• 0 Posts
  • 38 Comments
Joined 1 year ago
cake
Cake day: July 9th, 2023

help-circle

  • Look, I’m not attacking them over this, as you rightly said, it has plenty of other drawbacks and concerns, I’m just emphasising that Google do have a large degree of influence over them. For instance, Chromium is dropping manifest v2 support, so Brave pretty much has to do the same. They’ve said that, as Chromium has a switch to keep it enabled until June (iirc) they’ve enabled that, but after Chromium drops manifest v2 the most they can do is try to support a subset of it as best they can. The Brave devs may not want to drop support, but Google have decreed it will be dropped, so they end up dropping it and having to put in extra work to keep even a subset working for some period of time.

    If Brave gets even a moderate market share, Google will continue to mess them around like this as they really don’t like people not seeing their adverts.

    Ultimately it’s software, so the Brave devs can do pretty much whatever they want, limited by the available time and money. Google’s influence extends to making that either easier or harder, it much the same way as they influence the Android ecosystem.





  • If you’re talking about being able to regain access with no local backups (even just a USB key sewn into your clothing) your going to need to think carefully about the implications if someone else gets hold of your phone, or hijacks your number. Anything you can do to recover from the scenario is a way an attacker can gain access. Attempting to secure this via SMS is going to ne woefully insecure.

    That being said, there are a couple of approaches you could consider. One option is to put an encrypted backup on an sftp server or similar and remember the login and passwords, another would be to have a trusted party, say a family member or very close friend, hold the emergency codes for access to your authentication account or backup site.

    Storing a backup somewhere is a reasonable approach if you are careful about how you secure it and consider if it meets your threat model. The backup doesn’t need to contain all your credentials, just enough to regain access to your actual password vault, so it doesn’t need to be updated often, unless that access changes. I would suggest either an export from your authentication app, a copy of the emergency codes, or a text file with the relevant details. Encrypt this with gpg symmetric encryption so you don’t have to worry about a key file, and use a long, complex, but reconstructable passphrase. By this I mean a passphrase you remember how to derive, rather than trying to remember a high entropy string directly, so something like the second letter of each word of a phrase that means something to you, a series of digits that are relevant to you, maybe the digits from your first friend’s address or something similarly pseudo random, then another phrase. The result is long enough to have enough entropy to be secure, and you’ll remember how to generate it more readily than remembering the phrase itself. It needs to be strong as once an adversary has a copy of the file they jave as long as they want to decrypt it. Once encrypted, upload it to a reliable storage location that you can access with just a username and password. Now you need to memorize the storage location, username, password and decryption passphrase generator, but you can recover even to a new phone.

    The second option is to generate the emergency, or backup, codes to your authentication account, or the storage you sync it to, and have someone you trust keep them, only to be revealed if you contact them and they’re sure it’s you. To be more secure, split each code into two halves and have each held by a different person.






  • Having consistent interface names on servers that have several is useful, but we already had that option. The interface names they generate are not only hard to remember, but not terribly useful as they’re based on things like which PCI slot they’re in, rather than what their purpose is. You want interface names like wan0 and DMZ, not enp0s2. Of course, you can set it up to use useful names, but it’s more complicated than it used to be, so while the systemd approach looks like a good idea on the surface, it’s actually a retrograde step.




  • In news that will shock no-one, dbus was, of course, initially created by a Redhat engineer. I get the idea of having a general purpose bus that everything can communicate on, but they somehow managed to even make that complex.

    You make a compelling case for Void Linux. I use Debian or a RHEL derivative for work, primarily so there’s at least a chance to hand systems off to someone else to maintain, the less known distros seem to meet with blank looks.

    I want to give NixOS a try sometime, as I like the idea of declaritively defining the system




  • That’s fair, it does make sense to use it on a laptop, but it really should be the sort of thing you add when needed rather than having it jammed in whether it’s useful or not.

    Every time I need to do something even slightly different to a basic setup I find myself inventing new curses for those who screwed things up with these overblown, over complex, minimally functional abominations. Just give me vi and the basic configuration files and let me get on with it!



  • Personally I’d do away with NetworkManager too and just configure the interfaces directly, but that might just be me being old and grumpy!

    I think most distros go along because their upstream did. There are comparatively few ‘top level’ distributions, the main ones (by usage) being Redhat and Debian. Most everything else branches from those. Redhat’s got enough clout on the market that there’s a sort of pull towards complying with it just to not be left put.

    I use Debian, but I think they’re crazy for swallowing everything Redhat pushes, they could easily stick to the cleaner options and have a better system for it. At least they let you opt out of systemd, so life is a little more tolerable.