On actual server motherboards (as opposed to repurposed home PC’s) there is sometimes a special KVM like interface (keyboard/video/mouse, not the VM hypervisor) so you can connect to it with VNC and have the equivalent of local access. This is called IDRAC on Dell servers and other vendors have something similar.
On a home PC, hmm, you might be able to set up some kind of remote power cycle and serial console connection, using a second computer (Raspberry Pi or the like). I’m unfamiliar with Intel AMT that you linked to, but it seems like another idea.
I do remember hearing of a DRAC-like board for PC’s but the name of it escapes me right now.
At the end of the day, if you want a long running server, you probably should host it in a data center, maybe with failover and other HA provisions. Home environments are a pain to set up for that. If your computer goes offline and you can’t reach it, how do you even know that your home isn’t having a power outage? Home ISP’s are flaky too, so maybe you want a backup route over mobile data, etc. Yes you can make workarounds for everything but it amounts to turning your home into a crappy low capacity data center.
If the site isn’t too JS dependent, you can browse with something like lynx and that helps. Otherwise decrapifying tends to be site specific. I’ve done a few for sites that I frequent, but it is tedious. Alternatively you could use archived snapshots.
If I understand Luks, the raw key is encrypted using the passphrase, so that is an ok scheme if the passphrase itself is too random to attack by brute force (unlike the 8 digit code that the Ironkey device uses). Look up “diceware” for a reasonable way to generate random phrases. Luks with this approach can be pretty good, though still potentially vulnerable to key loggers and other such attacks. Basically, put careful attention into what you are trying to protect against. High security commercial crypto (e.g. for banking) uses hardware modules in secure data centers, surrounded by 24/7 video surveillance. Check out the book “Security Engineering” by Ross Anderson if this sort of thing interests you. 1st and 2nd editions are on his website, use web search. Parts of the current 3rd edition are there too).
the actual data on the flash chip can be dumped easily
I’d stop short of saying “easily” since you have to get the epoxy potting off of the chip. But you are right that there doesn’t seem to be any active tamper reactance. The numeric key is apparently 8 digits. Since it’s a 10 digit keypad, at least 2 of the digits are unused, and you might be able to recognize those from the comparative lack of fingerprints and wear on those specific keys. So that narrows down the search range some more.
Looks like someone pwned your box and installed a ddos bot on it?
Cryptography and tamper resistance implementation. E.g. search “ironkey fips certification”. Ironkey is a Kingston brand now though, and Kingston has traditionally been crap, so be careful. Anyway if it’s for run of the mill personal files where you just want some extra protection, the device is probably ok if you don’t mind the semi-ridiculous cost. This is interesting though: https://www.wired.com/story/unciphered-ironkey-password-cracking-bitcoin/
Also a teardown report: https://hardwear.io/netherlands-2021/presentation/teardown-and-feasibility-study-of-IronKey.pdf
There are more serious technical approaches to data protection, but fairly quickly the weak spot becomes the humans in the loop, which are harder to handle with pure technology.
If it’s for text chat, you can also use a web browser.
Ironkey has been more careful than some other vendors but the concept still seems dubious to me, if you are trying to stop serious attackers. You want the decryption key to be completely separated from the storage.
I’ve used a self hosted Nextcloud for that. It’s not great but it worked well enough that I didn’t bother looking for better alternatives. I’m sure there are more options out there.
P.S.: Maybe, I should ask on reddit or in a technical forum about it?
I suppose so, but the overall picture may be about the same. Not just technical but also sociological changes have made this stuff less attractive. And even if your mixmaster or tor traffic is really anonymized (which is dubious), the fact you are using such services at all probably flags you for attention. If you just want to exchange email with your friend when you are both on the down low, you might be best off just both enrolling gmail accounts. There are so many gmail users that being one won’t attract attention, and with both people on the same service, all the traffic stays inside the google network and might be harder for outside agencies to connect with individual users (maybe foolish optimism). Plus, a lot of attention in the crypto nerd world shifted over to things like bitcoin.
I have heard there was a recent development in single server PIR (private information retrieval). I haven’t yet tried to understand how it works, since it uses fancy cryptography (homomorphic encryption). In simplest form, let’s say there is a database with a billion records and you want record# 123456. PIR means being able to retrieve that specific record without the server learning which record it is that you want. There are known ways to do that by spreading the query between multiple, non-cooperating servers, but it was long believed that the only way to do it with a single server was for the client to download the entire database. This recent discovery apparently gives a way to do it with just one server, at some intermediate computational and network cost. That is of potential interest for this sort of application.
You’re right, I haven’t heard anything about that for a while. There is Tor but that seems to overreach enough that I can’t really believe in it. In general I think this stuff has become less interesting to work on due to changes in internet culture. Among other things, nobody today cares about delivering 20 kilobyte messages with 24+ hour latency, like Mixmaster did. They all want real time video and active web pages. It is unfortunate.
I’ve used Twilio for that. There is a simple JSON API with code examples on their site.
As I remember, setting it up was kind of a pain, but once runnnig it hasn’t neded attention. I don’t use the fancy apps. Also, by now there might be an apt package or docker container or something of that sort. I haven’t used their fancy apps much. My main use of it is to upload photos from my phone so I can access them from other devices.
Yeah that’s more of an archive than a backup scenario. I have a small self hosted Nextcloud that I use for stuff like that. For a few TB, you might consider Hetzner Storage Cloud which is really Nextcloud. It is backed up daily which is a help.
I use Borg Backup to a Hetzner storage box but doing the same thing to a disk array would work fine. How much data are you talking about? What is the usage picture? Backup and archiving are really not the same thing.
I’m happy with fastmail. Remember that must people you email are probably on Google (Gmail) so there is only so much you can accomplish in terms of email privacy whatever you do.
Like everyone else I’d be skeptical of used disks. I’d also go for a larger array than 4 drives to have less of it redundant. Like 6+2 or 5+3 instead of 2+2.
What do you want this for? If the idea isn’t multi-user collaboration, why not just use local tools instead of a web app?
You don’t say what the capacity is or how old they are. They might not be worth using.
PiKVM isn’t the board I was thinking of, but same idea, and maybe even better.