ladas552.me
My Blog, build with Norgolith
blog.ladas552.me
blog
new hasty lazy useless blog post
assets/desktop/screenshot.jpg
assets/desktop/screenshot.jpg
This is a binary file and will not be displayed.
+100
content/posts/My_secure_setup.norg
+100
content/posts/My_secure_setup.norg
···
1
+
@document.meta
2
+
title: My "Secure" Setup
3
+
description: Horrible practices or Guide to exploiting my OS if you ever want to
4
+
authors: [
5
+
ladas552
6
+
]
7
+
categories: [
8
+
Linux
9
+
]
10
+
created: 2025-11-10
11
+
layout: post
12
+
version: 1.1.1
13
+
@end
14
+
15
+
* My Secure Setup, or How to Give a CS Prof a Heart Attack
16
+
** Gobble Gobble
17
+
___
18
+
Writing Guide posts and hardware reviews is taking a ton of mental energy and time, so I am writing this lighthearted post while I am in the mood.
19
+
20
+
Below will be listed my horrible security trou obscurity practices that give people chills whenever I mention them. If you want, you can hack me or something with this knowledge, *idc*.
21
+
22
+
** My declarative systems
23
+
___
24
+
*** Config
25
+
___
26
+
It runs NixOS, so my only layer of attack surface are only nixpkgs and whatever modules I import into the {https://github.com/Ladas552/Flake-Ocean}[NixOS config].
27
+
28
+
Pretty cool, if you don't consider my secrets are out in the public. Well not *100%* open, they are encrypted, but it's just a matter of time for some quantum computer to get my passwords to my selfhosted accounts.
29
+
30
+
Most of my services are running trou a VPN, but the url, that services run trou is public. So theoretically if you get access to my VPN, auth code for it is also in the config, you can just steal all my cat pictures!
31
+
32
+
But that doesn't sound too bad tbh, if considering Tailnet has an option to accept connections manually, even if auth key is present.
33
+
34
+
*But further we go, worse it gets.*
35
+
*** ZFS
36
+
___
37
+
ZFS is robust file system that I use via NixOS options with minimal maintenance. With It I can be assured to never loose data unless my SSD literally gets snapped in half.
38
+
39
+
It also allows for native filesystem *encryption* on password and key levels. Which I don't use because I find it inconvenient and not really beneficial in my case.
40
+
41
+
Hear me out, I live in a fucking steppe, so far, I only encountered 4 Linux Users from my country, or like 7 people who can some what operate a Linux system. If you find a person, who can snatch my drive, from a laptop, connect it to their PC, realize that it's ZFS file system and they need special kernel module that isn't in default kernel to read from my drive, then fucking go out of their way, to compile a custom Linux kernel with zfs module, just to read my University essays or some crap. I will get them a medal, and my CVV for the debit card right away. They deserve it for the effort.
42
+
43
+
And in my opinion, every encryption would fail a wrench test
44
+
+html.alt Actual actual reality: nobody cares about his secrets. (Also, I would be hard-pressed to find that wrench for $5.)
45
+
+html.class center
46
+
.image https://imgs.xkcd.com/comics/security.png
47
+
48
+
But you get my point. Yes, encryption would make my life *more secure*, but in my circumstances, ZFS encryption would just make me enter an additional password every boot, so that's be annoying. Not like I enter my password on boot anyways...
49
+
*** Lockscreen
50
+
___
51
+
I use *autologin on my laptop*. Yes, the same Laptop I take to Uni. The same that contains all my ssh keys, Keepass database, all my social media logged in and so on. It auto boots using greetD into a niri session, *no password* required, full access etc. etc.
52
+
@code md
53
+
> Why?
54
+
> I'm just lazy yk
55
+
> No, like, why are you admitting to doing crimes against humanity?
56
+
@end
57
+
58
+
One of the more controversial decisions I make every passing day of my life. Yes, any person who presses a power button can use my accounts, play games, and even `rm -rf ~/*` if they want to.
59
+
60
+
But the difference between me and any other person in my country is that, I know how to use keybinds, and only I know them. Yes, you a probably Linux Junky knows all the common keybinds for opening a terminal, in my case it's `Super+T`. But remember, there are no (host & single) Linux Junkies in my area.
61
+
62
+
So they end up with just a wallpaper and a mouse cursor. No, I don't have a bar, or any frontend autostarted apps. It just looks like this when I boot up:
63
+
64
+
+html.alt my desktop, which is just a wallpaper without any bars or windows. It's an art of a big cloud view on a green field with some sunflowers
65
+
+html.class center
66
+
.image ../../assets/desktop/screenshot.jpg
67
+
68
+
{https://wallhaven.cc/w/rr2yow}[Here's a link for wallpaper]
69
+
*** SSH keys
70
+
___
71
+
But thous are all in person problems, if I don't have anyone near me, then I am safe, right? Well let me tell you how I use ssh keys for remote connections and committing to git.
72
+
73
+
I only got 1 private ssh keys, yet I own like 5 machines I can commit from, how is that? Because *Idk* how ssh keys work, or *gpg* for that matter. Even sops are just decrypted with the same private key. So basically if you get your hands on it, my whole digital life is over.
74
+
75
+
So don't do that, pretty please *:D*
76
+
** Android and cloud
77
+
___
78
+
Now to the worst part of all, system outside of my totalitarian control of the iron fist. My phone and some cloud solutions I use. Where the real horror begins!
79
+
80
+
Just to clarify, I am not so upset about privacy of things, if I was, You wouldn't be reading all this. But I gotta acknowledge this from security stand point in that you can't trust software, it's inherently can't be trusted. Yes, you can make it more secure, but it will always have flaws anyways if it's something outside of your direct control.
