Show more

Kudos to Dovecot team for designing a reasonable external authentication protocol and providing a useful specification for it.

If AppArmor seems a bit too much, at least protect startup files. Make .bashrc, .bash_profile, .xinitrc, WM and shell configs immutable.

The sudo password is a security theater. If untrusted code is isolated, it will be unable to run sudo (or other privilege escalation tool) at all. If untrusted code is not isolated, it has millions of ways to sniff the sudo password. This applies to both server and desktop Linux installations.

Keep your stuff sandboxed. The Evil Systemd, despite being Evil, has a set of useful options for this. Check systemd.service(5).

Here we go.
If somebody wants to try it - clone master branch and do 'git cherry-pick d0e7df023cadb3d7068e5b09509bc562ad63f10b', then run build.sh script as usual.

Show thread

maddy is getting milter client support once I figure out how to use go-fuzz!

github.com/emersion/go-milter/

So far testing IPNS performance:

/ipns/QmbrC2DvpGp2jmFH9udVFuzAvzwB967DRT1CcRu1Pru5FC

IPNS lookup + fetch using gateway.ipfs.io
1. 17.12 seconds
2. 23 seconds

IPNS lookup + fetch using ipfs.hex.dn42
1. 7.23 seconds
2. 0.147 seconds (cache hit)
3. 0.876 seconds (after node restart, wtf)

IPNS lookup + fetch using cloudflare-ipfs.com:
1. Timeout
2. Timeout

IPNS lookup + fetch using ipfs.eternum.io
1. 64.49 secs

IPNS lookup + fetch using ipfs.best-practice.se
1. 502 Bad Gateway

go-ipfs 0.5 is released. Promises IPNS performance improvement. Now `ipfs name publish` fails with timeout instead of failing silently after a terribly big amount of time. That is an improvement, I think?

So in case GitHub does a flop again, one could grab the source code of maddy, for example, from git.hexanet.dev/foxcpp/maddy. I should link it somewhere...

<jrb0001> ansible is slow
<jrb0001> foxcpp: ansible is 7+ minutes for me, and that's just copying files over + restarting stuff if needed. generating all files is a custom tool and takes much less than a second.
(from at hackint)

Literally: git.hexanet.dev/foxcpp/chicken
Can even be fully automated via little systemd timer/cron job.

Screw .

As for deployment, there are lxd and other similar software. If you are into The Evil Systemd things, you can even try mkosi+nspawn. I found it rather convenient for throwaway experiments with software.

Often heard argument for Docker: security via isolation. As a complete security freak, I think AppArmor combined with simple application github.com/foxcpp/scmp-confine for seccomp offers more security with less management overhead. If you want more - you have bubblewrap.

fox.cpp boosted

Isn't it ironic that companies which build giant rube goldberg machines out of k8s and docker and ansible and The Cloud and so on, all in the name of reliability and uptime, seem to have a lot more issues than those who don't do all that crap

Noticed several days that some IETF people are apparently working on IMAP4rev2. Even further, the work was started back in 2015 and is still active.

Sadly, it is just merging extensions. [imap5] mailing list is still quiet as a graveyard, you know.

datatracker.ietf.org/doc/draft

Looking through profiles on puppo.space, I probably should be terribly ashamed of using this server.

Anyways... *toot!*

Puppo Space

A general furry public instance. You don't have to be a furry to join. Any and all topics are fair game provided they do not conflict with the Code of Conduct.