FOLLOW
Dr. Hax
npub16v8...eqha
Signet maintainer. Self-custody your passwords... in hardware! https://hax0rbana.org/signet
Cypherpunk. Infosec veteran of about 15 years (vulnerability research, exploit development and cryptography). Cypherpunks write code.
Want to see wider adoption so Bitcoin can be used as digital cash and not just an investment vehicle.
XMR: 44RDkTFmTeSetwAprJXnfpRBNEJWKvA5dBH5ZVXA4DofgoZ9AgjyZdSa2fo7pMD3Qe3pdKga8X22y3Lyn1xYde5kPQPzVUu
FOLLOW
MESSAGE
SATS
Today I got botan2 cross compiling for x86-64 Windows (from Linux x86-64).
Why? Because I want to cross compile keepassxc and this is getting in my way.
Why do I want to cross compile keepassxc? Because I want to use that code in the signet client to import keepass v4 databases
And I want my (Linux based) CI to be able to continue to crank out windows builds. That's why.
After Botan, I'm going after argon2, and then others.
Oh and I had to build my own compiler because mxe repos are way old. So I'll probably be hitting up their mailing list to find out if someone has the ./debian directory that produced that .deb file so I can give them an updated build. If nothing else, I'd like to at least built it and put it in my own apt repo.
Yeah, I'm way down the rabbit hole on this one. And if I manage to dig myself out, I'm going to do it all over again for i686!
I am having so much fun with disposable VMs (DVM) in #Qubes, it should be illegal!
I'm doing #dev work again today and when I think I have the minimal commands to reproduce an issue, I'll spin up a DVM, paste the commands and make sure I hit the problem I expected. If not, I'll poke around to fix it (install a dependency, update the PATH, etc.) and then repeat.
Takes about 8 second to spin up a fresh VM. Very rapid #development!
And I don't want to wait those extra few seconds so I spin up a fresh qube and have it on standby, because I know I'm going to need it in a few minutes. As soon as I start using that one, I spin up another fresh one in the background. 😂
I wish Qubes had a better user interface and support for GPUs so you could play games.
It has support for the passing through GPUs to Qubes, so if you have to have a Windows qube with direct access to a GPU, you can absolutely do that.
I haven't done it myself, but I have passed through other PCI devices.
Not sure what you mean about the user interface. It has a launcher menu in the corner to start apps in various qubes, ability to easily move files from one qube to another, USB passthrough, ability to change which networking gateway is used (Tor, VPN, clearnet, other, or none), and all this without ever touching a command line.
Wow, this is a 25-year-old Palm Pilot still being used in 2025
“They were the original distraction-free technology before we even needed such a thing. You didn’t spend the money on a Palm Pilot to play games or scroll social media. You spent the extra money on a Palm PDA because you had a job to do. Palm Pilots were the original productivity monsters, keeping us on schedule and connected through lightweight email programs and RSS feeds.”
I don't think many of the youth today could visualise a really distraction-free and advert-free piece of technology. Today notifications keep popping up, adverts clutter pages, as well as pop-up cookie notices.
I remember using a Palm Pilot myself, and I used to sync my notes, e-mails, etc with my desktop PC. A Palm Pilot was one of the really early productivity devices, being able to run all sorts of 3rd party downloadable apps. I remember, too, the early database apps, I think mine was called HandyDB.
This is PURE productivity at its best. Technically, with the Pebble watches making a comeback, there is no real reason why Palm Pilots could not also do so. Big Tech would of course hate this as they still want to sell newer flashier devices to you, that can pop up all sorts of messages and disclaimers.
And look at this: “Surprisingly, the 25-year-old rechargeable battery still works well, holding a charge for over a month.”
#technology #retro #PalmPilot
Working on an update to the #signet client so it can import the Keepass 4.x databases (currently it can do up to and including 3.
x).
