#dropbear
1 post1 participant0 posts today
Off in the weeds today looking at basing a docker image on busybox and dropbear.
Replied in thread
No problem:
- #PGP/MIME [see @delta / #deltaChat & @thunderbird / #Thunderbird]
- #XMPP+#OMEMO [see @monocles / #monoclesChat & @gajim / #gajim]
- #Monero [obviously, because there's a huge-ass bounty on it.
- #Linux
- #OpenBSD
- #OpenSSH
- #dropbear SSH
- ...
I could go on all night, so please shove that #TechPopulism somewhere the sun doesn't shine!
- Please go #TouchGrass for the next 24 hours...
Infosec.SpaceKevin Karhan :verified: (@kkarhan@infosec.space)@max@gruene.social
To [quote you directly](https://gruene.social/@max/113872018769294131):
> "[...] easy to use solutions that are at the same time private and secure. [...]"
- The fact that @signalapp@mastodon.world requires #PII like a #PhoneNumber which more often than not *cannot be legally acquired anonymously* makes it not #private.
It is easier, faster, cheaper and overall simpler to get someone setup with #XMPP + #OMEMO espechally if they don't have a #PhoneNumber and/or #ID to acquire a #SIM.
And if you go and say, *"Just buy a [insert country here] [e]SIM!"* and expect #TechIlliterates without a #CreditCard, #PayPal or other means of #OnlinePayment to fiddle around with some #eSIM if not having to get some #eSIMcard because they can only afford to maintain one SIM and can't spend triple-digits on a new devices then you *completely missed the point*!
- I can much faster and easier get TechIlliterates setup show them around - either in a @cryptoparty@mastodon.earth / @cryptoparty@chaos.social / #CryptoParty - style #classroom / #seminar or 1:1 tutoring than I can *legally acquire and activate a new SIM in #Germany* [since 07/2017]...
It's not that I expect anyone to get #TechLiterate within minutes, but similar to setting up a cordless DECT phone it's something one has to do once in 5 years and just have them put the password in a safe spot to retain...
- - -
Point is that #Signal #WontFix their setup and that was evidently clear even before @Mer__edith@mastodon.world succeeded #MoxieMarlinspike: Their entire operation has a *distinct #CryptoAG stench* as it's an #unsustainable #VCmoneyBurning party!
- #CloudAct and the #NOBUS [hegemony](https://en.wikipedia.org/wiki/NOBUS#Criticism) ain't something that just got executed now (neither was #GDPR & #BDSG!)...
A counterexample on how this could've been done are #Tor, #eMail and other *truly #OpenSource* as in #MultiVendor & #MultiProvider standards.
- *NOTHING* compells Signal to [demand PII](https://en.wikipedia.org/wiki/Signal_(software)), run a #Shitcoin #Scam [aka.](https://en.wikipedia.org/wiki/Signal_(software)#In-app_payments) #MobileCoin that even seasoned #TechLiterates and #CryptoBros [can't setup properly](https://www.youtube.com/watch?v=0DSGq9FQKU4), and in fact Signal using [phone numbers makes it trivial to discriminate against users and easier for them to identify them](https://en.wikipedia.org/wiki/Signal_(software)#Controversial_use)!
- If [my reasoning](https://infosec.space/@kkarhan/113869305765533809) didn't resonate with you, then try helping i.e. undocumented migrants aka. *"#SansPapier|s"* to get setup with it without violating laws and/or ToS and/or needing an imported SIM which I'm shure most folks don't have on hand!
Whereas it's trivial to get people setup on [one of many XMPP servers I've personally tested](https://github.com/greyhat-academy/lists.d/blob/main/xmpp.servers.list.tsv)!
- Not to mention clients like @monocles@monocles.social / #monoclesChat and @gajim@fosstodon.org / #gajim are way more user-friendly and unlike Signal can also work perfectly fine over #Tor, including #OnionServices as endpoints.
AFAIK Signal doesn't even have an #OnionService / [```.onion```](https://en.wikipedia.org/wiki/.onion) for their Website, much less any #API enpoints to use it with!
- Them relying on #ClownFlare is just something that makes them even *more #sus* as there is *[no legitimate reason](https://en.wikipedia.org/wiki/Cloudflare#Controversies)* to use a #RogueISP like that.
- - -
You're free to also provide evidence and supporting data to your arguments, rather then *neighsaying* against *proven to be more secure and reliable [by virtue of decentralization]* options like XMPP+OMEMO and/or #PGP/MIME.
- What gets my blood boiling is the constant #disinfo by [Signal](https://mstdn.social/@rysiek/113868777937162686) [Fanboys](https://mstdn.social/@rysiek/113869169340313254) like @rysiek@mstdn.social who sell it like #DigitalSnakeoil akin to #AntivirusSoftware, because it's at best *"#TechPopulism"* and at worst [will mislead "TechIlliterates"](https://infosec.space/@agturcz@circumstances.run/113868748895262202) with a [false sense of security](https://infosec.space/@kkarhan/113868987217053362), which in turn puts more users at risk.
The *proper fix* is to actually *assess the situation* and acknowledge the *risks and limitations* as well as the very nature of communications, which means *upgrading later* is exponentially more painful, thus getting people *properly setup once* is way easier.
- Just because *WE* [ or rather @rysiek@mstdn.social in this case ] rather *privilegued enough* to not be *hatecrimed in their current location* doesn't mean this is the case for everyone. And having places like Signal rely on a *"#CDN"* is just another *red flag* to me because questions like [this one](https://circumstances.run/@agturcz/113866980398547492) just don't arise with [monocles.chat](http://monocles.chat) as people can just exercise proper #SelfCustody and just use Tor!
