BozeKnoflook

@BozeKnoflook@lemmy.world

This is a remote user, information on this page may be incomplete. View at Source ↗

⁨Comment⁩ on ⁨Password manager woes. How have you solved syncing on Android?⁩ ⁨⁨6⁩ ⁨days⁩ ago⁩:
There has to be, the PasswordStore app for Android can keep the GPG files in a storage location where other apps can read & write them. All you need is something to handle the synchronization.

I’m a control freak and prefer to do things like that manually, so I just use the built-in git & SSH based method it provides.
⁨Comment⁩ on ⁨Password manager woes. How have you solved syncing on Android?⁩ ⁨⁨6⁩ ⁨days⁩ ago⁩:
That entry names are stored in plain text doesn’t bother me; if somebody has broken into my system so well that they’ve copied my password store then the last of my concerns will be if they can easily find out if I have a password stored for example.org or example.net. At that point it doesn’t matter if they can tell that I have a Jellyfin password stored, because that service is running on my server with clients installed on my phone & tablet.

And I handle key storage with a pair of Yubikeys which hold a copy of my private key. It can’t be extracted (only overwritten). There is a physical copy kept on offline, disconnected storage, which could be an attack vector – but if we’re at the point of somebody breaking into my house to target my password management then all bets are off: you don’t need to break my kneecaps with a hammer for me to tell you everything, I prefer to keep my knees undamaged.

For attachments I just add another entry; /services/example.org-otherThing - there’s nothing stopping you from encrypting binary data like an image.

And when it comes to convenience: I have a set of bash scripts that use Wofi to popup a list of options and automatically fill in data. Open example.org click the login field, hit meta-l, type example.org, hit enter and wait a moment: it’ll copy and paste the username, hit tab for me, then copy/paste the password, then copy a bunch of random data into the clipboard buffer like 10 times before copying an empty string another hundred times to flush said buffer. meta-f for username only, meta-g for password only; it’s honestly way more convenient for me than the 1Password setup I use at work.

I understand the point the video is making, but I think it’s irrelevant if you keep the private key on something like a Yubikey.
⁨Comment⁩ on ⁨Password manager woes. How have you solved syncing on Android?⁩ ⁨⁨1⁩ ⁨week⁩ ago⁩:
I use passwordstore.org which is basically a bash script that wraps GPG; but there is an Android client as well.

Everything is stored in encrypted files tracked by git. Files are synchronized by git/SSH to a server I run.
⁨Comment⁩ on ⁨⁩ ⁨⁨1⁩ ⁨month⁩ ago⁩:
Police have had, since the late 90s I think, the “Hotplug” which is a special battery pack / generators that provide a special power plug where you can gently loosen the existing plug, slide the generator’s plug in place over it, then remove the computer from the main supply while keeping it powered on.

Power plug locks only buy you time or prevent casual mayhem; the police can work around those.
⁨Comment⁩ on ⁨Serverless Is An Architectural Handicap (And I'm Tired of Pretending it Isn't)⁩ ⁨⁨4⁩ ⁨months⁩ ago⁩:
Absolutely. People really sleep on just how much traffic a simple low end server running a PHP framework can handle. I’ve ran systems with a million users (combined across multiple domains and clients but still) and it was just fine with a single database server and a few web servers. They would have needed to hit the tens of millions of users before serious refactoring or rewriting would have ever been necessary to consider.
⁨Comment⁩ on ⁨Serverless Is An Architectural Handicap (And I'm Tired of Pretending it Isn't)⁩ ⁨⁨4⁩ ⁨months⁩ ago⁩:
I’m sure ‘serverless’ has a good time and place to be used, but in my experience it has just always the worse choice.

“But we need to be able to scale!”

Sure, but we’re not in a place where we’re getting anywhere near early mySpace / Facebook / Google style growth. Just get a regular ass cheap VPS and stick your service on it; if you need to expand upgrade the VPS. If it’s starts getting serious then let’s look at compartmentalizing and distributing it if we need to.
⁨Comment⁩ on ⁨Huge internet outage live blog: Amazon, Disney+, Hulu, HBO Max and more experiencing issues⁩ ⁨⁨5⁩ ⁨months⁩ ago⁩:
health.aws.amazon.com/health/status

I suspect the big problem is that IAM (AWS authentication system) is affected and it is not decentralized, which is causing other systems worldwide to fail because the internal authentication is broken.

I can’t login to the AWS console to check on my stuff in the European zone, because the login goes through IAM in us-east-1 where all the authentication does.
⁨Comment⁩ on ⁨[deleted]⁩ ⁨⁨5⁩ ⁨months⁩ ago⁩:
health.aws.amazon.com/health/status

I suspect the big problem is that IAM is affected and it is not decentralized, which is causing other systems worldwide (even outside of AWS’ us-east-1 location) which rely on IAM in us-east-1 to also fail. I’m having trouble even logging into the AWS console to check on my European servers.
⁨Comment⁩ on ⁨Android Password Store is back on F-Droid⁩ ⁨⁨9⁩ ⁨months⁩ ago⁩:
Omg thank you! I was just starting to look for alternatives
⁨Comment⁩ on ⁨Android Password Store is back on F-Droid⁩ ⁨⁨9⁩ ⁨months⁩ ago⁩:
Unfortunately OpenKeyChain is now no longer being developed. It still works… for now.
⁨Comment⁩ on ⁨If these mother fuckers are trying to make me pay for Healthcare to talk to fucking ChatGPT I swear to god ChatGPT is going to write me so many scripts for opioids its won't be funny.⁩ ⁨⁨11⁩ ⁨months⁩ ago⁩:
He also once thought every home would have a dedicated ISDN line.