Threads for youRFate

    1. 2

      Someone doesn’t have their personal gitignore settings configured correctly.

      I have, among a lot of, things this in my .config/git/ignore:

      [#]*[#]
      *~
      

      The complete file as part of my dotfiles: https://gitlab.com/youRFate/dotfiles/-/blob/master/git/.config/git/ignore

      1. 2

        I just configure Emacs to autosave numbered versions to a separate directory.

        1. 3

          Yes, I have that set up too, but I sometimes use different editors like mg (https://homepage.boetes.org/software/mg/) on remote systems which I typically don’t configure.

    1. 5

      I just use the generator built into bitwarden to generate all passwords I use.

      1. 3

        I’m working on this tool that you can pass a RegEx and it spits out random words matching that regex: Passgen. It also supports wordlists and using markov chains to generate pronounceable words (by loading a wordlist that matches the language you want to generate pronounceable words for). Feel free to give that a try some time I’d love some feedback!

      1. 2

        I don’t like how they use the old-fashioned GPG SSH auth, when the new U2F auth built into openSSH is a lot easier to set up and use.

        1. 2

          Well, the new key types aren’t supported everywhere yet.

          1. 2

            True, but it requires server support and configuration.

            1. 1

              Doesnt require special configuration on the server, only that the openSSH version on it is recent enough.

            2. 1

              Are you able to use openSSH’s U2F while using the hardware key for other things, like GPG keys, or is it one or the other?

              1. 2

                I use both. I have a resident SSH key (ed25510-sk) on it, and also a PGP key with subkeys. And I also use it for fido2 u2f with sites like gitlab etc.

                1. 1

                  Thanks for the reply. What model YubiKey do you use? I’m thinking of getting one soon.

                  1. 2

                    I have two yubikey 5 NFC. One on my keyring, one at home.

              2. 1

                SSH auth is only a part of the article. It also mentions integration with Pass, which can be encrypted with GPG, which works with YubiKey. I don’t know if it can be encrypted with an SSH key that’s stored on a YubiKey?

                1. 2

                  I don’t recall if pass supports encrypting secrets for multiple keys, this being the reason why I migrated to gopass a long time ago, but for the later you can have your secrets encrypted for both (or multiple) gpg keys, one of which can be on the Yubikey. I’ve been using this setup for a number of years and it’s pretty good. It allows for key rotation a lot better than a single key setup.

                  1. 2

                    Pass does permit multiple keys. You can provide any number to pass init as arguments. I believe there’s also a facility to make different parts of the hierarchy use different keys, but I haven’t used it. Incidentally, you can use pass init with an existing database to re-key the whole thing.

                    1. 1

                      That’s great to hear. Gopass in the past year or two has had a habit of bolting a couple of kitchen sinks to their functionality.

                  2. 1

                    You can have both ssh keys and GPG keys on the yubikey. Multiple of each even.

                1. 3

                  There needs to be a point where we have to realize that the only way to prevent this is using ECC-RAM everywhere it matters (and I have a hard time coming up with contexts where it doesn’t).

                  Intel destroyed the possibility of using ECC-RAM in below-Xeon personal computers with their horrible artificial market segmentation. Their rowhammer-mitigations are just a dire attempt at keeping up with this toxic business practice.

                  AMD does this better, given every non-APU Ryzen-chip supports ECC memory (unofficially), however, it often depends on the mainboard-manufacturers to enable this feature in the BIOS and many people don’t know about this. Many assume ECC requires powerful processors or something, which is patently false.

                  If you want for things to improve, be able to rely on your hardware in this regard and make ECC more popular again, you can do three things:

                  • Buy AMD and not Intel, and let Intel know about your reasons
                  • Contact AMD and mainboard-manufacturers and express your interest in official ECC-support
                  • Buy ECC-supporting mainboards and ECC-memory
                  1. 6

                    ECC has never protected against rowhammer.

