Jonkman Microblog
  • Login
Show Navigation

  • Public

    • Public
    • Network
    • Groups
    • Popular
    • People

Notices by hoergen (hoergen@social.hoergen.org), page 5

  1. hoergens news press agent (hnpa@horche.demkontinuum.de)'s status on Monday, 12-Feb-2018 03:43:08 EST hoergens news press agent hoergens news press agent
    Star Trek wird Realität: Traktorstrahl lässt Objekte schweben - Clixoom Science & Fiction

    Einem Forschungsteam aus Bristol ist es jetzt tatsächlich gelungen, mit Schallwellen Kugeln durch die Luft fliegen zu lassen! https://www.youtube.com/watch?v=C3GuGLg34kk
    In conversation Monday, 12-Feb-2018 03:43:08 EST from horche.demkontinuum.de permalink Repeated by hoergen
  2. hoergens news press agent (hnpa@horche.demkontinuum.de)'s status on Monday, 12-Feb-2018 03:28:29 EST hoergens news press agent hoergens news press agent
    Olaf Scholz – ein Bilderberger | NachDenkSeiten

    Olaf Scholz, der Hamburger Bürgermeister, soll bald Bundesfinanzminister und Vizekanzler werden. Seine Teilnahme an der Bilderberg-Konferenz 2010 in Sitges, Spanien, findet in der Berichterstattung der Medien keine Wahrnehmung. Eingeladen zu der handverlesenen Zusammenkunft wurde der Politiker laut eigenen Aussagen von Vertretern der Wochenzeitung DIE ZEIT. Ein möglicher Vizekanzler, der an einer „vordemokratischen Veranstaltung“ teilgenommen hat? Die SPD scheint das nicht zu kümmern. Ein Beitrag von Marcus Klöckner. http://www.nachdenkseiten.de/?p=42376
    In conversation Monday, 12-Feb-2018 03:28:29 EST from horche.demkontinuum.de permalink Repeated by hoergen

    Attachments

    1. File without filename could not get a thumbnail source.
      Olaf Scholz – ein Bilderberger
      By Redaktion from NachDenkSeiten - Die kritische Website
      NachDenkSeiten - Die kritische Website
  3. hoergen on Friendica (hoergen@horche.demkontinuum.de)'s status on Monday, 12-Feb-2018 02:40:24 EST hoergen on Friendica hoergen on Friendica
    Denkt ihr bei "Heimatministerium" auch an Homeland Security?
    In conversation Monday, 12-Feb-2018 02:40:24 EST from horche.demkontinuum.de permalink Repeated by hoergen
  4. hoergen on Friendica (hoergen@horche.demkontinuum.de)'s status on Sunday, 11-Feb-2018 09:46:12 EST hoergen on Friendica hoergen on Friendica
    Taekwondo in der Küche. Jemand muss die Arbeit ja machen. https://twitter.com/archillect/status/962677628812562432
    In conversation Sunday, 11-Feb-2018 09:46:12 EST from horche.demkontinuum.de permalink Repeated by hoergen
  5. hoergen on Friendica (hoergen@horche.demkontinuum.de)'s status on Sunday, 11-Feb-2018 09:43:37 EST hoergen on Friendica hoergen on Friendica
    Regierungsbildung: Nichts mehr zu sagen http://www.tagesspiegel.de/politik/regierungsbildung-nichts-mehr-zu-sagen/20949016.html
    In conversation Sunday, 11-Feb-2018 09:43:37 EST from horche.demkontinuum.de permalink Repeated by hoergen
  6. hoergen on Friendica (hoergen@horche.demkontinuum.de)'s status on Sunday, 11-Feb-2018 05:16:13 EST hoergen on Friendica hoergen on Friendica
    ♲ @Nextcloud News (unofficial) (ncnews@libranet.de): Encryption in Nextcloud
    Providing strong protection of data is the biggest benefit Nextcloud has over public clouds. Self-hosting means you are in control over your data. Of course, un-authorized access has to be stopped and this is where encryption comes in. In this blog post we’ll discuss the different types and layers of encryption used by Nextcloud to keep your data safe. We will discuss the threats the different kinds of encryption are designed to protect against, aiding system administrators in defining their threat model and taking the appropriate security measures.

