xuu

dev.txt.sour.is

No description provided.

Recent twts from xuu
In-reply-to » (#47clcnq) So... Just out of curiosity (again), back of paper napkin math. Based on Vultr pricing, running my infra in the "Cloud"™ would cost me upwards of $1300 per month. That's about ~10x more than my current power bill for my entire household 😅 (10 VMs of around ~4 vCPUS and 4-6GB of RAM each + 10TB of storage on the NAS)

@prologic@twtxt.net vultr pricing is low. But it can be lower if you shop the less fancy admin ui sites like virmarch or ovh. There are some bare metal that cost way less.. Though the experience is less than optimal.

⤋ Read More

@abucci@anthony.buc.ci ISO 27001 is basically the same. It means that there is management sign off for a process to improve security is in place. Not that the system is secure. And ITIL is that managment signs off that problems and incidents should have processes defined.

Though its a good mess of words you can throw around while saying “management supports this so X needs to get done”

⤋ Read More
In-reply-to » Trying to wrap my head around webfinger..

so in effect it would look something like this:

---
subject: acct:me@sour.is
aliases:
  - salty:me@sour.is
  - yarn:xuu@ev.sour.is
  - status:xuu@chaos.social
  - mailto:me@sour.is
---
subject: salty:me@sour.is
aliases:
  - acct:me@sour.is
links:
  - rel:    self
    type:   application/json+salty
    href:   https://ev.sour.is/inbox/01GAEMKXYJ4857JQP1MJGD61Z5
    properties:
        "http://salty.im/ns/nick":    xuu
        "http://salty.im/ns/display": Jon Lundy
        "http://salty.im/ns/pubkey":     kex140fwaena9t0mrgnjeare5zuknmmvl0vc7agqy5yr938vusxfh9ys34vd2p
---
subject: yarn:xuu@ev.sour.is
links:
  - rel: https://txt.sour.is/user/xuu
    properties:
        "https://sour.is/rel/redirect": https://txt.sour.is/.well-known/webfinger?resource=acct%3Axuu%40txt.sour.is
---    
subject: status:xuu@chaos.social
links:
   - rel: http://joinmastodon.org#xuu%40chaos.social
     properties:
        "https://sour.is/rel/redirect": https://chaos.social/.well-known/webfinger?resource=acct%3Axuu%40chaos.social
---
subject: mailto:me@sour.is
...

⤋ Read More
In-reply-to » Trying to wrap my head around webfinger..

@prologic@twtxt.net Unfortunately the RFC’s are a bit light in this regard. While it makes mention of different kinds of accounts like mailto: or status services.. it never combines them. It does make mention of using redirects to forward a request to other webfingers to provide additional detail.

I am kinda partial to using salty:acct:me@sour.is, yarn:acct:xuu@txt.sour.is, mailto:me@sour.is that could redirect to a specific service. and a parent account acct:me@sour.is that would reference them in some way. either in properties or aliases.

⤋ Read More
In-reply-to » Trying to wrap my head around webfinger..

@prologic@twtxt.net That was exactly my thought at first too. but what do we put as the rel for salty account? since it is decentralized we dont have a set URL for machines to key off. so for example take the standard response from okta:

# http GET https://example.okta.com/.well-known/webfinger  resource==acct:bob
{
    "links": [
        {
            "href": "https://example.okta.com/sso/idps/OKTA?login_hint=bob#",
            "properties": {
                "okta:idp:type": "OKTA"
            },
            "rel": "http://openid.net/specs/connect/1.0/issuer",
            "titles": {
                "und": "example"
            }
        }
    ],
    "subject": "acct:bob"
}

It gives one link that follows the OpenID login. So the details are specific to the subject acct:bob.

Mastodons response:

{
  "subject": "acct:xuu@chaos.social",
  "aliases": [
    "https://chaos.social/@xuu",
    "https://chaos.social/users/xuu"
  ],
  "links": [
    {
      "rel": "http://webfinger.net/rel/profile-page",
      "type": "text/html",
      "href": "https://chaos.social/@xuu"
    },
    {
      "rel": "self",
      "type": "application/activity+json",
      "href": "https://chaos.social/users/xuu"
    },
    {
      "rel": "http://ostatus.org/schema/1.0/subscribe"
    }
  ]
}

it supplies a profile page and a self which are both specific to that account.

⤋ Read More

Trying to wrap my head around webfinger..

my first thoughts about it were that a subject of acct:me@sour.is would have a listing of rel’s for the different accounts that are related to me (ie. yarn, salty, twitter, mastodon, etc…)

but maybe my thinking is at the wrong level.. that each of those accounts would be on a subject level and the rels are describing different aspects of that account. so i would have salty:acct:xuu@sour.is, twitter:acct:xuu, mastodon:acct:xuu@chaos.social, yarn:acct:xuu@ev.sour.is and then i could have a main acct:me@sour.is that links them together as aliases.

I found okta will do something similar with its accounts to show as okta:acct:user@domain so maybe I am on to something?

