

Sorta, you have to install your certificate authority into the browser and it might complain about verifying that but it will still connect with the encryption.
Sorta, you have to install your certificate authority into the browser and it might complain about verifying that but it will still connect with the encryption.
deleted by creator
I mean more like a self signed TLS certificate with your own host manually set in the browser. Then only make the TLS port available, or something like that. If you have access to both(all) devices, you should be able to fully encrypt by bruit force and without registering the certificate with anyone. That is what I do with AI at home.
I’ve half ass thought about this but never have tried to actually self host. If you have access to all devices, why not just use your own self signed certificates to encrypt everything and require the certificate for all connections? Then there is never a way to log in or connect right? The only reason for any authentication is to make it possible to use any connection to dial into your server. So is that a bug or a feature. Maybe I’m missing something fundamental in this abstract concept that someone will tell me?
By default it will break out many things. I use db as an extra layer of containers in addition to a python venv with most AI stuff. I also use it to get the Arch AUR on Fedora too.
Best advice I can give is to mess with your user name, groups, and SELinux context if you really want to know what is happening where and how. Also have a look at how Fedora Silverblue does bashrc for the toolbox command and start with something similar. Come up with a solid scheme for saving and searching your terminal commands history too.
White list firewall
You can use the fedora direct sources to search their discourse forum. Google and Microsoft are likely warping your search results intentionally to drive you back onto Windows. Search is not deterministic any more. It is individually targeted.
I have never used KDE much, so I have no idea. You are probably looking for KDE settings. These would likely be part of gsettings in GNOME. That is not really a fedora thing. You need to look in the KDE documentation. This is the kind of thing that gets easier with time but can be frustrating at first.
Sorry I’m not more helpful than this. It is 2am in California and I didn’t want to leave you with no replies at all.
You generally want to use a trusted protection module (TPM) chip like what is on most current computers and Pixel phones. The thing to understand about the TPM chips is that they have a set of unique internal keys that cannot be accessed at all. These keys are used to hash against and create other keys. The inaccessibility of this unique keyset is the critical factor. If you store keys in any regular memory, you are taking a chance.
Maybe check out Joe Grand’s YT stuff. He has posted about hacking legit keys to recover large crypto amounts. Joe is behind the JTAGulator, if you have ever seen that one, and was a famous child hacker going by “Kingpin.”
I recall reading somewhere about a software implementation of TPM for secure boot, but I didn’t look into it very deeply and do not recall where I read about it. Probably on Gentoo, Arch, or maybe in the book Beyond Bios (terrible)
Andrew Huang used to have stuff up on YT that would be relevant to real security of such a device, but you usually need to know where he wrote articles to find links because most of his stuff isn’t publicly listed on YT. He has also removed a good bit over the years when certain exploits are unfixable like accessing the 8051 microcontroller built into most SD cards and running transparently. Andrew is the author of Hacking the Xbox which involved basically a man in the middle attack on a high speed PCIE (IIRC) connection.
It would be a ton of work to try to reverse engineer what you have created and implemented in such a device. Unless you’re storing millions, it is probably not something anyone is going to mess with.
I’ve tried 3 times so far in Python/gradio/Oobabooga and never managed to get certs to work or found a complete visual reference guide that demonstrates a complete working example like what I am looking for in a home network. (Only really commenting to subscribe to watch this post develop, and solicit advice:)
“But guys, gtfomp” - emacs
It is never secure or truly safe to use. The kernel cannot be updated and so all vulnerabilities are adding up. You’re giving out enough info to figure out what device you are using just in the fingerprinting with every online connection. It is relatively easy for someone to look for you and exploit a known vulnerability. They don’t need a zero day or any kind of exploit. You device likely has the last secure kernel on it and there will be many published critical vulnerabilities that can be scripted.
Even if you stay offline and do not use WiFi or use airplane mode, you’re not able to verify what the modem is doing in the real world. You never owned the thing in the first place and the reason why is the proprietary binary module that supports the system on chip and modem.
All that said, it is no different than something like an old computer running Windows XT or with CP/M.
If Klingons spoke Esperanto, it would be a thing
nicely framed style Bill: 🪟
I use Graphene. I like the Auditor app and the ability to verify that the ROM is unaltered because you can never trust an orphan kernel like all mobile devices. If I ever give up possession of my device, I can verify if it was altered. I also have a way to wipe the device on locked login with no indication that the ROM is being wiped as provided by Graphene.
https://invent.kde.org/graphics/okular
I like Okular’s ability to scan and convert tabled data in PDFs too. There is an option to turn off DRM nonsense. That can do page edits and stuff. If you want to create pages with images you need an office suite.
Anyone have shortcuts for modeling complex over center, compliance mechanisms, and bistable auxetic materials? I’m using FreeCAD and trying to just use rough sketches and trial and error to create a bending tube structure that 3d prints vertically but then bends into place like a pop-tube kid’s toy, but only on one side of an otherwise vase mode print design. I’m really pushing the limits of what FreeCAD can loft before edges go wonky and the Part Design workflow is no longer sufficient. I can make a compliant spring easily, but a bistable bend in a tube is at the edge of my learning curve.
Not unless an http port is open too. If the only port is https, you have to have the certificate. Like with my AI stuff it acts like the host is down if I try to connect with http. You have to have the certificate to decrypt anything at all from the host.