Jonkman Microblog
  • Login
Show Navigation

  • Public

    • Public
    • Network
    • Groups
    • Popular
    • People

Notices by hoergen on Friendica (hoergen@horche.demkontinuum.de), page 5

  1. hoergen on Friendica (hoergen@horche.demkontinuum.de)'s status on Sunday, 11-Feb-2018 09:43:37 EST hoergen on Friendica hoergen on Friendica
    Regierungsbildung: Nichts mehr zu sagen http://www.tagesspiegel.de/politik/regierungsbildung-nichts-mehr-zu-sagen/20949016.html
    In conversation Sunday, 11-Feb-2018 09:43:37 EST from horche.demkontinuum.de permalink
  2. hoergen on Friendica (hoergen@horche.demkontinuum.de)'s status on Sunday, 11-Feb-2018 05:16:13 EST hoergen on Friendica hoergen on Friendica
    ♲ @Nextcloud News (unofficial) (ncnews@libranet.de): Encryption in Nextcloud
    Providing strong protection of data is the biggest benefit Nextcloud has over public clouds. Self-hosting means you are in control over your data. Of course, un-authorized access has to be stopped and this is where encryption comes in. In this blog post we’ll discuss the different types and layers of encryption used by Nextcloud to keep your data safe. We will discuss the threats the different kinds of encryption are designed to protect against, aiding system administrators in defining their threat model and taking the appropriate security measures.

    What is encryption?



    Encrypting data means mashing it up in a way that makes it nearly impossible for somebody else to read it without a secret token called the encryption key. A simple example is the Caesar cipher: just shift every letter in the alphabet a fixed number of characters. Say you choose 3. An A then becomes a D, a B becomes an E and so on. A message like meet me now becomes phhw ph qrz. Unless you know how many letters to shift, that is, the key (3 in this case) it is very hard to find out the content of the message.

    Modern encryption is far more complicated than that, using mathematical tricks to make it extremely hard to break. You can learn more about those techniques on this Wikipedia page. http://en.wikipedia.org/wiki/Encryption

    What is Threat Modelling?



    Thread Modelling is the process of determining what threats are relevant and need to be protected against. It is used by system administrators to ensure their systems are correctly configured and provide adequate protection without unduly burdening users with overly complicated security hurdles.

    Let’s give an example. Say you want to protect your car. Without asking “from what”, you might make the wrong decisions. Even a thick wall and a canal around your house with crocodiles, while probably effective against burglary, wouldn’t protect the car against heavy hail, something a simple roof would have done.

    Of course, in an IT environment, you have multiple types of data. From customer data and fiscal year reports to the photos from last year’s Christmas party. While the latter could be embarrassing, generally speaking one could expect a draft fiscal year report in an enterprise traded on the stock exchange to require a greater degree of protection. Ideally even IT staff should not be able to access these some files!

    Encryption in Nextcloud



    Nextcloud offers multiple layers of encryption for your data. First, data is protected when being transferred between clients and servers as well as between servers. Second, data can be encrypted on storage; and last but not least, we offer end-to-end encryption in the clients.

    Each has their place and offers a different kind of protection, suitable to protect from a specific type of threat. We will describe each type of encryption and what it protects against.


    The green lock in Firefox and other browsers indicates a secure connection.

    Encryption during data transfer



    Transfer encryption used by Nextcloud secures the connections between servers and clients. This uses standard TLS, a secure communication protocol used by HTTPS. HTTPS is what makes the lock in your browser address bar turn green! It is configured in the webserver, like Apache or NGINX, and our manual contains some instructions here. https://docs.nextcloud.com/server/12/admin_manual/configuration_server/harden_server.html#use-https We strongly recommend to always use Nextcloud with TLS and we’ll warn system administrators strongly if it is not turned on.

    https://nextcloud.com/media/security-setup-and-warnings.png?x16328


    Nextcloud warns the system administrator if HTTPS is not enabled

    Threat model



    Nextcloud uses ‘plain and simple’ HTTP traffic for all file handling, which can be protected with TLS. TLS protects against attempts to capture data in transit between the server and client. It does not protect against a hacked device or server, but prevents data transfers on insecure networks like public WiFi networks, mobile devices or third party networks from being intercepted and is thus invaluable for a Nextcloud deployment.


