or even OpenSSH or GnuPG. These softwares are much more complicated than LUKS to get right.
Sure, one can do it as part of "defense in depth", doesn't do any harm. However, the benefits are very, very slim.