I partially agree. My Trezor supports FIDO2, and I'm not worried about that key leaking. It never leaves the device, unlike passwords. I consider this superior to any password manager, and that's saying something coming from me!
I agree that giving your nsec to a website is sketchy. Maybe it's stored in LocalStorage and never leaves your browser, but it's hard to know and even if that's true, it still turns an XSS vulnerability into "my private key has been leaked".
So, the way people are implementing things now… yeah, no. But I think there is potential for cryptographically secure authentication, possibly by just signing each request and not even having a session token.
The pun "ham fisted" just popped into my head.
I hope amatuer radio operators have gotten a lot of mileage out of that one. 😂
People keep posting about how terrible it is, but TBH, I don't want to read 900+ pages of their plan to try to figure out why.
Based on my skimming, it seems pretty anti-freedom for a plan claiming to be from conservates.
Is there any section in particular that you can point me to that is especially fuct?
I'm going to be using serial in the end. I'm just using the wireless to verify functionality before I start tinkering around with what looks like the most poorly documented way to interface with meshtastic (at least for now…)
And it's super creepy that the movie was produced 40 years ago and yet is similar to what is going on in the world today... 😬
It's all just a little too believable of a story
If you haven't seen the movie Threads (1984)... well I'm not sure I can say I'd recommend it per se, but it's certainly a film about destroying the current system and the long road to rebuilding
Don't worry, crew, I'm going to keep pushing forward with this node.
I plan on linking together the documentation that does exist (there turned out to be a good deal of very useful docs, they just took a while to find), and writing documentation where it doesn't yet exist. Of course I will submit anything I write myself upstream.
I'm not sure if it hss enough RAM & flash to handle that additional code
Well, I am disappointed to learn the #meshtastic on an #RP2040 does NOT serve up a #WiFi AP that you can connect to woth your phone. ☹️
Instead, the wifi operates in client mode, expecting you to have an AP nearby with a known SSID and password.
The punchline here is that if you wanted to use this in the field, you're need to carry around a router to which your phone and RP2040 would connect in order to use the mesh network.
It still works without any 3rd party #infrastructure, but having to have 3 devices per node instead of 2 is disappointing to say the least. Hopefully the RP2040 will get BT support in the future to work around this.
#LoRa #offgrid #networks
Today is America's independence day. The day when Americans celebrate the day they collectively opted out of a tyranical government, with high taxes, who did not represent the will of the people.
248 years and counting
&f=1&nofb=1&ipt=04b8acb372ea329d16050c77bc287ccd6688e703b44a05ae0b767295dc5b6ac6&ipo=images
You've got an entirely straw man argument here, but I'll indulge you.
Why do you think democratic rule and private property is socialist?
Like, what do you think socialism is? I can see why you would say "socialism doesn't make sense" since you seem to have a very different definition than the dictionary, or an encyclopedia, or the rest of society (both those who are for or against it)
How is a coop any different than a corporation where each person has one share, one vote? It's not.
Why do you hate democracy?
It's Tuesday, so I figured I'd mention that it's good to have a backup way of communicating with people who are important to you.
People can lose access to their email. Sometimes phone lines get shut off (inadvertently or not). Centralized services like Slack, Signal and the like can go down.
#nostr is good, but it's just a good idea to have a backup, ya know. Bonus points if the backup plan is as secure as the primary.
Why mention this on a Tuesday? Seemed as good as any day 🤷
Democracy is not the same as communism, my friend.
And a coop is the exact opposite of communism. Not being centrally planned is a defining feature.
They're hardware password managers. No sending your passwords off to some cloud belonging to LastPass or whomever. They all live right there in one of these little devices, and they never leave the device unless you press that button to confirm you authorized it. So if you get infected with malware, the attacker can't just scrape all of your passwords. 😁
One where the people decide how it's run. Most companies are run like a dictatorship, where the person (or sometimes people) at the top make all the decisions. That's fine when they're benevolent, but most of the time they're only looking out for themselves. Having decision making be decentralized makes a huge difference in how the company is run.
Is there an SSH server implementation in Go?
i2p crew is extending an olive branch to all privacy advocates. https://theoverlay.ghost.io/sustainability-and-standards-we-need-to-talk-about-building-censorship-circumvention-infrastructure/
If you have skills and can spare some time, I hope you'll consider stepping up to collaborate.
Pre-auth RCE as root in OpenSSH.
https://www.openssh.com/txt/release-9.8
Debian gives more details than just saying it's a race condition. https://security-tracker.debian.org/tracker/CVE-2024-6387
FreeBSD confirms they are affected too, meaning it's not just a Linux problem (despite what some Linux haters are saying). https://vuxml.freebsd.org/freebsd/f1a00122-3797-11ef-b611-84a93843eb75.html