    Storage encryption



    The Nextcloud Server Side Encryption feature provides secure storage of data by encrypting each file with a unique file key before it is stored. File keys are encrypted, in turn, either by a server wide key (default for feature and performance reasons) or a per-user key. Server Side Encryption provides protection for data on external storage as the files are encrypted before they are sent to storage and the keys never leave the Nextcloud server.

    A server-wide key stores a server password in the Nextcloud configuration directory and uses it to decrypt the server key in the data directory, which in turn is used to decrypt data.

    When using per-user keys, the key in the data directory is per user and encrypted with the user password. We take great care to ensure keys never enter storage but keys will be kept in memory on the Nextcloud server for the duration of user login sessions to facilitate decryption and encryption of data.

    Note that the Nextcloud desktop synchronization clients check for updates every 30 seconds, frequently and predictably providing a window for a malicious server administrator or hacker to steal the keys from the user session!

    And note that Server Side Encryption only encrypts the content of files, not their name or folder structure. Using object storage like S3 works around this limitation as that type of storage back-end never leaks file or folder names.

    Also note that when external storage is not used and a server-wide key is used, storing the encryption keys together with the data means little protection is afforded in cases the drives are stolen. For this threat model, a full-disk-encryption technology is often a better choice than the built-in Server Side Encryption in Nextcloud. https://www.linux.com/learn/how-encrypt-linux-file-system-dm-crypt, http://ecryptfs.org/ and https://www.howtoforge.com/tutorial/encrypt-your-data-with-encfs-on-ubuntu/ tend to be good choices on the server, also allowing modern encryption acceleration features in CPU’s and operating systems to be used.

    Learn more about Server-side encryption on our storage page. https://nextcloud.com/storage

    Threat model



    Server Side Encryption protects data on storage as long as that storage is not on the same server as Nextcloud itself.

    Per-user keys only offer additional protection over a server-wide key in the case of physical theft of the Nextcloud server and storage or a security breach of the sever provided the user(s) do NOT log in for the duration of the breach. A full, undetected Nextcloud server breach by skilled attackers or malicious server administrator still risks exposing user data.
    http://nextcloud.com/endtoend

    Client side End-to-end Encryption



    The ultimate protection of user data is provided by End-to-end Encryption. The Nextcloud End to End encryption feature is designed such that the server never has access to unencrypted files or keys, nor does server-provided code ever handle unencrypted data which could provide avenues for compromise.

    Nextcloud makes End-to-end Encryption very easy to use, seamlessly handling key exchange by the server without leaking any data and facilitating easy sharing with other users and collaboration. However, it comes with a feature loss as any type of online file editing and access to encrypted data as well as public sharing and sharing to groups is not possible for data in folders that are end-to-end encrypted.

    Users can activate the Nextcloud End to End encryption feature for one or more folders. The content of each of these folders will be fully hidden from the server, including file names and directory structure. To sync the data with other devices, users have to enter a code created by the first device. Once that is done, end-to-end encrypted folders are seamlessly synced between devices. Users can share encrypted folders with other users on their server without any need for re-encrypting and re-uploading the data or having to enter passwords for either sender or recipient.

    Cryptographic Identity Protection in the form of server signed certificates and a Trust On First Use (TOFU) https://en.wikipedia.org/wiki/Trust_on_first_use model protects against attackers trying to impersonate other users. Nextcloud supports an optional offline administrator recovery key and allows a complete audit log. Enterprises can optionally employ a secure HSM to to issue certificates to users.

    Nextcloud File Access Control can be employed to enforce End-to-end Encryption in Nextcloud based on set criteria, for example group membership of users, file extension, size and more. This way, a sub-set of sensitive data can be afforded the highest level of protection while other data and users can continue to benefit from the easy public file exchange and online collaboration capabilities of Nextcloud.

    As an example, Nextcloud enables a system administrator to ensure that all files created by the Finance department have to be end-to-end encrypted while other departments can collaborate and share to their hearts’ desire.

    Learn more about End-to-end Encryption on our website. https://nextcloud.com/endtoend

    Treat model



    End-to-end Encryption in Nextcloud is designed to protect user data against any attack scenario between user devices, even in case of a undetected, long-term security breach or against untrusted server administrators.

    It does not protect the data on user devices themselves and theft of an unencrypted, unlocked user device would enable an attacker to get access to private keys.