81
+
82
+
Anyways, let's continue with our *Circus of Horrors*.
83
+
*** I don't trust google
84
+
___
85
+
As I said before, I have my ssh key all over tha place, and I also have keepass database for password manager. So I sync them with my phone, and they are directly stored on my Android too.
86
+
87
+
It's Android 13, Chinese phone with google tools as system apps, you know how it goes. So all my resources could be compromised by just google leaking the google drive that they back up my files with, or by just taking my phone as remote access hostage.
88
+
89
+
Not to mention my tailnet account is also connected to google and my phone, so all my self hosted services are already compromised that way.
90
+
*** I don't trust telegram
91
+
___
92
+
I also have my keys and some goverment documents on telegram. Yes the "e2e" chat platform with scammers and such that you need a government phone number to get an account.
93
+
94
+
Yes, the same platform that leaks data, sells owned accounts and so on. Why? It's convenient. I can just send a file to myself and forget about it, it will be there for as long as they don't start to delete my older messages. Not to mention easily shareable to other people.
95
+
** What a Shitfest
96
+
___
97
+
I know, right? Crazy to think about. And to think that most people are doing a lot worse lol. Using proprietary outdated software. No password managers and not having 2FA. *Nightmare!*
98
+
99
+
Well, for you, a Cyber Security savvy person, Yes, absolutely. For me, I just don't care this much, and most people care even less. It's bad. Hopefully more people will understand that security matters. And some day I will get that too. But for now I can only say:
100
+
> I have sinned in the past, and I will sin again. Don't repeat after me. Or we will end up in the same kettle.
+1
-1
public/assets/css/style.css
+1
-1
public/assets/css/style.css
···
1
-
@import "code-blocks.css";@import "font.css";@import "footer.css";@import "nav-bar.css";@import "toc.css";html{scroll-behavior:smooth}@media (prefers-color-scheme:dark){body{color:#c9d1d9;background:#0d1117}}h1{color:#f5a97f;text-align:center;font-size:1.4641rem}h2{color:#7dc4e4;font-size:1.331rem}h3{color:#f5a97f;font-size:1.1rem}h4{color:#a6da95;font-size:1rem}h5{color:#7dc4e4;font-size:1rem}h6{color:#7dc4e4;font-size:.909091rem}h2:before{content:"◉ "}h3:before{content:"◎ "}h4:before{content:"○ "}h5:before{content:"✺ "}h6:before{content:"▶ "}h7:before{content:"⤷ "}.body{color:#fff;background-color:#24273a;padding-bottom:1em;font-family:JetBrains Mono,ui-sans-serif,system-ui,-apple-system,BlinkMacSystemFont,Segoe UI,Roboto,Helvetica Neue,Arial,Noto Sans,sans-serif,Apple Color Emoji,Segoe UI Emoji,Segoe UI Symbol,Noto Color Emoji;position:relative}.content{box-sizing:border-box;width:auto;max-width:650px;height:100%;line-height:auto;text-align:auto;text-justify:inter-word;flex-direction:column;margin:40px auto;padding:0;display:flex;position:relative}.content a:link{color:#b4befe;text-decoration:none}.content a:visited{color:#7e7eff}.content a:hover{color:#f38ba8}.content a:active{color:#202030}.content b,strong{color:#ee99a0}.flex-container{flex-flow:wrap;grid-auto-flow:column;place-content:space-evenly;gap:2em;width:auto;margin:0 auto;display:flex}.flex-box{background-color:#1e2030;border:2px solid #8aadf4;border-radius:20px;width:40%;height:auto;padding:0 1em 1em;transition:box-shadow .4s ease-in-out,bottom .6s ease-in-out;display:block;position:relative;bottom:0;box-shadow:0 0 .2em #8aadf4}.flex-box:hover{transition:box-shadow .6s ease-in-out,bottom .6s ease-in-out;bottom:5px;box-shadow:0 0 1.3em #8aadf4}.flex-box p{color:#b7bdf8;font-size:12px}.flex-box h3:before{content:" "}.center{width:auto;margin-left:auto;margin-right:auto;display:block}.pokemon{text-align:center;flex-direction:row;align-content:space-evenly;width:auto;margin-left:auto;margin-right:auto;padding-bottom:2em;padding-left:5em}*{scrollbar-width:thin;scrollbar-color:#64687e #1e1e2e}
1
+
@import "code-blocks.css";@import "font.css";@import "footer.css";@import "nav-bar.css";@import "toc.css";html{scroll-behavior:smooth}@media (prefers-color-scheme:dark){body{color:#c9d1d9;background:#0d1117}}h1{color:#f5a97f;text-align:center;font-size:1.4641rem}h2{color:#7dc4e4;font-size:1.331rem}h3{color:#f5a97f;font-size:1.1rem}h4{color:#a6da95;font-size:1rem}h5{color:#7dc4e4;font-size:1rem}h6{color:#7dc4e4;font-size:.909091rem}h2:before{content:"◉ "}h3:before{content:"◎ "}h4:before{content:"○ "}h5:before{content:"✺ "}h6:before{content:"▶ "}h7:before{content:"⤷ "}.body{color:#fff;background-color:#24273a;padding-bottom:1em;font-family:JetBrains Mono,ui-sans-serif,system-ui,-apple-system,BlinkMacSystemFont,Segoe UI,Roboto,Helvetica Neue,Arial,Noto Sans,sans-serif,Apple Color Emoji,Segoe UI Emoji,Segoe UI Symbol,Noto Color Emoji;position:relative}.content{box-sizing:border-box;width:auto;max-width:750px;height:100%;text-align:auto;text-justify:inter-word;flex-direction:column;margin:40px auto;padding:0;line-height:1.5em;display:flex;position:relative}.content a:link{color:#b4befe;text-decoration:none}.content a:visited{color:#7e7eff}.content a:hover{color:#f38ba8}.content a:active{color:#202030}.content