Create accountLogin

Recent searches

No recent searches

Search options

Only available when logged in.
mastodon.social is one of the many independent Mastodon servers you can use to participate in the fediverse.
The original server operated by the Mastodon gGmbH non-profit

Administered by:

Server stats:

347K
active users

mastodon.social: AboutStatusProfiles directoryPrivacy policy

Mastodon: AboutGet the appKeyboard shortcutsView source codev4.4.0-nightly.2025-04-01

#dropbear

0 posts0 participants0 posts today
Replied in thread
Public
Kevin Karhan :verified:

@claudius @max @signalapp

No problem:

I could go on all night, so please shove that #TechPopulism somewhere the sun doesn't shine!

Infosec.SpaceKevin Karhan :verified: (@kkarhan@infosec.space)@max@gruene.social To [quote you directly](https://gruene.social/@max/113872018769294131): > "[...] easy to use solutions that are at the same time private and secure. [...]" - The fact that @signalapp@mastodon.world requires #PII like a #PhoneNumber which more often than not *cannot be legally acquired anonymously* makes it not #private. It is easier, faster, cheaper and overall simpler to get someone setup with #XMPP + #OMEMO espechally if they don't have a #PhoneNumber and/or #ID to acquire a #SIM. And if you go and say, *"Just buy a [insert country here] [e]SIM!"* and expect #TechIlliterates without a #CreditCard, #PayPal or other means of #OnlinePayment to fiddle around with some #eSIM if not having to get some #eSIMcard because they can only afford to maintain one SIM and can't spend triple-digits on a new devices then you *completely missed the point*! - I can much faster and easier get TechIlliterates setup show them around - either in a @cryptoparty@mastodon.earth / @cryptoparty@chaos.social / #CryptoParty - style #classroom / #seminar or 1:1 tutoring than I can *legally acquire and activate a new SIM in #Germany* [since 07/2017]... It's not that I expect anyone to get #TechLiterate within minutes, but similar to setting up a cordless DECT phone it's something one has to do once in 5 years and just have them put the password in a safe spot to retain... - - - Point is that #Signal #WontFix their setup and that was evidently clear even before @Mer__edith@mastodon.world succeeded #MoxieMarlinspike: Their entire operation has a *distinct #CryptoAG stench* as it's an #unsustainable #VCmoneyBurning party! - #CloudAct and the #NOBUS [hegemony](https://en.wikipedia.org/wiki/NOBUS#Criticism) ain't something that just got executed now (neither was #GDPR & #BDSG!)... A counterexample on how this could've been done are #Tor, #eMail and other *truly #OpenSource* as in #MultiVendor & #MultiProvider standards. - *NOTHING* compells Signal to [demand PII](https://en.wikipedia.org/wiki/Signal_(software)), run a #Shitcoin #Scam [aka.](https://en.wikipedia.org/wiki/Signal_(software)#In-app_payments) #MobileCoin that even seasoned #TechLiterates and #CryptoBros [can't setup properly](https://www.youtube.com/watch?v=0DSGq9FQKU4), and in fact Signal using [phone numbers makes it trivial to discriminate against users and easier for them to identify them](https://en.wikipedia.org/wiki/Signal_(software)#Controversial_use)! - If [my reasoning](https://infosec.space/@kkarhan/113869305765533809) didn't resonate with you, then try helping i.e. undocumented migrants aka. *"#SansPapier|s"* to get setup with it without violating laws and/or ToS and/or needing an imported SIM which I'm shure most folks don't have on hand! Whereas it's trivial to get people setup on [one of many XMPP servers I've personally tested](https://github.com/greyhat-academy/lists.d/blob/main/xmpp.servers.list.tsv)! - Not to mention clients like @monocles@monocles.social / #monoclesChat and @gajim@fosstodon.org / #gajim are way more user-friendly and unlike Signal can also work perfectly fine over #Tor, including #OnionServices as endpoints. AFAIK Signal doesn't even have an #OnionService / [```.onion```](https://en.wikipedia.org/wiki/.onion) for their Website, much less any #API enpoints to use it with! - Them relying on #ClownFlare is just something that makes them even *more #sus* as there is *[no legitimate reason](https://en.wikipedia.org/wiki/Cloudflare#Controversies)* to use a #RogueISP like that. - - - You're free to also provide evidence and supporting data to your arguments, rather then *neighsaying* against *proven to be more secure and reliable [by virtue of decentralization]* options like XMPP+OMEMO and/or #PGP/MIME. - What gets my blood boiling is the constant #disinfo by [Signal](https://mstdn.social/@rysiek/113868777937162686) [Fanboys](https://mstdn.social/@rysiek/113869169340313254) like @rysiek@mstdn.social who sell it like #DigitalSnakeoil akin to #AntivirusSoftware, because it's at best *"#TechPopulism"* and at worst [will mislead "TechIlliterates"](https://infosec.space/@agturcz@circumstances.run/113868748895262202) with a [false sense of security](https://infosec.space/@kkarhan/113868987217053362), which in turn puts more users at risk. The *proper fix* is to actually *assess the situation* and acknowledge the *risks and limitations* as well as the very nature of communications, which means *upgrading later* is exponentially more painful, thus getting people *properly setup once* is way easier. - Just because *WE* [ or rather @rysiek@mstdn.social in this case ] rather *privilegued enough* to not be *hatecrimed in their current location* doesn't mean this is the case for everyone. And having places like Signal rely on a *"#CDN"* is just another *red flag* to me because questions like [this one](https://circumstances.run/@agturcz/113866980398547492) just don't arise with [monocles.chat](http://monocles.chat) as people can just exercise proper #SelfCustody and just use Tor! Speaking of #monocles: That business is at least #sustainable because it's funded by users [(€2 p.m.)](https://store.monocles.eu/produkt/monocles-starter-account/) which they can [pay anonymously](https://monocles.eu/more/#payment-section)
#EOD#thxbye#next
Public
Gea-Suan Lin