Speaking of #monocles: That business is at least #sustainable because it's funded by users [(€2 p.m.)](https://store.monocles.eu/produkt/monocles-starter-account/) which they can [pay anonymously](https://monocles.eu/more/#payment-section)
Replied in thread
#DropBear@theblower.au @galad @serge @palestine @israel
At #DropBear’s insistence,
>> I asked my friend #Google, “How is the form of #Zionism that spawned #Israel characterised by #racism and #bloodlust?”
And now I’m trapped forever in a Google #AI database, tagged as an #antisemite
Replied in thread
#DropBear@theblower.au @galad @serge @palestine @israel
#HitAndRun. A very very quick #seppuku by DropBear!
He was posting his OPINION as fact, and doubled down with “yes and yes” two posts earlier when I challenged him.
Good riddance!
#Festplattenverschlüsselung auf einem #Server unter #Linux:
Ist #Dropbear in der #initramfs noch das Mittel der Wahl oder gibt es andere, bessere Ansätze?
freezr The latest #upgrade for #Debian #Devuan stable broke #Dropbear-initramfs 
I double checked my settings and my documentation, everything is how I wrote down.
Is any of you having the same issue and know how to fix it? 
Now I can't prompt the passphrase from SSH and I need to connect a keyboard to my #stealthbox
@brokenix it's been quite a while that #Dropbear isn't the default in #NixOS' #initrd anymore. See this commit for more details and the reasoning behind this decision:
https://github.com/NixOS/nixpkgs/commit/d930466b7728e5515991cb73c060fc3f32bdc001
GitHubnixos/initrd-ssh: switch from Dropbear to OpenSSH · NixOS/nixpkgs@d930466Dropbear lags behind OpenSSH significantly in both support for modern
key formats like `ssh-ed25519`, let alone the recently-introduced
U2F/FIDO2-based `sk-ssh-ed25519@openssh.com` (as I found when...
Dear #Australia,
It is time to put a stop to the black-market #dropbear export crime rings! Michigan is being overrun with abandoned dropbear cubs after their idiot buyers realize they're not koalas!
You'd think they'd die in the Michigan winters. They become meaner. Lacking access to vegemite, they start eating deer, squirrel, and other critters.
STOP the ILLEGAL export of dropbear cubs! They have no place anywhere other than Australia.
Don't make us send hodags to Australia!
~Michigander
Continued thread
#FediHelp #FediAsk
I wonder if I can use #Dropbear #initramfs to start an #Arm #SBC, #SSH into, unlock the #LUKS partition and continue the boot process...
So far looks like everything I have made is not working, which it doesn't surprise me since I am a #Pebcak Master; however I could get this totally wrong, trying to do something unfeasible!
Thanks!
Replied in thread
Replied in thread
Seriously...
Whilst a bit dated I think the talk is still valid...
I really think that #toybox & #musl are good and that's why I chose them for OS/1337:
I want a really #BareBones #Linux distro as an exercise in #minimalism and because I think we should embrace #FrugalComputing and that people should still be able to use a system just with a 1440kB Floppy to boot.
Even if that means they'll only have an #SSH-#Terminal using #Dropbear as #client...
https://www.youtube.com/watch?v=SGmtP5Lg_t0&t=1277s
Replied in thread
Wow, @linux does actually improve efficiency over time...
I just compiled a minimal kernel 6.5 for OS/1337 targeting #i486 instead of #i686 and the resulting binary is even 10kB smaller than the one for 6.4.12...
For real: That's awesome cuz it allows me to make the #Floppy version for #486SX a reality and still have #Toybox & #dropbear as #SSH client in it...
Cudos to @torvalds and the maintainers for that:
They really did cleanup the codebase and made it #smol|ler!
![A terminal output showing linux 6.5 [file name bzImage] to only occupy 961kB of disk space.](https://media.mstdn.social/media_attachments/files/110/986/370/280/727/447/original/ceffe12e446b7cb6.png)
Replied in thread
@ncommander OFC, that is a concern if RAM is a limiting factor...
And I do know that most distros like @ubuntu will zse shared libraries as they have way more programs needing them at the same time, so I don't think that's bad on their part.
Whereas in my case of OS/1337 the #Floppy version (1440kB) literally only contains #Linux as Kernel, #toybox as Userland and #Dropbear as SSH-Client and nothing else.
It's basically turning a machine into a "SSH-Terminal" and that's it.
When I use LUKS to encrypt the root partition on my Linux server, I need to supply the crypt passphrase at boot to unlock the system for startup to continue and get to login. That's OK if I'm sitting in front of a keyboard and display. But what if it's a headless server or located in a remote location?
Enter Dropbear. Install this tiny SSH server into the server's initramfs, and use SSH keys to login from a client at boot and unlock:
https://www.dwarmstrong.org/remote-unlock-dropbear/
www.dwarmstrong.orgRemotely unlock a LUKS-encrypted Linux server using Dropbear ☯ Daniel Wayne ArmstrongWelcome to my corner of the webiverse
This HOWTO is dated 2017 but can confirm it still works today using Debian 12. It was *so* helpful getting the wireless interface setup on my home server initramfs so that I could remotely unlock a LUKS-encrypted root partition using Dropbear:
https://www.marcfargas.com/2017/12/enable-wireless-networks-in-debian-initramfs/
www.marcfargas.com · Enable Wireless networks in Debian InitramfsInitramfs is a very tiny environment in which your Linux system boots in order to do a lot of initialisation magic before loading your system. The most common use case is to mount the root filesystem, like when it’s encrypted and you need to type a passphrase to mount it. Or if fsck needs to run on an unclean root filesystem. Basically anything that goes before mounting the root filesystem and, after that, before launching INIT (you can read more in the Debian Wiki).