TCB13

TCB13 , 3 months ago to selfhosted in Best resources to learn more about networking

Well, how much wifi and open-source do you really want?

If you are willing to go with commercial hardware + OpenWRT you might want to check the table of hardware at openwrt.org/toh/…/toh_available_16128_ax-wifi and openwrt.org/toh/views/toh_available_864_ac-wifi. Solid picks for the future might be the Netgear WAX2* line (no USB), the GL.iNet GL-MT6000, ASUS RT-AX59U, Belkin RT1800, Belkin RT3200, Linksys E7350, Linksys E8450. If you don’t mind having older wifi a Netgear R7800 is solid.

For a full open-source hardware and software experience you need a more exotic brand like this www.banana-pi.org/en/bananapi-router/. The BananaPi BPi R3 and here is a very good option with a 4 core CPU, 2GB of RAM Wifi6 and two 2.5G SFP ports besides the 4 ethernet ports. There’s also an upcoming board the BPI-R4 with optional Wifi 7 and 10G SPF.

Side note: while there are things like OPNsense and pfSense that may make sense in some cases you most likely don’t require that. You’ve a small network and OpenWRT will provide you with a much cleaner open-source experience and also allow for all the customization you would like. Another great advantage of OpenWRT is that with a great router like the BananaPi BPi R3 you’ve the ability to install 3rd party stuff in your router, you may even use qemu to virtualize stuff like your Pi-Hole on it or simply run docker containers.

TCB13 , 3 months ago to linux in Flathub is launching their new featured banners on April 20 using brand colors provided by publishers

No I’m assuming they’ve a limited number of resources, like everyone else, and they like to pool them in the wrong things. Besides they don’t want to open the door for offline and mirroring because then they would lose their privileged position of being the single largest and most used way to get flatpaks.

TCB13 , 3 months ago to linux in There is a school in Wisconsin that uses Linux

That’s fair but I was extrapolating a bit there. After all unless their IT department and IT related teachers were really inept they would’ve know that Microsoft offers things to education and would’ve got them.

TCB13 , 3 months ago to science_memes in this one goes out to the arts & humanities

So… art is essentially failing ahaha.

TCB13 , 3 months ago to technology in Proton picks up Standard Notes to deepen its pro-privacy portfolio

they always do client-side auth rather than tradition server-side auth

They must have some server-side auth as well, otherwise I could just emulate requests from the bridge an pull all your PGP encrypted email from their servers. Even though it would be mostly useless it would still be a big vulnerability issue.

IMAP/SMTP-based provider to whom you always send your passwords in plaintext

Why do you say that? What led you to believe it?

Most providers are running IMAPS (IMAP over SSL) or IMAP with StartTLS (upgrade to TLS) and the same for submission to make sure there are no passwords in plain-text. Furthermore mail clients and servers also support password hashing and some, like Google, even go further and push people into IMAP/SMTP authentication with XOAUTH2 (OAuth token unique for each e-mail client).

Non-plaintext mechanisms have been designed to be safe to use even without SSL encryption. Because of how they have been designed, they require access to (…) their own special hashed version of it. doc.dovecot.org/…/authentication_mechanisms/#non-…

Going back to Proton, if they do use PGP in a generic way it means all your e-mail are encrypted and whenever you want to open the website or use the bridge they’ve to decrypt them. As you described before, they do this client side and that’s okay.

Now the next question is: how do they decrypt your mailbox? Their servers hold your private PGP key encrypted with your login password, once a client wants to decrypt your mailbox it has to pull that private key from the server and then use your password to locally decrypt it. Said now plain text key can then be used to decrypt the e-mails. This is a common security practice to make PGP and other asymmetric encryption schemes work securely without forcing the user to store and mange its own private key - that’s okay as well.

For e-mail coming from external providers (and people who don’t use PGP) Proton receives the unencrypted message (over TLS) and then encrypts it with your public PGP key. After this point you are the only person who can decrypt the message because while they also hold your private key it is encrypted thus they can’t use it to decrypt the message. This is reasonable and okay.

Now the thing is, all this can be accomplished via IMAP/SMTP, with the same level of security, if you employ a few rules:

1. Tell customers who want to use IMAP/SMTP that they’re required to configure PGP manually on their clients otherwise their mailbox will be encrypted / useless and they won’t be able to send e-mail;
2. Submission (sending e-mail via SMPT) servers configured to refuse any e-mail that isn’t PGP encrypted;
3. Only provide IMAP/SMTP authentication with SSL/TLS;
4. Restrict the IMAP/SMTP authentication to a non-plaintext mechanism;
5. If they don’t go for XOAUTH2, then force people into creating a specific app password for each e-mail client - like Google also allows for legacy stuff that doesn’t support XOAUTH2.