⤋ Read More
In-reply-to » More specifically: Will this be expanded into something like Gitea with the concept of users and organizations, or will it stay with a simple flat repository model like upstream legit or cgit?

Huh. I thought I had that one. Must be an unteste regression. Will add it to the list!

⤋ Read More

@prologic@twtxt.net see where its used maybe that can help.
https://github.com/sour-is/ev/blob/main/app/peerfinder/http.go#L153

This is an upsert. So I pass a streamID which is like a globally unique id for the object. And then see how the type of the parameter in the function is used to infer the generic type. In the function it will create a new *Info and populate it from the datastore to pass to the function. The func will do its modifications and if it returns a nil error it will commit the changes.

The PA type contract ensures that the type fulfills the Aggregate interface and is a pointer to type at compile time.

⤋ Read More
In-reply-to » I made a thing. Its a multi password type checker. Using the PHC string format we can identify a password hashing format from the prefix $name$ and then dispatch the hashing or checking to its specific format.

Circling back to the IsPreferred method. A hasher can define its own IsPreferred method that will be called to check if the current hash meets the complexity requirements. This is good for updating the password hashes to be more secure over time.

func (p *Passwd) IsPreferred(hash string) bool {
	_, algo := p.getAlgo(hash)
	if algo != nil && algo == p.d {

		// if the algorithm defines its own check for preference.
		if ck, ok := algo.(interface{ IsPreferred(string) bool }); ok {
			return ck.IsPreferred(hash)
		}

		return true
	}
	return false
}

https://github.com/sour-is/go-passwd/blob/main/passwd.go#L62-L74

example: https://github.com/sour-is/go-passwd/blob/main/pkg/argon2/argon2.go#L104-L133

⤋ Read More
In-reply-to » I made a thing. Its a multi password type checker. Using the PHC string format we can identify a password hashing format from the prefix $name$ and then dispatch the hashing or checking to its specific format.

Hold up now, that example hash doesn’t have a $ prefix!

Well for this there is the option for a hash type to set itself as a fall through if a matching hash doesn’t exist. This is good for legacy password types that don’t follow the convention.

func (p *plainPasswd) ApplyPasswd(passwd *passwd.Passwd) {
	passwd.Register("plain", p)
	passwd.SetFallthrough(p)
}

https://github.com/sour-is/go-passwd/blob/main/passwd_test.go#L28-L31

⤋ Read More
In-reply-to » I made a thing. Its a multi password type checker. Using the PHC string format we can identify a password hashing format from the prefix $name$ and then dispatch the hashing or checking to its specific format.

Here is an example of usage:

func Example() {
	pass := "my_pass"
	hash := "my_pass"

	pwd := passwd.New(
		&unix.MD5{}, // first is preferred type.
		&plainPasswd{},
	)

	_, err := pwd.Passwd(pass, hash)
	if err != nil {
		fmt.Println("fail: ", err)
	}

	// Check if we want to update.
	if !pwd.IsPreferred(hash) {
		newHash, err := pwd.Passwd(pass, "")
		if err != nil {
			fmt.Println("fail: ", err)
		}

		fmt.Println("new hash:", newHash)
	}

	// Output:
	//  new hash: $1$81ed91e1131a3a5a50d8a68e8ef85fa0
}

This shows how one would set a preferred hashing type and if the current version of ones password is not the preferred type updates it to enhance the security of the hashed password when someone logs in.

https://github.com/sour-is/go-passwd/blob/main/passwd_test.go#L33-L59

⤋ Read More
In-reply-to » ahh this is useful https://go.dev/doc/modules/managing-dependencies. the go culture doesn't typically have large dependency graphs like Ruby or JS.

@lyse@lyse.isobeef.org im talking like some JS projects i have seen with 1-2G node_modules dirs. though yarn is quite vast in its modules because it does a LOOOOOOT of stuff in the background.

⤋ Read More
In-reply-to » JUHU! Finally! The new NAS runs. Oh boy what a process. First I had to restart and redow everything three times. Sometimes things are not sooo super obvious and then you really mess up. Who decided at Asustor that you cannot move home folders off of the Volume 1? And Why are the Asustor apps so bad? Beside that, the machine, the NAS, is really nice. Updraded to 16GB RAM and I finally have NGINX PROXY MANAGER running. Now I can setup all services with nice names!

@carsten@yarn.zn80.net what type of NAS? I just upgraded my oooold (~2008) Drobo to a Synology. I have been impressed with all the neat stuff it can do.

⤋ Read More
In-reply-to » @eaplmx This exact thing happened to me last night. I happened to be watching some random Youtube video, then this Ad came on, normally they are short 3-5s ads and I just tolerate them (sometimes) -- But this particular ad was 20+ mins long! Somehow I kept listening to it too, despite my daughter telling me I could hit that "Skip Ad" button.

@prologic@twtxt.net duud use an ad block on youtube.

⤋ Read More