This doesn’t make a call to government servers.

The app (or desktop application BTW, incl. Linux) reads your national ID’s NFC tag, once. When you need to prove your age, the app locally computes a zkp that only tells the site “at least 18yo yes/no”.

Note that every EU country has a form of national ID, and the digital capabilities of these IDs are already used for a bunch of stuff (e.g. taxes, bank account creation,…). This doesn’t worsen the privacy situation for EU citizens, but instead ensures that no privacy-unfriendly solutions emerge.

If you use nixos, you basically have to know/learn/use day-to-day the nix language.

nixpkgs are written using nix the language, using concepts mostly familiar from just using nixos.

Basically everyone using nixos is capable of contributing packages.

Ah, sorry. https://repology.org/repositories/graphs

Just gonna leave this here

Is this some sort of public tracker issue I’m too private trackers and Usenet only to understand?

Funny, I’ve also already read that 😄 Good blog and article.

What blog?

Ha, thanks, I’d already read that. And I do, mostly, agree; the OMEMO implementation is not great both from the security perspective discussed in the post, as well as the UX (not being able to decrypt old messages on new devices at all).

That being said, I primarily want a selfhosted, federated messenger which also takes privacy and security seriously, and at least for the former, XMPP is really refreshingly good.

Ugh. I’ve always liked Matrix (and was not bothered too much by the metadata leaks because my home server was not federated anyways), but after noticing some issues and finally reading up on the actual protocol spec a couple of weeks ago… oof. Yeah. No.

Set up XMPP for now. Works really well and the protocol seems so much saner. Unfortunately, it too has some annoyances that are unacceptable to me in the long term. I’m this close to saying “fuck it” and wasting the next couple of years of my life on a new protocol that no one is gonna use. (Cue the XKCD here.)

I mean, how can we feel superior if we are not wasting huge amounts of time setting things up!?

Why, by boasting that it’s so easy, just look at that, it is only two options you need to set thanks to the 80 custom modules I’ve written to abstract the abstractions from nixpkgs!

I WISH I could put an /s here, but I cannot.

Ehm… I’m also on Nixos and I’d say it’s super trivial.

services.openssh = {
  enable = true;
  settings = {
    PasswordAuthentication = false;
    PermitRootLogin = "no";
  };
};

users.users.<name>.openssh.authorizedKeys.keys = [ list of pubkeys ideally read from file in repo ];

Eh, the machine is actually in one of my wireguard nets anyways, but for different purposes.

The nice thing about SSH key-based access is, I either have the key and login succeeds, or I have no business trying to log in.

That’s why my remote root server bans via fail2ban after a single failed login.

Yes I’ve had to write support to get a KVM. Yes it’s still configured like this.

Audiobookbay

Past me had a dick

Sorry, couldn’t resist.

deleted by creator

Or TUI.

Nice, I was able to send an email to that.

You do have a point. TBH I only now realized that the video was posted from Doctorow’s personal account, and without a link to the “original”, which yeah, kinda weird.

The talk itself is still worth it (had the fortune of sitting in the audience), but probably a good idea to use the media.ccc.de link.

Originally/additionally hosted on media.ccc.de