b,strong{color:#ee99a0}.flex-container{flex-flow:wrap;grid-auto-flow:column;place-content:space-evenly;gap:2em;width:auto;margin:0 auto;display:flex}.flex-box{background-color:#1e2030;border:2px solid #8aadf4;border-radius:20px;width:40%;height:auto;padding:0 1em 1em;transition:box-shadow .4s ease-in-out,bottom .6s ease-in-out;display:block;position:relative;bottom:0;box-shadow:0 0 .2em #8aadf4}.flex-box:hover{transition:box-shadow .6s ease-in-out,bottom .6s ease-in-out;bottom:5px;box-shadow:0 0 1.3em #8aadf4}.flex-box p{color:#b7bdf8;font-size:12px}.flex-box h3:before{content:" "}.center{width:auto;margin-left:auto;margin-right:auto;display:block}.pokemon{text-align:center;flex-direction:row;align-content:space-evenly;width:auto;margin-left:auto;margin-right:auto;padding-bottom:2em;padding-left:5em}*{scrollbar-width:thin;scrollbar-color:#64687e #1e1e2e}
public/assets/desktop/screenshot.jpg
public/assets/desktop/screenshot.jpg
This is a binary file and will not be displayed.
+17
public/categories/index.html
+17
public/categories/index.html
···
53
53
54
54
55
55
56
+
57
+
56
58
<li>
57
59
<a href="https://ladas552.me/categories/games">games</a>
58
60
<span>(2 posts)</span>
59
61
</li>
62
+
63
+
64
+
65
+
66
+
67
+
68
+
69
+
70
+
71
+
<li>
72
+
<a href="https://ladas552.me/categories/linux">linux</a>
73
+
<span>(0 posts)</span>
74
+
</li>
75
+
76
+
60
77
61
78
62
79
+56
public/categories/linux/index.html
+56
public/categories/linux/index.html
···
1
+
<!DOCTYPE html>
2
+
<html lang="en-us">
3
+
<head>
4
+
5
+
<meta charset="UTF-8" />
6
+
7
+
8
+
9
+
<meta name="viewport" content="width=device-width, initial-scale=1.0" />
10
+
11
+
<!-- <link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/prism-themes/1.9.0/prism-one-dark.min.css" /> -->
12
+
<link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/prism-themes/1.9.0/prism-night-owl.min.css" />
13
+
<script src="https://cdnjs.cloudflare.com/ajax/libs/prism/1.29.0/prism.min.js"></script>
14
+
<script src="https://cdnjs.cloudflare.com/ajax/libs/prism/1.29.0/plugins/autoloader/prism-autoloader.min.js"></script>
15
+
<script src="https://cdnjs.cloudflare.com/ajax/libs/prism/1.29.0/plugins/line-numbers/prism-line-numbers.min.js"></script>
16
+
17
+
18
+
<script src="https://ladas552.me/assets/js/apple_roll.js"></script>
19
+
<script src="https://ladas552.me/assets/js/scroll.js"></script>
20
+
21
+
<link rel="stylesheet" href="/assets/css/style.css" />
22
+
<!-- <link rel="stylesheet" href="https://www.nerdfonts.com/assets/css/webfont.css"> -->
23
+
<link rel="icon" href="/assets/images/nix-snowflake-rainbow.svg" />
24
+
<meta property="og:image" content="/assets/images/nix.png"/>
25
+
<title>Category: linux - Rattman</title>
26
+
27
+
</head>
28
+
<body class="body">
29
+
30
+
<header>
31
+
<nav class="navigation">
32
+
<ul>
33
+
<li><a href="https://ladas552.me">Index</a></li>
34
+
<li><a href="https://ladas552.me/meta/about">About</a></li>
35
+
<li><a href="https://ladas552.me/meta/credits">Credits</a></li>
36
+
<li><a href="https://ladas552.me/rss.xml"><i class="nf nf-md-rss_box"></i></a></li>
37
+
</ul>
38
+
</nav>
39
+
40
+
</header>
41
+
42
+
<main>
43
+
<div id="content" class="content">
44
+
<div>
45
+
<h1>Posts in linux</h1>
46
+
<p><i>All the posts with the category "linux"</i></p>
47
+
<hr />
48
+
<ul>
49
+
50
+
</ul>
51
+
</div>
52
+
</div>
53
+
</main>
54
+
55
+
</body>
56
+
</html>
+1
-1
public/index.html
+1
-1
public/index.html
···
1
-
<!doctypehtml><html lang=en-us><meta charset=UTF-8><meta content="Hub of the Blog"name=description><meta content=ladas552 name=author><meta content=!Hub name=keywords><meta content=width=device-width,initial-scale=1.0 name=viewport><link href=https://cdnjs.cloudflare.com/ajax/libs/prism-themes/1.9.0/prism-night-owl.min.css rel=stylesheet><script src=https://cdnjs.cloudflare.com/ajax/libs/prism/1.29.0/prism.min.js></script><script src=https://cdnjs.cloudflare.com/ajax/libs/prism/1.29.0/plugins/autoloader/prism-autoloader.min.js></script><script src=https://cdnjs.cloudflare.com/ajax/libs/prism/1.29.0/plugins/line-numbers/prism-line-numbers.min.js></script><script src=https://ladas552.me/assets/js/apple_roll.js></script><script src=https://ladas552.me/assets/js/scroll.js></script><link href=https://ladas552.me/assets/css/style.css rel=stylesheet><link href=https://ladas552.me/assets/images/nix-snowflake-rainbow.svg rel=icon><meta content=/assets/images/nix.png property=og:image><title>Hello - Rattman</title><body class=body><header><nav class=navigation><ul><li><a href=https://ladas552.me>Index</a><li><a href=https://ladas552.me/meta/about>About</a><li><a href=https://ladas552.me/meta/credits>Credits</a><li><a href=https://ladas552.me/rss.xml><i class="nf nf-md-rss_box"></i></a></ul></nav></header><main><div class=content id=content><h1 id=HiO!>HiO!</h1><p>This is the <strong>Site/Blog</strong> of <a href=https://ladas552.me/meta/about>Ladas552</a> - have fun browsing it and read some recent posts below!