justin

@justin@ser.endipito.us

Maker, apprentice philanthrope, unfinished.

#CTO @ Emerald Broadband, LLC
#vCISO @ https://justinthomas.pro

Research Projects
#Enigmatick
#SofaPub
#Friendowment

Previously at Sila, Fastly, Joyent, and Simple Finance.

#HamRadio @ N2JDT

#FinTech #InfoSec #RustLang #Woodworking #Eurorack #MultiInstrumentalist

This profile is from a federated server and may be incomplete. Browse more on the original instance.

evan, (edited ) to random
@evan@cosocial.ca avatar

I've been working on the command-line API client, ap, for the book I'm writing for O'Reilly Media. It's a Python program that implements commands like ap inbox (read the inbox) and ap reject follower (reject a pending follower).

https://github.com/evanp/ap

Originally, I was testing it live, just running it against onepage.pub. This weekend, I buckled down and wrote real unit tests with unittest.mock. It's been amazing; what a great tool.

justin,

@evan I've been building something in the same vein in Rust for my own testing: https://gitlab.com/justindthomas/sofapub

jerry, to random

Anniversary is tomorrow. Apparently the traditional gift is… linen.

justin,

@jerry Congratulations! Ours is the 8th. Platinum.

justin,

@jerry Little bit. I'm sure some creativity could drive the price of even linen up, though.

justin,

@jerry I guess that's the "modern" version. The traditional 20 year gift is china, but I just ignored that. We aren't china people.

kwf, to random
@kwf@social.afront.org avatar

Honestly, even I'm amazed how effectively hams are late to literally every technological game these days.

This is THIS YEAR's November QST cover.

justin,

@thor @kwf I dunno. Seems like a fad to me.

GossiTheDog, to random
@GossiTheDog@cyberplace.social avatar

deleted_by_author

    •
    justin,

    @GossiTheDog I loved the original (on PC). I'm excited to see the PlayStation monopoly lifted.

    justin, to fediverse

    One of the challenges that I'm working on is empowering people with consumer-class internet access (i.e., dynamic addresses) to run their own Fediverse servers. The Publish/Publisher and websocket components I've added to move in that direction.

    This allows someone with broad connectivity to re-publish connections from users who are more limited.

    This is a big addition and I haven't published it to crates.io yet. But the code is at https://gitlab.com/justindthomas/sofapub.

    video/mp4

    justin,

    @freemo there's a lot that can be done statically: webfinger, collections (followers, following), user profiles, outbox. I can see how that would be useful for folks. Have you written up your methods?

    RichiH, to infosec
    @RichiH@chaos.social avatar

    A friend might has lost their domain name in the Google Workspace disaster.

    Are there still any DNS history sleuthing tools which don't charge you $49 or so per lookup? If I had to pay, what would be the best to pay for?

    CC @tychotithonus for timezone and bubble.

    justin,

    @RichiH @tychotithonus I'm out of the loop on this one. I know Google sold their domain business to Squarespace. Did something happen with the migration (i.e., what's the disaster?) I have at least one customer that has their domain with Google Domains and want to make sure I give them a heads up if there's something they should know (they're already planning to move their domain, but they haven't done it yet).

    justin, to fediverse

    Added the beginning of a terminal UI to . I'm not convinced that I want to spend a lot of time on this; I'm handy with HTML/CSS/Javascript, but terminal layout is a different flavor of pain. I do love having the option to not use a browser, though.

    I'll probably switch to working on a public TLS proxy for local clients (e.g., your-name.enigmtk.net) using Ockam.

    https://gitlab.com/justindthomas/sofapub/-/commit/bcc570a6a4c59f3079c05e06acf62c6877a56ae9

    justin, to fediverse

    Published v0.1.8 with signature verification on inbox posts enabled.

    One might argue that that is more than "minimally functional." But this CISO would tell them, "Donny, you're out of your element!"

    The current function is crude: an Actor object is retrieved every time a post is submitted. I'll write something to cache those responses later.

    The verify (and signing) routines are ported from and upgraded for v0.9.2 of the rsa crate.

    https://gitlab.com/justindthomas/sofapub/-/commit/5e1e19e73ae2ab46e2a96867a648535f4821f148

    MissingThePt, (edited ) to random
    @MissingThePt@mastodon.social avatar

    Redoing an old poll to see if the results still hold.

    Which generation has the strongest argument that they are typically ignored?

    justin,

    @MissingThePt This made me lol.

    justin, to random

    Some notes on the Hitch and configuration I've landed on for Serendipitous and my other services. Thanks to @slink for some pointers!

    https://gitlab.com/-/snippets/3596905

    justin, to random

    I rebuilt my server tonight using an Ansible playbook I'm writing on an updated Debian 12 Triton image. While working on it, I noticed the log was going crazy. I checked the connections (netstat -nat | wc -l) and found there were >4300 open at that moment. This was just someone with a modest follower count boosting one of my posts.

