You’re right, 1*1 line.

I prefer 1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1.

There is a dirty bit indicating the disk was not ejected properly. It stays there until you use the “scan and fix” action. It doesn’t indicate corruption directly.

You can also use the sync command to flush cached writes and wait for completion, but I agree that it is a bit cumbersome.

New Technology File System

Or at least streamline “forget”: dismember

Reminds me of that southpark episode…

Obfuscated JS.

How do you handle offline access, for example when using a Laptop? Syncthing seems to be an option.

Use a separate home partition to decouple the system from your user data. Easier to snapshot and to replace the system.

Yes, by default windows launches UAC prompts in the supposedly isolated “secure desktop” instead of the classical “interactive user desktop”.

It is not necessary for the attack and was used to illustrate the vulnerable app manifest configuration.

You’re right to be reluctant to apply everything by hand. K3s has a built-in feature that watches a directory and applies the manifests automatically: https://docs.k3s.io/installation/packaged-components

This can be used to install Helm charts in a declarative way as well: https://docs.k3s.io/helm

If you want to keep your solution agnostic to the kubernetes environment, I would recommend that you try ArgoCD (or FluxCD, but I never tried it so YMMV).

You could try to dump the EEPROM and get a hold of the user password or override it by reprogramming it.

I guess the network will be a bottleneck on Garage too. If you want high performance you might need a hybrid solution, like clustering of stateful apps on local storage as well as periodic full backups on a distributed storage.

Longhorn is pretty easy to use. Garage works well too. Ceph is harder to use but provides both block and object storage (s3).