1. 4

    Still in early development/I do not recommend to run an instance yet.

    What comparable server would people recommend for real-world use right now?

    1. 8

      I use honk which is written in Go and uses SQLite as its data store

      1. 5

        +1 also. If microblog.pub used SQLite, I might be inclined to give it a go but I have no desire for Mongo (in or out of Docker.)

        1. 3

          Agreed. The reason I looked at honk initially was the relatively easy and painless data store in a world where everyone was using Postgres and Mongo. The fact it’s opinionated as hell and written in Go are just additional benefits

        2. 1


        3. 2

          Any ActivityPub compatible S2S implementation (big ones are Mastodon and Pleroma; honk is a smaller one) should work with it.

        1. 6

          that reminds me of the banned.h from MS during the SDLC buzz times, the old links are not working anymore, but here is copy: https://github.com/x509cert/banned/blob/master/banned.h

          1. 1

            I’ve never seen preprocessor directives tabbed like that before, is that standard?

            1. 1

              While most code is not like this, it’s not uncommon.

              1. 1

                Yes. The standard requires that the first character of the line be a # to be recognised as a preprocessor directive (so it’s trivial for the preprocessor to differentiate between directives and source code) and then follows the normal C tokenisation rules, where # is a token, include is a token, pragma is a token and so on. C allows an arbitrary amount of whitespace between tokens (e.g. ++ i and ++i are equivalent).

                This is the only way of indenting preprocessor directives that is actually allowed by the standard. clang-format will happily do this for you.

            1. 2

              $ go get -u git.sr.ht/~eau/passwd/cmd/pcrypt

              package git.sr.ht/~eau/passwd/cmd/pcrypt: unrecognized import path “git.sr.ht/~eau/passwd/cmd/pcrypt” (parse https://git.sr.ht/~eau/passwd/cmd/pcrypt?go-get=1: no go-import meta tags ())

              amdsouza-macbookair:tmp amdsouza$ go version

              go version go1.11 darwin/amd64

              1. 2

                it is on github btw :) https://github.com/ermites-io/passwd

              1. 2

                nice article!

                1. 1

                  olvid.io / made by actual cryptographers / fully encrypted metadata (really) / verified E2E at the initialization of the conversation / no contact list sent / soon opensourced / made in EU.

                  NB: i’m not working there.

                  1. 2

                    Looks like it’s a company with a for profit offering, why put your future in their hands? https://www.olvid.io/enterprise/en/#pricing

                    1. 2

                      it sounds a bit dramatic, “my future” :)

                      Why would I put “my future” in the hands of Signal? Telegram? Berty? Session? or foobarBozoSecureMessenger :)

                      Sadly, our entire landscape is “for profit”, our phones are “for profit”, our computers are “for profit” and this is where the messenger runs.

                      I want alternatives, I’m happy to see them in EU (where I live) outside US or outside China, Russia where we have slightly stronger privacy protecting laws.

                      I don’t want to send my contact list for accessing a service and I don’t need to see who’s using the app. I want to see competitors that actual have provable verified end to end cryptography at communication channel establishement, not just if/when you verify your peer by checking fingerprints or scan the QR codes, it helps improving the “landscape”.

                      Luckily, I’ve met with one of the cryptographer behind olvid back when he was a PhD student in Vaudenay’s lab and trust his (and peer’s) skills more than SV personality cults & stories and I guess not everybody has revenge (just a guess) driven billionaire’s friend to fund a competing “product” :)

                      I don’t mind to pay/bet for a product that works and reward people that did a great job, taking risks and trying to innovate and propose something different. I am also fine with open, federated, community based and open services like IRC.

                      Maybe some interoperability would be nice, but haha utopia.. :)

                      Yeah I might be wrong, it’s just my nobody’s choice, btw here are olvid crypto specs:

                      Cheers :)

                  1. 76

                    Is there any way to support Lobsters’ hosting? Now that the server is not donated, I wouldn’t mind chipping in a little bit every month to subsidize operating costs.

                    1. 7

                      +1 to this, I’d donate!

                      1. 5

                        +1 I would too.

                        1. 3

                          Ditto. I can provide Sysadmin expertise and/or moderator time as well, if desired.

                          1. 11

                            Ever hear the internet rule of thumb: “Anyone who asks to be a moderator should never be made one.” ?

                            1. 3

                              Ditto re: sysadmin / SRE work.

                              1. 3

                                Ditto, can volunteer with SRE work

                              2. -1


                              1. 3

                                I must be becoming old, words do not have the same meaning anymore. reverse engineered reading src? …

                                1. 1

                                  That’s exactly what I was thinking. This isn’t reverse engineering in any sense that I’ve seen that term used. The real title for this post is Rewriting the LastPass CLI in Rust.

                                  1. 14

                                    that one is impressive, the rlimit trick + execv vs execve, attention to the detail wow, impressive and simple old school bug, incredible code audit skills from Qualys.

                                    1. 2

                                      ah indeed, will check why it does not behave, thx! and if you git clone then go build in cmd/pcrypt do you face the same?

                                      so yeah sourcehut does not send the meta, it will be fixed soon, in the meantime i’ll update the readme, thanks for reporting.