    What is encryption?



    Encrypting data means mashing it up in a way that makes it nearly impossible for somebody else to read it without a secret token called the encryption key. A simple example is the Caesar cipher: just shift every letter in the alphabet a fixed number of characters. Say you choose 3. An A then becomes a D, a B becomes an E and so on. A message like meet me now becomes phhw ph qrz. Unless you know how many letters to shift, that is, the key (3 in this case) it is very hard to find out the content of the message.

    Modern encryption is far more complicated than that, using mathematical tricks to make it extremely hard to break. You can learn more about those techniques on this Wikipedia page. http://en.wikipedia.org/wiki/Encryption

    What is Threat Modelling?



    Thread Modelling is the process of determining what threats are relevant and need to be protected against. It is used by system administrators to ensure their systems are correctly configured and provide adequate protection without unduly burdening users with overly complicated security hurdles.

    Let’s give an example. Say you want to protect your car. Without asking “from what”, you might make the wrong decisions. Even a thick wall and a canal around your house with crocodiles, while probably effective against burglary, wouldn’t protect the car against heavy hail, something a simple roof would have done.

    Of course, in an IT environment, you have multiple types of data. From customer data and fiscal year reports to the photos from last year’s Christmas party. While the latter could be embarrassing, generally speaking one could expect a draft fiscal year report in an enterprise traded on the stock exchange to require a greater degree of protection. Ideally even IT staff should not be able to access these some files!

    Encryption in Nextcloud



    Nextcloud offers multiple layers of encryption for your data. First, data is protected when being transferred between clients and servers as well as between servers. Second, data can be encrypted on storage; and last but not least, we offer end-to-end encryption in the clients.

    Each has their place and offers a different kind of protection, suitable to protect from a specific type of threat. We will describe each type of encryption and what it protects against.


    The green lock in Firefox and other browsers indicates a secure connection.

    Encryption during data transfer



    Transfer encryption used by Nextcloud secures the connections between servers and clients. This uses standard TLS, a secure communication protocol used by HTTPS. HTTPS is what makes the lock in your browser address bar turn green! It is configured in the webserver, like Apache or NGINX, and our manual contains some instructions here. https://docs.nextcloud.com/server/12/admin_manual/configuration_server/harden_server.html#use-https We strongly recommend to always use Nextcloud with TLS and we’ll warn system administrators strongly if it is not turned on.

    https://nextcloud.com/media/security-setup-and-warnings.png?x16328


    Nextcloud warns the system administrator if HTTPS is not enabled

    Threat model



    Nextcloud uses ‘plain and simple’ HTTP traffic for all file handling, which can be protected with TLS. TLS protects against attempts to capture data in transit between the server and client. It does not protect against a hacked device or server, but prevents data transfers on insecure networks like public WiFi networks, mobile devices or third party networks from being intercepted and is thus invaluable for a Nextcloud deployment.


    Storage encryption



    The Nextcloud Server Side Encryption feature provides secure storage of data by encrypting each file with a unique file key before it is stored. File keys are encrypted, in turn, either by a server wide key (default for feature and performance reasons) or a per-user key. Server Side Encryption provides protection for data on external storage as the files are encrypted before they are sent to storage and the keys never leave the Nextcloud server.

    A server-wide key stores a server password in the Nextcloud configuration directory and uses it to decrypt the server key in the data directory, which in turn is used to decrypt data.

    When using per-user keys, the key in the data directory is per user and encrypted with the user password. We take great care to ensure keys never enter storage but keys will be kept in memory on the Nextcloud server for the duration of user login sessions to facilitate decryption and encryption of data.

    Note that the Nextcloud desktop synchronization clients check for updates every 30 seconds, frequently and predictably providing a window for a malicious server administrator or hacker to steal the keys from the user session!