It compiles and works on Linux, but in order to be accepted it also needs to do so on macOS and Windows, and cross compiling the Windows executables from Linux needs to work for both 32- and 64-bit versions.
The keepassxc project has a bunch of dependencies, which is making this difficult. The libraries aren't packaged up elsewhere like they are on Debian. 🫤
📡 EFF launches Rayhunter — a $20 open-source tool that helps detect cell-site simulators (aka Stingrays) used for surveillance. Big win for privacy! 🔍 #Privacy #Surveillance #OpenSource #security #cloud #infosec #cybersecurity
And it now can be installed from Debian without having to compile anything too!
I was going to write some heartfelt shit, but I decided not to bother the Internet with my fucking problems.
OK, normally when I hear about someone who doesn't know crytpography or Rust writing Rust code and rolling their own cryptographic protocol, I'd almost certainly not going to use their code... but... Wang Lu seems to be the real deal, just picking up these skills along the way. Their highly experimental hardware password manager, which is not open source hardware nor software, sounds like it's a pretty decent design. If it actually does what is described, I am impressed.
It'll be interesting to follow along and see if it turns out to be an even more hardcore password manager than the #Signet. Of course, there's no proof that any of this code exists and works, so it could all be vaporware. We won't know unless it's released (in either source of binary form).
Hi Dr.Hax 🤟😉🏴☠️ I saw that you followed me in my old profile that unfortunately I lost and I don't use anymore! Follow me here on this and also remove the follow to the old profile that is nprofile1qqs9p5hc40z2nx65fxx9k8faqe5qy8pr98fqc4yk4vtfvdpvvw3g0dspzemhxue69uhhxmmrd9skctnrv9khq6pwdejhgqgkwaehxw309aex2mrp0yh8qunfd4skctnwv46qg68cln thank you 🧡💜
Where are the producers of physical goods?
Where are the builders of real world products?
I want to follow you!
I'm bored of the constantly repetitive, always the same bitcoin content and need more inspirations and real things in my feed.
Please oost for reach.
#asknostr
I make open source hardware password managers called nprofile1qqsf3vs4hphtnaqg6ekqxg3vfkhuhetnrejt696dn6l292jm9rjvntcpzpmhxue69uhkummnw3ezumt0d5hszrnhwden5te0dehhxtnvdakz7qgawaehxw309ahx7um5wghxy6t5vdhkjmn9wgh8xmmrd9skctc65awq5.
Oh, and I maintain Ansible roles/playbooks to make self-hosting things easier.
I also grow and preserve my own food, but that's not something I sell. That's just for me. No interest in selling any of that. I'll share my experience though.
I guess I do woodshop projects from time to time too. Again, those are just for me, but I'm willing to share what I learn.
That's cool. Is this the password manager?
Yup, that's the one. I'm about to finish a nicer looking case for it too.
That one is my personal device on account of the imperfection in the case.
I just got a Prusa 3D printer. Can you recommend any books or websites that can help me learn to use it. 😅
Honestly, just playing around with it has been what's worked best for me. Go to printables and find some cool stuff and then read their comments on recommended print settings.
When you run into problems (prints not sticking to the bed, warping or whatever), look for the answers with your search engine of choice.
Once you can print out models that are pre-made, next you can get into CAD if you're so inclined. There are tons of good videos on FreCAD on yewtu.be.
Thanks.
That's pretty cool.
I already knew that 🤝 and it's fantastic what you do 🔥
So many awesome people share what they are producing and working on. So amazing! 🔥🙏
Where are the producers of physical goods?
Where are the builders of real world products?
I want to follow you!
I'm bored of the constantly repetitive, always the same bitcoin content and need more inspirations and real things in my feed.
Please oost for reach.
#asknostr
You likely already follow me, but I boosted your post.
I refurbish computers and sell them, sell computer with Linux pre-installed. Also do repair and upgrades (mostly in my local area).
Also custom built computers.
Not exactly a producer... but certainly add value and keep things working longer.