Dropbear SSH 不會讀 /etc/environment 的問題

在 Raspberry Pi 上追問題一路找原因發現的,起因是 Dropbear SSH 預設不支援 PAM,所以不會觸發 PAM 會在登入時讀 /etc/environment 的設計。

其中 PATH 變數比較特別,Dropbear SSH 預設會塞很基本的值進去:

/* The default path. This will often get replaced by th

blog.gslin.org/archives/2024/1

Gea-Suan Lin's BLOG · Dropbear SSH 不會讀 /etc/environment 的問題在 Raspberry Pi 上追問題一路找原因發現的,起因是 Dropbear SSH 預設不支援 PAM,所以不會觸發 PAM 會在登入時讀 /etc/environment 的設計。 其中 PATH 變數比較特別,Dropbear SSH 預設會塞很基本的值進去: /* The default path.
#Computer#Murmuring#Network
Replied in thread
Public
Kevin Karhan :verified:

@xeniac I know that this is the case, but it's not a technical unavoidance despite the #RaspberryPi being a non-#UEFI - #arm device.

  • Even on the old, #32bit boards.

The solution in that regard would be to boot into a #live / #setup mode like with #RaspberryPiOS for #i586-based #PCs and extend it to a setup that allows creating a new custom image with #LUKS - #FDE enabled and properly encrypted.

  • OFC on a #Pi0W that would mean one would've to plug in a 2nd MicroSD with a USB-Adapter but that's not the Point.

I'm not even demanding much, just a simple #TUI / #CLI setup like @ubuntu / #UbuntuServer has with basic customizations.

  • I'm not even expecting it to go so far as to offer including #dropbear - #SSH in the #initramfs so one can boot into the encrypted install and unlock it remotely. Just gimme the blinking cursor at the boot asking me to enter the password for the encrypted partition...
#dropbear#ssh#initramfs
Replied in thread
Public
Kevin Karhan :verified:

@eroc1990 @JohnDal I disagree, as all such #SupplyChainAttacks are merely based upon lack or #reviewers and lack of #funding.

