z3bra @ wgs @lemmy.sdf.org

[z3bra.org](https://z3bra.org/)

---

Read more

Posts

17

Comments

214

Joined

2 yr. ago

Le but n'est pas de rajouter une surcouche, mais de "remplacer" le réseau existant. Le projet n'en est encore qu'à l'étape de preuve de concept, donc pour l'instant fonctionne comme une surcouche afin d'en simplifier l'utilisation. Car pour remplacer l'existant, il faudrait interconnecter les noeuds Yggdrasil directement entre eux, ce qui freinerait grandement l'avancée du projet.

Pour répondre à ta question, le chiffrement est fait en amont de la couche TCP/UDP, dans les couches basses. C'est la carte réseau qui va chiffrer les données avant de les envoyer via TCP ou UDP. L'avantage étant que l'on peut réutiliser les couches supérieurs "telle qu'elle", sans rien avoir à modifier.

I have a single database server because I can't afford two servers with high storage. The servers that need access to it connect over wireguard VPN. This is slow as f**k don't do that.

C'est une preuve de concept réseau basée sur l'IPv6. Ce n'est ni un VPN (le réseau est ouvert et tout le monde peut le rejoindre), ni un réseau anonymisant (l'adresse IP servant de clé publique, elle permet justement d'identifier la source).

Le principe est de proposer une alternative au routage en place sur internet, qui est un maillage de routeurs connectés en BGP. En prime, le réseau propose du chiffrement de bout en bout, nativement. Tu peux considérer ça comme un VPN géant auquel tout le monde peut se connecter. Le routage d'une machine à une autre est effectué grâce à une table de hashage distribuée (DHT), et est donc relayé par les nœuds du réseau plutôt que par des routeurs centralisé.

Chaque noeud génère son couple de clé privée/publique, et dérive son IP de cette clé publique. Quand deux machines communiquent, chacune utilise l'IP de son pair pour chiffrer les données avant qu'elles ne partent sur le réseau. Le paquet transite ainsi, chiffré, en étant relayé par les autres nœuds du réseau. Il arrive ensuite a destination, où il est déchiffré va la clé privée du noeud. Et la même chose se produit au retour.
Je trouve ça hyper cool, car ça permet de revenir sur des protocoles simples, en clair (http, SMTP, telnet, gopher, ...) en étant assuré que tout est chiffré lors du transit, et que le paquet est bien originaire du pair attendu!

Ok je suis peut-être un peu un nerd du réseau... Mais quand même, c'est cool non ?

That's your use case, but you could also want to share a picture with your family, or some confidential logs with a collegue or support team. However, I wouldn't trust any online service for this use case though. If some information is confidential, you should encrypt it yourself, share it with your peer (you could use a pastebin), then share the key over a trusted channel that's different from this pastebin.

J'ai testé le bépo, et j'ai lâchement abandonné ^^ Mais depuis la sortie du nouvel azerty je me suis trouvé un nouveau copain ! En gros ça change uniquement les symboles pour rendre leur emplacement plus logique (le "ç" en AltGR + C, les parenthèses/accolades/crochets à côté, …). C'est facile à apprendre pour le coup car les symboles ne sont pas aussi ancrés dans la mémoire musculaire que les lettres. Donc je recommende chaudement !

J'aimerai parler d'Yggdrasil, un réseau superposé (ça fait chelou en Français…) en IPv6, qui chiffre les données en point-à-point tout en routant les paquets de manière décentralisé. On dirait la présentation d'une startup de crypto-monnaie pleine de "buzzwords", mais il n'en est rien, et c'est un projet que je trouve super intéressant !

Je m'en sers personnellement depuis quelques années pour accéder à mes serveurs en SSH, et c'est fichtrement stable et rapide !

Pour lister rapidement les points que je trouve cool:

• traffic chiffré en point-à-point entre les noeuds du réseau
• addresse IPv6 dérivée de la clé publique (permet de vérifier l'authenticité d'une requête grâce à l'IP sources)
• routage décentralisé (utilisation de tables de hashage distribuées)

Deb support will come later, but:

If the same piece of software exists in the Ubuntu repository and the snap store the new store will only make it possible to install the snap version.

So the title is on point IMO.