    Conclusion



    Encryption is used by Nextcloud to protect your data in transit and on external storage – and with End-to-end Encryption even against an untrusted server. When setting up a self-hosted file sync and share solution, it is wise to develop a threat model, determining clearly what threats the server should protect against, and then configuring the server environment to ensure protection against the identified threats. This blog post should then help choose the correct type(s) of encryption to employ to achieve the desired level of protection.
    https://nextcloud.com/blog/encryption-in-nextcloud/
    In conversation Sunday, 11-Feb-2018 05:16:13 EST from horche.demkontinuum.de permalink
  3. hoergen on Friendica (hoergen@horche.demkontinuum.de)'s status on Saturday, 10-Feb-2018 18:48:11 EST hoergen on Friendica hoergen on Friendica
    ♲ @You Had One Job (YouHadOneJ0B@twitter.com): Should have seen it coming.




    https://pbs.twimg.com/media/DVrODBUV4AE8rK6.jpg
    In conversation Saturday, 10-Feb-2018 18:48:11 EST from horche.demkontinuum.de permalink
  4. hoergen on Friendica (hoergen@horche.demkontinuum.de)'s status on Saturday, 10-Feb-2018 18:05:38 EST hoergen on Friendica hoergen on Friendica
    ♲ @Dieter Steffmann (DieterSteffmann@twitter.com): @MartinSoechting @Alice_Weidel Megalomanie: übersteigerte Geltungssucht, nicht begründete Selbstüberschätzung und Selbsterhöhung von Kraft, Fähigkeit, Begabung etc.

    In conversation Saturday, 10-Feb-2018 18:05:38 EST from horche.demkontinuum.de permalink
  5. hoergen on Friendica (hoergen@horche.demkontinuum.de)'s status on Saturday, 10-Feb-2018 17:56:00 EST hoergen on Friendica hoergen on Friendica
    ♲ @Kiezerhalt (kiezerhalten@twitter.com): Wieder Baumfällungen bei #Blücher. Trupp muss schließlich, nachdem schon zwei Bäume daran glauben mussten abziehen. Konnten keine Baugenehmigung vorlegen. #xhain
    #Herrmann #FlorianSchmidt







    In conversation Saturday, 10-Feb-2018 17:56:00 EST from horche.demkontinuum.de permalink
  6. hoergen on Friendica (hoergen@horche.demkontinuum.de)'s status on Friday, 09-Feb-2018 17:45:03 EST hoergen on Friendica hoergen on Friendica
    Wo sich Krabbe, Oktopus und Muräne gute Nacht sagen. Beeindruckendes Video! https://www.youtube.com/watch?v=ILBQKe51xzg
    In conversation Friday, 09-Feb-2018 17:45:03 EST from horche.demkontinuum.de permalink
  7. hoergen on Friendica (hoergen@horche.demkontinuum.de)'s status on Friday, 09-Feb-2018 17:32:15 EST hoergen on Friendica hoergen on Friendica
    Designer Graham demostrates Winston Churchill’s personal pressure chamber, created to enable him to make high-altitude flights safely. In: Life, 10 Feb 1947.

    To protect the precious bulk of Winston Churchill in wartime a special one-man pressure chamber was built for the personal plane which carried him many times across the Atlantic and to Casablanca, Moscow and Yalta. Churchill was warned by his doctors that it was dangerous for a man of his age and physical condition to fly above 8,000 feet. The solution was a pressure chamber complete with ash trays, telephone and an air-circulation system good enough to prevent smoke from the ubiquitous cigar from fogging the atmosphere. https://www.nerdcore.de/2012/01/24/winston-churchills-pressure-chamber/
    In conversation Friday, 09-Feb-2018 17:32:15 EST from horche.demkontinuum.de permalink

    Attachments

    1. Winston Churchills Pressure Chamber
      By René from Nerdcore
      Winston Churchills Pressure Chamber
  8. hoergen on Friendica (hoergen@horche.demkontinuum.de)'s status on Friday, 09-Feb-2018 17:13:50 EST hoergen on Friendica hoergen on Friendica
    https://twitter.com/archillect/status/961195354279563264
    In conversation Friday, 09-Feb-2018 17:13:50 EST from horche.demkontinuum.de permalink
  9. hoergen on Friendica (hoergen@horche.demkontinuum.de)'s status on Friday, 09-Feb-2018 17:11:42 EST hoergen on Friendica hoergen on Friendica
    https://twitter.com/archillect/status/961562776270528514
    In conversation Friday, 09-Feb-2018 17:11:42 EST from horche.demkontinuum.de permalink
  10. hoergen on Friendica (hoergen@horche.demkontinuum.de)'s status on Friday, 09-Feb-2018 02:20:36 EST hoergen on Friendica hoergen on Friendica
    Eine Redakteurin für Wirtschaft schreibt in der faz, dass die Beratungsgesellschaft PricewaterhouseCoopers herausgefunden hat, dass Schulkinder digitale Bücher auf Tablets besser finden und dass Lehrer halt einfach dazulernen müssen.