Note that their current apps/bridge also needs to authenticate itself with some hashed version of your password, otherwise I could just emulate requests from the bridge an pull all your PGP encrypted messages from their servers. Actually using XOAUTH2 tokens or unique app passwords would be even be safer than what they’re doing.

Considering their PGP implementation is standard then doing those tweaks isn’t impossible and they would provide the same level of security their apps provide but also be flexible enough for more advanced users.

TCB13 , 3 months ago to linux in There is a school in Wisconsin that uses Linux

Who knows if they ever asked?

TCB13 , 3 months ago to datahoarder in How to store digital files for posterity? (hundreds of years)

I believe you’re approaching this from the wrong angle - this isn’t a tech problem, this is a people problem.

save them for posterity so that it lasts for periods like 200 years and more. This allows great-grandchildren and great-great-grandchildren to have access.

Instead of trying to get media that can last 200+ years, just teach your kids and grandkids the importance of keeping your family legacy alive. This will be way more effective than any medium you can come up it. Storage technologies change but the data remains the same, the future generations should be able to gradually upgrade storage mediums as necessary so the information keeps existing.

TCB13 , 3 months ago to linux in Dynebolic is a portable Linux distribution that can be used without installation

So, this like a Debian live USB with persistency enabled and tools for create people pre-installed. What else is new?

TCB13 , 3 months ago to science_memes in this one goes out to the arts & humanities

The art and humanities is more a side project

I’ll add:

A side project that isn’t a life or death situation like most of those physical labor things you’re talking about. Art isn’t also bound or constrain by rules and regulations like those jobs and if the AI fails at art then there’s no problem. Nobody would care.

TCB13 , 3 months ago to linux in Flathub is launching their new featured banners on April 20 using brand colors provided by publishers

Flathub priorities: adding colors and banners;

What Flathub actually lacks: a decent way of archiving and installing things offline (that knows how to deal with architectures, drivers and dependencies), an official and proper way of mirroring the repository.

lol

TCB13 , 3 months ago to technology in Proton picks up Standard Notes to deepen its pro-privacy portfolio

Great find, even worse than what I was thinking. Like you I was also under the assumption they applied some kind of encryption to all metadata as well.

TCB13 , 3 months ago to technology in Proton picks up Standard Notes to deepen its pro-privacy portfolio

PGP is not closed. What proton has done is make a really cool JS library for PGP as part of their Web UI (openpgpjs.org) which other projects, even those unrelated to Proton have used, like Mailvelope.

I never said PGP was closed, what I was saying is that their implementation of the access to their service is closed (not using standard IMAP/SMTP) and subsequently “their” PGP might be questionable / opaque.

If they actually do everything with open standards and PGP by the book as they say, why can’t they provide IMAP/SMTP access to everyone who wants it BUT add the disclaimer that you’ve to use a PGP compatible e-mail client and configure it to deal with the encryption… they could even configure their submission to refuse any email that isn’t PGP encrypted to improve things further. The fact that they don’t do this leads me to believe that they either a) aren’t actually doing everything as “by the book PGP” and there might be security issues or b) they’re “privacy” as a catch all excuse in order to push a bit of vendor lock-in.

Their market niche is privacy conscientious people and those same people tend be to computer savvy and I bet half of them would mind setting up PGP on Thunderbird and use Proton without a bridge. Everyone else could still use their apps, web or the bridge.

TCB13 , 3 months ago to linux in Samba vs NFS vs SSHFS ?

sshfs : probably most easy to setup. Can be confusing with ownership and permissions sometimes.

And the worst option if you have Windows clients.

TCB13 , 3 months ago to technology in Proton picks up Standard Notes to deepen its pro-privacy portfolio

Thanks.

TCB13 , 3 months ago to linux in There is a school in Wisconsin that uses Linux

You are already drowning in downvotes.

So what? I’m not a politician running a politically correct popularity contest and saying what people want to hear to win votes. I’m just stating what is omitted from the article and what is a fact as you eventually got there:

Really the only application that managers are likely to have any specialist knowledge around is Excel. I will admit that knowing Excel specifically vs other spreadsheet applications is useful. Being able to do a VLOOKUP, a pivot table, or even just proper multi-sheet formulas is useful

Honestly though, the Internet is littered with $19 Excel courses. Take one.

Yes, and will a gen-Z take them? Isn’t just easier to gradually expose them to those tools so they learn naturally without the pressure of getting to some job?