Crux user here. I like the port tree system and simple package building recipes. It's also a distro that kept things very simple over the years despite the rise of dbus and systems. Also the mascot.

1. Definitely Ubuntu, it's the most user friendly for people coming from other OSes
2. I'd say Ubuntu again, or maybe Debian. You built up skill and learnt the distro so you want to use something you know for work. On your personal computer, try other ones. I personally picked Arch at this time (around 2012), which helped me "understand" how the OS works, rather than simply use it. I reinstalled it quite a few times and broke the system a lot.
3. Any distro with a simple package management system. My personal choice goes to crux, but it's very barebones. NixOS or Gentoo would be fine too The point here is to learn how to build packages by building them yourself, and I feel like the "big" packages managers (apt, yum, dnf) are too complex for that. They also decorelate runtime libraries from headers files, which is a pain to work with as a développer IMO.

But it's just my personal experience, many new distro popped up since then. Also for reference, I've been using Linux for 12 years now, and I run Crux on my desktop, Ubuntu at work, and OpenBSD on my servers.

But you gotta try a few before you can like one. And for that, asking others for their experience is the best you can do!

I do agree with your last line though. Don't force yourself to use a distro just for the sake of learning it.

I mean, it's not a big deal to have crawlers and bots poking at our webserver if all you do is serving static pages (which is common for a blog).

Now if you run code on server side (eg using PHP or python), you'll want to retrieve multiple known lists of bad actors to block them by default, and setup fail2ban to block those that went through. The most important thing however is to keep your server up to date at all times.

I don't know if they can "just" dump the key from RAM on a bare metal server. Nevertheless, it covers my ass when they retire the server after I used it.

And yeah I've had quite a few servers die on me (usually the hard drive). At this point I'm wondering if it isn't scheduled obsolescence to force you into buying their new hardware every now and then. Regardless, I'm slowly moving off scaleway as their support is now mediocre in these cases, and their cheapest servers don't support console access anymore, which means you're bound to using their distro.

Don't even bother with a SWAP partition. Create an empty file on your / partition so you can grow/shrink it as needed.

    
did if=/dev/zero of=/SWAP bs=1024m count=4
mkswap /SWAP
swapon /SWAP

  

I already have to do it every now and then, because I insisted on buying bare metal servers (at scale way) rather than VMs. These things die very abruptly, and I learnt the hard way how important are backups and config management systems.

If I had to redo EVERYTHING, I would use terraform to provision servers, and go with a "backup, automate and deploy" approach. Documentation would be a plus, but with the config management I feel like I don't need it anymore.

Also I'd encrypt all disks.

Well, partly. g/pattern/cmd will let you select lines where you want to apply cmd. For the use case I present in the post, it solves the problem. But the g command, has the same limitation as every command in vim: it works on line only. On the other hand, the x command in sam applies to the whole text. It doesn't matter whether or not you have new lines in the pattern.

Imagine that you have a text file, and you want to make sure that all paragraphs are separated by only one blank new line. I cannot think of a way of doing it easily in vim, while with sam expressions, you can do: x/\n+/ c/\n\n/ and call it a day :) Another cool feature is that as x is a command like any other, which applies to any predefined selection. For example, you can do stuff like that:

Emacs is considered an advanced editor.
And while Vim users tend to swear on Emacs.
Emacs users are still convinced that Emacs rules!

    
x/Emacs rules/ x/Emacs/ c/Sam/

  

This will first extract "Emacs rules" from the whole text, then extract "Emacs" from it, then change it to "Sam". This means that you can narrow down the parts of the text that your commands will apply to portions of the line. The g command here would simply select the last line for you, but then you'd have to be very careful not to substitute the first occurrence of "Emacs", leading to the following in vim (I'm exaggerating the command for the example of course) :

    
g/Emacs rules/s/Emacs rules/Sam rules/

  

Uses a port tree system for packages similar to openbsd.

The setup and configuration is really simple and friction less (for example, daemon start/stop scripts are standalone and sit in /etc/rc.d).

The user repositories are decentralized, and very straightforward to setup, meaning anyone can package something, and share it with the community.

The packaging system is the simplest I've ever found in a distro, meaning that making your own package is a very simple and quick process.

It does not use systemd.