<section><div class=flex-container><div class=flex-box onclick=location.href='https://ladas552.me/posts/we_are_the_souls/'; style=cursor:pointer><h3>We are the souls</h3><div id=description><description> <span>My Dark Souls 3 characters stories</span> <p>Tags: <a href=https://ladas552.me/categories/games>Games</a> <a href=https://ladas552.me/categories/story-time>Story-time</a></p> <p><span>Released: 2025-09-06</span></p> </description></div></div><div class=flex-box onclick=location.href='https://ladas552.me/posts/Osu_On_Linux/'; style=cursor:pointer><h3>Osu on Linux</h3><div id=description><description> <span>My experience running Osu on Linux and some advice</span> <p>Tags: <a href=https://ladas552.me/categories/games>Games</a></p> <p><span>Released: 2025-04-13</span></p> </description></div></div><div class=flex-box onclick=location.href='https://ladas552.me/posts/on_owning_a_cat/'; style=cursor:pointer><h3>On Owning a Cat</h3><div id=description><description> <span>Troublesome blob of feline species</span> <p>Tags: <a href=https://ladas552.me/categories/story-time>Story-time</a></p> <p><span>Released: 2025-02-08</span></p> </description></div></div></div></section></div></main><footer class=footer><div class="segment mode"><a href=https://ladas552.me>NORMAL</a></div><div class="segment branch"><a href=https://github.com/Ladas552/ladas552.github.io><i class="nf nf-md-source_branch"></i> master </a></div><div class="segment filename"><a href=#top><i class="nf nf-dev-norg"></i> Hello.norg</a></div><div class="segment location"id=scroll-percentage></div></footer>
1
+
<!doctypehtml><html lang=en-us><meta charset=UTF-8><meta content="Hub of the Blog"name=description><meta content=ladas552 name=author><meta content=!Hub name=keywords><meta content=width=device-width,initial-scale=1.0 name=viewport><link href=https://cdnjs.cloudflare.com/ajax/libs/prism-themes/1.9.0/prism-night-owl.min.css rel=stylesheet><script src=https://cdnjs.cloudflare.com/ajax/libs/prism/1.29.0/prism.min.js></script><script src=https://cdnjs.cloudflare.com/ajax/libs/prism/1.29.0/plugins/autoloader/prism-autoloader.min.js></script><script src=https://cdnjs.cloudflare.com/ajax/libs/prism/1.29.0/plugins/line-numbers/prism-line-numbers.min.js></script><script src=https://ladas552.me/assets/js/apple_roll.js></script><script src=https://ladas552.me/assets/js/scroll.js></script><link href=https://ladas552.me/assets/css/style.css rel=stylesheet><link href=https://ladas552.me/assets/images/nix-snowflake-rainbow.svg rel=icon><meta content=/assets/images/nix.png property=og:image><title>Hello - Rattman</title><body class=body><header><nav class=navigation><ul><li><a href=https://ladas552.me>Index</a><li><a href=https://ladas552.me/meta/about>About</a><li><a href=https://ladas552.me/meta/credits>Credits</a><li><a href=https://ladas552.me/rss.xml><i class="nf nf-md-rss_box"></i></a></ul></nav></header><main><div class=content id=content><h1 id=HiO!>HiO!</h1><p>This is the <strong>Site/Blog</strong> of <a href=https://ladas552.me/meta/about>Ladas552</a> - have fun browsing it and read some recent posts below!<section><div class=flex-container><div class=flex-box onclick=location.href='https://ladas552.me/posts/we_are_the_souls/'; style=cursor:pointer><h3>We are the souls</h3><div id=description><description> <span>My Dark Souls 3 characters stories</span> <p>Tags: <a href=https://ladas552.me/categories/games>Games</a> <a href=https://ladas552.me/categories/story-time>Story-time</a></p> <p><span>Released: 2025-09-06</span></p> </description></div></div><div class=flex-box onclick=location.href='https://ladas552.me/posts/Osu_On_Linux/'; style=cursor:pointer><h3>Osu on Linux</h3><div id=description><description> <span>My experience running Osu on Linux and some advice</span> <p>Tags: <a href=https://ladas552.me/categories/games>Games</a></p> <p><span>Released: 2025-04-13</span></p> </description></div></div><div class=flex-box onclick=location.href='https://ladas552.me/posts/My_secure_setup/'; style=cursor:pointer><h3>My "Secure" Setup</h3><div id=description><description> <span>Horrible practices or Guide to exploiting my OS if you ever want to</span> <p>Tags: <a href=https://ladas552.me/categories/Linux>Linux</a></p> <p><span>Released: 2025-11-10</span></p> </description></div></div><div class=flex-box onclick=location.href='https://ladas552.me/posts/on_owning_a_cat/'; style=cursor:pointer><h3>On Owning a Cat</h3><div id=description><description> <span>Troublesome blob of feline species</span> <p>Tags: <a href=https://ladas552.me/categories/story-time>Story-time</a></p> <p><span>Released: 2025-02-08</span></p> </description></div></div></div></section></div></main><footer class=footer><div class="segment mode"><a href=https://ladas552.me>NORMAL</a></div><div class="segment branch"><a href=https://github.com/Ladas552/ladas552.github.io><i class="nf nf-md-source_branch"></i> master </a></div><div class="segment filename"><a href=#top><i class="nf nf-dev-norg"></i> Hello.norg</a></div><div class="segment location"id=scroll-percentage></div></footer>
+4
public/posts/My_secure_setup/index.html
+4
public/posts/My_secure_setup/index.html
···
1
+