                    Hardware side channels have always been present. Cache timing vulnerabilities recently came to prominence, but had been theorized decades ago. I believe rowhammer had been as well. There is no secure way to run untrusted code on trusted hardware. None.

                    That said ECC is great and should definitely see more adoption.

                    1. 4

                      Even that might not be enough, from the article:

                      What if I have ECC-capable DIMMs?
                      Previous work showed that due to the large number of bit flips in current DDR4 devices, ECC cannot provide complete protection against Rowhammer but makes exploitation harder.

                    1. 3

                      Thank you for working on this and making sure the implementation is done right.

                      1. 2

                        Does it have configurable endpoints? I’m using wasabi s3, and might try this tool out.

                        1. 2

                          It doesn’t but it could do - adding that to the ticket: https://github.com/simonw/s3-credentials/issues/2#issuecomment-959554514

                          1. 1

                            Nice, thanks!

                        1. 19

                          Some annotated screenshots of the tiling behavior would really help introduce this in a way that communicates better whether or not it’s interesting to me. (I currently use qtile with X11, and I’m not sure from the description what to expect from river’s tiling behavior, but don’t have quite enough time at just this moment to go try it out.)

                          1. 10

                            The tiling behavior is entirely dependent on the layout generator used with river, so it’s hard to communicate what river is capable of in a general way. It’s certainly not yet as flexible/scriptable as qtile, so depending on how complex your qtile setup is you may want to wait a while.

                            As for screenshots, you can find some assorted pictures of people’s setups on reddit, for example these search results: https://old.reddit.com/r/unixporn/search/?q=river&sort=top&restrict_sr=on&t=all

                            1. 9

                              I agree with @hoistbypetard, for newcomers like me it is hard to understand what exactly River is, but with the screenshot of /r/unixporn it helps a lot !

                              I would suggest to add some people’s setups in your blog post to show what River is currently capable of :)

                            2. 6

                              Agreed, the readme on github or the blog posts needs some visual demonstration of what it does.

                            1. 1

                              What is LispE? I can’t find anything about it using google. Also not mentioned in the Lisp wikipedia article anywhere.

                              1. 1

                                The github repo says:

                                Lisp Elémentaire, a version of Lisp that is ultra-minimal but contains all the basic instructions of the language.

                                1. 1

                                  This a Lisp that is being developed at Naver Lab Europe (France) You have pre-compiled versions in the binaries section for Windows and Mac OS. You can also download it and compile it for Linux…

                                1. 2

                                  Very interesting. I want one even if I don’t really have an application for it. If it had ECC ram one could build a very nice NAS with this.

                                  1. 1

                                    Why do you need ECC RAM for a NAS?

                                    1. 2

                                      I would use software raids, and if there are ram problems there you can run into inconsistency. Also, if the data arriving at the machine is corrupted in ram before being “handed” to your fancy check-summing file system then you are out of luck.

                                      Although, in researching my reply I found an excerpt of the of the BSD now podcast talking about using ZFS without ECC, and the inventor of ZFS says it’s not too bad, and ZFS is probably the best FS to use if you have to use one without ECC: https://www.youtube.com/watch?v=XMXUUWgXzLY&t=492s

                                      1. 1

                                        y not?

                                        1. 1

                                          Bits really do flip at random.

                                          Those well aware of this tend to have difficulty sleeping at night w/o ECC.

                                      1. 1

                                        Hmm, so what was the final outcome? Or are they still lawyering?

                                        1. 3

                                          I always think bout using openBSD some time. Right now I run freeBSD on my server, but if I ever have to redo it I might try openBSD.

                                          1. 1

                                            I believe OpenBSD runs on bhyve, if you want to try it without removing FreeBSD.

                                            1. 1

                                              Oh interesting. I have not looked into virtualization on BSD, but might soon as I want to run a factorio server on my freeBSD machine.

                                          1. 4

                                            If you build something new with SSH keys, look into also supporting the ed25519-sk keytype, which is the FIDO based smartcard (yubikey etc) key type. Then you can ecrypt your archive with a hardware token.

