| lkcl | let me know when someone from Cuba or Russia is "allowed" to have one. | 11:27 |
|---|---|---|
| lkcl | and let me know if you're happy with your new God. your absolute One True Authority and arbiter of on your online identity: Microsoft. | 11:34 |
| lkcl | Raptor Engineering bans its employees from using github because of the risk to their employees, some of whom do Dept of Defense contract work | 11:36 |
| lkcl | having Microsoft as your God and Absolute Authority means that if they get hacked or demands are made to provide your identity by a Government - and they will - you have zero recourse. | 11:37 |
| lkcl | at least with a GPG key and a keyring Web of Trust between developers you are not enslaved to the new Gods of your life and identity. | 11:39 |
| lkcl | also: have you done the code review yet of the firmware for the yubikey? | 12:05 |
| lkcl | and does it use "FIPS-approved" (U.S. Govt, NSA Certified) crypto ASICs? | 12:06 |
| lkcl | you realise those ASICs are only certified to pass the tests in the Compliance Suite | 12:06 |
| lkcl | if you'd said, "the rust team has reivewed the full schematics and firmware used by one of Crowdsupply's many high security security products and has forced Microsoft to accept their use in a peer-distributed Web-of-Trust that Microsoft has no authority or control over" | 12:09 |
| lkcl | i would have been deeply impressed | 12:09 |
| Chips4Makers[m] | <lkcl> "and let me know if you're..." <- Says a person who uses Google for email... | 15:14 |
| lkcl | Chips4Makers[m], i know. i'm not happy about it, and have 15 gb of email to have to move. | 15:18 |
| lkcl | the "real name" policy had me really concerned about getting cut off from that, i'd be royally screwed | 15:19 |
| lkcl | i did run my own imap server online for a while: it didn't go well | 15:19 |
| lkcl | not because of the imap hosting but because of the insane level of spam (something mad like 1,000 spam messages an hour) required more CPU power running spamassassin than was possible for the virtual machine | 15:21 |
| sadoon_albader[m | You ever think most of the spam is perpetuated by Google and Microsoft to keep you tied to their email services? | 15:22 |
| lkcl | in the end i went "screw it" and redirected everything through gmail. | 15:22 |
| lkcl | no, most of it is state-sponsored and mafia. they make enough money - enough people do actually buy viagra - that it's justified | 15:23 |
| sadoon_albader[m | I've done everything I can short of changing my domain name and I'm still having issues of people not receiving my emails | 15:23 |
| lkcl | and enough people fall for the scams. i have an otherwise highly-intelligent person with 2 PhDs who contacts me at least one every 18 months to ask if a particular email is a scammer or not | 15:23 |
| lkcl | sadoon_albader[m, you got dnssec, dmarc, spf, and a fixed IP address? | 15:24 |
| lkcl | what's the domain? | 15:24 |
| sadoon_albader[m | I believe I've got all. | 15:24 |
| sadoon_albader[m | soulserv.xyz | 15:24 |
| lkcl | https://mxtoolbox.com/emailhealth/soulserv.xyz/ | 15:25 |
| lkcl | reverse DNS is not set up | 15:25 |
| lkcl | mail.soulserv.xyz Reverse DNS does not contain the hostname | 15:25 |
| lkcl | mail.soulserv.xyz Reverse DNS does not match SMTP Banner | 15:26 |
| sadoon_albader[m | Huh, I was pretty sure I set that up | 15:26 |
| sadoon_albader[m | I have some maintenance to do anyways so I'll do it all tonight | 15:26 |
| sadoon_albader[m | Thanks | 15:26 |
| sadoon_albader[m | But as far as spam goes | 15:27 |
| lkcl | my favourite there is teergrube | 15:27 |
| sadoon_albader[m | I've only received 2 spam emails since setting it up in March or April | 15:27 |
| lkcl | good grief | 15:27 |
| lkcl | are you running greylisting at all? | 15:27 |
| lkcl | yyeah it's a little different if you've been running a domain for 20 years | 15:28 |
