Six sided devops engineer and baseball fan

I am also @Quill7513@slrpnk.net, but this is my primary and more active account. The slrpnk.net account is for ecology and lemmy.world stuff

https://keyoxide.org/BAF9ACFBBA5B9A51A680D77CEF152DAE039C5CF5

  • 0 Posts
  • 159 Comments
Joined 1 year ago
cake
Cake day: June 4th, 2023

help-circle





  • The Cuuuuube@beehaw.orgtoLinux@lemmy.mlA word about systemd
    link
    fedilink
    English
    arrow-up
    6
    ·
    edit-2
    2 months ago

    this is everything i see monitoring Linux boxes everyday. we’ve shifted mostly to OpenRC about it. i can’t imagine defending SystemD if you have experienced anything other than it and SysInitV. yeah compared to SysInitV, it’s really nice, but to say it’s good and stable? that’s like praising your landlord for all the work they do and the reason they haven’t fixed your broken dishwasher is because they’re so busy from what a good landlord they are


  • The Cuuuuube@beehaw.orgtoLinux@lemmy.mlA word about systemd
    link
    fedilink
    English
    arrow-up
    8
    arrow-down
    1
    ·
    2 months ago

    In fact, the situation has gotten much worse. The coupling of SystemD’s components to each other has gotten tighter. The coupling of things that aren’t SystemD to SystemD has gotten tighter. SystemD itself has gotten less stable. The overall result? Our operating systems require more, not less, troubleshooting, and they’re less, not more, enjoyable to use and develop on


  • The Cuuuuube@beehaw.orgtoLinux@lemmy.mlA word about systemd
    link
    fedilink
    English
    arrow-up
    14
    arrow-down
    4
    ·
    2 months ago

    SystemD has been such a frustration the last couple years with the wonderful simplicity and stability it used to provide managing a system completely out the door as its main development company (RedHat) has stopped giving any kind of a shit about being a positive force in the world. We all shoulda listened 10 years ago when the greybeards were telling us not to fall for an init system trying to do too much.



  • Sure yeah. I think corpos suck, too. That’s why I don’t prefer 1password. But Firefox puts their passwords into a file, too (two actually). Key3.db and Logins.json, both with known locations, and encrypted using AES-256-GCM which is… Decent but I prefer to go a little more hardened. The thing with keepass is the following:

    1. Its open source, no corpo
    2. The file encryption you select can be as hardened as you want
    3. No one but you need know the location of your file
    4. It offers 2fa which Firefox password manager doesn’t
    5. Firefox password manager is more susceptible to social engineering attacks is mainly what I was worried about but it seems like you’ve got a good handle on it.
    6. You don’t have to integrate keepass with the browser to use it

    But I want to make it abundantly clear. @Dyskolos@lemmy.zip has not recommended storing your passwords in a file. They have suggested storing your passwords in a mechanism that can be as secure as your hardware is capable of securing and keeping the location of that up to your own decision making.

    But also. Promise me this. If you’re going to keep using Firefox as your password manager:

    1. Don’t use sync. That’s run by Firefox’s corporate arm, Mozilla PBC
    2. Use a primary password of at least 32 characters
    3. Consider rotating your password on a regular interval, like on your birthday





  • In-built password managers for browsers are straightforward to crack. Like… Terrifyingly easy. It’s much better to use something like Bitwarden, Vaultwarden if you don’t trust Bitwarden, 1Password if you really want the reassurance of paying someone for trust, or KeePass if you don’t trust anyone at all (I, personally, fit into this category).


  • Messengers are not protocols. They use protocols. Most XMPP clients use the same encryption scheme Signal does only without being dependent on a single specific server, allowing users to spread out. I recommend reading about the differences between targeting developing a platform and developing protocols. Once you do, you’ll see XMPP+Encryption in a better light than anything like Signal. The main problem in the current moment with XMPP+Encryption us that it isn’t where the people are. Us tech weirdos can start the push into that space a little bit, but we need “Normies” to adopt to, and for that we need to be clear on what were talking about. Comparing XMPP to signal doesn’t make sense. Comparing Cheogram to Signal does. And in the latter, cheogram frankly blows Signal out of the water for real privacy and security considerations




  • Yeah. I didn’t pull down my comments when I left, but the oldest ones from 2010-2012 are real fucking wrong-headed. That’s while I was still in college and hadn’t learned yet that the real messaging about how the world works was

    1. staring me right in the face
    2. not discussed as being about what its about by mainstream media outlets

    That was the era frat rap was not just allowed to exist, but with some regularity got mainstream popularity. The great irony is two big names from that space, Asher Roth and Mac Miller went on to do some really thoughtful and insightful work, and I think their journey of awakening to the harm their privilege did is what a lot of us went through. Like. I don’t think the majority of us were thinking enough about the importance of countercultural music movements. Now google and reddit get to be the kings of that toxic outdated way of thinking.

    The bad news is… That toxic outdated way of thinking benefits them. And now they’ll have a big data model that can post real seeming messages and amplify those shitty takes a lot of us grew out of