    And note that Server Side Encryption only encrypts the content of files, not their name or folder structure. Using object storage like S3 works around this limitation as that type of storage back-end never leaks file or folder names.

    Also note that when external storage is not used and a server-wide key is used, storing the encryption keys together with the data means little protection is afforded in cases the drives are stolen. For this threat model, a full-disk-encryption technology is often a better choice than the built-in Server Side Encryption in Nextcloud. https://www.linux.com/learn/how-encrypt-linux-file-system-dm-crypt, http://ecryptfs.org/ and https://www.howtoforge.com/tutorial/encrypt-your-data-with-encfs-on-ubuntu/ tend to be good choices on the server, also allowing modern encryption acceleration features in CPU’s and operating systems to be used.

    Learn more about Server-side encryption on our storage page. https://nextcloud.com/storage

    Threat model



    Server Side Encryption protects data on storage as long as that storage is not on the same server as Nextcloud itself.

    Per-user keys only offer additional protection over a server-wide key in the case of physical theft of the Nextcloud server and storage or a security breach of the sever provided the user(s) do NOT log in for the duration of the breach. A full, undetected Nextcloud server breach by skilled attackers or malicious server administrator still risks exposing user data.
    http://nextcloud.com/endtoend

    Client side End-to-end Encryption



    The ultimate protection of user data is provided by End-to-end Encryption. The Nextcloud End to End encryption feature is designed such that the server never has access to unencrypted files or keys, nor does server-provided code ever handle unencrypted data which could provide avenues for compromise.

    Nextcloud makes End-to-end Encryption very easy to use, seamlessly handling key exchange by the server without leaking any data and facilitating easy sharing with other users and collaboration. However, it comes with a feature loss as any type of online file editing and access to encrypted data as well as public sharing and sharing to groups is not possible for data in folders that are end-to-end encrypted.

    Users can activate the Nextcloud End to End encryption feature for one or more folders. The content of each of these folders will be fully hidden from the server, including file names and directory structure. To sync the data with other devices, users have to enter a code created by the first device. Once that is done, end-to-end encrypted folders are seamlessly synced between devices. Users can share encrypted folders with other users on their server without any need for re-encrypting and re-uploading the data or having to enter passwords for either sender or recipient.

    Cryptographic Identity Protection in the form of server signed certificates and a Trust On First Use (TOFU) https://en.wikipedia.org/wiki/Trust_on_first_use model protects against attackers trying to impersonate other users. Nextcloud supports an optional offline administrator recovery key and allows a complete audit log. Enterprises can optionally employ a secure HSM to to issue certificates to users.

    Nextcloud File Access Control can be employed to enforce End-to-end Encryption in Nextcloud based on set criteria, for example group membership of users, file extension, size and more. This way, a sub-set of sensitive data can be afforded the highest level of protection while other data and users can continue to benefit from the easy public file exchange and online collaboration capabilities of Nextcloud.

    As an example, Nextcloud enables a system administrator to ensure that all files created by the Finance department have to be end-to-end encrypted while other departments can collaborate and share to their hearts’ desire.

    Learn more about End-to-end Encryption on our website. https://nextcloud.com/endtoend

    Treat model



    End-to-end Encryption in Nextcloud is designed to protect user data against any attack scenario between user devices, even in case of a undetected, long-term security breach or against untrusted server administrators.

    It does not protect the data on user devices themselves and theft of an unencrypted, unlocked user device would enable an attacker to get access to private keys.

