Yeah, I do spend too much time here but I think it’s important to keep the community active because we haven’t won the anti-corpo social media war yet. So we have to overcontribute in content, funding, etc. From each according to their ability, etc.
What I’ve noticed:
Some of these aren’t damning on their own, but put altogether make me believe it’s one person. Also they never deny that when pressed. The conversation just stops and they disappear for a day or two until the next post.
a disgruntled Hong Kong exile with too much time on their hands
Quite possibly. I think they may live in Germany or be German because I’ve seen some activity in German. Who knows. I doubt they’re a paid actor because there’s enough money in the official media machine pushing this line so I think you’re right. Someone who really hates China/CCP/CPC, perhaps for a good reason of their own, with a lot of free time. It really sucks because there are really interesting discussions that can be had on any of these topics. There’s another guy around here whose family emigrated from China because they weren’t having a great time with the 1-child policy among other things. He’s in the US and can have rational and interesting discussion about this stuff without bursting in flames.
E: Here’s a recent unhinged discussion with Scotty.
Fact, but since that’s common and cheap, and I’m not aware of an equivalent FOSS alternative, I’d go with Meshtastic, if were to dabble. And I dabble. :D
Pretty sure these are all the same person. If you ever engage, you can recognize the same asshole attitude. I’ve seen multiple of them up/down vote comments where no one else has. Don’t think they do that anymore cause it’s too obvious.
It’s not even 1 account. It’s a collection of sockpuppets. I started noticing them when they started posting in !Canada@lemmy.ca but apparently the streak goes quite further back. The latest ones are Sepia and tardigrade.
I’ve also suggested changing tactic a bit from being a complete bad-faith asshole to good-faith commenters to at least being nice. Nada.
🫡 A natural consequence of leftist ideology.
BTW, Meshcore is MIT and not fully FOSS, while Meshtastic is GPL and fully FOSS.
This reminds me to remind people to put their apps on snapshotting filesystems and activate autonatic, regular snapshots. Then you can always go back to a working version when something goes wrong. I use ZFS but I think Btrfs is also good for that.
There’a a global positive shift in opinion on China that’s happened over the first year of Trump. The trend was already there in the “Global South” but it’s now happening everywhere. This shift is driven by real economic and geopolitical pressures. E.g. US tariffs and military threats, Chinese investment and cheap EVs, etc. Add to that there are more people on Lemmy from non-NA/EU countries than on US-centric platforms like Reddit and this shift becomes even more apparent here. In Western countries the positive opinion on China is less one of an ally and more of a necessary partner. In Canada, the opposition to trade with China shifted from 80% in 2020 to 32% at the end of 2025.
If you’re primed to not see anything positive about China, then even positive views around partnership could appear as pro-China propaganda. Also people in the Global South are much more aware of US and European atrocities so when you present China’s atrocities as a counter to people’s positive opinions, it looks unserious and hypocritical to them. If you see their hypocrisy callout as a propaganda method and you call it out as such, you lose all good faith credibility with them.
Pics:
PS: Along with this shift, comes the realization among some that a lot of what they thought about China came from corporate US interest via US-owned media that pushes a line useful for that interest. This has happened to me and multiple RL friends and family in Canada. The conversations on the last thanksgiving table have changed a lot since 2024. At present we’re in the necessary partner camp.
Microslop can cry about it.
Thanks for reporting the results! TIL about cryfs.
Yup. VeraCrypt is also portable but it would play badly with web-backed storage that uploads/downlaods whole files. Would only be usable on local NAS storage. That said, I’m curious to see how Cryptomator performs on local NAS for high-perf applications compared to VC or LUKS. E.g. if you want to have a large photo collection with Immich on top of it. 😀 Sadly I don’t have NAS anymore to test it out.
The fact you didn’t mention the barest of minimums in your comment if where the issue lies.
I described the procedure step-by-step mentioning each layer. That’s the best I could do.
OP specifically said they DID NOT want exactly what you’re describing.
OP said they’re worried about performance with this solution. Hence why my first response addressed the performance issue. The rest was responding to you (and anyone else who is reading) since you thought that is not an E2E solution. I tried explaining why it’s client-side encryption and no keys are stored on the host.
