| 9 May 2024 |
 K900 | And the whole thing is still worse than a yubikey | 19:25:20 |
 @joepie91:pixie.town | (and for things that are not garden variety, see all of the above about the Mossad) | 19:25:20 |
| K900 | But at least you're doing it to hardware that you know doesn't physically have wireless | 19:26:06 |
 vzxplnhqr | In reply to @k900:0upti.me
The key thing there is that you're deploying it on a certain physical machine yes, this is true, but the other key thing is that I (and most people in the world outside of probably the handful of people in this channel) am not a hardware expert. So it would be nice to be able to boot up an OS which turns any hardware into "nearly-not-connected" hardware. That is all I am saying. I realize it is not perfect, but it would be better than trying to sandbox on an internet connected machine (imo). | 19:26:17 |
| @joepie91:pixie.town | would it be? | 19:26:52 |
| @joepie91:pixie.town | like, I mean that as a serious question | 19:27:01 |
| @joepie91:pixie.town | what is the specific property that makes it better, and why? | 19:27:08 |
| vzxplnhqr | In reply to @joepie91:pixie.town
like, I mean that as a serious question I guess maybe not? I don't know. I think the issue is that most people are also not experts at sandboxing either :-) | 19:27:59 |
| K900 | And now you're trying to make a Security Product | 19:28:22 |
| @joepie91:pixie.town | if you do not already have an answer to this question then your conclusions are wrong, even if they would nominally be correct | 19:28:26 |
| K900 | Which is usually a bad sign | 19:28:31 |
| @joepie91:pixie.town | to put it bluntly | 19:28:34 |
| vzxplnhqr | maybe this thing I am trying to do should just be described as "physical sandboxing" rather than airgapping? | 19:28:36 |
| K900 | Because most things that make wague, handwaved More Security don't actually make you more security | 19:28:56 |
| @joepie91:pixie.town | like, this sort of thing requires a lot of extremely careful work to get right - getting it wrong can cause harm, it is not a no-op | 19:29:06 |
 raitobezarius | seems like we left system programming discussion per se | 19:29:23 |
| raitobezarius | can i recommend #security-discuss:nixos.org ? | 19:29:28 |
| @joepie91:pixie.town | if you cannot answer exactly why you believe a given thing is better than a given other thing, that is a reliable sign that you have not done the work necessary to tick that box | 19:29:39 |
| vzxplnhqr | In reply to @joepie91:pixie.town
like, this sort of thing requires a lot of extremely careful work to get right - getting it wrong can cause harm, it is not a no-op good point -- and that is precisely why I wanted to get input from smart folks like you guys here. | 19:29:43 |
| @joepie91:pixie.town | right, but this is not something you fix by asking people for recommendations | 19:30:12 |
| @joepie91:pixie.town | when working on security systems for other people, there are exactly two valid options: either a) you do the work of gaining the necessary expertise yourself, or b) you do not do it at all | 19:30:37 |
| @joepie91:pixie.town | it is fine to ask other people for feedback to learn, but do not do that while developing a production system | 19:31:06 |
| vzxplnhqr | In reply to @joepie91:pixie.town
right, but this is not something you fix by asking people for recommendations gotta start somewhere! Sorry if you feel like I wasted your time or anybody else here. That was not my intent. I have just in general been enjoying becoming more "nix-ified" in things, and thought this might be a nice next step. | 19:31:27 |
| @joepie91:pixie.town | learning this stuff and actually applying this stuff need to be strictly separated at all times | 19:31:38 |
| @joepie91:pixie.town | it is not about wasting time; I frequently help people get better at topics like this | 19:31:51 |
| @joepie91:pixie.town | the point is that you need to do it with the correct attitude | 19:31:59 |
| @joepie91:pixie.town | "learning it as I go" is not an acceptable option when other people's safety will depend on you | 19:32:14 |
| @joepie91:pixie.town | so you need to make a choice as to whether you are trying to learn, or trying to build a system for others, but you cannot choose both at once | 19:32:56 |
| vzxplnhqr | In reply to @joepie91:pixie.town
it is fine to ask other people for feedback to learn, but do not do that while developing a production system I'm not sure why you think I am developing product (production or otherwise), it is just a flake I put on github with my feeble attempt at something I thought might be cool. | 19:33:07 |
| @joepie91:pixie.town | because you are describing it like a thing for others to use | 19:34:00 |
