Just a basic programmer living in California

  • 9 Posts
  • 105 Comments
Joined 1 year ago
cake
Cake day: February 23rd, 2024

help-circle

  • My wife has worked with lots of people who are not native English speakers who are sometimes taken aback by the idioms. One colleague flat out refused to accept that “FOMO” is a word.

    I suggested that she is in a position to make some up, like “Let’s not put fish in the milk bucket.” But she didn’t go for it. I guess she’s not an agent of chaos after all :/





  • It seems to me that you’re asking about two different things: zero-knowledge authentication, and public key authentication. I think you’d have a much easier time using public key auth. And tbh I don’t know anything about the zero-knowledge stuff. I don’t know what reading resources to point to, so I’ll try to provide a little clarifying background instead.

    The simplest way to a authenticate a user if you have their public key is probably to require every request to be signed with that key. The server gets the request, verifies the signature, and that’s it, that’s an authenticated request. Although adding a nonce to the signed content would be a good idea if replay attacks might be a problem.

    If you want to be properly standards-compliant you want a standard “envelope” for signed requests. Personally I would use the multipart/signed MIME type since that is a ready-made, standardized format that is about as simple as it gets.

    You mentioned JSON Web Tokens (JWTs) which are a similar idea. That’s a format that you might think you could use for signing requests - it’s sort of another quasi-standardized envelope format for signed data. But the wrinkle is that JWTs aren’t used to sign arbitrary data. The data is expected to be a set of “claims”. A JWT is a JSON header, JSON claims, and a signature all of three which are serialized with base64 and concatenated. Usually you would put a JWT in the Authorization header of an HTTP request like this:

    Authorization: Bearer $jwt
    

    Then the server verifies the JWT signature, inspects the “claims”, and decides whether the request is authorized based on whether it has the right claims. JWTs make sense if you want an authentication token that is separate from the request body. They are more complicated than multipart/signed content since the purpose is to standardize a narrow use case, but to also support all of the features that the stakeholders wanted.

    Another commenter suggested Diffie-Hellman key exchange which I think is not a bad idea as a third alternative if you want to establish sessions. Diffie-Hellman used in every https connection to establish a session key. In https the session key is used for symmetric encryption of all subsequent traffic over that connection. But the session key doesn’t have to be an encryption key - you could use the key exchange to establish a session password. You could use that temporary password to authenticate all requests in that session. I do know of an intro video for Diffie-Hellman: https://youtu.be/Ex_ObHVftDg

    The first two options I suggested require the server to have user public keys for each account. The Diffie-Hellman option also requires users to have the server’s public key available. An advantage is that Diffie-Hellman authenticates both parties to each other so users know they can trust the server. But if your server uses https you’ll get server authentication anyway during the connection key exchange. And the Diffie-Hellman session password needs an encrypted connection to be secure. The JWT option would probably also need an encrypted connection.


  • hallettj@leminal.spacetoLinux@lemmy.mlHow do you backup?
    link
    fedilink
    English
    arrow-up
    3
    ·
    14 days ago

    My conclusion after researching this a while ago is that the good options are Borg and Restic. Both give you incremental backups with cheap timewise snapshots. They are quite similar to each other, and I don’t know of a compelling reason to pick one over the other.



  • hallettj@leminal.spacetoLinux@lemmy.mlSWAY desktop
    link
    fedilink
    English
    arrow-up
    5
    ·
    edit-2
    14 days ago

    Are you using swayidle? It’s supposed to automatically keep the screen on when there is full-screen video playing. It’s the same in Gnome: you generally don’t need caffeine if a full-screen video is going.

    How are you playing videos? Maybe the player doesn’t correctly implement the idle inhibit protocol. Or if you’re using sway bindings to make the window fullscreen instead of using the app’s own fullscreen mode then maybe the player doesn’t know it’s fullscreen, and doesn’t set up the idle inhibit.