OP, test the performance of LUKS image, VeraCrypt (if entertaining that) and Cryptomator and tell us how they perform! 😁
You could run a small set of fio runs to test sequential, random and parallel perf.
The host mounts no LUKS. The host just exports a network share via NFS. The client mounts that NFS share to a local mount pount. Then the client has a dir which actually resides on the host. So far completely standard NAS stuff. Then the client creates a file in that dir. E.g. secretcontainer.img. This file is then encrypted on the client using cryptsetup (LUKS). Then it’s mounted on the client using LUKS. All the LUKS stuff happens on the client. The only interaction with the host is throgh NFS. The host just sees a file appear called secretcontainer.img on its storage. The same idea would work with VeraCrypt instead of LUKS. Or Cryptomator. Or anything else that can store encrypted data in file(s) in a directory.
LUKS can be used on a single file where the file acts as a disk device.
Also what I’m describing here is bog-standard Linux functionality that’s existed at least for 2 decades. Nothing fancy. It’s stuff that’s good to know so I’d be happy to answer questions.
E:
The procedure on the client is roughly:
cd /network/share/mountpoint
fallocate -l 1G test.img
cryptsetup luksFormat test.img
cryptsetup open test.img test_decrypted
mkfs.ext4 /dev/mapper/test_decrypted
mount /dev/mapper/test_decrypted /mnt
Once that’s done, subsequent uses are:
cryptsetup open test.img test_decrypted
mount /dev/mapper/test_decrypted /mnt
Of course that can be automated further.
Just tested it in a local dir and it works fine. The only difference between that and the real scenario is whether test.img resides on a network mount or local disk. Since the network mounts behave like normal disks, everything else works the same. The only concern is what the performance would be, which depends on how the underlying network fs handles reads/writes to test.img. E.g. if you change 0.5MB, does it send that 0.5MB or does it rewrite the whole 1GB file. When reading, does it have to read the whole 1GB file or just parts of it as needed. Etc.
Cryptomator encrypts files individually right?
E:
For the curious like me, here’s how Cryptomator makes a directory with multiple encrypted files appear as a single vol when decrypted. From mount:
fuse-nio-adapter on $HOME/.local/share/Cryptomator/mnt/test type fuse.fuse-nio-adapter (rw,nosuid,nodev,relatime,user_id=1000,group_id=1000)
It uses its own fuse module to present it as a volume. The real directory has its own file structure:
~/test/test$ find
.
./c
./vault.cryptomator
./vault.cryptomator.12A05032.bkup
./d
./d/LO
./d/LO/AYYSWMZO35ASQ2HOACU3I7LRVIAMH4
./d/LO/AYYSWMZO35ASQ2HOACU3I7LRVIAMH4/PmAyroZAF5W7kGoHxr3Fhi-NeQIeO7SZcufE.c9r
./d/LO/AYYSWMZO35ASQ2HOACU3I7LRVIAMH4/dirid.c9r
./IMPORTANT.rtf
./masterkey.cryptomator.7DB56291.bkup
./masterkey.cryptomator
This looks like a good option. Perhaps more flexible than using LUKS/VeraCrypt file, but those should work too if the underlying dir is on NFS/SAMBA.
Not sure I’m getting you and probably didn’t explain myself well. Here’s what I mean:
At no point does the client’s key leave their computer and the host only ever sees encrypted data.
Subsequent uses without automation:
That’s at least how I understood OP’s suggestion for putting LUKS images on the NAS and that is secure indeed. They’re worried about performance.
LUKS-encrypted images won’t have bad performance. Could also use VeraCrypt or something like that for better portability if you need cross-platform function. Expose the folders where the images are stored via NFS/SAMBA. Flexible and portable solution.
You could expose volumes with iSCSI and format/mount them on the clients. Probably don’t want to do that.
E:
LUKS-encrypted images won’t have bad performance.
Actually it depends whether the underlying network fs can do partial writes. I imagine both NFS and SAMBA can. If the file has to be fully rewritten with every change, then perf would be dead.
Marx entered the chat
Snapshots aren’t backup. No question.