Notices where this attachment appears
-
Embed this notice
Phantasm (phnt@fluffytail.org)'s status on Monday, 07-Oct-2024 09:12:22 JST 
Phantasm
@pernia @0 @pwm relayd is a bit retarded, that it by default looks for TLS certs/keys with the same IP the relay listens on. Because I wanted to support serving on subdomains with a different cert than the main domain, I would have to use the alternative way of using an IP and appending the port to name of the cert/key. I tried to make it work for 2 hours and failed.
Now for what I meant. There's a config option in relayd, that allows it to search for certs/keys with a name instead of the IP. You just have to use a somewhat non-standard file extension for the fullchain certificate (something.crt instead of something.pem). It specifically has to be the fullchain certificate, otherwise any client won't be able to verify the CA that signed your certificate as it is not included.
To simplify it even more, setup acme-client like the screenshot and then tell relayd to use that name you chose in that config with this option in the protocol declaration. File extension must not be included.
Or alternatively wait a week and I'll commit the updated relayd/httpd config along with the updated docs on how to set it up. I just have to write a redirect for serving media on a subdomain and a forward based on HTTP headers. It's nearly done.
-
Embed this notice
Eleanor Saitta (dymaxion@infosec.exchange)'s status on Saturday, 04-Mar-2023 17:24:27 JST 
Eleanor Saitta
The EU's proposal to force all service providers to automatically search all content that is either stored or transmitted anywhere in Europe, forward all illegal results to the police, and to block access to all non-European illegal content is expected to be presented to parliament in April. It's currently focused on algorithmic identification of unknown CSAM and of any social interactions that could be child grooming — basically, an AI trying to guess if an image might be child porn or a conversation might be trying to lure a child for sex — but it's unlikely that once the capability exists it won't be expanded to other crimes. The proposal would also force all services to age check their users (which means identifying them) and effectively ban anyone under 18 from interacting with the internet. There are no exceptions for end to end encryption and stored data not being shared is included.
To be clear, this proposal is not going to work. You know how bad chatGPT is? This is trying to solve a much harder problem, one humans struggle with, with much less compute power. What it will do is end all private communication in Europe, waste an amazing amount of police time, and leak a spectacular amount of private material to local police, some of whom — looking at you Hungary and Poland — are more than happy to use it to harass queers and trans people. It is fundamentally incompatible with the basic rights the EU is legally bound to uphold. It's also, in case they care, going to be a nightmare for corporate security and intellectual property control and will create a massive barrier to entry for anyone smaller than Google or Facebook running communication services in Europe.
Please call or write your MEP today and tell them to stop #ChatControl and preserve freedom of expression in Europe.
GNU social JP is a social network, courtesy of GNU social JP管理人. It runs on GNU social, version 2.0.2-dev, available under the GNU Affero General Public License.
All GNU social JP content and data are available under the Creative Commons Attribution 3.0 license.