[2025-11-29T00:16:11Z] so what do people do if they need to filter slurs with a project [2025-11-29T00:16:27Z] like is github going to get pissed off at me if i have a plaintext file that's just full of slurs to compare user input strings against [2025-11-29T02:15:10Z] Nah, I don't think so kris_ [2025-11-29T02:15:33Z] im kinda wondering if what im working on is an obscenely bad idea anyway due to how it has to be implemented [2025-11-29T02:15:49Z] btw re vis: kakoune has the same issue. I guess it's the curse of the editors, once they're good enough a "few" changes aren't going to tip the scale enough for a release [2025-11-29T02:15:57Z] so it becomes a matter of "when it feels like it" [2025-11-29T02:16:05Z] no idea what you're working on [2025-11-29T02:16:10Z] ssh gaming box [2025-11-29T02:16:16Z] anyone can ssh into setup@xyz and make an account [2025-11-29T02:16:22Z] and then ssh into their new user and itll force them into a TUI [2025-11-29T02:16:25Z] to pick between a few CLI games [2025-11-29T02:16:27Z] doesn't sound that obscenely bad :P [2025-11-29T02:16:38Z] the reason its bad is because the commands to create their user have to be run as root [2025-11-29T02:16:45Z] meaning i'm using doas to kick off a shell script as the root user [2025-11-29T02:16:52Z] I mean I can assure you that that feeling is part of the experience, whatever new funky thing you're working on [2025-11-29T02:17:04Z] you can do that in a more elegant way I assure you, if you really wanted to [2025-11-29T02:17:16Z] "elegant" [2025-11-29T02:17:16Z] how's that lol [2025-11-29T02:17:22Z] let's just say, more constrained [2025-11-29T02:17:49Z] the thing that I think of is, believe it or not, a C (or insert whatever native language) daemon that takes extremely specific and simple commands [2025-11-29T02:17:54Z] like, you can't fuck that up levels of explicit [2025-11-29T02:18:15Z] and just... make it do the thing? Once you're bootstrapped with an account you can just do whatever [2025-11-29T02:18:31Z] I mean this is not the first time someone had to make an automatic account creator hasn't it [2025-11-29T02:19:31Z] I'd be more interested in how you can avoid abuse [2025-11-29T02:19:40Z] ig it's going to be for internal use? [2025-11-29T02:19:46Z] no lol its gonna be public [2025-11-29T02:19:47Z] if i finish it [2025-11-29T02:19:48Z] mh [2025-11-29T02:20:01Z] you just gave me a really good idea for how to handle this though dery [2025-11-29T02:20:04Z] well this concern applies to any non-manually-approved impl ig [2025-11-29T02:20:08Z] yay [2025-11-29T02:20:11Z] teamwork [2025-11-29T02:20:13Z] * dery fistbump [2025-11-29T02:20:20Z] i can run a script as a service that will watch a directory for changes, the setup user will dump account creation information into that directory [2025-11-29T02:20:21Z] * dery forgot how to use /me [2025-11-29T02:20:28Z] the service sees that and acts based on that [2025-11-29T02:20:33Z] no commands are ever ran directly as the root user [2025-11-29T02:20:37Z] that'll do yea :D [2025-11-29T02:20:44Z] still a daemon taking commands in my book :P [2025-11-29T02:20:52Z] well i do things the runit way <3 [2025-11-29T02:21:01Z] that being just launching a shell script that will fail once its done and then be restarted [2025-11-29T02:21:06Z] yea that's nice [2025-11-29T02:21:14Z] the runit way feels very... old school, not in a bad way mind you [2025-11-29T02:21:22Z] i dont use any other init [2025-11-29T02:21:30Z] talking about init [2025-11-29T02:21:40Z] also it depends on what you mean by abuse [2025-11-29T02:21:46Z] does anybody know tf openrc had to do to implement cgroups v2 support [2025-11-29T02:21:48Z] openssh has a built in ForceCommand thing that can be blanket applied to all users [2025-11-29T02:22:01Z] it runs a specific thing on login via ssh forcibly [2025-11-29T02:22:01Z] cause I need containers for some stuff and both chroots and VMs have their levels of tediousness [2025-11-29T02:22:04Z] and docker is annoying [2025-11-29T02:22:05Z] and when that exits, you get logged out [2025-11-29T02:22:06Z] so podman it is [2025-11-29T02:22:13Z] also, no, but i know how void implemented it, sec [2025-11-29T02:22:28Z] in kiss-containers it just says "ye mount cgroups in sys or something lol" [2025-11-29T02:22:44Z] that does not make sense, there's supposed to be an userspace interface or something leasing the cgroups or whatever [2025-11-29T02:22:45Z] https://github.com/void-linux/void-runit/blob/master/core-services/00-pseudofs.sh [2025-11-29T02:23:01Z] > void-runit is in the public domain. [2025-11-29T02:23:02Z] thank god [2025-11-29T02:23:23Z] I love copyleft as much as the next person but some trivial stuff is best left like this to avoid ambiguities [2025-11-29T02:23:36Z] uh [2025-11-29T02:23:44Z] it's just... mounting the cgroupv2 fs in sys [2025-11-29T02:23:49Z] WTF DOES THIS MEAN :SOB: [2025-11-29T02:24:11Z] I thought the whole point was to move leasing to userspace [2025-11-29T02:24:13Z] i have no clue how cgroups work but i think thats literally the entire thing [2025-11-29T02:24:20Z] it was with cgroup v1 [2025-11-29T02:24:32Z] then classic linux moment, they moved stuff to userspace and there's a single, random implementation [2025-11-29T02:24:35Z] in this case [2025-11-29T02:24:38Z] systemd [2025-11-29T02:24:46Z] *bruh sound effect* [2025-11-29T02:25:00Z] I assume that it won't work rootless? [2025-11-29T02:25:21Z] as of my posting that link you know as much as i do [2025-11-29T02:26:02Z] fair fair, was thinking out loud [2025-11-29T02:26:15Z] btw regarding your thing [2025-11-29T02:26:17Z] by abuse I mean [2025-11-29T02:26:26Z] "aight let's make 10000 random accounts, that'll be fun" [2025-11-29T02:26:34Z] yeah im not sure [2025-11-29T02:26:40Z] if you have ideas let me know [2025-11-29T02:26:46Z] right now i've got a ton of restrictions on username [2025-11-29T02:26:54Z] uhhhh... Manual verification? :P [2025-11-29T02:26:54Z] and i require a valid ssh public key for the "password" [2025-11-29T02:27:02Z] most "random user" things do a continuous cleanup [2025-11-29T02:27:24Z] like, every few months nuke the thing, or whatever [2025-11-29T02:27:31Z] or delete old accounts ig [2025-11-29T02:28:25Z] at the same time, if someone *does* do that why does it matter [2025-11-29T02:28:30Z] its just a bunch of directories in /home/ and a bunch of entries in passwd [2025-11-29T02:28:42Z] dunno feels abusable still [2025-11-29T02:28:56Z] this entire thing is abusable [2025-11-29T02:29:02Z] I see [2025-11-29T02:29:02Z] not to put off your concern [2025-11-29T02:29:11Z] i have no idea how to fix most of these issues its just a random ass idea i had a while aog [2025-11-29T02:29:13Z] ago* [2025-11-29T02:30:37Z] yeaa fair [2025-11-29T02:30:40Z] you'll figure it out [2025-11-29T02:30:42Z] those are the best ideas [2025-11-29T02:30:48Z] or i won't and i'll never actually put this online :P [2025-11-29T02:30:57Z] wait how is it public then [2025-11-29T02:31:01Z] the daemon idea is a good idea though [2025-11-29T02:31:09Z] I wanted to generate 2000000 accounts :cry: [2025-11-29T02:31:30Z] jk xD [2025-11-29T02:31:37Z] unless...? [2025-11-29T02:31:44Z] i could fail2ban i guess [2025-11-29T02:31:44Z] no fr too lazy lol [2025-11-29T02:31:51Z] yea ip based stuff would help defo [2025-11-29T02:32:01Z] time to silicon valley my way out of this with smart fridges [2025-11-29T02:32:14Z] >finds vuln in smart fridge [2025-11-29T02:32:23Z] oh wait right [2025-11-29T02:32:25Z] >uses it to piggyback off of their network to spam create accounts on my ssh gaming server [2025-11-29T02:32:26Z] dunno if you've seen the series [2025-11-29T02:32:46Z] there's this old series about silicon valley, it's a sitcom and the greatest parody ever [2025-11-29T02:33:02Z] aged pretty well until AI, then reality surpassed it, in terms of nosense and irony [2025-11-29T02:33:13Z] but still gold, if not somehow a tad nostalgic [2025-11-29T02:33:26Z] I miss the old bullshit [2025-11-29T02:36:45Z] also yes, that's the most logical conclusion [2025-11-29T02:36:53Z] what else would you use a smart fridge vuln for [2025-11-29T02:44:59Z] idk if theres a good solution for the "haha create infinity users" abuse [2025-11-29T02:45:31Z] I think that this is a problem old as time [2025-11-29T02:48:52Z] probably [2025-11-29T02:48:57Z] manual verification might be the only option honestly [2025-11-29T02:49:04Z] which means a root daemon is pointless if im gonna verify manually anyway [2025-11-29T02:49:14Z] which also means this isnt as hands off as i wanted it to be [2025-11-29T02:49:55Z] dunno do you really need multiple accounts? [2025-11-29T02:50:08Z] I guess you could make a real simple locked out account with a few binaries available [2025-11-29T02:50:10Z] for some of what i intend on doing yes [2025-11-29T02:50:20Z] like user leaderboards [2025-11-29T02:50:22Z] and 1v1s on tetris [2025-11-29T02:50:23Z] and etc [2025-11-29T02:50:25Z] well [2025-11-29T02:50:27Z] "insert your name" [2025-11-29T02:50:31Z] uhuh [2025-11-29T02:50:31Z] bam [2025-11-29T02:50:38Z] arcade style [2025-11-29T02:50:41Z] they knew better [2025-11-29T02:50:50Z] i mean i'm already manual verifying on my mastodon instance [2025-11-29T02:51:00Z] ill have to write a really good tool to do that [2025-11-29T02:51:05Z] so its not agonizing [2025-11-29T02:51:10Z] oh [2025-11-29T02:51:11Z] well up to you [2025-11-29T02:53:25Z] it could be as simple as something like [2025-11-29T02:53:39Z] once the setup has completed, it creates a file called that persons username and inside of it is their public key [2025-11-29T02:56:00Z] mhhh [2025-11-29T02:56:08Z] I have a feeling that this can be automated with some obscure OpenSSH thing [2025-11-29T02:56:20Z] at least partially [2025-11-29T02:56:38Z] like every time you try to login with a specific key it automatically infers your name or something [2025-11-29T02:56:46Z] really taking a guess though [2025-11-29T02:56:59Z] never had the will to study the crapload of settings that OpenSSH has [2025-11-29T02:58:26Z] i bet midfavila would know [2025-11-29T02:58:29Z] given they use SDF [2025-11-29T02:58:42Z] oh goate I summon goathee [2025-11-29T03:05:43Z] welp [2025-11-29T03:05:47Z] nap time [2025-11-29T03:05:55Z] it's hella late, gotta wake up in 4 ours :skull: [2025-11-29T03:06:02Z] *hours [2025-11-29T03:06:29Z] night night :3 [2025-11-29T03:06:30Z] go bed [2025-11-29T03:06:31Z] gn [2025-11-29T05:48:39Z] kris_: vis seems to just wait an *appropriate* time for a new release, but also finishing certain features and fixing certain bugs. https://github.com/martanne/vis/issues/1115 [2025-11-29T05:49:17Z] he wasnt against creating an issue before those things were done, if users were reluctant to wait, but I think this was somewhat of a sane approach [2025-11-29T05:50:22Z] kris_: re ssh gamingbox: unless you wanna run as root as you mention, you would have to have users give out their prefered username and pup ssh key, like pubnixes do [2025-11-29T05:51:10Z] users can be rather destructive, so giving them even an inch in terms of unneeded permissions, especially root priviliges would be devistating :p [2025-11-29T06:14:44Z] sad_plan: yeah of course [2025-11-29T06:14:51Z] and currently they do give out their username and public ssh key with this [2025-11-29T06:15:07Z] the script checks the username for things it shouldnt have and then runs the commands to create their user [2025-11-29T06:15:11Z] and puts the ssh pubkey in its spot [2025-11-29T06:15:30Z] the only thing that's running as root is the command to create the system user [2025-11-29T06:16:04Z] but i think im going to just do manual approval and therefore have no automatic account creation [2025-11-29T06:16:30Z] they give the username and the pubkey and itll be stored in a file in a directory for me to check like daily and accept/deny [2025-11-29T06:16:45Z] solves the issue of creating spam accounts too [2025-11-29T06:21:51Z] indeed it does [2025-11-29T06:22:01Z] the intention was never to run more than just user creation commands as root but now im wondering if its a good idea to have that be automated given someone could totally just spam account creation, fail2ban would work but obviously its no big deal to just switch IPs [2025-11-29T06:22:15Z] and i don't want to ask for identifying information more than that [2025-11-29T06:22:58Z] theres no need for anything more than that. maybe email to give the users their password [2025-11-29T06:23:19Z] there wont be passwords [2025-11-29T06:23:29Z] they set a username anr provide a pubkey and that's it [2025-11-29T06:24:00Z] i remember tilde.club has a form to fill in, which uses just those 3 thing. although they do have a field about what your interest in tilde.club is, but its mainly to remove bots [2025-11-29T06:24:14Z] anyway ill brainstorm more on this, i have no idea how similar projects handle the issue of spamming [2025-11-29T06:24:41Z] and yeah that's what we do for procursus.social, you have to give us a reason why you're signing up [2025-11-29T06:30:21Z] yeah. you could also have a peek at dimension.sh aswell, which is another pubnix i know of. which seems to be down now for some reason. wierd [2025-11-29T06:31:20Z] theyre also a part of the tildeverse like tilde.clb [2025-11-29T06:31:25Z] s/clb/club/ [2025-11-29T06:34:25Z] wait, what, project segfault is also a part of tildeverse. didnt know that [2025-11-29T09:43:41Z] openbsd is insanely slow... copy between two partitions on an NVME is at most 11MB/s [2025-11-29T10:18:41Z] vis finally getting commits [2025-11-29T10:18:47Z] les gooo