Not to mention it's easier and faster to fix #FOSS as well as the #diversity of systems mitigate said issues (i.e. #dropbear was affected by neither #RegreSSHion #XZ's #backdoor, likely preventing another #Mirai-Style #Botnet from being created...

After all, these issues are systemic, and denying the root cause is turning a blind eye at the obvious fix!

Public
Codeschubse, Sith

Ich habe #Dropbear, einer Anleitung¹ folgend, so eingerichtet, dass ich das verschlüsselte Laufwerk meines Servers remote entsperren kann. Ich habe es, von der Anleitung abweichend, so konfiguriert, dass ich trotzdem am #Server per Keyboard entsperren kann. Das hat genau ein einziges Mal funktioniert. Seither kommt am Bildschirm vom Server keine Eingabeaufforderung für die Passphrase zum Entschlüsseln mehr.

Hat eins von Euch ne Idee, wie ich das reparieren kann?

¹ dwarmstrong.org/remote-unlock-

www.dwarmstrong.orgRemotely unlock an encrypted Linux server using Dropbear ☯ Daniel Wayne ArmstrongLibre all the things
Public
mirabilos

Say… what is there in #Linux distributions that…

  • don’t go in your way too much when you’ve been a veteran #Debian user, admin, developer and project member
  • systemd-free (including no UsrMove)
  • not busybox-based (so Alpine Linux is out)
  • #musl-based is actually a plus in my eyes
  • good availability of software (so I can justify using it at $dayjob) for server and dev work
  • #X11, not (just) Wayland (this probably means #Xorg these days)
  • security support (especially Firefox ESR)
  • either stable with security updates and good upgradability or a mild rolling one (that does not require daily updating, perhaps every couple of days; I did run Debian sid as main workstation at work for years)
  • allows me to package my own stuff and my own versions of already-included stuff as needed
  • has a good focus on quality and integration, not a "we package vanilla upstream code" philosophy
  • ofc privacy, no phoning-home by default, patching that out of software too
  • some QA wouldn’t go amiss but I’m aware that even reaching a fraction of what Debian’s does is all but impossible for any other #distro (and yes, that includes commercial Debian derivatives as well as unrelated enterprise distros)

So far I’ve been eyeing Slackware (great ling-term commitment but software availability seems not good) and Void (bit wary about runit as init; while I’ve been using DJB dæmontools to manage individual services, I’d not use it as init) but I have no idea. Bit wary of different packaging tools as well but I’ll probably manage.

#Devuan is not an option: I have full faith in their incapability to deviate in anything from Debian in the long term. And at this point it’s clear that DEB-based distros would need to do a full hard fork from bullseye and never just import any packages from later Debian to thrive, which is unsurmountable.

It should be initramfs-based so I can do a remote FDE cryptsetup unlock with #Dropbear (or full OpenSSH of course) and iproute2 (or busybox ip, but not just klibc ipconfig) over #IPv6. (I hacked that on top of Debian’s successfully.)

I’d need amd64 (on 2007-era Thinkpads, VMs, and server hardware) at first, but armel or armhf/ARMv6 for the occasional RPi I got gifted (I don’t buy from them, what with their surveillance cop and censorship thing) wouldn’t go amiss.

Replied in thread
Public
Kevin Karhan :verified:

@ariadne makes sense given the specific case.

For @OS1337 and #spm I do have to rely on the minimal #1440kB sized "CORE" Edition being the only dependency, so have the #toybox-#wget w/o #SSL and thus only #HTTP & #FTP support.

Granted this ain't safe nor final and I may just scrap spm if something better, simpler, easier to maintain and/or smaller comes along...

Cuz the Idea is that one boots the "Core Edition" and just download essential packages either on-the-fly or for installation.
github.com/OS-1337/pkgs/blob/m

Since I have #dropbear as client aka. dbclient available I may consider #SFTP if feasible...

GitHubpkgs/docs/WISHLIST.tsv at main · OS-1337/pkgsOS/1337 Package Repository. Contribute to OS-1337/pkgs development by creating an account on GitHub.
ExploreLive feeds
About