Forest @forestjohnson@pixie.town

@tty

er, I meant to say impossible vs implausible.

Anyways, I would still be interested in supporting your email server monthly. I have to warn you, I might be an annoying customer, but I might also be able to help you diagnose and fix issues, and make the system better.

@tty

with cyberia's email server nullhex.com, I have used a 3rd party service called glockapps to help test broad email deliver-ability across a lot of providers -- I just looked at their site and it looks even more gross and corpo / catering to spammers than it used to ... so I wanted to check to see if it still works at all.

Yes this is a very much "hold your nose" situation, but I found this tool to be helpful.

Interestingly, today I have learned something:

Microsoft now spammfolders non-allowlisted domains instead of outright /dev/null-ing them. Hey, that's a big improvement!! difference between the possible and the implausible I suppose 🙄

If you are curious, this is what the output for our server looks like:

@tty

Hi, kira. I'm interested. I have some questions about the service:

Did you ever manage to get the ability to deliver email to Microsoft email properties like Outlook? If so, I'm curious how you managed that.

Do you have a continuity plan? How many people have access to the Registrar account for the domain name of the email server, and to the email server itself ?

I always wanted to do email myself but to be honest I'm still working on building up the infrastructure and capability to be able to support it in a way that I would feel is replicable.

@KimCrayton1 I agree! I have been telling people that i think I'm racist for a long time. (And then trying to explain what you just explained in this thread)

I don't like this situation 😣 But I agree that acknowledging it is much better than trying to stay comfortable by ignoring it.

@reese T+048C? Lol

@austin

thick stews/curries have some base ingredient which is the reason why they're thick.

If you're talking French food, you would start with a roux. That's butter and flour cooked in the bottom of the pan until it browns. Then the liquid is added while folding and stirring to try to minimize lumps.

If you're a American vegan punk, you might make your curry out of squash. boil or roast a butternut and huck it in a blender with some olive oil.

Others may use full fat yogurt, coconut milk, mashed tubers, mashed legumes, etc.

Powder mashed potatoes can be a quick fix maybe ?

And then there's cornstarch which I would view as more of a last resort or a final slight adjustment at the end.

A small amount of corn starch is added to a small cup. Cold water is mixed in until it's fairly homogenized and there's no lumps. And then the mixture is poured into the hot soup while stirring.

@handle I just first try rolled "kinda awake viper chap" Which sounds like it was not randomly generated, but it actually was

🐍🎩

@handle I solved the "how do you generate a secure password" problem by just writing the code myself.

https://pwm.sequentialread.com/

Obviously, that's not something that the average person can do, but I hope at least that I'm improving the situation by publishing my result.

Sometimes I don't even use that thing though. I just think up random words. it will be some word or weird train of thought that comes from something that happened that day or from a news article that I saw that day. And after I choose a word, then I start over and try to find another separate source of something random to choose a word based off of.

I'm sure that this produces slightly less entropy than a dice roll would, but honestly, I don't think it really matters. I don't think anyone brute forces these kinds of things.

@handle Diceware is for encryption key seeds imo.

Guess and check style passwords, like a debit card pin, don't actually need to have that much entropy in them. They just need to not follow obvious patterns and to be unique. And unfortunately, they also need to be flexible enough to adhere to whatever stupid draconian password policy will be forced on the user.

If I was going to teach someone one thing about passwords, I would probably teach them Password Manager + paper backup. Am I cheating? Is that two things? I don't know. If I had to cut it down to one thing I might choose paper.

@monkeyborg

https://m.youtube.com/watch?v=9x35EaKWCAw

> Kitsune² - Rainbow Tylenol

@monkeyborg @kazooloon

Also, I definitely should have put a disclaimer that I know almost nothing about this. This is telephone between multiple people and so a lot of this information is probably inaccurate.

@monkeyborg @kazooloon

I have a radio friend who went to Defcon and kind of saw the meshtastic / meshcore controversy happening in real time.

Basically, some furries out that the security model of meshtastic is similar to using SSH where you always assume that the server certificate is correct and you never check it. In other words, as soon as someone starts trying to man in the middle and lie about what the server certificate is, then the security of the entire system crumbles and it might as well be plain text from the perspective of the attacker.

These furries were motivated by the way that the meschtastic project has become more and more proprietary and started lashing out open source developers that were building anything which would be compatible with their proprietary stuff. So this proof of concept to DEFCON and were able to take over the entire meshtastic network that was present at DEFCON.

How much this security issue matters in practice is up for debate... But just like with SSH, properly tracking all of the known host keys and never accepting any of them automatically has a serious burden on the usability.

For example, a lot of quote-unquote enterprise grade tools like Terraform have the same exact vulnerability. By default and without warning they always accept whatever host key the SSH server provides.

Anyways, my friend would probably recommend Meshcore because it's developed in the open by furry hackers who are not trying to gatekeep and make money from it. But that said, it's obviously much more of a "some assembly required" type scenario. You won't be able to connect to anyone else until you add their key.

That might seem extremely detrimental, but honestly, in my opinion, these radio mesh networks are kind of jank and don't really make sense compared to a hub and spoke radio network architecture. Maybe that's because I'm having a different idea about where the usage of these networks is going....

Oh, yeah, one last little tidbit about meshtastic.

I've heard from the same friend that a lot of meshtastic products which you can buy are based on microcontrollers. The bandwidth that these things have is so limited that it's trivial to completely DOS all of them with just a single Linux computer that's running on a real CPU and sending packets. Sometimes, with enough of them in a network, they can even DOS themselves. And then you have to bring in a faster computer with a real CPU into the network to handle all of the packets and send acknowledgements and stuff, otherwise it'll stay stuck forever.