<!doctypehtml><html lang=en-us><meta charset=UTF-8><meta content="Horrible practices or Guide to exploiting my OS if you ever want to"name=description><meta content=ladas552 name=author><meta content=Linux name=keywords><meta content=width=device-width,initial-scale=1.0 name=viewport><link href=https://cdnjs.cloudflare.com/ajax/libs/prism-themes/1.9.0/prism-night-owl.min.css rel=stylesheet><script src=https://cdnjs.cloudflare.com/ajax/libs/prism/1.29.0/prism.min.js></script><script src=https://cdnjs.cloudflare.com/ajax/libs/prism/1.29.0/plugins/autoloader/prism-autoloader.min.js></script><script src=https://cdnjs.cloudflare.com/ajax/libs/prism/1.29.0/plugins/line-numbers/prism-line-numbers.min.js></script><script src=https://ladas552.me/assets/js/apple_roll.js></script><script src=https://ladas552.me/assets/js/scroll.js></script><link href=https://ladas552.me/assets/css/style.css rel=stylesheet><link href=https://ladas552.me/assets/images/nix-snowflake-rainbow.svg rel=icon><meta content=/assets/images/nix.png property=og:image><title>My "Secure" Setup - Rattman</title><body class=body><header><nav class=navigation><ul><li><a href=https://ladas552.me>Index</a><li><a href=https://ladas552.me/meta/about>About</a><li><a href=https://ladas552.me/meta/credits>Credits</a><li><a href=https://ladas552.me/rss.xml><i class="nf nf-md-rss_box"></i></a></ul></nav></header><main><div class=content id=content><div><input id=toc-toggle type=checkbox><label aria-label="Toggle Table of Contents"class=toc-button for=toc-toggle></label><nav class=toc-panel><div class=toc-content><ul><li><a href=#My-Secure-Setup,-or-How-to-Give-a-CS-Prof-a-Heart-Attack>My Secure Setup, or How to Give a CS Prof a Heart Attack</a><ul><li><a href=#Gobble-Gobble>Gobble Gobble</a><li><a href=#My-declarative-systems>My declarative systems</a><ul><li><a href=#Config>Config</a><li><a href=#ZFS>ZFS</a><li><a href=#Lockscreen>Lockscreen</a><li><a href=#SSH-keys>SSH keys</a></ul><li><a href=#Android-and-cloud>Android and cloud</a><ul><li><a href=#I-don't-trust-google>I don't trust google</a><li><a href=#I-don't-trust-telegram>I don't trust telegram</a></ul><li><a href=#What-a-Shitfest>What a Shitfest</a></ul></ul></div></nav></div><div><h1 id=My-Secure-Setup,-or-How-to-Give-a-CS-Prof-a-Heart-Attack>My Secure Setup, or How to Give a CS Prof a Heart Attack</h1><h2 id=Gobble-Gobble>Gobble Gobble</h2><hr><p>Writing Guide posts and hardware reviews is taking a ton of mental energy and time, so I am writing this lighthearted post while I am in the mood.<p>Below will be listed my horrible security trou obscurity practices that give people chills whenever I mention them. If you want, you can hack me or something with this knowledge, <strong>idc</strong>.<h2 id=My-declarative-systems>My declarative systems</h2><hr><h3 id=Config>Config</h3><hr><p>It runs NixOS, so my only layer of attack surface are only nixpkgs and whatever modules I import into the <a href=https://github.com/Ladas552/Flake-Ocean>NixOS config</a>.<p>Pretty cool, if you don't consider my secrets are out in the public. Well not <strong>100%</strong> open, they are encrypted, but it's just a matter of time for some quantum computer to get my passwords to my selfhosted accounts.<p>Most of my services are running trou a VPN, but the url, that services run trou is public. So theoretically if you get access to my VPN, auth code for it is also in the config, you can just steal all my cat pictures!<p>But that doesn't sound too bad tbh, if considering Tailnet has an option to accept connections manually, even if auth key is present.<p><strong>But further we go, worse it gets.</strong><h3 id=ZFS>ZFS</h3><hr><p>ZFS is robust file system that I use via NixOS options with minimal maintenance. With It I can be assured to never loose data unless my SSD literally gets snapped in half.<p>It also allows for native filesystem <strong>encryption</strong> on password and key levels. Which I don't use because I find it inconvenient and not really beneficial in my case.<p>Hear me out, I live in a fucking steppe, so far, I only encountered 4 Linux Users from my country, or like 7 people who can some what operate a Linux system. If you find a person, who can snatch my drive, from a laptop, connect it to their PC, realize that it's ZFS file system and they need special kernel module that isn't in default kernel to read from my drive, then fucking go out of their way, to compile a custom Linux kernel with zfs module, just to read my University essays or some crap. I will get them a medal, and my CVV for the debit card right away. They deserve it for the effort.<p>And in my opinion, every encryption would fail a wrench test</p><img alt="Actual actual reality: nobody cares about his secrets. (Also, I would be hard-pressed to find that wrench for $5.)"class=center src=https://imgs.xkcd.com/comics/security.png><p>But you get my point. Yes, encryption would make my life <strong>more secure</strong>, but in my circumstances, ZFS encryption would just make me enter an additional password every boot, so that's be annoying. Not like I enter my password on boot anyways...<h3 id=Lockscreen>Lockscreen</h3><hr><p>I use <strong>autologin on my laptop</strong>. Yes, the same Laptop I take to Uni. The same that contains all my ssh keys, Keepass database, all my social media logged in and so on. It auto boots using greetD into a niri session, <strong>no password</strong> required, full access etc. etc.<pre><code class=language-md>> Why?