    Ein Schelm, wer bei der Ansammlung der Worte "Wirtschaft, Beratungsgesellschaft, PWC, Digitale Bücher (Leihware), Tablets (Wegwerf-Ware)" ein wirtschaftliches Interesse wittert. NIEMALS NICHT!

    Und bevor jetzt all die hyperaktiven Eltern mit #mimimi Rechtfertigungen um sich schmeißen, dass die Kinder ja dann nicht mehr so schwer tragen müssten, sollten sie erstmal wieder aus ihrem SUV steigen und die echte Welt betrachten, bevor sie ihre Kinder noch mehr verweichlichen. Es ist ja un_ver_antwortlich, wenn Kinder Muskeln entwickeln.
    In conversation Friday, 09-Feb-2018 02:20:36 EST from horche.demkontinuum.de permalink
  11. hoergen on Friendica (hoergen@horche.demkontinuum.de)'s status on Thursday, 08-Feb-2018 19:17:10 EST hoergen on Friendica hoergen on Friendica
    ♲ @Katharina 🏳️🌈🍪 (spacekookie@twitter.com): It's a Wireshark 🦈




    https://pbs.twimg.com/media/DVjIn0kW0AA-dBv.jpg
    In conversation Thursday, 08-Feb-2018 19:17:10 EST from horche.demkontinuum.de permalink
  12. hoergen on Friendica (hoergen@horche.demkontinuum.de)'s status on Thursday, 08-Feb-2018 19:07:47 EST hoergen on Friendica hoergen on Friendica
    “Ist das dieses "Screenshot machen"?” https://twitter.com/boundborg/status/961586427300601856
    In conversation Thursday, 08-Feb-2018 19:07:47 EST from horche.demkontinuum.de permalink
  13. hoergen on Friendica (hoergen@horche.demkontinuum.de)'s status on Tuesday, 12-Dec-2017 03:15:13 EST hoergen on Friendica hoergen on Friendica
    Und Adam stieg wie Phoenix aus der Arche wieder auf. #BibelZoten
    In conversation Tuesday, 12-Dec-2017 03:15:13 EST from horche.demkontinuum.de permalink
  14. hoergen on Friendica (hoergen@horche.demkontinuum.de)'s status on Monday, 11-Dec-2017 02:41:12 EST hoergen on Friendica hoergen on Friendica
    Mutig leben - ahundredmonkeys persönlich https://www.youtube.com/watch?v=A7hZavr6t7c https://ahundredmonkeys.de/
    In conversation Monday, 11-Dec-2017 02:41:12 EST from horche.demkontinuum.de permalink
  15. hoergen on Friendica (hoergen@horche.demkontinuum.de)'s status on Sunday, 10-Dec-2017 19:40:53 EST hoergen on Friendica hoergen on Friendica
    Tasty Japan auf Twitter: Honig mit ♪ in Grüntee-Pulver Pancake House Cafe https://twitter.com/TastyJapan/status/939501333987540992
    In conversation Sunday, 10-Dec-2017 19:40:53 EST from horche.demkontinuum.de permalink
  16. hoergen on Friendica (hoergen@horche.demkontinuum.de)'s status on Saturday, 09-Dec-2017 10:18:06 EST hoergen on Friendica hoergen on Friendica
    Soziale Netzwerke - keine Freunde

    Ich bin der Auffassung, dass ein soziales Netzwerk keinen Freundeskreis bildet, oder abbildet. Es gibt immer wieder Menschen, die schreiben, dass ihre verbundenen Kontakte ihre Freunde sind, mit denen sie alles teilen können. Meines Erachtens fehlt hier grundlegendstes Verständnis für diese Netzwerke.