| lkcl | Creation Date: 2000-01-20T20:13:57Z | 15:28 |
| sadoon_albader[m | I just use spamassasin with defaults based on a guide online | 15:28 |
| lkcl | i did, too - and it ate 1 GB of resident RAM and required 20 processes at any one moment | 15:29 |
| lkcl | fail2ban i've found extremely useful btw | 15:30 |
| lkcl | you might also want to enable gzip compression on your website | 15:31 |
| lkcl | https://www.webpagetest.org/result/211224_BiDcGJ_a1a4f76bbf91213aa9a8fcb23d2d6689/ | 15:31 |
| sadoon_albader[m | I've got a lot to learn heh | 15:32 |
| lkcl | it was the stylesheet that needed it | 15:32 |
| lkcl | hey at least you have a brain-dead-simple website, which is awesome | 15:33 |
| lkcl | 100% score on both mobile and desktop. wow https://pagespeed.web.dev/report?url=https%3A%2F%2Fsoulserv.xyz%2F | 15:33 |
| lkcl | that's extremely rare | 15:33 |
| lkcl | 0.2 seconds to first pain :) | 15:33 |
| lkcl | that puts you in the top 1% of all websites in the world :) | 15:33 |
| lkcl | 0.2 seconds to first paint :) | 15:34 |
| sadoon_albader[m | Heheh nice | 15:35 |
| sadoon_albader[m | It's all written in markdown which I compile to html using Python-markdown | 15:35 |
| sadoon_albader[m | And the css is borrowed from unixsheikh.com with minor edits, but he changed his much now so mine resembles it from earlier this year | 15:35 |
| lkcl | nice | 15:38 |
| lkcl | ha. found a great resource on gzip compression for nginx https://www.digitalocean.com/community/tutorials/how-to-increase-pagespeed-score-by-changing-your-nginx-configuration-on-ubuntu-16-04 | 15:38 |
| octavius | Interesting test resource lkcl, thanks for sharing those. Tested them on my site as well, seems that hostinger isn't too bad of a host provider (though email is missing dmarc) | 15:40 |
| lkcl | https://mxtoolbox.com/emailhealth/libre-soc.org/ whoops :) | 15:44 |
| lkcl | octavius, i just searched online "email domain checker" or something | 15:45 |
| lkcl | wtf in /var/log/nginx/error.log "/usr/lib/open() security.txt" ??? | 15:54 |
| programmerjake | idk if it's this exact one, but a teardown of a similar yubikey revealed it uses https://www.infineon.com/cms/en/product/security-smart-card-solutions/security-controllers-for-usb-tokens/sle-78clufx5000ph/ | 18:22 |
| programmerjake | re russia, cuba --- if i made my own security chip it'd likely be illegal for me to sell it to someone in russia or cuba or iran or a few other places...it isn't my fault (or microsoft or github or yubico), it's the us govenment's export restrictions or the other government's legal restrictions (iirc that's the case for russia), so no amount of complaining could get around that unless I managed to get the law changed (basically | 18:26 |
| programmerjake | impossible) | 18:26 |
| programmerjake | yubico does have a fips-compliant version that they make | 18:27 |
| lkcl | this one's one of my favourites - runs a general-purpose linux OS with an iMX6 (superb processor with a 19-year lifetime support from Freescale/NXP) https://www.crowdsupply.com/f-secure/usb-armory-mk-ii | 19:36 |
| lkcl | another one is this - https://www.crowdsupply.com/solokeys/somu - which uses an STM32F4, which is an excellent processor, supported by libopencm3 | 19:37 |
| lkcl | and this one apparently works with github 2FA https://www.crowdsupply.com/nth-dimension/signet-high-capacity | 19:38 |
| lkcl | never heard of the STM32F7 series before, must be new | 19:39 |
| lkcl | as all of those are general-purpose computing devices - no on-board hardware encryption - their sale cannot be restricted | 19:41 |
| programmerjake | btw, i'd be using it as additional authentication with a password, not as a password replacement. | 19:46 |
Generated by irclog2html.py 2.17.1 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!