• 0 Posts
  • 109 Comments
Joined 1 year ago
cake
Cake day: July 1st, 2023

help-circle



  • It’s not “best practice”, but a compromised key is a compromised key whether that key is used to connect 1 or 100 computers to a server. No, I can’t shut off access to exactly one machine, I do not however have any difficulty in shutting off access to every machine and replacing it with a new key. Your system and my system are no different with a single compromised key.

    If I had 100 computers that I had to change identity files on each time it was compromised, and my keys were being compromised often, I would see a benefit from using multiple different keys.

    Quit acting like I’ve left the front door to my house open when the door is locked but my roommate and I share the same key.



  • Again, I know it’s not amazing security but it’s not inherently bad. The key (actually encrypted), if (not when) compromised would provide the same level of access to my system as having two keys with one compromised. Assuming I’m an all knowing wizard and can smell when a key is compromised, I can log in remotely and replace the old key with a freshly generated one. More likely however is that if anybody was going to actually do something with my compromised key, they’d clear my authorized_keys file and replace it with a key I don’t have access to. Don’t kid yourself into thinking having multiple keys suddenly makes you 10x more secure.

    What’s more likely is someone finds my flashdrive on the ground, goes “oh boy free flashdrive full of Linux ISOs and recovery tools!” And proceeds to wipe it and use it for their own shit, while I regenerate a new key when I notice it missing.


  • I use the same identity file for all of my computers. I don’t have password auth enabled on my server and it’s an extreme inconvenience when I’m on a new machine and have to dig out a different machine to get a copy of my new key to the server. Best practice? Probably not, but I’d rather that than having password auth enabled. I keep an encrypted copy of my id_rsa on my thumb drive so I’ve always got it when I need it.

    I had never personally heard of ConnectBot, but it says last updated in February of this year on Google Play. I don’t see a real reason to use it over Termux however.


  • Install termux [edit: grab from f-droid or their website, their play store version has been out of date for some time and repos likely wont work on it] on your phone and run pkg install x11-repo followed by pkg install putty-tools which should put a copy of puttygen on your phone. Open your file manager and “Termux” should appear like a USB drive (in Google files it’s under “other storage” at the bottom of the home screen), copy your key file there and Termux will be able to access it. puttygen keyfile.ppk -O private-openssh -o id_rsa Should let you convert to OpenSSH format and connect to trusted computers. You can also install OpenSSH in Termux to use it as an ssh client

    It also looks like you can install putty in Termux as well, if that’s more convenient for you

    nvm, it needs an x11 server, you’re likely better off with the aforementioned method


  • The thing here is that you don’t have to use play billing for in app purchases outside of the play store. The biggest example of this is Fire tablets, where you don’t even have the option of play billing on your app even if you wanted it, and I’m sure Huawei isn’t using play billing either. Let alone the fact you can sideload apps that have their own verification methods. When I bought gravitybox it was verified based on your PayPal invoice #. The secret revenue sharing, while “designed to keep apps down”, is nothing more than an incentive to stay on their billing platform. If Epic isn’t offered that deal they’re still free to make deals with other app stores.

    Meanwhile on camp Apple, there are no alternative vendors using different stores and you’re unable to sideload apps without a developer account. There is no alternative to Apple’s billing if you want to charge for something inside an app, which is precisely what Epic did to get banned in the first place.

    I 100% the verdict to be appealed by Google. I’m not a big fan of Google as a company, but when they’ve specifically made it possible for customers to have the ability to sideload while Apple doesn’t and they get spat in the face for it, why would they continue to make pro-consumer choices?