Hacker News: tiberious726

New comment by tiberious726 in "Put your SSH keys in your TPM chip"

tiberious726 — Thu, 16 Apr 2026 20:09:23 +0000

> TPM isn't for "security" in the abstract, it's fundamentally for authentication

What on earth do you think I make my users present keys for???

You know all those guides saying "you should never copy an ssh private key over the network. Make a new one for each device" that every idiot dev ignored? Now I can enforce that.

New comment by tiberious726 in "Put your SSH keys in your TPM chip"

tiberious726 — Thu, 16 Apr 2026 20:07:39 +0000

This article's method is bad, basically the same as systemd-creds (not itself bad, just extremely compatible), take a look at tpm-ssh-agent or gnupg for how to do that part the right way (the party they don't do right is bind/sign to pcrs, which is just low hanging fruit in today's day and age...)

New comment by tiberious726 in "Put your SSH keys in your TPM chip"

tiberious726 — Thu, 16 Apr 2026 20:04:47 +0000

If you run into the link to this, is love to read it. Proper, modern, pcrphase binding with a signing key should remove these firmware update issues irt the raw pcr value changing

New comment by tiberious726 in "Put your SSH keys in your TPM chip"

tiberious726 — Thu, 16 Apr 2026 19:52:51 +0000

The authors of both this article and ssh-tpm-agent (disjoint set) really need to learn about pcrphases and the signing keys therefor: https://github.com/Foxboron/ssh-tpm-agent/issues/15

New comment by tiberious726 in "FSF trying to contact Google about spammer sending 10k+ mails from Gmail account"

tiberious726 — Thu, 16 Apr 2026 18:37:48 +0000

I set up my orgs SPF/DKIM/DMARC (we self host, they have feelings about corporate data sovereignity...) it look about 30 min having never touched them before, and maybe another 15 to write an ansible playbook to rotate the keys.

We do have a _tremendous_ amount of spam fail these checks, as well as a few legitimate organizations.... Some of our peer companies have sent out notices that they will bounce anything that fail these checks in the coming years, and we're probably going to to do the same before too long.

It's trivially easy, and absolutely valuable

New comment by tiberious726 in "Show HN: BAREmail ʕ·ᴥ·ʔ – minimalist Gmail client for bad WiFi"

tiberious726 — Wed, 08 Apr 2026 16:47:27 +0000

Random web apps are not. Imap pop and smtp don't sanely support mfa, so the insurance industry is slowly killing them off

New comment by tiberious726 in "curl > /dev/sda: How I made a Linux distro that runs wget | dd"

tiberious726 — Wed, 25 Mar 2026 22:21:29 +0000

It whines about licensing, but I switch between booting my windows installation bare metal and as a VM all the time

New comment by tiberious726 in "Google details new 24-hour process to sideload unverified Android apps"

tiberious726 — Fri, 20 Mar 2026 22:20:09 +0000

I still use emacs gnus with Gmail. You need a token instead of old fashioned imap auth, but it works fine

New comment by tiberious726 in "Babylon 5 is now free to watch on YouTube"

tiberious726 — Sat, 14 Feb 2026 22:14:46 +0000

Still trying to figure out how it's related to B5

New comment by tiberious726 in "Unix Hater's Handbook Stinks"

tiberious726 — Sat, 15 Nov 2025 19:34:55 +0000

Genera would like to have a word

New comment by tiberious726 in "Steam Machine"

tiberious726 — Wed, 12 Nov 2025 19:59:05 +0000

You mean valve's?

New comment by tiberious726 in "Stop 'reactions' to email by adding a postfix header (2024)"

tiberious726 — Sun, 02 Nov 2025 13:20:38 +0000

Yes

New comment by tiberious726 in "Government Urges Total Ban of Our Most Popular Wi-Fi Router"

tiberious726 — Fri, 31 Oct 2025 22:55:01 +0000

Anything with an sfp slot and a decent "optic" should blow tp-link's link stability out of the water. In about the same price range, have you tried mikrotik?

New comment by tiberious726 in "IDEs we had 30 years ago and lost (2023)"

tiberious726 — Mon, 20 Oct 2025 17:30:59 +0000

In unconfigured emacs, you can literally just go Buffer>Save in the toolbar. If you didn't know to look in the buffer menu, then you didn't read even a little bit of the tutorial that appears when you open it

New comment by tiberious726 in "I am giving up on Intel and have bought an AMD Ryzen 9950X3D"

tiberious726 — Sun, 14 Sep 2025 21:14:29 +0000

The extra unused memory might even act as shielding to cosmic rays, but the extra electrical load on the memory controller might more than balance that out for unbuffered sticks

New comment by tiberious726 in "GrapheneOS and forensic extraction of data (2024)"

tiberious726 — Sun, 14 Sep 2025 20:54:36 +0000

Seedvault is the /worst/. I ranted about it here a few months ago, and the lead dev says he's aware they really need something better: https://news.ycombinator.com/item?id=42541520

New comment by tiberious726 in "Ask HN: The government of my country blocked VPN access. What should I use?"

tiberious726 — Fri, 29 Aug 2025 00:13:04 +0000

Exactly this. Hell, for OP's use case of accessing things like twitter, a good old fashioned https proxy would be entirely fine, and likely not even illegal.

New comment by tiberious726 in "Sam Altman now says AGI, or human-level AI, is 'not a super useful term'"

tiberious726 — Wed, 13 Aug 2025 12:39:53 +0000

Didn't the terms of that deal define AGI as "an AI that generates at least 1 billion in annual revenue"?

New comment by tiberious726 in "Managing EFI boot loaders for Linux: Controlling secure boot (2015)"

tiberious726 — Wed, 23 Jul 2025 20:53:01 +0000

If you use the -m flag with enroll-keys, won't that also load the MS keys, which the Nvidia firmware should be signed by, allowing verification to pass?

New comment by tiberious726 in "Linux and Secure Boot certificate expiration"

tiberious726 — Mon, 21 Jul 2025 16:53:08 +0000

Eh, that's basically what we have now with boards where you can delete the MS keys and enroll your own. Just with different defaults and no support nightmare