solrize

solrize , 2 months ago to Privacy in Why every TOTP app default uses SHA-1 hash encryption?

SHA1 was the official standard when TOTP started being widely deployed. I wouldn't worry. If you look at how the hash function is actually used in the TOTP algorithm, it would be very hard to exploit SHA-1's vulnerability to finding free collisions. It's much more likely that either the server or the client app gets pwned somehow.

solrize , 2 months ago to Privacy in aaa

eh

solrize , 2 months ago to Privacy in Which of the among is the best exif remover app?

Image Toolbox

solrize , 2 months ago to Privacy in Nextcloud Talk is so good

It seems ok in the small testing I've done, but I haven't really used it. Also I think the video encoder is too slow for my old phone. It works ok on the new one. Others here probably have more info than I do.

solrize , 2 months ago to Privacy in Nextcloud Talk is so good

I found it marginal. Jitsi is nice but I didn't attempt self hosting, which looks like effort. Currently playing with Jami.

solrize , 2 months ago to Technology in The Dangerous Rise of GPS Attacks

It might be possible for e.g. airliners to use military GPS with anti-spoofing (encrypted GPS signal which is harder to spoof or jam, but which needs special receivers that have to be rekeyed regularly). Obvs that would require some bureaucratic cooperation between the air carriers and the military. Also, at least near airports, ground beacons can be used the same way.

Obviously the stuff with maps and triangulation, or celestial navigation can be done by computer now, instead of by some crewmember with a calculator. But GPS is sure a lot simpler to use.

Spoofing GPS, GLONASS, Galileo, and the Chinese system (I forget what it's called) all at the same time might be much more difficult than spoofing just one.

solrize , 2 months ago to Selfhosted in Is ansible worth learning to automate setting up servers?

I use it and I like it, but other people have their own favorites. The online docs are fine.

solrize , 2 months ago to Selfhosted in I just won an auction for 25 computers. What should I setup on them?

25 machines at say 100W each is about 2.5KW. Can you even power them all at the same time at home without tripping circuit breakers? At your mentioned .12/KWH that is about 30 cents an hour, or over $200 to run them for a month, so that adds up too.

i5-4560S is 4597 passmark which isn't that great. 25 of them is 115k at best, so about like a big Ryzen server that you can rent for the same $200 or so. I can think of various computation projects that could use that, but I don't think I'd bother with a room full of crufty old PC's if I was pursuing something like that.

solrize , 2 months ago to Selfhosted in Self hosted remote storage for VPS?

Tbh I sometimes sshfs mount a vps onto a home machine but doing it the other way around doesn't seem worthwhile. The idea of a vps is that it's in a data center, has tons of bandwidth, backup power, you can set up a failover scheme if you need high availability, etc. Stuff like media is on your home server so you can use it locally, and maybe it's backed up remotely just in case, but doesn't need to be live mounted. That said, I'm used to home internet being unreliable compared to VPS, so mounting it to a vps sounds flaky.

If you want more storage on your vps, just get a bigger one, I would say. Or if you want tons of remote storage, get something with better connectivity.

solrize , 2 months ago to Selfhosted in I just won an auction for 25 computers. What should I setup on them?

Do you have particularly cheap or free electricity?

solrize , 2 months ago to Selfhosted in Custom Domain Email

mxroute.com

solrize , 2 months ago to Selfhosted in What are common practice's for hardening/securing your server?

Maybe I'm missing something but how is the host ip known? The server has a maybe-known range of addresses, but I don't announce which address has an sshd listening. There are 2**64 addresses in the range, so scanning in 1 second doesn't sound feasible.

solrize , 2 months ago to Privacy in How you all prevent Password/OTP/TOTP deadlocks?

Now, you need to log in to your password manager, which requires either OTP on email or TOTP. You don’t have access to the TOTP app because the backup is stored in cloud storage, whose email login also requires OTP.

The mind wobbles. Don't do what you are describing.

solrize , 2 months ago to Selfhosted in What are common practice's for hardening/securing your server?

Imagine that the xz exploit actually made it into your server, so your sshd was vulnerable. Having it on another port does seem helpful then. In fact i sometimes think of putting mine on a random secret address in the middle of a /64 ipv6 range, but I haven't done that yet.

it occurs to me, the xz exploit and similar is a good reason not to run the latest software. It affected Debian Sid but not the stable releases. I'm glad I only run the stable ones.

solrize , 2 months ago (edited 2 months ago) to Privacy in How to encrypt regular phone calls?

non voip

I think this is not doable. You don't have access to the voice codec to start with, and the phone at the other end generally won't receive the bit stream coming out of it anyway. With a non-rooted phone it's hard to even get to the voice stream. You might be able to send subliminal encrypted text messages through a voice channel and that could be kind of cool, and hard to detect. That idea has been around for a while but I don't know of existing software that does it.

With VOIP, of course there are many encrypted systems available.

Added: also I assumed throughout that you meant present day mobile phones. With land phones at both ends, it may still be doable using dialup modems, but that was a 1990s thing and was pretty awful when you got down to it. It existed though.