That's cool. Didn't now that.
Productive day today!
#gardening - I mixed about a cubic yard of soil & rice hulls, put the rain barrel back in service, and took a first pass at fixingthe gutter
#signet - documented using the qt creator IDE, fixed all compiler warnings, and improved the Windows CI/CD build pipeline
Great episode with Joel Salatin. Just wind him up and let him go. Hell, you don't even have to wind him up.
Joel Salatin...🤔 that name sounds familiar...
/me Checks the author of the "everything I want to do is illegal" book on the coffee table literally next to me.
Oh. That's why. 😂
Very nice.
Right now there are a lot of new eyes on Signal, and not all of them are familiar with secure messaging and its nuances. Which means there’s misinfo flying around that might drive people away from Signal and private communications. 1/
How about the #Signal desktop app vulnerability for which one contact in a group message using Signal desktop could expose the chat conversation because of the lack of encryption? I’m not familiar with the details of the issue but my understanding is that it hasn’t been fixed.
#SignalApp
You're likely talking about the issue where the keys for the SQLite database were stored in plaintext on disk.
That's been fixed reasonably well on Mac. On Windows & Linux they database keys are in the OSes keychain (or Secret Service or whatever they call it) but any app running as that user can just get them in plaintext, just like they could when they were on disk in plaintext.
Signal has a history of collecting everyone's phone numbers even after usernames were finally implemented, blocking open source clients from being in the stock F-droid repos, taking years to partially fix the plaintext keys thing, not actually having public code to run a server that actually works, not allowing 3rd party clients to connect to their centralized servers and so on...
Having said that, their crypto was still legit last time I looked at the code. Metadata protection is lacking, but that's going to be true of nearly every centralized service.
One piece of misinfo we need to address is the claim that there are ‘vulnerabilities’ in Signal. This isn’t accurate. Reporting on a Pentagon advisory memo appears to be at the heart of the misunderstanding: https://npr.org/2025/03/25/nx-s1-5339801/pentagon-email-signal-vulnerability. The memo used the term ‘vulnerability’ in relation to Signal—but it had nothing to do with Signal’s core tech. It was warning against phishing scams targeting Signal users. 2/
Not much going on today.
No #meshtastic #solar node updates because I'm waiting on the lower gain antennas
No #Signet cross compiling updates because I'm busy doing house projects to get ready for gardening.
No #gardening updates because the tasks are uninteresting, like level the rain barrel stand and fix the gutter.
No production server updates because a.) I was waiting on RAM, and b.) it's boring.
No test server updates because I've been procrastinating fixing it ever since it literally blew up on me last time I tried to turn it on.
But in truth, all this completely unsexy grunt work is what enables the interesting work. So I soldier on. Getting stuff done. Like a boss.
Oops. Accidentally invited a journalist to a #signal group about war planning. 🤣
Cross compiling is usually difficult to get set up, but that's doubly true when the target is macOS, square that if it's QT and square it again is it's a different CPU architecture.
I'm trying to grind through it, but I think it might be grinding through me instead.
I'm attempting to start with the same CPU architecture (x86_64) to minimize the number of concurrent changes. One of us will be more stubborn, and I think I'll eventually outlast the build tool, as good of a fight as they may put up.
#development #mac #linux #foss
I now have a better understamding of why search engines aren't pulling up any guides on how to cross compile QT apps for macOS. People generally don't do this. Even the people who frequent the QT forums aren't sure if it's possible, and that doesn't even touch the question about compiling for ARM of an x86_64 machine.
I didn't realize I was trying to do something so rare.
A buddy is playing wotb AI video and so I had him make some videos of nprofile1qqsrf5h4ya83jk8u6t9jgc76h6kalz3plp9vusjpm2ygqgalqhxgp9gpzfmhxue69uhk7enxvd5xz6tw9ec82cspp4mhxue69uhkummn9ekx7mqpzpmhxue69uhkummnw3ezumrpdejqd2970s
I big shout out to the person in AntPool who mined 888888. That was a tricky one to find. 😂
Anyone else excited for 888888? 🤓 Yeah, I'm a dork
Fuck block 888886.