2
+
> I'm just lazy yk
3
+
> No, like, why are you admitting to doing crimes against humanity?
4
+
</code></pre><p>One of the more controversial decisions I make every passing day of my life. Yes, any person who presses a power button can use my accounts, play games, and even <code>rm -rf ~/*</code> if they want to.<p>But the difference between me and any other person in my country is that, I know how to use keybinds, and only I know them. Yes, you a probably Linux Junky knows all the common keybinds for opening a terminal, in my case it's <code>Super+T</code>. But remember, there are no (host & single) Linux Junkies in my area.<p>So they end up with just a wallpaper and a mouse cursor. No, I don't have a bar, or any frontend autostarted apps. It just looks like this when I boot up:</p><img alt="my desktop, which is just a wallpaper without any bars or windows. It's an art of a big cloud view on a green field with some sunflowers"class=center src=../../assets/desktop/screenshot.jpg><p><a href=https://wallhaven.cc/w/rr2yow>Here's a link for wallpaper</a><h3 id=SSH-keys>SSH keys</h3><hr><p>But thous are all in person problems, if I don't have anyone near me, then I am safe, right? Well let me tell you how I use ssh keys for remote connections and committing to git.<p>I only got 1 private ssh keys, yet I own like 5 machines I can commit from, how is that? Because <strong>Idk</strong> how ssh keys work, or <strong>gpg</strong> for that matter. Even sops are just decrypted with the same private key. So basically if you get your hands on it, my whole digital life is over.<p>So don't do that, pretty please <strong>:D</strong><h2 id=Android-and-cloud>Android and cloud</h2><hr><p>Now to the worst part of all, system outside of my totalitarian control of the iron fist. My phone and some cloud solutions I use. Where the real horror begins!<p>Just to clarify, I am not so upset about privacy of things, if I was, You wouldn't be reading all this. But I gotta acknowledge this from security stand point in that you can't trust software, it's inherently can't be trusted. Yes, you can make it more secure, but it will always have flaws anyways if it's something outside of your direct control.<p>Anyways, let's continue with our <strong>Circus of Horrors</strong>.<h3 id=I-don't-trust-google>I don't trust google</h3><hr><p>As I said before, I have my ssh key all over tha place, and I also have keepass database for password manager. So I sync them with my phone, and they are directly stored on my Android too.<p>It's Android 13, Chinese phone with google tools as system apps, you know how it goes. So all my resources could be compromised by just google leaking the google drive that they back up my files with, or by just taking my phone as remote access hostage.<p>Not to mention my tailnet account is also connected to google and my phone, so all my self hosted services are already compromised that way.<h3 id=I-don't-trust-telegram>I don't trust telegram</h3><hr><p>I also have my keys and some goverment documents on telegram. Yes the "e2e" chat platform with scammers and such that you need a government phone number to get an account.<p>Yes, the same platform that leaks data, sells owned accounts and so on. Why? It's convenient. I can just send a file to myself and forget about it, it will be there for as long as they don't start to delete my older messages. Not to mention easily shareable to other people.<h2 id=What-a-Shitfest>What a Shitfest</h2><hr><p>I know, right? Crazy to think about. And to think that most people are doing a lot worse lol. Using proprietary outdated software. No password managers and not having 2FA. <strong>Nightmare!</strong><p>Well, for you, a Cyber Security savvy person, Yes, absolutely. For me, I just don't care this much, and most people care even less. It's bad. Hopefully more people will understand that security matters. And some day I will get that too. But for now I can only say:<blockquote>I have sinned in the past, and I will sin again. Don't repeat after me. Or we will end up in the same kettle.</blockquote></div></div></main><footer class=footer><div class="segment mode"><a href=https://ladas552.me>NORMAL</a></div><div class="segment branch"><a href=https://github.com/Ladas552/ladas552.github.io><i class="nf nf-md-source_branch"></i> master </a></div><div class="segment filename"><a href=#top><i class="nf nf-dev-norg"></i> My "Secure" Setup.norg</a></div><div class="segment location"id=scroll-percentage></div></footer>
+1
-1
public/posts/index.html
+1
-1
public/posts/index.html
···
1
-
