136 private links
he OED’s earliest listed usage of “log in” in the modern sense of “to open one’s on-line access to a computer” is from the 1963 publication Compatible Time-Sharing System from the MIT Computation Center. [2] I’m not sure if this is truly the first usage of “log in”, but it would make sense if it was, as CTSS, started in 1961, was arguably the first time-sharing operating systems, and so possibly the first system that you needed to log in to. (Before that we only had batch processing systems).
A lot of new hardware security keys (Yubikey, Nitrokey, Titan, etc.) now support FIDO2 (aka U2F aka Webauthn aka Passkey; yes it’s a mess).
So does OpenSSH.
This spells good news for us, because it is far easier to use than previous hardware security types (eg, PKCS#11 and OpenPGP) with ssh.
A key benefit of all this, if done correctly, is that it is actually impossible to access the raw SSH private key, and impossible to use it without the presence of the SK and a human touching it.
Also, ssh agent forwarding becomes safer again, and what’s more, it can be used to let you tap your local key to authenticate even when sshing from remote machine A to remote machine B.
I’m going to call these hardware security keys “SKs” within this article.
I’ve been annoyed at the material out there, which often doesn’t explain what’s happening and suggests insecure practices.
So, I’m going to introduce SKs and FIDO2, show how to use the keys with SSH, explain the role of ssh-agent with all of this, and walk you through all of the steps.
Decided to do some #Linux terminal hopping.
This is my completely unscientific test: maximised window, tmux with a NeoVim session, paging quickly through some code. I wanted to see what the most CPU usage would be for these terminals. I'm testing on a Ryzen 7 7840U.
Why worry about CPU? Laptop users and low-power machine users will care about CPU usage. I'm trying to eke as much life out of my equipment as possible.
Coworker: ...and the IP address are compared with a string match.
Me: grinning manically
Coworker: Why are you looking at me like that?
Me: Open up a terminal and type ping 4.2.514 and hit enter.
Coworker: ...what's the fourth number?
Me: grin widens Just hit enter.
Coworker: WTF!?
The following are lines from ~rsyncer/.ssh/authorized-keys on my dbclone host – which gathers database backups from various hosts.
from="x8dtu.example.org,10.1.1.1",command="/usr/local/sbin/rrsync -ro /usr/home/rsyncer/backups/bacula-database/postgresql/" ssh-ed25519
AAAAC3thisisalsonotmyrealpublickeybcxpFeUMAC2LOitdpRb9l0RoW7vt5hnzwt rsyncer@x8dtu.example.org
The above appears on two lines to make it easier to read without horizontal scrolling – in the file, it’s all on one line.
This says:
- when an ssh connection comes in from a client at x8dtu.example.org, or 10.1.1.1
- run /usr/local/sbin/rrsync -ro /usr/home/rsyncer/backups/bacula-database/postgresql/
- and that client must have this key (as shown)
- rsyncer@x8dtu.example.org is a comment, and has no effect
"What kind of script is it?"
- "A Bäsch script."
"Bash?" - "No, its German cousin."
"???" - "???"
Become an irreplaceable 10x developer in 30 seconds flat
Why learn actual skills when you can just look impressive instead?
Introducing rust-stakeholder - a CLI tool that generates absolutely meaningless but impressive-looking terminal output to convince everyone you're a coding genius without writing a single line of useful code.
Yesterday I learned that #ghostty, the terminal emulator supports custom shaders. So here is a little retro/crt shader: https://gist.github.com/lukad/d979a36ed9a83020bd6fa3fa0d5d7c89
blinry - I also learned that the "grep" command is called like that because it performs the same function as running "g/re/p" in the original editor "ed" (and "QED" before that, I think): It gets all lines from a file that match the regular expression "re", and prints them!
And through that same heritage, :g/re/p still works in my Neovim today! ^_^ I love learning stuff like this!~
Glances is a cross-platform system monitoring tool written in Python
List system USB buses and devices; a lib and modern cross-platform lsusb that attempts to maintain compatibility with, but also add new features. Includes a macOS system_profiler SPUSBDataType parser module and libusb profiler for non-macOS systems/gathering more verbose information.
The project started as a quick replacement for the barely working lsusb script and a Rust project to keep me up to date! Like most fun projects, it quickly experienced feature creep as I developed it into a cross-platform replacement for lsusb.
Merge, tail, search, filter, and query log files with ease.
No server. No setup. Still featureful.
via @pty
A data hoarder’s dream come true: bundle any web page into a single HTML file. You can finally replace that gazillion of open tabs with a gazillion of .html files stored somewhere on your precious little drive.
Unlike the conventional “Save page as”, monolith not only saves the target document, it embeds CSS, image, and JavaScript assets all at once, producing a single HTML5 document that is a joy to store and share.
If compared to saving websites with wget -mpk, this tool embeds all assets as data URLs and therefore lets browsers render the saved page exactly the way it was on the Internet, even when no network connection is available.
An interactive replacer for ripgrep.
This is an interactive command line tool to make find and replacement easy. It uses ripgrep to find, and then provides you with a simple interface to see the replacements in real-time and conditionally replace matches.
Some features:
⚡ Super fast search results
✨ Interactive interface for selecting which matches should be replaced or not
🕶️ Live preview of the replacements
🧠 Replace using capturing groups (e.g., when using /foo (\w+)/ replace with bar $1)
🦀 and more![diff is] the seed crystal of all workable open collaboration, and people living without it don’t even have the language to recognize how bad they’ve got it.
The Modern Port Scanner. Find ports quickly (3 seconds at its fastest). Run scripts through our scripting engine (Python, Lua, Shell supported).
✨ Features
Scans all 65k ports in 3 seconds.
Full scripting engine support. Automatically pipe results into Nmap, or use our scripts (or write your own) to do whatever you want.
Adaptive learning. RustScan improves the more you use it. No bloated machine learning here, just basic maths.
The usuals you would expect. IPv6, CIDR, file input and more.
Automatically pipes ports into Nmap.conorh@mastodon.sdf.org - During lunch a friend mentioned that you can just supply a HTTP URL to vim on the command line and it would use curl to download that resource and allow you to edit the content. I jokingly asked whether if you enter :w it would then issue a HTTP POST back to the origin which is of course ridiculous.
It issues a PUT
A fast, simple TUI for interacting with systemd services and their logs.
systemctl-tui can quickly browse service status and logs, and start/stop/restart services. It aims to do a small number of things well.
“do you know ascii code 7?”
“yea, that rings a bell.”