I'd be interested in that. Kind of like an open-source Consumer Reports.
[SOLVED!] That Stack Exchange post was the solution! I had to ask ChatGPT for assistance (e.g., "how do I view the contents of a .crt and a .p12?", "how do I add a CA to a client cert?"), but it worked. Thanks for your help, @Evkob@lemmy.ca.
I don't think I would have ever thought that my client cert didn't contain the CA, especially because when I clicked on the client cert that was installed in GrapheneOS, it showed me a summary that said it did contain a CA! grrrr
(tagging @one_knight_scripting@lemmy.world as he wanted to know the solution)
Wow! That sounds exactly like my issue. I'll try the workaround tomorrow. Thanks, @evkob@lemmy.ca.
Thanks for your research and the suggestion, @Evkob@lemmy.ca.
I wasn't able to make that work, but I don't think it was trying to solve the problem I'm having, anyway. That procedure was to add self signed SSL certificate to Android, but my certificate is neither self-signed nor an SSL cert. At least I think not - I find certs very confusing. The cert I'm trying to work with is an mTLS cert, a client cert. It's not used to establish a secure SSL connections, it's used to verify that I (the person with the cert) and authorized to use the app.
Additionally, I'm able to successfully install the cert into Android, but the problem is that it seems to be ignored. The mTLS cert is installed in GrapheneOS's "VPN & App User Certificate" section, and my CA cert is installed in the "CA Certificate" section. Vanadium, Fennec, and Mull browsers just aren't using them. :(
Thanks for the reply, @Evkob@lemmy.ca.
I tried to install my client cert in "CA Certificate" but the certificate manager app in GrapheneOS said that it was the wrong kind of cert to be used in "CA Certificate". It is, after all, a client cert, not a CA cert.
:(
I host a website that uses mTLS for authentication. I created a client cert and installed it in Firefox on Linux, and when I visit the site for the first time, Firefox asks me to choose my cert and then I'm able to visit the site (and every subsequent visit to the site is successful without having to select the cert each time). This is all good.
But when I install that client cert into GrapheneOS (settings -> encryption & credentials -> install a certificate -> vpn & app user certificate), no browser app seems to recognize that it exists at all. Visiting the website from Vanadium, Fennec, or Mull browsers all return "ERR_BAD_SSL_CLIENT_AUTH_CERT" errors.
Does anyone have experience successfully using an mTLS cert in GrapheneOS?
Thanks for all those explainations, everyone. Some of it was over my head, by I got the gist. 🙂
If we consider information to be safe if we encrypt it (e.g., text in a file, encrypted with modern strong encryption), would it be safer (as in harder to crack) if we then encrypted the encrypted file, and encrypted the encrypted^2 file, etc.? Is this what strong encryption already does behind the scenes?
I just installed this a couple days ago and already used it twice. It's super easy and convenient.
All of these replies made me feel a little bit better, but yours especially resonated with me. Thanks.
I got a new printer. Auto-discovered, added, and prints fine from Windows in 2 minutes. Auto discovered, added, and prints fine from OSX in 30 seconds. Auto-discovered and added on Linux, but trying to print results in "printer is unreachable at this time" - even after 50 re-installs, different configs, different drivers, different protocols.
I recognized that some computers were on different subnets, but couldn't figure out a pattern. It turns out that the printer has a setting called "Restricted Server List" and the default setting is null. Here's its description in the admin interface: "Comma-delimited list of IP addresses that are allowed to make TCP connections. Example: 157.184.0.0/24. where 0 is a wildcard and /24 is the network prefix."
It also has a setting called "Restricted Server List Options", set to block all ports by default. Here's its description: "By default, addresses not in the restricted server list will have all access blocked. When Block Printing Only is selected, addresses not in the restricted sever list will be blocked from printing only. When Block Printing and HTTP Only is selected, addresses not in the restricted server list will be blocked from printing and HTTP. "
Admin interface doesn't say this anywhere, but the default setting of no restricted servers apparently allows access from other networks, but not from the same network as the printer. I set the restricted servers to "192.168.132.0/24" and then I could access the printer admin web page and print to the printer from my Linux box, but not from any of the computers that were working before. So I set it to "192.168.0.0/16" and every computer on all subnets in my house can print and access the printer admin.
