Where communities thrive


  • Join over 1.5M+ people
  • Join over 100K+ communities
  • Free without limits
  • Create your own community
People
Activity
  • 01:25

    Firstyear on master

    (cargo-release) version 0.1.9 (compare)

  • 01:25

    Firstyear on v0.1.9

    (cargo-release) version 0.1.9 (compare)

  • 01:24

    Firstyear on master

    Add contributors (compare)

  • 00:18
    Firstyear commented #4
  • 00:16

    Firstyear on master

    Implement parsing for ModifyReq… (compare)

  • 00:16
    Firstyear closed #4
  • 00:16
    Firstyear synchronize #4
  • 00:15
    Firstyear commented #4
  • 00:13
    Firstyear synchronize #4
  • Oct 26 22:57
    Firstyear commented #4
  • Oct 26 22:41

    Firstyear on master

    Add debug to simple structs (#5) (compare)

  • Oct 26 22:41
    Firstyear closed #5
  • Oct 26 22:41

    Firstyear on 2-pwextop

    (compare)

  • Oct 26 22:40

    Firstyear on master

    pwextop impl (#3) (compare)

  • Oct 26 22:40
    Firstyear closed #3
  • Oct 26 22:40
    Firstyear closed #2
  • Oct 26 07:23
    nitnelave commented #3
  • Oct 26 07:07
  • Oct 26 06:14
    nitnelave opened #5
  • Oct 26 05:55
    nitnelave synchronize #4
Triss Healy
@trissylegs
*today is now yesturday
Georg
@georg.hofmann:matrix.org
[m]
Cool. I have zfs as well and was thinking of home encryption. But not yet dared to start it. 🤣
Same for gdm,it only shows local users. But it will show once the logged it. I did a bit of research, I think also related how sssd does it, it think this is a dbus issue or. Need to search again.
About my arch Pam. It was just a minimal change. Not as hardened as suggested by kanidm docs. Will share, once I am back at the machine.
Firstyear
@Firstyear
Honestly, I'm probably just overly opinionated here but I think that most machines are single-user, not multi-user so the concept of per-home drive or per-user encryption doesn't make sense to me because there is a 1:1 with the user and the system, so system wide encryption maps to the user anyway
Triss Healy
@trissylegs
Arch wiki simplifies the above to just home drive. Which is basically what I have set up. (And my safety user users the the same password)
The setup above to me is just a nicer version because you get the login screen before needing to decrypt anything. Which is kinda how macOS does it
Firstyear
@Firstyear
Yeah, macos does system wide encryption though.
It's just the user pw + disk pw is bound together
You could do similar with luks if you wrote a pam module for it.
But it would have issues with remote pw's
James Hodgkinson
@yaleman
it's all fine as long as your stuff's backed up somewhere so when some overly touchy random PAM thing bins your stuff you can recover
Firstyear
@Firstyear
lol yeah
But linux backup tools are a bit of a wasteland ....
Georg
@georg.hofmann:matrix.org
[m]
Yeah, backups. I have recently switched to kopia and really like it. It's worth having a look, I would say.
1 reply
Triss Healy
@trissylegs
So for now I'm just going to auto decrypt my /home on boot. It'll just have the option to change it later
My current backup is Déjà Dup to to my NAS and my NAS is using duplicacy [sic] to b2. Although I'm not happy with duplicacy
Georg
@georg.hofmann:matrix.org
[m]

I was using duplicati which is AFAIK very similar to duplicacy. But was also not super happy. Finally I tried to restore from a different machine and this failed after 4 days and 3 retries. 😵

BTW kopia also supports b2 as storage backend

Triss Healy
@trissylegs
It does look nice
Georg
@georg.hofmann:matrix.org
[m]
On home enc: yes mostly 1:1 true. But IMHO the super correct way of doing this would be per user home (i.e. zfs dataset)
I found some scripts doing this but have not tried so far.
Firstyear
@Firstyear
Yeah duplicity is really unreliable and slow, would not recommend.
@georg.hofmann:matrix.org But per-user home implies a multi-user machine, and that's really rare. These days most computers 1 to 1 map from their own to the only user on that system.
Similar to phones/tablets
Triss Healy
@trissylegs
duplicity != duplicacy. Dplicacy is a lot faster but isn't free. (Well the restore program is free and open source... which is good)
It's also kinda annoying getting things that run on arm32. (Party why I'm going to change my nas to amd64)
Main Multi-user PC I've used is was the family PCs. Now I don't think many families do that much... and they're probably not using per-user disk encryption
James Hodgkinson
@yaleman
I've been using duplicacy and it works pretty well
it's free if you don't want all the management ooling
Tasqa
@Tasqa:matrix.org
[m]
Got tired of borg needing server side stuff. Finally able to just drop chunks on B2 instead of having to deal with a remote server and upkeep
Also, hi 👋
I've been following the project for a year and half. But only now found the channel and have a working matrix client again
Firstyear
@Firstyear
@Tasqa:matrix.org Hi there! Great to have you here :
:)
quite a few of us in the channel are Australian so we may be slow to respond.
Georg
@georg.hofmann:matrix.org
[m]
Tasqa Hi, nice to have you here.
Firstyear
@Firstyear
@georg.hofmann:matrix.org Are you still doing arch packages for kani?
Next release is oct 1st, so a couple of days time as a heads up.
Georg
@georg.hofmann:matrix.org
[m]
Yes, I will do.
Firstyear
@Firstyear
Awesome! Tomorrow (29th) is Kanidm's birthday (3 yrs old!) so I'll probably start making the Oct 1st releases the "birthday" release
Georg
@georg.hofmann:matrix.org
[m]

Nice, looking forward to it.

I hope to find some time to contribute a bit again....

Firstyear
@Firstyear
All good! Whenever you get time is good :)
Tasqa
@Tasqa:matrix.org
[m]
haha, hooray timezones
might you be the firstyear that worked on 389-ds and wrote a blogpost about new ideas in 2018? 👀
Firstyear
@Firstyear
@Tasqa:matrix.org The one and the same :)
2 replies
And I still work on 389-ds today
Georg
@georg.hofmann:matrix.org
[m]
A (delayed) happy birthday kanidm! 🥳💫
Tasqa
@Tasqa:matrix.org
[m]
Really want to get around to test kanidm 😁
Firstyear
@Firstyear
@Tasqa:matrix.org I think you'll quite like it!
James Hodgkinson
@yaleman
If you do need any help don't hesitate to ask :)
I'm looking to write up how I deploy client config via ansible soon... once I clean up all my "oh no this is a test don't do this" code
Sorry if there was a bit of email spam, I accidentally git tags