“A watched block is never mined”
Tick tock mf!
If you follow me for reports on my #solar #meshtastic node, I have an update.
I mounted the solar panel, antenna, and box of radio gear to my chimney. #Radio was reporting that the #battery pack was at 0% charge. Over the course of 2 sunny days, that rose to about 20%.
However, it just suddenly dropped to 0% again, and even before that I haven't been able to consistently see the node as online despite being in range (like, within 100 feet).
So I'm not sure what's going on. I caulked it all shut, so I don't think it is a rain issue, but maybe? The sudden battety drop didn't happen durring nor immediately after rain, so that also does not point to water damage.
At any rate, the testing will continue. This is why I put it on top of my roof first instead of trying to put it on top of someone else's tower. It's a lot easier to get onto my roof if I need physical access.
#mesh #OffGrid #electronics
Updates: I can connect via bluetooth just fine. It even delivered a test DM I sent a couple days ago. Rebooting the solar node didn't help. Battery charge continues to rise.
My Heltec v3 can see other nodes, but I'm going to try swapping it out for a tdeck in case the problem is on the client end.
If that doesn't work, I'll probably going to be climbing up on the roof soon and tearing the box open.
If you follow me for reports on my #solar #meshtastic node, I have an update.
I mounted the solar panel, antenna, and box of radio gear to my chimney. #Radio was reporting that the #battery pack was at 0% charge. Over the course of 2 sunny days, that rose to about 20%.
However, it just suddenly dropped to 0% again, and even before that I haven't been able to consistently see the node as online despite being in range (like, within 100 feet).
So I'm not sure what's going on. I caulked it all shut, so I don't think it is a rain issue, but maybe? The sudden battety drop didn't happen durring nor immediately after rain, so that also does not point to water damage.
At any rate, the testing will continue. This is why I put it on top of my roof first instead of trying to put it on top of someone else's tower. It's a lot easier to get onto my roof if I need physical access.
#mesh #OffGrid #electronics
I just saw it 20 minutee ago with a "bad signal".
Maybe the antenna is unable to tx/rx downward and it just radiates out? So when I am basically directly under it, I can't see it?
I'll check the antenna connectors when I get up on the roof next, but since it got my DM from a few blocks away, it seems unlikely that the antenna has come disconnected.
Holy smokes, I think it might actually be the antenna's tx/rx plane. I'm outside mixing rice hulls into my soil and I held my little heltec v3 at the ideal angle and did a traceroute, just to see what it would do, and it immediately responded.
If that's the case, maybe I want another node locally with a more forgiving antenna that will relay to the roof? That just seems kinda expensive in terms of the number of hops. One from my helrec to the jump point, two to the roof, three from the roof to wherever. Even with the hop count jacked up to 7, that extra hop is a high price to pay, IMHO.
Maybe this wouldn't be as big of a deal with #reticulum? I'm not sure how many hops they'll do by default nor what their maximum is.
#radio #mesh #meshtastic #hardware #electronics
What is the gain on your antenna if it's over 5 DBI It's probably just completely missing you. You should really be using 3 DBI or less if you do not know the direction that the signal is going to be coming from. As an example, you would not really be able to easily talk to a plane with a 10 DBI antenna because the plane would be above the radiation pattern of the antenna. But you would be able to talk to the plane with a 3 DBI antenna.
It's 6 DBI. I don't understand why better gain would cause it to NOT receive my transmissions.
Is there some place I can read more about this that doesn't require the background knowledgr of someone with an EE degree?