    If you do want manual idle inhibit control, if you use Waybar it has an idle inhibitor module that mimics caffeine. If you don’t use Waybar there is a little Python script you can run. Kill it when you want to stop inhibiting idle. actually wib looks like a better option




  • I’ve mainly worked as an employee so I don’t have as much experience with freelance gigs. But nearly every job I’ve had in 18 years has been through networking. Organizing and speaking at programming meetups opened a lot of doors for me. It gets a lot of attention on me while I get a chance to present myself as an expert.

    Eventually I’d worked with enough people that when I’ve been looking for work I find I know people who’ve moved to new companies that are hiring.


  • I’m gonna take a couple of stabs in the dark.

    According to this Stack Overflow answer using tee can prevent the prompt from drawing which makes it appear that a script has not terminated. The answerer’s workaround is to put a very short sleep command after the tee command.

    If this is what happened to you maybe the reason the script works in bash but not in zsh is because you have different prompts configured in those two shells.

    Another idea is to replace tee with sponge from moreutils. The difference is that sponge waits for the end of stdin before it starts writing which can avoid problems in some situations.



  • hallettj@leminal.spacetoLinux@lemmy.mlPlug-and-play development environment
    link
    fedilink
    English
    arrow-up
    7
    arrow-down
    1
    ·
    1 month ago

    Oh yeah, and Nix has the advantage that you don’t need containers. If you want to run a graphical app in a container it might be tricky to access the window manager on the host system. Maybe that’s why you were setting up i3? Yeah, containers are great and flexible, but they also have a variety of downsides so Nix is better ;)




  • At this point I don’t know what the difference is between waylandFull and the other wine packages. Last I checked waylandFull pointed to a much older wine version. But I see that’s just changed. Since Wayland is not in Wine’s main branch my guess is there’s no need for a Wayland-specific package.

    When I was working on this yesterday (I think) only the staging and unstable wine packages were on Wine 10. But yes, it looks like today all of the Wine packages in NixOS unstable are updated to Wine 10 so you could use wineWowPackages.stableFull, or whatever you want.

    I’m sorry about the Bottles issue! I was using Bottles, but I couldn’t figure out how to get a Wine 10 runner, or how to get it to use the system Wine which is why I went to Lutris.


  • Good point! There is also a spot you can set this in game settings in Lutris.

    I haven’t tried this in Steam. Steam still requires X11. Can Steam spawn a native Wayland window if it’s running in xwayland? I assumed not which is why I went through Lutris. But if it can that would be great!

    Edit: Oh yeah, Steam can launch native Wayland games! Now that I think about it that makes sense - Steam spawns a sub-process that manages its own windows so the sub-process doesn’t get stuck in X11 land. This is great! I thought I was going to have to wait forever for Valve to release a Steam update with Wayland support!

    I think the Proton options that Steam provides are not updated to Wine 10 yet so they won’t run in Wayland without the special registry setting that the previous Wine version requires? I tried hacking in a custom compatibility runner that runs wine from the Nix package, but I got a message saying that a running instance of steam could not be found. But I was able to get a runner that works from wine-tkg-git by following instructions here.

    • from that link click, under the “Proton nightly builds” heading click on “Wine Master”
    • click the latest workflow run
    • under “Artifacts” click to download proton-tkg-build
    • unzip and then untar the file, put the extracted directory in ~/.steam/root/compatibilitytools.d/
    • you’ll see a new runner option in the compatibility settings for games


  • I’ve come around to doing it this way too. systems is not automatically supplied as a flake input - you can get such an input like this:

    inputs = {
      systems.url = "github:nix-systems/default";
      # ...
    };
    outputs = { self, nixpkgs, systems }:
      let
        eachSystem = f: lib.genAttrs (import systems) (system: f nixpkgs.legacyPackages.${system});
      in
      {
        # ...
      } 
    

    The handy thing about importing another flake to get a list of four strings is that anyone consuming your flake can override that input in case they want to use a system that isn’t included in your original flake. There is more information at https://github.com/nix-systems/nix-systems