    Ein soziales Netzwerk kann man gut mit einer Sendung in Funk und Fernsehen vergleichen. Man kann einschalten, zuhören, sich daran beteiligen und man trifft immer mal wieder Leute, die man schon mal gehört oder gesehen hat.

    Das ist eine Öffentlichkeit! Kein Freundeskreis.

    Und es ist wohl jedem klar, dass es ein Riesenunterschied ist, ob eine Sache im Freundeskreis herum geht, oder über Fernsehen oder Radio ausgestrahlt wird.

    Natürlich kann ein Freundeskreis eine Teilmenge dieser sozialen Netzwerke sein. Aber es ist nie anders herum. Dazu kommt, dass in den zentralen und ghettoisierten Netzwerken wie Facebook, Twitter Instagram, G+, Whatsapp und wie sie alle heissen, noch eine dritte Partei mitlauscht und auswertet, was man so macht.

    Diese verkaufen dann ihre Auswertungen an alle, die es interessiert: Werbeindustrie, Krankenkassen, Versicherungen usw. Also alle, die ein Geld dafür hinlegen. Wann ist das letzte Mal ein Freundeskreis damit aufgefallen, der so agiert?

    Ich hoffe das kommt irgendwann mal in den Köpfen an.
    In conversation Saturday, 09-Dec-2017 10:18:06 EST from horche.demkontinuum.de permalink
  17. hoergen on Friendica (hoergen@horche.demkontinuum.de)'s status on Friday, 08-Dec-2017 20:38:51 EST hoergen on Friendica hoergen on Friendica
    Der Kopf hinter dem Apache Web Server, Brian Behlendorf, hat drastische Worte gefunden: Laut ihm ist die Zentralisierung des Internets auf riesigen Serverfarmen die Ursünde des Internets. Das Internet, so Behlendorf, war von Anfang an dezentral gedacht. https://www.btc-echo.de/tutorial/was-ist-ethereum-ether/
    In conversation Friday, 08-Dec-2017 20:38:51 EST from horche.demkontinuum.de permalink

    Attachments

    1. Was ist Ethereum (ETH)? | BTC-ECHO
      from BTC-ECHO
      Ethereum ist nach Bitcoin die bekannteste Kryptowährung. Doch Ethereum ist mehr als ein Coin – es macht Smart Contracts und dApps möglich.
  18. hoergen on Friendica (hoergen@horche.demkontinuum.de)'s status on Friday, 08-Dec-2017 03:11:34 EST hoergen on Friendica hoergen on Friendica
    Berlin Night Skyline

    https://horche.demkontinuum.de/photos/hoergen/image/c33700f3dc149e4415ddbd9587ea61d6 #foto #berlin #skyline #night
    In conversation Friday, 08-Dec-2017 03:11:34 EST from horche.demkontinuum.de permalink
  19. hoergen on Friendica (hoergen@horche.demkontinuum.de)'s status on Thursday, 07-Dec-2017 19:19:51 EST hoergen on Friendica hoergen on Friendica
    - Steht ihr Sohn auf Saurier und anderes prähistorisches Zeugs?
    - Ja, er mag seine Mutter.
    #filmzitat
    In conversation Thursday, 07-Dec-2017 19:19:51 EST from horche.demkontinuum.de permalink
  20. hoergen on Friendica (hoergen@horche.demkontinuum.de)'s status on Thursday, 07-Dec-2017 17:44:46 EST hoergen on Friendica hoergen on Friendica
    LineageOS Update löscht Apps

    Bin ja eigentlich sehr zufrieden mit LineageOS für mein Android Fon, aber beim letzten Update wurden etliche Apps einfach so gelöscht und das ist ne ziemliche Sauerei ! Keine Ahnung, warum wieso und nach welchen Kriterien die Apps gelöscht wurden. aber sowas sollte so gar nie passieren!
    In conversation Thursday, 07-Dec-2017 17:44:46 EST from horche.demkontinuum.de permalink
  • After
  • Before
  • Help
  • About
  • FAQ
  • TOS
  • Privacy
  • Source
  • Version
  • Contact

Jonkman Microblog is a social network, courtesy of SOBAC Microcomputer Services. It runs on GNU social, version 1.2.0-beta5, available under the GNU Affero General Public License.

Creative Commons Attribution 3.0 All Jonkman Microblog content and data are available under the Creative Commons Attribution 3.0 license.

Switch to desktop site layout.