csm10495 @ csm10495 @sh.itjust.works

Aka csm10495 on kbin.social

---

Read more

Posts

36

Comments

517

Joined

2 yr. ago

Moderating

---

Unpopular indeed; at least to me.

I look to the comments to get other perspectives and additional information that may have been overlooked in the original post. Then of course, discussion can ensue. Sprinkle in some memes in the right places and it works well for me.

Terrible idea of the day: You could use something like NFS and map the drive on all clients. On that drive you can have the latest keys then use symlinking to update, etc.

Something like puppet, chef, ansible are likely better choices.

The are so into and proud of themselves that if they were to shit right now, they would eat it.

I wonder what the goal of these changes is. I'm a bit tired of android/Google interface changes every year or so for no reason other than change.

Material, material you, idk what's next.

8

I like it.

Take an updoot from me.

It doesn't have to be difficult.. or even done at all.

Reminder to folks that being active in the fediverse does not mean you need to not be on traditional forums, social media, etc. It is perfectly fine to be active in both, either, or none.

I'll put a recommendation out for if you're going to open ports: use abnormal ports. Someone is likely to try to hit your port 22 for ssh, but not your port 49231.

Edit: It's definitely some security by obscurity. Still use a strong password or keys.

For people who don't mind it not being self hosted: Authy is good for this. You can also set a backup password (to encrypt your tokens on their servers) and optionally use it cross device.

You can allow multi device temporarily to setup, then disable to not allow new devices, etc.

(I get you didn't ask this specifically, but figure it could be useful to someone else).

I think the big thing is sometimes giving it time. In hindsight the other person may agree that you did the right thing.

Ultimately if you can justify it to yourself based off morals that make sense, time will heal the wound.

All the best.

Too bad they don't give you an option to pause or turn off.

It would be an awesome open source project to make a git repo with a graph that emulates a song in guitar hero.

So dumb.

In other news: where can i get one?

There was a website where I was making an account and it was like: no semicolons.

To this day I wonder if that was how they blocked sql injection.

Yeah.. but I think its overkill. The root cert would be on the same box somewhere nearby. Compromising the host has the same issue as plaintext.

I guess at the end of the day there is also a root of trust. In an enterprise setting a system giving out certs could be compromised and give out certs to the wrong people/machines. In a home setting, the machine being compromised has a similar affect.

Funny enough, I thought of using a USB stick or something as a physical security key, using that for a vault, then having secrets in the vault.. but then realized I'd have to leave it plugged into the server, making it so anyone with server access would get the password anyways.

Makes me think that everything is security by obscurity at some level. The more obscure: the more 'secure'.

It's kind of like how an SSH key is generally considered more secure, but if I used password authentication and had a file with a 512 character random password, it would be more/less the same thing. Either way, we have the key in a file.

The problem is that would be so annoying/impractical. In an optimal world, yeah a person checking a prompt and approving could make sense, but in practice that would also mean that the MFA prompt would have to ask for the password anyways. (Or the password would be on the phone with the same problem as on the computer).

Can you imagine having to type a password on an hourly schedule or something? If the password was cached, we have the same problem again.

Pizza pizza.

Do you guys ever have that thing where you are almost asleep then feel like you're falling? That scares me everytime.