    Before Varnish, this would have taken my system down for 20 minutes or so. I'm curious how far the new service can go. /1

    justin,

    My guess is that ~64000 would be the current limit given that all the connections are forwarded through 127.0.0.1 for the hitch proxy (any more than 65535 would surely cause collisions on that single address). /2

    justin,

    @slink Thank you for the suggestion! I'll try that out.

    justin,

    @slink Is that relevant for Varnish? ulimit -n will show user limits, right? On my system, that's currently 1024, but the /proc/sys/fs/file-max reports 9223372036854775807.

    justin,

    @slink Got it, thanks. I had to adjust /etc/systemd/system.conf (despite all the online resources telling me to adjust /etc/security/limits.conf or /etc/sysctl.conf).

    jerry, to random

    TIL about the blue roof conspiracy. Some people have way too much free time.

    justin,

    @jerry I felt that way when I read about the red shoe conspiracy a few months ago.

    justin, to fediverse

    In about 16 commands, I demonstrate installing , creating a new identity, responding to an external Follow request, sending a new Note ("Status" in Mastodon parlance), and then deleting everything from the remote server.

    Everything in SofaPub is done from the command-line. I describe a couple of steps taken from the Serendipitous web interface to facilitate the interaction.

    Network/DNS configuration (with TLS) is in place prior to this sequence.

    https://gitlab.com/-/snippets/3596125

    justin, to fediverse

    Published version 0.1.5 of which adds Accept and Create templates that can be used like:

    sofapub client accept \  
--id <https://infosec.exchange/4474e616-ecc0-481f-adb5-38a406924114> \  
--actor <https://infosec.exchange/users/jdt> \  
--inbox <https://infosec.exchange/inbox>  

    echo "This is a test, please ignore." | sofapub client note \  
--inbox <https://infosec.exchange/inbox>

    client note can also be used with --content instead of stdin to provide the Note content. Notes are public-only.

    cargo install sofapub

    justin, to fediverse

    Updated to v0.1.4. The only change is a fix to the template copying logic that I broke in v0.1.3.

    I'm using the rust-embed crate to embed the template files in the binary which are then moved to the local filesystem by the setup command to facilitate experimentation. I needed to change the way that I was using that crate for it to be effective.

    cargo install sofapub to update.

    https://gitlab.com/justindthomas/sofapub/-/commit/67c76e5d378a4a4ea6ba3a22ce6df978ee32bd5e

    justin, to random

    Switching from Apache to Varnish has definitely made a big difference in performance for my Serendipitous server. Mastodon is pretty noisy and a simple thing like changing my profile summary (which generates 700+ external connections pretty much instantly) was enough to overwhelm the Apache reverse proxy server. Varnish (using Hitch for TLS) handles it with aplomb.

    justin,

    @selea In the end, the VCL is really simple:

    backend mastodon {  
 .host = "10.10.10.10";  
 .port = "80";  
}

sub vcl_recv {  
 if (req.http.upgrade ~ "(?i)websocket") {  
 return (pipe);  
 }

 if (req.http.host == "ser.endipito.us") {  
 set req.backend_hint = mastodon;  
 }  
}

sub vcl_pipe {  
 if (req.http.upgrade) {  
 set bereq.http.upgrade = req.http.upgrade;  
 set bereq.http.connection = req.http.connection;  
 }  
}
    mttaggart, to random

    Some reminders on this :

    The LinkedIn productivity/hustle culture is a trap that serves the corpos. Working 80 hours a week for someone else is just cheating yourself.

    Companies rely on the naivety of the young to inflate their staff hours. With few other obligations, you feel like that extra work is an opportunity. It is, but not for you. Do your job well and then have a life.

    HR does not protect you; it protects the company, and you know what companies hate? Whistleblowers.

    Equity as a component of a compensation package is almost always a cheat, especially in startups. Get paid in real money, not pinkie promises.

    If the service is free, you're not just the product; you're part of the labor force, because guess who is generating value for whatever the product actually is? So you can and should hit da bricks from services and social media you don't like.

    There is no moral consumption under corporate capitalism, because there is no moral production under corporate capitalism. But that doesn't mean you have to lean into it. It's worth your time and effort to choose goods and services from companies that treat people and the planet well—or at least, not as exploitatively as others . And if you can, choose employers the same way.

    Return-to-office is about power, control, and justifying the sunk cost of office space. If you can, avoid it.

    Add on, and enjoy the day!

    justin,

    @nf3xn @mttaggart Yeah, I generally see equity as a means to compensate for the risk that you might not have a job at all in a year, rather than to cover underpayment.

  • All
  • Subscribed
  • Moderated
  • Favorites
  • megavids
  • mdbf
  • ngwrru68w68
  • tester
  • magazineikmin
  • thenastyranch
  • rosin
  • khanakhh
  • InstantRegret
  • Youngstown
  • slotface
  • Durango
  • kavyap
  • DreamBathrooms
  • JUstTest
  • tacticalgear
  • osvaldo12
  • normalnudes
  • cubers
  • cisconetworking
  • everett
  • GTA5RPClips
  • ethstaker
  • Leos
  • provamag3
  • anitta
  • modclub
  • lostlight
  • All magazines
    •