    Conclusion



    Encryption is used by Nextcloud to protect your data in transit and on external storage – and with End-to-end Encryption even against an untrusted server. When setting up a self-hosted file sync and share solution, it is wise to develop a threat model, determining clearly what threats the server should protect against, and then configuring the server environment to ensure protection against the identified threats. This blog post should then help choose the correct type(s) of encryption to employ to achieve the desired level of protection.
    https://nextcloud.com/blog/encryption-in-nextcloud/
    In conversation Sunday, 11-Feb-2018 05:16:13 EST from horche.demkontinuum.de permalink Repeated by hoergen
  7. hoergens news press agent (hnpa@horche.demkontinuum.de)'s status on Saturday, 10-Feb-2018 18:58:47 EST hoergens news press agent hoergens news press agent
    PowerShell Core Linux – Microsoft Telemetrie abschalten ⋆ André Hemkes https://andre.hemk.es/powershell-core-linux-microsoft-telemetrie-abschalten/
    In conversation Saturday, 10-Feb-2018 18:58:47 EST from horche.demkontinuum.de permalink Repeated by hoergen

    Attachments

    1. PowerShell Core Linux – Microsoft Telemetrie abschalten ⋆ André Hemkes
      from André Hemkes
      Wer Microsoft PowerShell Core 6 unter Linux oder auch einem anderen Betriebssystemen nutzt, sendet automatisch Telemetriedaten an Microsoft. Ja genau, auch wenn Ihr kein Microsoft Windows verwendet, versucht der Konzern Daten über seine Software mittels Telemetrie von euch zu erhalten. In Weiterlesen →
  8. hoergen on Friendica (hoergen@horche.demkontinuum.de)'s status on Saturday, 10-Feb-2018 18:48:11 EST hoergen on Friendica hoergen on Friendica
    ♲ @You Had One Job (YouHadOneJ0B@twitter.com): Should have seen it coming.




    https://pbs.twimg.com/media/DVrODBUV4AE8rK6.jpg
    In conversation Saturday, 10-Feb-2018 18:48:11 EST from horche.demkontinuum.de permalink Repeated by hoergen
  9. hoergens news press agent (hnpa@horche.demkontinuum.de)'s status on Saturday, 10-Feb-2018 18:29:24 EST hoergens news press agent hoergens news press agent
    Paris’ Utopian Village Of Concrete Cabbage

    This hypnotic, vegetable utopia might look like it rolled out of a Stanley Kubrick film set, but it was in fact the dream project of French architect Gérard Grandval.

    In the wake of WWII, architecture had been about building for many, and building fast, resulting in rather boxy structures. But Grandval had a grander vision, and championed an “organic design” philosophy when drafting plans for the city’s new social housing.

    “The flower is my anti-cube,” he said about the site, “everything looked the same back then. Créteil was my chance to do something different.” http://themindcircle.com/paris-utopian-village-concrete-cabbage/
    In conversation Saturday, 10-Feb-2018 18:29:24 EST from horche.demkontinuum.de permalink Repeated by hoergen
  10. hoergen on Friendica (hoergen@horche.demkontinuum.de)'s status on Saturday, 10-Feb-2018 18:05:38 EST hoergen on Friendica hoergen on Friendica
    ♲ @Dieter Steffmann (DieterSteffmann@twitter.com): @MartinSoechting @Alice_Weidel Megalomanie: übersteigerte Geltungssucht, nicht begründete Selbstüberschätzung und Selbsterhöhung von Kraft, Fähigkeit, Begabung etc.

    In conversation Saturday, 10-Feb-2018 18:05:38 EST from horche.demkontinuum.de permalink Repeated by hoergen
  11. hoergen on Friendica (hoergen@horche.demkontinuum.de)'s status on Saturday, 10-Feb-2018 17:56:00 EST hoergen on Friendica hoergen on Friendica
    ♲ @Kiezerhalt (kiezerhalten@twitter.com): Wieder Baumfällungen bei #Blücher. Trupp muss schließlich, nachdem schon zwei Bäume daran glauben mussten abziehen. Konnten keine Baugenehmigung vorlegen. #xhain
    #Herrmann #FlorianSchmidt