An anology of "you're shouting in my ear with a megaphone, so no, I can't understand you" would be the level of detail I'm lookong for. Just practical tips & explanations. I'm not super interested in the theory of antenna design (yet 😅)
Antennas don't add power. They can only redirect existing power. Higher "gain" antennas have a narrower beam. Inside that narrow beam, better signal. Outside that narrow beam, worse signal because you stole ability to receive from that spot and moved it to the other spot.
Easy visual. Flash light vs laser pointer. Aim a flashlight and it hits a specific spot. Replace the flashlight with a laser pointer on the exact same vector, it might still hit that spot or it might not. The intensity of the light will be brighter in the spots it does hit though.
I'll zap you for this as soon as I get my coinos NWC fixed or I get my personal lightning node finished.
In short, the higher gain the antenna is, the flatter the radiation pattern becomes, and therefore it cannot deal with elevation changes well, where the lower the gain on the antenna, the more circular the radiation pattern. Here's a link that shows a easy picture.
Hmm, maybe if I got someone else with a solar node and a large antenna like 1km away I could just bounce directly to their node. 🤔
I have had problems if the battery goes below voltage. Then when it recharges from solar, even once voltage is back, the esp32 doesn't come back up. Going out and pulling power from the board and reconnecting fixes.
I have a battery discharge protection circuit in there specifically to take care of this, but maybe this is the universe telling me it's not working as intended?
It popped up once today, reporting 27% battery, so still going in the right direction. I'll let it charge up some more then try connecting over bluetooth to see if I can poke around, maybe reboot it and see what happens. #yolo
I'm an AI coding skeptic, but I'm willing to be proven wrong. If you think AI can write code, prove it.
Challenge: write a CLI program that will list all accounts in a Signet password manager.
An existing CLI tool already exists and can unlock the device, the AI just has to implement a task to list accounts.
You can use any tool you want, open source, closed, paid, free... I don't want any excuses for why AI isn't up to the task. 😂
Oh, I actually can't test that - don't have an adequate device or MCU to turn into that sadly.
Well, my first thought was to dump the core documentation into the context (which means I will need to use a 128k ctx model on my maschine) and then first have it summarize and derive the core principles. From there, using those, I would have it write the core functions of deriving the users. And lastly, to write a CLI around the interface it generated last.
This allows me to keep relevant information in context, allowing the LLM to "forget" stuff as it gets bumped out of the context window, and iteratively approach this.
Not exactly the vibe-coding way - but for that you'd use some cloud provider, which I do not use, nor have a subscrpiton to. Just me and my 4090 baby. :D
If it wouldn't be $20-30 in shipping, I'd offer to just send you a device to see what your local LLMs can do. 🙂
I'd be somewhat surprised if an LLM produced code that would compile, let alone call the right functions. All the functionality is there in signet-base and it's all called from the GUI client.
To be honest, this shouldn't be a particularly difficult task for an LLM. I wasn't trying to pick something difficult to try to stump it. I genuinely want these things to be useful for real-world thing, despite all evidence to the contrary.
It reminds me of attack tools written to solve Capture The Flag hacking competitions, where they actually do work reasonably well on tiny, toy programs found in CTFs, and then utterly fall apart on analysing any real world code.
AI is good at common tasks. When I have to do mundane things like write long comparisons or decision making functions - or plain stupid things like a basic logger, I let AI do it. It can also generate JSDoc documentation and alike just fine.
It will struggle on signet, because wtf is signet. Need to be more specific here. (I do know what signet is - but it is very, very niche. You aren't guaranteed to find many references of that in the LLMs dataset.)
But, out of spite, I'll give it a shot lol. let me just see what signet is first.
Every LLM I've tested can give me a decent summary about the signet project.
It doesn't seem to struggle any more with Signet than it does with adding features to any other project.
Disclosure: I already tried this and it hallucinated a bunch of slop.
None if them could even write documentation for the existing code that was better than copying and pasting the usage messages. And even then it made crap up. But it clearly did have the code because it was able to copy/paste from it.
LOAD OLDER THREADS