The default setting of no restricted servers was extremely non-intuitive in that it actually only restricted servers on the same subnet. And there was no such documentation.
What a crappy waste of 7 frickin' hours!
Can you try killall ssh on the client, and then try to ssh into the rpi again?
Social media is not the place to request or trust legal advice. What I'm requesting here is people's experiences.
I'm creating a Durable Power of Attorney, and I can choose whether to grant my Agent the power to deal with my taxes. My question is: does granting the Agent this power also make them responsible for my taxes? E.g., if I owed the IRS $100,000, would my Agent suddenly be responsible for paying the IRS $100,000 if I didn't have enough funds? Or if they made a decision that got me in trouble, would they be in trouble?
I don't expect legal advice, but I'd like to ask you not to share your opinion. I'm looking for something in between: anecdotes of your experiences.
Thanks for sharing!
FYI, here's the phrasing I'm currently planning to use, though this isn't set in stone: >In regards to taxes, the Principal authorizes the Agent to: > >Prepare, sign, and file federal, state, local, and foreign income, gift, payroll, property, Federal Insurance Contributions Act, and other tax returns, claims for refunds, requests for extension of time, petitions regarding tax matters, and any other tax-related documents, including receipts, offers, waivers, consents, including consents and agreements under Internal Revenue Code Section 2032A, 26 U.S.C. Section 2032A, as amended, closing agreements, and any power of attorney required by the Internal Revenue Service or other taxing authority with respect to a tax year upon which the statute of limitations has not run and the following 25 tax years; > >Pay taxes due, collect refunds, post bonds, receive confidential information, and contest deficiencies determined by the Internal Revenue Service or other taxing authority; > >Exercise any election available to the Principal under federal, state, local, or foreign tax law; and > >Act for the Principal in all tax matters for all periods before the Internal Revenue Service, or other taxing authority.
FYI, there's also https://github.com/walkxcode/dashboard-icons ?
Its not an "icon font", but it's a good source of icons.
Is this a good use case for peertube? Spin up an instance or join an instance, and upload the video there?
Thanks for the help and suggestions!
It turns out that my template Debian VM doesn't have a DE in it, and that's why I couldn't forward the GUI from the VM to my local machine: there was not GUI. I installed XFCE on the VM and now I can run XPipe on the VM from my local computer, without XPipe being installed on my local computer: ssh -X user@vm_ip_address xpipe open
I look forward to playing with XPipe - it looks cool and very helpful!
I host a bunch of containers on a few servers, but I don't do any of it from my local computer. I have a VM (Debian) that I ssh into and do everything from there. Shouldn't XPipe work the same on that VM as it would on my local computer? I wouldn't think XPipe would care (or know) if it was running on a VM, as long as that VM has a shell it can integrate with.
But I suppose even if that's true and XPipe works fine in the VM, there is still the issue of displaying the GUI on my local computer.
This seems really cool and might be very helpful to me, but I don't want to install it on my computer. I don't see a docker image for it, though it seems like it would be easy to create one; but this is a GUI app, so how would I run it in a container somewhere and use it via the GUI on my local computer? Or if I install it in its own VM (I use Proxmox), I'd have to use a remote desktop app like vlc or something, right?
I'm a noob at this so there's tons I just don't know.
Bitwarden does have address fields, and it also had custom fields so you can define any field you want (SSN, etc).
It may not be a good thing to store such info there, but my question is about what happens when you do store that info.
Also, it's possible to have a login/password for a site but not give them your address, etc.
I understand that if you have Bitwarden (or any password manager or browser) configured to autofill your password when it encounters a "password" field on a web form, an easy exploit is for the web form to have hidden form fields (e.g., address, phone, email, ssn) and your autofill app will fill in your info into those fields, even though you only wanted it to autofill the login.