    In conversation Saturday, 10-Feb-2018 17:56:00 EST from horche.demkontinuum.de permalink Repeated by hoergen
  12. hoergen (hoergen@social.hoergen.org)'s status on Saturday, 10-Feb-2018 11:12:41 EST hoergen hoergen
    • imo
    @imo naja. wenn du es eh schon auf lautlos machst, dann kannste es gleich auf Flugmodus schalten ;) Gleiches Ergebnis
    In conversation Saturday, 10-Feb-2018 11:12:41 EST from social.hoergen.org permalink
  13. hoergen (hoergen@social.hoergen.org)'s status on Saturday, 10-Feb-2018 10:21:24 EST hoergen hoergen
    • imo
    @imo da ruft sowieso keiner an und warum soll mein Telefon dann in irgendeiner Art online sein? Außerdem will ich ja schlafen ;) Und wenn's brennt, dann klingeln die Feuermelder, die Haustüre oder die Feuerwehr prügelt die Türe ein ;)
    Achja, wenn ich mit Freunden unterwegs war oder wir was trinken waren, habe ich auch auf Flugmodus gestellt. Weil ich ja mit denen unterwegs war und nicht mit Leuten, die gelangweilt zu Hause sitzen und andere Leute am Telefon fesseln wollen, die ein echtes Leben haben ;)
    In conversation Saturday, 10-Feb-2018 10:21:24 EST from social.hoergen.org permalink
  14. glsk (glsk@mastodon.social)'s status on Saturday, 10-Feb-2018 08:49:43 EST glsk glsk

    Battery falling down a hole. (via Reddit)

    In conversation Saturday, 10-Feb-2018 08:49:43 EST from mastodon.social permalink Repeated by hoergen
  15. hoergen (hoergen@social.hoergen.org)'s status on Saturday, 10-Feb-2018 10:17:11 EST hoergen hoergen
    • imo
    @imo nee mein Oneplus3t. Aber ich habe es auch darauf angelegt. WLAN nur an, wenn ich tatsächlich was schauen wollte und nachts auf Flugmodus. Nachts gehe ich immer noch auf Flugmodus und das WLAN ist bei mir auch nicht immer an. Auch wenn ich zu Hause bin.
    In conversation Saturday, 10-Feb-2018 10:17:11 EST from social.hoergen.org permalink
  16. hoergen (hoergen@social.hoergen.org)'s status on Saturday, 10-Feb-2018 08:07:46 EST hoergen hoergen
    • imo
    @imo mein Rekord mit einer Akkuladung waren 6 Tage.
    In conversation Saturday, 10-Feb-2018 08:07:46 EST from social.hoergen.org permalink
  17. hoergen (hoergen@social.hoergen.org)'s status on Saturday, 10-Feb-2018 04:16:34 EST hoergen hoergen
    in reply to
    • hoergen
    Hahaha, wird noch besser mit dem nächsten Übersetzer #loool #tw https://social.hoergen.org/attachment/69619
    In conversation Saturday, 10-Feb-2018 04:16:34 EST from social.hoergen.org permalink
  18. hoergen (hoergen@social.hoergen.org)'s status on Saturday, 10-Feb-2018 04:14:35 EST hoergen hoergen
    Neee, is klaa #LOL Nur weil da ein Herzchen drinne ist, wird das wohl Französisch sein ;) #tw https://social.hoergen.org/attachment/69618
    In conversation Saturday, 10-Feb-2018 04:14:35 EST from social.hoergen.org permalink
  19. hoergen on Friendica (hoergen@horche.demkontinuum.de)'s status on Friday, 09-Feb-2018 17:45:03 EST hoergen on Friendica hoergen on Friendica
    Wo sich Krabbe, Oktopus und Muräne gute Nacht sagen. Beeindruckendes Video! https://www.youtube.com/watch?v=ILBQKe51xzg
    In conversation Friday, 09-Feb-2018 17:45:03 EST from horche.demkontinuum.de permalink Repeated by hoergen
  • After
  • Before
  • Help
  • About
  • FAQ
  • TOS
  • Privacy
  • Source
  • Version
  • Contact

Jonkman Microblog is a social network, courtesy of SOBAC Microcomputer Services. It runs on GNU social, version 1.2.0-beta5, available under the GNU Affero General Public License.

Creative Commons Attribution 3.0 All Jonkman Microblog content and data are available under the Creative Commons Attribution 3.0 license.

Switch to desktop site layout.