                                            1. 2

                                              That would be cool! I wish this stuff was documented, it was quite a pain to get even the standard Ed25519 keys working.

                                            1. 5

                                              Very cool! Works well. Gonna use this for a local sneakernet I’m running. 50GB of data encrypted in 3.2 minutes.

                                              Do you think this code could benefit from parallelization? Make it even faster?

                                              Also, any plans to publish to crates.io? It’d be really handy if I could just say cargo install bitbottle

                                              1. 6

                                                I’ll add “figure out crates.io” to my to-do list. :) I’m not sure if parallelization would help; the bottleneck seems to be disk I/O or LZMA2, and both are serial. I’m also worried about the complexity cost of adding concurrency, unless it makes a huge difference.

                                                1. 4

                                                  the bottleneck seems to be disk I/O or LZMA2, and both are serial. I’m also worried about the complexity cost of adding concurrency, unless it makes a huge difference.

                                                  For what it’s worth, the zstd library includes multithreaded compression (and Rust bindings exist).

                                                  It and brotli also fill the space of “denser than Snappy, but faster than LZMA2” and have faster decompression than LZMA2 even at their denser settings. zstd started from the fast side (it’s from Yann Collet, LZ4’s author) and brotli started from the dense side (one of the authors is Jyrki Alakuijala, a Google compression specialist), but both offer a wide range of speed/density tradeoffs now.

                                                  1. 1

                                                    Ye, I’d look into zstd or lz4 instead of lzma2.

                                                1. 1

                                                  Yet they still don’t support the most fundametal feature most people I know miss about it: Multiple windows…

                                                  1. 2

                                                    Disappointed this wasn’t about an actual raft. Still neat.

                                                    1. 3

                                                      technically a bunch of logs floating in the ocean is a distributed raft.

                                                    1. 1

                                                      Nice, but what i’d really like to see is RISC V

                                                      1. 3

                                                        Would be cool to include this in lzbench so it can easily be profiled on a range of systems.

                                                        1. 3

                                                          I mainly used i3 on my laptop as a student, as the tilted desks in auditoriums make using a mouse nigh on impossible and trackpads just kinda suck. I switched to dwm after a while though.

                                                          As an emacs user I want to give exwm a try soon to see how viable that is for day-to-day usage.

                                                          1. 3

                                                            I’ve been using EXWM as my sole window manager on all of my devices for years and it’s possibly the biggest productivity boost in my setup, ever (apart from lower-level things like investing in Nix). FWIW, my configuration (not actually all that complex is here, especially config/desktop.el.

                                                            1. 2

                                                              Nothing to add here except my switch to EXWM was similar; I look back on my pre-EXWM days as a kind of dark ages.

                                                              1. 1

                                                                Is there some advantage that EXWM has over i3?

                                                                1. 2

                                                                  Yes, EXWM treats every X client as just another Emacs buffer, so you don’t have to use two separate sets of bindings to manipulate something depending on whether it’s inside Emacs or outside it. Every other WM in the world lacks this incredible feature.

                                                              2. 2

                                                                What makes it so productive for you compared to other tiling wms?

                                                                1. 3

                                                                  It’s difficult to explain concisely, because it requires some understanding of Emacs (i.e. one should be over thinking that Emacs is a text editor).

                                                                  Emacs is my primary workflow tool and having my window manager integrated into that means that there’s no longer an additional “layer” to deal with, I can use all the same tools and mechanisms to manage my windows as I use to manage everything else. I can also introspect and modify my WM the same way I would my Emacs-based mail client.

                                                                  There’s a longer form blog post I’m working on about this, if you’re interested I can send you the draft (though I’m not particularly happy with it yet).

                                                                  1. 1

                                                                    I am interested, please do :)

                                                            1. 2

                                                              This is interesting, maybe I can find a use for that in an FPGA some time, as the massive parallelism might be suited for this.

                                                              1. 1

                                                                I this very different from compressing the entire project folder including the .git directory?