You can already use it with a USB A-to-C adapter. With that, it works in a computer with USB-C only right out of the box.
As for mobile devices, it's more complicated. There is actually a mobile app for Android that works, but it doesn't install with the latest Android release. If you have an older releasez it'll work fine, but I haven't been able to get it to compile (I inherited this project), so that's pretty much dead in the water for the moment (for the latest version of Android).
If you know any Android devs who would be willing to lemd a hand, it'd probably be something that is easy for them to fix. I could really use the help. It's an open source project, not a Dr. Hax for-profit corporation, so there's no budget to hire a dev or consultant.
Also, yes, I am planning a version with on-board USB-C. But 🤫 I haven't officially announced it yet. In fact, the final parts for the prototype just arrived earlier today!
I have not used it personally, but I've heard good things. AnonAddy is a similar service.
Here's a good post comparing the two: https://blog.thenewoil.org/2023-review-anonaddy-and-simplelogin
Also, TheNewOil is an outstamding resource. It's aimed at people who are not already experts on the topic, but it also has things that help people lile me find answers to "how do I get around service providers wanting my phone number?" which I think of as "are there VoIP providers that work with big tech companies like Yahoo and Azure?"
Infosec tip #2: randomize your usernames of all accounts unless you have a reason not to.
There's no reason people should be able to guess the username to your health care provider just because they know your username on some social media platform.
If there's an authentication bypass vulnerability that goes public in the future, you'll be glad you took this step.
I recommend #signet. It's hardware security for your password manager.
Full disclosure: I maintain signet. 🤣
I've heard good things about Bitwarden, but I used KeePassXC before I switched to Signet because I wanted to control when, how and where my password database goes. Separating the password DB from the file syncing made more sense.
I still use KeePassDX on mobile, and Nextcloud to sync. I'm very happy with this setup.
On a side note, I'm glad I copied down the ID of your note, because my public bookmarks won't load in #Amythest. So I probably would have never been able to get back to this thread if it weren't for me copying the note ID to the VPN task.
Thanks for the encouragement. I spent several hours trying to figure it out. After exhausting the guides on the internet about getting RiseUp to work with OpenVPN, I dug into the source code of their client to find the IP address of their snowflake server which hosts the client cert/key.
After that itn was smooth sailing... until I wanted to connect to the VPN over Tor. Eventually I figured out it was UDP that was screwing me over. Then I had to figure out how top trick network manager into allowing me to specify to use TCP.
In the end I emerged victorious and it's working exactly as intended. I also have notes in a private markdown file in case I need to do this again in the future. Maybe someday I'll publish it. Who knows?
Some advantages of Signet:
1. It's fully functional offline (adding, reading, updating, and deleting entries)
2. Unlocking the database does NOT allow immediate access to any/all of your passwords; youhave to press the device's button for each password. This means if your computer was compromised and you unlocked your password database, your data is still pretty safe unless you sit there and press the button repeatedly for each password you want to release.
Advantages of bitwarden:
I. You can share passwords with others
II. It's cheap (arguably free, but I'd encourage you to donate to threw developers if you use it 🙂)
Thanks for the shout out!
Yeah, I build open source hardware password managers. It's basically a self-custody & hardware security for your passwords (and seed phrases, and whatever else you want to put in there).
It's all open hardware, software, and firmware.
This is pretty much a one-man operation and I'm so focused on the technical aspects, I don't have much time to do promote it. So I **really** appreciate people helping me spread the word like this!
https://hax0rbana.org/signet for more info
More #mending on Monday. Before and after. It isn't pretty, but it's effective.
#m=image%2Fjpeg&dim=1440x1920&alt=Hoodie+with+holes+in+elbows+and+wrists&blurhash=_CC%3Fin01_3IU_MIB-%3BsYtQs%3BWBoga%7BozSds.tRxuRQx%5BxuRkt7WBWBkVV%5BWB.7s%3AM%7CxuW%3Bt7RkIVxuj%5BRjaeWBt7xtafkCoyWBbHofRjkCV%40R*t7Rkaeoea%23j%3FkCaeofax&x=fa7b7ab5682e223aa441765f13fce00143d6e0e6af01d01b206d2260ecee5f6d
#m=image%2Fjpeg&dim=1440x1920&blurhash=_EDcRB00%7EpIV%3FbIoxt%3FbIA.8IUogs%3AWBjcV%40M%7CxaRkxuM%7BIBtQNGk9RjWVWUt5RkaetRtQRjkBIVxujaazRQofaff*R*WBV%40WVWBRjj%5Bt6kCWUofWBkCt7WCjZofofoeWB&x=590439e487eeb04176ed1771f05a2d37cc8e28410bfb668056e5a27fe931386e
#sewing #prepper #homesteading #GrowNostr
I could become a seed vendor, but it'll take a while. Whatcha lookin' for?