<!doctypehtml><html lang=en-us><meta charset=UTF-8><meta content=ladas552 name=author><meta content=width=device-width,initial-scale=1.0 name=viewport><link href=https://cdnjs.cloudflare.com/ajax/libs/prism-themes/1.9.0/prism-night-owl.min.css rel=stylesheet><script src=https://cdnjs.cloudflare.com/ajax/libs/prism/1.29.0/prism.min.js></script><script src=https://cdnjs.cloudflare.com/ajax/libs/prism/1.29.0/plugins/autoloader/prism-autoloader.min.js></script><script src=https://cdnjs.cloudflare.com/ajax/libs/prism/1.29.0/plugins/line-numbers/prism-line-numbers.min.js></script><script src=https://ladas552.me/assets/js/apple_roll.js></script><script src=https://ladas552.me/assets/js/scroll.js></script><link href=https://ladas552.me/assets/css/style.css rel=stylesheet><link href=https://ladas552.me/assets/images/nix-snowflake-rainbow.svg rel=icon><meta content=/assets/images/nix.png property=og:image><title>Index - Rattman</title><body class=body><header><nav class=navigation><ul><li><a href=https://ladas552.me>Index</a><li><a href=https://ladas552.me/meta/about>About</a><li><a href=https://ladas552.me/meta/credits>Credits</a><li><a href=https://ladas552.me/rss.xml><i class="nf nf-md-rss_box"></i></a></ul></nav></header><main><div class=content id=content><h1 class=text-center>Posts</h1><div class="mt-6 lg:mt-8 break-keep"><div class="bg-surface p-4 mt-4 border-2 border-base-alt rounded-md shadow-lg"><div class="flex flex-col"><h3 class="mt-0! text-text-alt"><a class="no-underline! hover:underline! hover:decoration-dashed"href=https://ladas552.me/posts/we_are_the_souls/>We are the souls</a></h3><time class="text-dark-grey dark:text-grey"datetime=2025-09-06>September 6, 2025</time><span class="text-sm text-grey italic">My Dark Souls 3 characters stories</span></div><div class="flex flex-col"><p>We are the souls Aye, siwmae This post is about role playing and consists of edgy stories that have …</p><a class="no-underline! text-dark-grey font-semibold"href=https://ladas552.me/posts/we_are_the_souls/>Read more …</a></div></div><div class="bg-surface p-4 mt-4 border-2 border-base-alt rounded-md shadow-lg"><div class="flex flex-col"><h3 class="mt-0! text-text-alt"><a class="no-underline! hover:underline! hover:decoration-dashed"href=https://ladas552.me/posts/Osu_On_Linux/>Osu on Linux</a></h3><time class="text-dark-grey dark:text-grey"datetime=2025-04-13>April 13, 2025</time><span class="text-sm text-grey italic">My experience running Osu on Linux and some advice</span></div><div class="flex flex-col"><p>Osu on Linux Hey! I play rhythm games for my own amusement. And mostly bobbing to OSU!, which let's …</p><a class="no-underline! text-dark-grey font-semibold"href=https://ladas552.me/posts/Osu_On_Linux/>Read more …</a></div></div><div class="bg-surface p-4 mt-4 border-2 border-base-alt rounded-md shadow-lg"><div class="flex flex-col"><h3 class="mt-0! text-text-alt"><a class="no-underline! hover:underline! hover:decoration-dashed"href=https://ladas552.me/posts/on_owning_a_cat/>On Owning a Cat</a></h3><time class="text-dark-grey dark:text-grey"datetime=2025-02-08>February 8, 2025</time><span class="text-sm text-grey italic">Troublesome blob of feline species</span></div><div class="flex flex-col"><p>On Owning a Cat HiO! This post is about my cat, how I got to have her, how I live with her and so on…</p><a class="no-underline! text-dark-grey font-semibold"href=https://ladas552.me/posts/on_owning_a_cat/>Read more …</a></div></div></div></div></main><footer class=footer><div class="segment mode"><a href=https://ladas552.me>NORMAL</a></div><div class="segment branch"><a href=https://github.com/Ladas552/ladas552.github.io><i class="nf nf-md-source_branch"></i> master </a></div><div class="segment filename"><a href=#top><i class="nf nf-dev-norg"></i> index.norg</a></div><div class="segment location"id=scroll-percentage></div></footer>
1
+
<!doctypehtml><html lang=en-us><meta charset=UTF-8><meta content=ladas552 name=author><meta content=width=device-width,initial-scale=1.0 name=viewport><link href=https://cdnjs.cloudflare.com/ajax/libs/prism-themes/1.9.0/prism-night-owl.min.css rel=stylesheet><script src=https://cdnjs.cloudflare.com/ajax/libs/prism/1.29.0/prism.min.js></script><script src=https://cdnjs.cloudflare.com/ajax/libs/prism/1.29.0/plugins/autoloader/prism-autoloader.min.js></script><script src=https://cdnjs.cloudflare.com/ajax/libs/prism/1.29.0/plugins/line-numbers/prism-line-numbers.min.js></script><script src=https://ladas552.me/assets/js/apple_roll.js></script><script src=https://ladas552.me/assets/js/scroll.js></script><link href=https://ladas552.me/assets/css/style.css rel=stylesheet><link href=https://ladas552.me/assets/images/nix-snowflake-rainbow.svg rel=icon><meta content=/assets/images/nix.png property=og:image><title>Index - Rattman</title><body class=body><header><nav class=navigation><ul><li><a href=https://ladas552.me>Index</a><li><a href=https://ladas552.me/meta/about>About</a><li><a href=https://ladas552.me/meta/credits>Credits</a><li><a href=https://ladas552.me/rss.xml><i class="nf nf-md-rss_box"></i></a></ul></nav></header><main><div