#security

In my last post, I mentioned that I was “investigating the possibility to use Tailscale to simply block the access from the “outside world” and make it more secure”. Well, it is now implemented and it works. Basically, my blog system can listen on two different ports: the regular one where you’re navigating, and the one inside a Tailscale network.

If I specify exclusiveDashboard: true on my Tailscale section of the configuration, the dashboard will only be added to the Tailscale router. This way, the dashboard won’t be available at hacdias.com, but only inside the Tailscale network. I’ve tried it and it works. However, it is not how it is not enabled on the live version yet!

I also mentioned that I was trying to “inject” and admin bar while logged in. I can say that it is working via some response writer wrapping magic. I have a few more plans to make Eagle more self-contained, but we’re not there yet!

Have a fantastic day!

jlelse’s Blog 20 Oct 2021 18:46

My home and code server now has 2 TB of SSD storage and 16 GB of RAM. While I’ll be using the storage for backups, etc., I’m not quite sure what I can use the 16 GB of RAM for yet. What else can I run besides Home Assistant, AdGuard Home, Drone and Tailscale? I still have my VPS running my websites,…

Weirdly enough, the name Tailscale caught my eye and I decided to investigate what it is. I checked their website and it seems that they use Wireguard to do the kind of configuration I explained some time ago. I’m curious: besides the easyness of use, what other advantages do you see on using Tailscale over a manually configured Wireguard network?

YubiKey Setup for GPG, SSH and 2FA

YubiKeys are hardware authentication devices that can be used with many applications, such as GPG, SSH and for 2 factor authentication. I have owned quite a few over the past years and recently I decided to upgrade them to the NFC version so I can use them with my mobile devices.

As usual, there is quite a bit of setup after purchasing a new YubiKey and I always struggle to find the correct guide that I use. Thus, I decided to make this simple compilation of steps and guides so next time it’ll be easy to find! Hope it can be useful for you too!

READ MORE

A few days ago I saw a blog post by GitHub announcing their support for security keys in SSH operations. After a bit of search, I discovered that OpenSSL 8.2, released last year, lets us use our FIDO2 devices (such as Yubikeys) to “unlock” our SSH private keys. This way, we don’t need the cumbersome GPG <-> SSH relation.

I tried it, and it was nice. I don’t know if I’m going to start using it right away because not every place uses OpenSSL 8.2+ yet, but soon, very soon.

Some links:

How to Effectively Backup Your Emails

For quite some time, I have been setting up systems to backup my data of my computer, as well as fetching data from services, such as Trakt, Last.fm or GoodReads. There’s always one kind of service that has been on the back of my mind for a while to backup, but I’ve never got the time, nor the will to do so: email!

Email is fundamental nowadays and it is the basis of Internet communication. Almost all online services require an email, and even though we use it virtually every day for the most varied services and uses, it is not the easiest thing to backup.

READ MORE

Jan-Lukas Else 22 Jan 2020 10:28

I don’t show webmention content at all. 😅 Instead I just show a link to the “interaction”. That removes a lot of complexity with parsing, storing etc. but probably isn’t as intuitive: it requires opening the “interactions” section below the post and visiting the link.

I enjoy showing the webmention and the context (reply to what? repost of what? like of what?) because, as you know, the content on the Internet is ephemeral and if I don’t store it, I don’t have assurance that it will remain available. And that’s the main reason why I show the webmentions.

In any case, it’s not the webmentions that worry me, but the post contexts that I show on replies, likes and reposts… Need to decide on that: either remove the pictures, or store them.

Jan-Lukas Else 22 Jan 2020 08:43

On a lot of IndieWeb sites, I noticed that profile images of webmentions get directly embedded from their original source. For example, Twitter profile images are loaded directly from Twitter servers (pbs.twimg.com) or even my profile image is directly embedded from my site.However you should consid…

This is actually the next thing I want to “fix”. Other problem of twitter is that, if the user changes the profile picture, the previous one gets unavailable. For webmentions, I’m using the images provided by webmention.io, but for replies, likes and reposts context, I’m using the original source and I don’t like it.

I already ponderated to remove the images at all from the contexts, but I don’t think it would look as friendly as it does now. What do you think?

Como Utilizar a API de Passwords do PHP 5.5+

Como muitas das novidades introduzidas na versão 5.5 do PHP, a API de passwords não passou despercebida aos desenvolvedores. Hoje vamos falar da criação de hash de passwords utilizando esta API.

READ MORE