Is your child doing any of the following?
- Supporting open source and free software
- Promoting sustainable transportation
- Learning self-sufficiency skills
- Practicing minimalist living
- Getting involved with volunteering and activism
- Saying things like "Reduce, Reuse, Recycle"
- Using decentralized digital platforms
- Promoting or getting involved with crowdfunding for social causes
They may be building a post-capitalist world! Know the signs. Get involved.
https://joanwestenberg.com/blog/how-to-quit-capitalism
#PostCapitalism #SelfSufficiency #OpenSource #FOSS #homesteading #minimalism
Apparently, even with keys you can still lose your coins when your channel gets force closed.
I'll give it a go sometime later this week. I expected there would be some firewall rules required to forward packets for other machines.
Yes. I am also aware of people losing money due to force closures of channels and that they seem to be completely helpless to stop it from happening.
I also don't know if/how a self-custody person who loses their lightning node keys can use this same mechanism to get their money back on chain.
#QubesOS tip: If you're not daily driving the Whonix integration, you're not using it right
"The main way Qubes OS provides privacy is via its integration with #Whonix. Qubes does not claim to provide special privacy (as opposed to security) properties in non-Whonix qubes. This includes disposables."
#cybersecgirl #privacy #security #opsec #infosec
https://www.qubes-os.org/faq/#what-about-privacy-in-non-whonix-qubes
Have you seen an up to date guide about creating a #VPN qube that works like the #Whonix one? It'd be great to have #RiseupVPN come after #Tor so I can use sites run by wankers who think HTTP requests from Tor are a #CyberAttack
#infosec #privacy #cybersecurity #security
Bill got me thinking about how lightning fees could be priced in order to allow micropayments.
At first I thought, tiny transactions like 1-10 sats could be free, but then fees would kick in for larger payments. Then I realized that would just result in 1000 transactions of 10 sats each to pay 10K sats. That sounds terrible.
So then lets flip it, maybe? What about cheap fees for big amounts and higher fees for tiny transactions? Well, big transactions are going to make liquidity management more difficult, so the node operators have an incentive to not do that. Plus it kinda throws microtransactions under the bus.
What currently makes the most sense to me is a flat fee. Maybe something like 30 sats. It means that sending a fraction of a penny (USD) wouldn't make a lot of sense because the fees would be the majority of the cost. This would encourage more meaningful sized zaps. For things like reading an article, paying them a few cents seems reasonable too. Plus it's easy to understand (less so after other nodes' routing fees are added in, but our node would be doing it's part).
Large transactions can still mess up liquidity, but I don't think we are going to solve that problem with fees. That seems like it'll only be improved by increasing lightning adoption, which can only happen if node runners understand enough about the technical workings to be confident that they can still get their on-chain funds back if something goes terribly wrong with their node (e.g. keys get lost).
I still haven't seen an explanation of how lightning works in practice to have this confidence. So I wouldn't put more liquidity into lightning than I am willing to lose.
Things like https://www.bitcoin.com/get-started/what-is-lightning-network/ look like they haven't been updated since August of 2021, and even if it were, it doesn't cover details like how nodes interact with one another in terms of signatures, how to recover from lost keys, how to initiate a force close or who can do such a thing, and so on.
I feel like it's reasonable to compare lightning fees to on-chain fees in the past. I remember fees of about $0.50 USD and thinking that limited #Bitcoin's usage. I did not think that those fees made Bitcoin a failure.
So 145 sats for a transaction sounds like a pretty big improvement even over what I got to know as "normal fees". To be fair, that number ignores the fees to move into the lightning network, but we'll set that aside for the moment.
Do these lightning fees limit the use cases for bitcoin? Yes, but it still seems like it's better than most options I've seen.
This looks rad. Too bad it looks like the company behind it went under.
I heard in an interview that it was open source, but I couldn't find the source with a few quick searches.
"We believe that the key encapsulation mechanism we have selected, CRYSTALS-Kyber, is built on solid foundations" --Signal https://signal.org/blog/pqxdh/
Multiple implementations of the Kyber key encapsulation mechanism ... are vulnerable to a set of flaws ... which could allow the recovery of secret keys."
I'm glad Signal took the "but to be safe" approach, because switching to only using an encryption algorithm that hasn't been battle tested for decades would be foolish.
I said what I said.
#crypto #infosec #security #cybersecurity #GrowNostr #cryptography #encryption #privacy
Facinating. I've never heard of a PCB printer before. Where can I find out more about this?
There's some open source software that can be used with DIY parts. I know a local hacker who built one. I can ask him for more info next time I bump into him.
Conveyor is for larger scale production. They have small ones that will fit on a counter top of lab bench, but total overkill for just making one-offs.