class=content id=content><h1 class=text-center>Posts</h1><div class="mt-6 lg:mt-8 break-keep"><div class="bg-surface p-4 mt-4 border-2 border-base-alt rounded-md shadow-lg"><div class="flex flex-col"><h3 class="mt-0! text-text-alt"><a class="no-underline! hover:underline! hover:decoration-dashed"href=https://ladas552.me/posts/we_are_the_souls/>We are the souls</a></h3><time class="text-dark-grey dark:text-grey"datetime=2025-09-06>September 6, 2025</time><span class="text-sm text-grey italic">My Dark Souls 3 characters stories</span></div><div class="flex flex-col"><p>We are the souls Aye, siwmae This post is about role playing and consists of edgy stories that have …</p><a class="no-underline! text-dark-grey font-semibold"href=https://ladas552.me/posts/we_are_the_souls/>Read more …</a></div></div><div class="bg-surface p-4 mt-4 border-2 border-base-alt rounded-md shadow-lg"><div class="flex flex-col"><h3 class="mt-0! text-text-alt"><a class="no-underline! hover:underline! hover:decoration-dashed"href=https://ladas552.me/posts/Osu_On_Linux/>Osu on Linux</a></h3><time class="text-dark-grey dark:text-grey"datetime=2025-04-13>April 13, 2025</time><span class="text-sm text-grey italic">My experience running Osu on Linux and some advice</span></div><div class="flex flex-col"><p>Osu on Linux Hey! I play rhythm games for my own amusement. And mostly bobbing to OSU!, which let's …</p><a class="no-underline! text-dark-grey font-semibold"href=https://ladas552.me/posts/Osu_On_Linux/>Read more …</a></div></div><div class="bg-surface p-4 mt-4 border-2 border-base-alt rounded-md shadow-lg"><div class="flex flex-col"><h3 class="mt-0! text-text-alt"><a class="no-underline! hover:underline! hover:decoration-dashed"href=https://ladas552.me/posts/My_secure_setup/>My "Secure" Setup</a></h3><time class="text-dark-grey dark:text-grey"datetime=2025-11-10>November 10, 2025</time><span class="text-sm text-grey italic">Horrible practices or Guide to exploiting my OS if you ever want to</span></div><div class="flex flex-col"><p>My Secure Setup, or How to Give a CS Prof a Heart Attack Gobble Gobble Writing Guide posts and hardw…</p><a class="no-underline! text-dark-grey font-semibold"href=https://ladas552.me/posts/My_secure_setup/>Read more …</a></div></div><div class="bg-surface p-4 mt-4 border-2 border-base-alt rounded-md shadow-lg"><div class="flex flex-col"><h3 class="mt-0! text-text-alt"><a class="no-underline! hover:underline! hover:decoration-dashed"href=https://ladas552.me/posts/on_owning_a_cat/>On Owning a Cat</a></h3><time class="text-dark-grey dark:text-grey"datetime=2025-02-08>February 8, 2025</time><span class="text-sm text-grey italic">Troublesome blob of feline species</span></div><div class="flex flex-col"><p>On Owning a Cat HiO! This post is about my cat, how I got to have her, how I live with her and so on…</p><a class="no-underline! text-dark-grey font-semibold"href=https://ladas552.me/posts/on_owning_a_cat/>Read more …</a></div></div></div></div></main><footer class=footer><div class="segment mode"><a href=https://ladas552.me>NORMAL</a></div><div class="segment branch"><a href=https://github.com/Ladas552/ladas552.github.io><i class="nf nf-md-source_branch"></i> master </a></div><div class="segment filename"><a href=#top><i class="nf nf-dev-norg"></i> index.norg</a></div><div class="segment location"id=scroll-percentage></div></footer>
+11
-1
public/rss.xml
+11
-1
public/rss.xml
···
6
6
<description>Latest posts</description>
7
7
<generator>Norgolith</generator>
8
8
<language>en-us</language>
9
-
<lastBuildDate>Sat, 04 Oct 2025 19:24:04 +0000</lastBuildDate>
9
+
<lastBuildDate>Mon, 10 Nov 2025 11:59:48 +0000</lastBuildDate>
10
10
<ttl>60</ttl>
11
11
<atom:link href="https://ladas552.me/rss.xml" rel="self" type="application/rss+xml" />
12
12
···
37
37
<author>Ladas552</author>
38
38
<pubDate>Sun, 13 Apr 2025 00:00:00 +0000</pubDate>
39
39
<category>games</category>
40
+
</item>
41
+
42
+
<item>
43
+
<title>My "Secure" Setup</title>
44
+
<link>https://ladas552.me/posts/My_secure_setup/</link>
45
+
<guid>https://ladas552.me/posts/My_secure_setup/</guid>
46
+
<description>Horrible practices or Guide to exploiting my OS if you ever want to</description>
47
+
<author>Ladas552</author>
48
+
<pubDate>Mon, 10 Nov 2025 00:00:00 +0000</pubDate>
49
+
<category>Linux</category>
40
50
</item>
41
51
42
52
<item>
+2
-2
theme/assets/css/style.css
+2
-2
theme/assets/css/style.css
···
75
75
/* Main content of the page */
76
76
.content{
77
77
width: auto;
78
-
max-width: 650px;
78
+
max-width: 750px;
79
79
margin: 40px auto;
80
80
padding: 0 0;
81
81
height: 100%;
···
83
83
flex-direction: column;
84
84
box-sizing: border-box;
85
85
position: relative;
86
-
line-height: auto;
86
+
line-height: 1.5em;
87
87
text-align: auto;
88
88
text-justify: inter-word;
89
89
}