• 0 Posts
  • 186 Comments
Joined 1 year ago
cake
Cake day: June 30th, 2023

help-circle
  • My guy, the line is a status symbol one earn by paying bonuses up front or letting their company pay.

    There is no greater good here. Line cutters aren’t somehow immoral.

    If everyone boarded in logical patterns of staggered odd window even window odd middle even middle odd aisle even aisle boarding, with no pairs or groups allowed, you’d be on to something.

    But it falls apart the moment you look at how it’s actually done. Status and rewards, and seat class, then whatever is left. Cutting in line because you didn’t spring for an $80 seat upgrade that amounts to “better” padding in the headrest and 1 extra inch in your legroom is insane.


  • An online database is still a file ultimately. A SQL or other DB file stored in a webserver, accessed through a web interface.

    Vaultwarden, etc, are the same, only the database file is less directly visible IMO. Keepass IMO is simple. The DB in a bespoke format, stored outside the application.

    You could put the vault in system32 and name it “trustedinstaller.log”, and if someone saw you had keepass they wouldn’t even know where your vault is.

    Given the number of well documented breaches of online password vaults, I would much rather do a private device to device sync via syncthing and keep it out of webservers.











  • Revisiting this many weeks later: what do you think of the idea of super users who can be delegated an ability to silence/quarantine other posters?

    Admin

    Moderators

    Superuser

    User

    Maybe if they only had the ability to flag a user and put them in "time out, and it couldn’t stack or be consecutive from one superuser, etc?

    I dunno. It might be a good way to help police the content without making people volunteer to be full on mods. And it can be treated as a semi privileged role, that expires are X months and only X number ofnactive users in good standing can have at once?

    A little complex to implement, but it might at least let mods crowdsource the task of stemming the worst of things.





  • No thank you.

    Nomura was literally the reason that vsXIII never finished, and languished in development hell for years until he was taken off the project and it was rebooted as XV under a new game director who had to salvage and reuse as much as he could from Nomura’s assets and work and put out a game. This is not to trash Nomura, but vs. XIII was a concept of a game, with tech demos, it but never a game built on a solid foundation.

    Nomura is talented in many ways, but he has let projects overwhelm him in the past, and seems best positioned as a producer or scenario and art lead rather than the game director.


  • KeePassXC you would put the sync-file itself into syncthing or something, and then KPXC would resolve changes between the sync file back to the main vault. I don’t use this method directly so I might be incorrect on the details, but it is possible to setup in a device to device manner.

    You keep saying external server for syncthing, but again: syncthing does direct data transfers, encrypted end to end, between devices. It does not use cloud hosting or servers. It has the equivalent of a 90s FPS matchmaking lobby, so you can find your own devices latest IP.

    You register the devices with each other with their generated ID codes. Then you ask the matchmaking server when it last saw that alias. It gives you the last IP that checked in with that unique alias. It then contacts that OP, and performs a handshake. If it passes, your two devices can now sync directly. The matchmaking relay has 0 data of yours, and 0 ability to associate your unique ID with a name, hardware, or anything other than a last seen IP. When on the same LAN, devices don’t even query the matchmaking relay if you don’t want. It’s totally offline.

    If you elect to, you can allow relays to let you tunnel of you have NAT issues, and your end to end encrypted data can be synced through a relay. In those cases then yes, you are extending a bare minimum trust, and you fully encrypted data would temporarily pass on the relay’s RAM. If this makes you paranoid, you can easily add a password to the sync folder itself, encrypting it unless another user inputs the password on the other end. Adding another layer if you wanted.

    I just get nothing from Bitwarden that syncthing and KeePass don’t offer more easily. Syncthing works for tons of devices and other purposes as well, preventing to host a password sharing only tool, and just letting you use a direvy device to device sync tool. I don’t know how or why you would have vault conflicts, but it really does sound like something fixable. Running this for years and I’ve never run into it.


  • This is one of the rare cases where I believe security through obscurity applies.

    What is the most ripe attack target: the password hosting service with millions of user credentials, or literally some random IP address using syncthing that could be sending literally anything that you don’t know is passwords or porn.

    Companies like Bitwarden and 1Password and LastPass are doomed to have failures, just like any major corporation. They are too big with too much attack surface, and clearly advertise that they have stuff worth stealing.

    Me? My KeePass vault is synced via Syncthing with no relay data, so it only ever exists on my phone and desktop, and is encrypted with what is today functionally unbreakable encryption. Today at least (RIP when quantum chips get good).

    And my data is a blade of grass in a field. Sure there is a narrow chance someone snooping on my entire geographic area and stealing packets like the FBI could grab some packets in transmission. But they show nothing, and mean nothing. And the FBI has easier ways to get our data anyways.

    Point is, I’d rather take my odds as a heavily encrypted file syncs between singular devices like a drop of water in the ocean, versus putting all my diamonds in Joe’s Diamond Emporium and just hoping no one decides to steal MY diamonds when it (inevitably) gets robbed.


  • In this circumstance, you can turn on simple versioning for the password vault. It will keep both vault copies and you can merge your changes together manually in the event this happens, no loss of data.

    For mobile I just give syncthing full permission to run in the background and have never had issues with the syncing on the folders I designate. Not saying it doesn’t happen, but I believe this can be solved.

    However KeePassXC’s sync feature does sync the vault.

    Syncthing does not have a server. The relay only serves to match your current client (device A) with the IP of your other client (device B). Nothing else passes through it unless you opt into using relaying in case you have NAT issues.

    If you are paranoid, the software is open source and you can host your own relays privately, but again, it is similar to a matchmaking service, not data transfer.

    Syncthing is a direct device to device transfer. No server in the middle unless you want it.

    https://docs.syncthing.net/users/relaying.html


  • This still requires a server setup, focused entirely on passwords. Why do that?

    Why not just use KeePass or KeePassXC, and use Syncthing for this and general files, or KeePassXC’s keeshare sync to sync the files without any hosting, server, or other services.

    Extremely simplified tldr: both of these are like a authenticated private bittorrent, where the “tracker” only helps you find yourself on another devices, no data is ever sent outside of your authenticaed devices, and all transmissions are encrypted as well.