• 3 Posts
  • 71 Comments
Joined 1 year ago
cake
Cake day: April 27th, 2024

help-circle


  • Can’t believe noone mentioned this yet:

    Any good password manager encrypts and decrypts your password file client side. The server should not even have the ability to read your passwords.

    Even in the case of a leak of all of the server’s data, as long as your password for the manager was good, you’ve got nothing to worry about.

    I’d say pick a PW manager where both client and server are open source. Pick a strong passphrase. Enjoy.


  • Yeah, but no dark magic involved.

    • build image
    • copy to proxmox ISO store
    • import, resize disk
    • start, wait to come online
    • read ssh pubkey, save it
    • rekey secrets
    • rebuild VM

    The only “magic” parts are two nix modules for handling proper networking and hardware setup, and exposing required attributes to the script.

    Works really well, zero manual config (beyond the services you want to run…) required on nix or proxmox side.



  • Funny - same thing here. Got 3 proxmox hosts running, all virtual machines are NixOS though.

    I’d love to go full Nix, but between my GF and I, we kinda split the responsibilities: hardware is hers, applications are mine. And there’s not a chance she’ll give up her Proxmox hosts 😄

    Got it automated to a single “provision” command though that will spin up any of my nix VMS unanttended, so I’m happy with that.








  • I think that at the bare minumum, the PORN<->GOV connection must not occur. How about this (simplified):

    • USER visits porn site
    • PORN site encrypts random nonce + “is this user 18?” with GOV pubkey
    • PORN forwards that to USER
    • USER forwards that to GOV, together with something authenticating themselves (need to have GOV account)
    • GOV knows user is requesting, but not what for
    • GOV checks: is user 18?, concats answer with random nonce from PORN, hashes that with known algo, signs the entire thing with its private signing key
    • GOV returns that to USER
    • USER forwards that to PORN
    • PORN is able to verify that whoever made the request to visit PORN is verified as older than 18 by singing key holder / GOV, by checking certificate chain, and gets freshness guarantee from random nonce
    • but PORN does not know anything about the user

    There’s probably glaring issues with this, this is just from the top of my head to solve the problem of “GOV should know nothing”.


  • Not sure. How about this (simplified):

    • USER visits porn site
    • PORN site encrypts random nonce + “is this user 18?” with GOV pubkey
    • PORN forwards that to USER
    • USER forwards that to GOV, together with something authenticating themselves (need to have GOV account)
    • GOV knows user is requesting, but not what for
    • GOV checks: is user 18?, concats answer with random nonce from PORN, hashes that with known algo, signs the entire thing with its private signing key
    • GOV returns that to USER
    • USER forwards that to PORN
    • PORN is able to verify that whoever made the request to visit PORN is verified as older than 18 by singing key holder / GOV, by checking certificate chain, and gets freshness guarantee from random nonce
    • but PORN does not know anything about the user

    There’s probably glaring issues with this, this is just from the top of my head to solve the problem of “GOV should know nothing”.




  • I dream of a pure information protocol. Kinda like RSS, but… More.

    • allow any piece of information (news article, DM, sensor reading,…) to be wrapped in a standard format
    • subscribe to any number of source directly or indirectly (e.g. through a self-hosted relay server)
    • allow networks to define default data sources (e.g. get sensor data from machines as soon as you are connected to corporate networks
    • make the data declare what UI elements are required,
    • but allow clients to display them however the fuck they want
    • allow user to assign priorities statically or programmatically to any source, and to filter, sort, categorize based on it

    Essentially: I want “the feed” from universes like The Expanse