But when you have autofill turned off and you click in a form's "login" field and select a login from Bitwrden's contextual menu, Bitwarden automatically also fills in the "Password" field. Does this mean that the exploit exists even if autofill is turned off, as long as you're using any form of an "auto-fill" function?
Same here. I get slightly frustrated by seeing the same post on multiple instances, but I understand why people do it.
When I want to interact with a post, I start with the one that has more responses, and maybe never even get to the others.
This is really fascinating. I'm on this journey, too, and do a lot that's similar, but I've not heard of some of what you do/use and some of it sounds beyond my capabilities.
Well, I wasn't able to figure this out and was just living with duplicate audio coming from the echo and the media player mostly simultaneously. But today I upgraded ESPHome from 2024.6.6 to 2024.7.0 and the problem is gone. Sheesh! :)
Thanks to Smart Home Junkie's video (invidious link), I had my Atom Echos as voice recognition boxes with all audio output redirected to a media player of my choice (because the audio on the Echo is super quiet).
Whenever ESPHome updated, I updated my Echos to get the recent ESPHome updates, and then reinstalled the custom yaml for audio redirection.
However, with ESPHome's recent 2024.6.4 update, trying to install the yaml triggers errors that don't seem to make sense. For example, here's a section of the yaml: ``` microphone:
- platform: i2s_audio id: echo_microphone_kitchen i2s_din_pin: GPIO23 adc_type: external pdm: true
speaker:
- platform: i2s_audio id: echo_speaker_kitchen i2s_dout_pin: GPIO21 dac_type: external mode: mono
voice_assistant: id: va microphone: echo_microphone_kitchen speaker: echo_speaker_kitchen noise_suppression_level: 2 auto_gain: 31dBFS volume_multiplier: 2.0 vad_threshold: 3 on_listening: - light.turn_on: id: led blue: 100% red: 0% green: 0% effect: "Slow Pulse" on_stt_vad_end: - light.turn_on: id: led blue: 100% red: 0% green: 0% effect: "Fast Pulse" on_tts_start: - light.turn_on: id: led blue: 100% red: 0% green: 0% brightness: 100% effect: none on_tts_end: - homeassistant.service: service: media_player.play_media data: entity_id: media_player.${media_player} media_content_id: !lambda 'return x;' media_content_type: music announce: "false" on_end: - delay: 100ms - wait_until: not: speaker.is_playing: - script.execute: reset_led on_error: - light.turn_on: id: led red: 100% green: 0% blue: 0% brightness: 100% effect: none - delay: 1s - script.execute: reset_led on_client_connected: - if: condition: switch.is_on: use_wake_word then: - voice_assistant.start_continuous: - script.execute: reset_led on_client_disconnected: - if: condition: switch.is_on: use_wake_word then: - voice_assistant.stop: - light.turn_off: led
external_components:
- source: github://pr#5230
components:
- esp_adf refresh: 0s
esp_adf: ```
On lines 3 and 10 I define unique IDs for the device's microphone and speaker.
But ESPHome won't compile, telling me:
- on line 46: Too many candidates found for 'id' type 'speaker::Speaker' Some are 'echo_speaker', 'echo_speaker_kitchen'.
- on line 57: Too many candidates found for 'id' type 'speaker::Speaker' Some are 'echo_speaker', 'echo_speaker_kitchen'.
- on line 77: Too many candidates found for 'id' type 'microphone::Microphone' Some are 'echo_microphone', 'echo_microphone_kitchen'.
- on line 90: Too many candidates found for 'id' type 'speaker::Speaker' Some are 'echo_speaker', 'echo_speaker_kitchen'.
There are no other occurrences of the word "speaker" or "microphone" in the conf yaml (and I'm not including other yaml files).
I'm assuming most of this config is default, and the only things I care about are forcing pin 21 for the speaker (line 11) and redirecting audio to my media player (lines 45-52).