I would look into something like Doppler instead of Vault. (I don’t trust any company acquired by IBM. They have been aquiring and enshittifying companies before there was even a name for it.)

Look into how any different solutions need their keys presented. Dumping the creds in ENV is generally fine since the keys will need to be stored and used somehow. You might need a dedicated user account to manage keys in its home folder.

This is actually a host security problem, not generally a key storage problem per se. Regardless of how you have a vault setup, my approach here is to create a single host that acts as a gateway for the rest of the credentials. (This applies to if keys are stored in “the cloud” or in a local database somewhere.)

Since you are going to using a Pi, you should focus on that being a restricted host: Only run your chosen vault solution on it. Period. Secure and patch it to the best of your ability and use very specific host firewall rules for minimum connectivity. Ie: Have one user for ssh in and limit another user account to managing vault, preferably without needing any kind of elevated access. This is actually a perfect use case for SELinux since you can put in some decent restrictions on the host for a single app (and it’s supporting apps…)

If you are paranoid enough to run a HIDS, you can turn on all the events for any type of root account actions. In theory once the host is configured, you shouldn’t need root again until you start performing patches.

That’s what you just got shown: Shove the configgy bits into Git.

You will likely have to find the configs you want to save first.

I am just saying your arguments are bad and I clearly agreed with you about how the legal system is abused. Trying to drive in the abusive nature of the prison system is pointless.

Pedophilia is not something I would personally give any chances on. Maybe I am biased because I have kids. Any support for any activity, depiction or glorification or CP or pseudo-CP I find personally revolting. What the fuck kind of study or link do you need for that? Have you actually read any of the studies you mentioned? (Anyone that says “there are studies” usually haven’t, and they haven’t done any validation of those studies. You can find a study for anything.)

However, a pedophile isn’t a pedophile until they actually commit the actions. Anyone that leverages psudo-CP to get off should know they need some professional assistance. If those fantasies are ever acted upon, I have zero remorse and that person can live in our version of hell until eternity.

Believe me, I am accepting of a wide range of fantasies. Whatever’s. There is something in this world for everyone, and I would know! Running an online sex shop for a bit really exposes a person to some unique fantasies.

So, with that, your arguments sound less like arguments and more like twisted rationalization. With that, I am just blocking you. There is not much more to discuss, TBH. Your lame description of how people are treated in prison when it had zero point in the discussion was fucking weird and something I would consider borderline manipulative.

A & A2 is a good example of how laws are pushed to 11 in many cases. Easy to agree with, for sure.

B is a rough argument and one I do not agree with. Depiction of CP, intentional or not, is not healthy and using the maturity argument for a drawing is bizarre, at best.

The artists should know goddamn well what they are attempting to portray. Saying, “Nope! That drawing of that person is actually a 40 years old but is wearing a school girl dress for the lulz” is kinda odd. We do see that scenario in actual porn, but age is usually easy enough to approximate.

By extension, C is bullshit and draws a false dichotomy between CP and violent video games. I actually believe that legal porn is mostly healthy and satisfies temporary needs. There is nothing wrong with legal porn as it supports what is normally a healthy activity. Violence in video games is a totally different argument, IMHO, and tying it to sexual attraction is simply not the same.

I am fully aware that some laws are overreaching, but your arguments after that are just bad. Depiction of CP (or any porn, for that matter) as a stop-gap for a real addiction usually means a person should seek professional help instead.

(We just got through similar discussions with AI generated CP, ffs.)

Yes to both of those comments/words! See what I mean?

I will never attempt use those words again.

That’s just like me confusing words like wifu, henti and anime. (I am just at that age where learning new words just doesn’t “stick” in my brain anymore.)

(It’s things like this that get me though: https://www.wifu.de/en/wifu-foundation/)

It was on old 3.5" drives a long time ago, before anything fancy was ever built into the drives. It was in a seriously rough working environment anyway, so we saw a lot of failed drives. If strange experiments didn’t work to get the things working, mainly for lulz, the next option was to see if a sledge hammer would fix the problem. Funny thing… that never worked either.

I used to take failed drives while they were powered on and kinda snap them really with a fast twisting motion in an attempt to get the arm to move or get the platters spinning.

It never worked.

Did you get bad sectors? Weird things can absolutely happen but having sectors marked as bad is on the exceptional side of weird.

Maybe? Bad cables are a thing, so it’s something to be aware of. USB latency, in rare cases, can cause problems but not so much in this application.

I haven’t looked into the exact ways that bad sectors are detected, but it probably hasn’t changed too much over the years. Needless to say, info here is just approximate.

However, marking a sector as bad generally happens at the firmware/controller level. I am guessing that a write is quickly followed by a verification, and if the controller sees an error, it will just remap that particular sector. If HDDs use any kind of parity checks per sector, a write test may not be needed.

Tools like CHKDSK likely step through each sector manually and perform read tests, or just tells the controller to perform whatever test it does on each sector.

OS level interference or bad cables are unlikely to cause the controller to mark a sector as bad, is my point. Now, if bad data gets written to disk because of a bad cable, the controller shouldn’t care. It just sees data and writes data. (That would be rare as well, but possible.)

What you will see is latency. USB can be magnitudes slower than SATA. Buffers and wait states are causing this because of the speed differences. This latency isn’t going to cause physical problems though.

My overall point is that there are several independent software and firmware layers that need to be completely broken for a SATA drive to erroneously mark a sector as bad due to a slow conversion cable. Sure, it could happen and that is why we have software that can attempt to repair bad sectors.

Meh, I didn’t mean to hate on DHCP. It’s just a service I have learned to keep running all by itself somewhere in a dark corner of my network. DNS and DHCP are just services that I don’t like going down. Ever.

DHCP is a really stupid* service for the most part. Unless you are working with multiple subnets or have some very specific settings you need to pass to your clients, it’s probably not worth it to manage it yourself. I don’t want to discourage you though! Assigning static IP addresses by MAC can be extremely useful and is not always an option on routers. If you want static names and dynamic addresses, that is really where you need to manage both DNS and DHCP. It really depends on how and where you want names to be resolved and what you are trying to accomplish. (*stupid as in, it’s a really simple service. You want it simple because when DHCP breaks, you have other serious issues going on.)

Setting up your own DNS is worth its weight in gold. You can put it just about anywhere on your network (before your gateway, after, in China, whatever.) and your network won’t even know the difference if setup correctly. You can point BIND at the root servers and bypass your ISP completely if you want. ISP DNS services suck ass, so regardless of you resolve yourself, or forward all name queries to your anon DNS server of choice you have a really decent level of control on your network. It is the service to learn if you want to keep an eye on where your network wants to talk.

Your Unifi USG must play nice with your own server, by the laws of DNS. There may be some nuances when it comes to internal protocols like WINS, but other than that, it should be just fine.

I would setup a simple VM somewhere first, to answer your actual question. It’s good practice to keep core services isolated on their own, dedicated instances. This is to speed up recovery time and minimize down time. Even on your home network, DNS and DHCP are services you do not want going down. It’s always a pain when they do go down.

Ditto. I was in an unlucky block of dynamic IPs from my ISP once. Not only was sending or receiving email out of the question, my IP addresses were somehow part of firewall blacklists as well. I couldn’t get to banks at all and tons of random places were just dropping my traffic. It was a serious pain.