Show newer

Lesson learnt the hard way: Always store your passwords. Yes, do it securely, use a password manager, hide a piece of paper behind multiple protection mechanisms, but DO KEEP A BACKUP OF YOUR PASSWORDS

Long story short: I decided to store every 2FA revocation code as well as every PGP and SSH key of mine in a strongly (64 Argon2d rounds) encrypted KDBX v4. As you may have guessed, I forgot the password. I do remember it slightly, but to no luck. Have been trying to brute-force it for 6 hours...

*a dirty mailbox

Can't imagine what a sorry mailbox would be like 😂

Show thread

I am becoming so ignorant of other people being ineffective. I get so aggressive when someone has a sorry mailbox, opens lots of windows, uses a mouse where a shortcut is faster and more logical. At moments like this I really just want to drop everything and start with "um, actually..."

I think I need a therapist 🤪

Alright, I've been advised (thx @kev and @0xedd1e)and to set up a PTR record for reverse DNS. Folks who use custom domain e-mails managed by others (Gmail, Mailbox.org, etc.): How do you do that? Do you contact the company? Do they do that automatically for you?

Show thread

I have set up SPF with DMARC as well as DKIM. I have never sent suspicious emails. I even add OpenPGP signing to my emails. SpamAssassin and GMail filters seem to not have any problems, when I check it with external tools. Yet still, my emails keep landing in spam folders of people unless they specifically add me to their contacts.

What could be the reason? Do email clients/servers not like email from custom domains? Or is it just because my email server is in Russia? 🙄

As a student of a university with access to a lot of scientific works, I would never think I'd have to use Sci-Hub until I graduate. But alas, Springer's institutional login is broken, and I really need that paper... :ablobcatwave:

Question to everyone using GnuPG: which keyserver do you use?

The most used options now are, apparently, keys[dot]openpgp[dot]org or SKS Keyservers Pool. The former has a problem of being a single failure point, the latter may suffer from certificate spamming.

Do you use any one of this or perhaps a different one (MIT? Ubuntu?). Do you even use one? How do you publish/refresh the keys?

A problem that I have with self-hosting Git — lack of federation.

I can host a Mastodon instance and my posts would be seen elsewhere on the global timeline. But host a Git server — and now you're cut away from the rest of the world. People need to create accounts to contribute, the project will not hard to discover. Even I, a relatively tech-savvy person, hate it, when the development is concentrated on some in-house server — that's why I could never imagine contributing to, say, GNU projects.

Show thread

When GitHub was acquired by Microsoft, people started to look for a freer alternative. Self-hosting is usually the best choice, but those who can't afford it switched mostly to Sourcehut or Codeberg.

But why was GitLab never really mentioned? It's open-source, has a plethora of great features, is independent, can mirror to GitHub, has an incredible CI/CD infrastructure... I personally find it way better. Is there something I don't know or understand?

Follow up: You don't need to feel guilty for choosing proprietary software.

If you prefer to use Spotify over local music because it better fits your listening style, go for it!

Should you look for more secure and privacy-respecting alternatives? Sure. But you don't need to develop a cognitive dissonance when it comes to what your preferences for software are.

Do what you're comfortable with, keep an open mind, and try things whenever you feel like something new.

Show thread

You're not a bad person for liking things that are proprietary. You are not immoral for enjoying things that were made behind closed doors. You are not less of a person for having the desire for XYZ product from a premium company, regardless of whether they contribute to open source or not.

I’ve already been sifting through some stuff in March and April this year, and I was able to reduce my entry count from 400+ to “just” 350! It’s insane how many useless accounts one might have. GDPR is certainly a saviour here — even if you don’t live in Europe, many sites are obliged to implement the corresponding mechanisms for those who do!

Show thread

My checklist includes, but is not limited to:

• do I still need this account?
• does it have a long enough (yet not too long) password with various symbols?
• does the provider support 2FA and if yes, is it enabled?
• does the account use my own (not Google’s) email?
• does the account (for some reason) store too much data on me
• are all the URLs up-to-date?

Show thread

Many recommend doing a spring cleaning of one’s passwords: make sure they’re not leaked, secure enough, and still relevant.

While generally being a good advice, it might be overwhelming for people like me with 300+ passwords in their vault.

That’s why, starting today, every day is a spring cleaning for me. Set a timer for 10–20 minutes and monitor as many accounts as you can!

Today’s “invention”: a Handler for Python’s `logging` that logs to either stdout or stderr based on the log record’s level

github.com/NickKaramoff/Double

Pretty sure there already exists a solution, but I couldn’t find any 🤷‍♂️

Why aren't there any open-source antiviruses? There is ClamAV, which is barely used, and isn't that good to begin with.

Is it because the attackers can easily bypass the security of the code is in the open? Or is it because the market is already oversaturated?

Is there even a reason to try and make an open-source antivirus, that can compete with big players like Avira, Kaspersky, and others?

Took me 5 hours or something 🙄

So long actually, that a newer version came out while I was downloading the older one 😂

Show thread

Mozilla's servers ain't doing great today... :blobcatdizzy:

This is me trying to update my Firefox Dev Edition

Show older
Fosstodon

Fosstodon is an English speaking Mastodon instance that is open to anyone who is interested in technology; particularly free & open source software.