exozyme/website
Archived
3
2
Fork 2
Code Issues Pull requests Projects Releases Wiki Activity

Deprecate the blog because no one ever uses it

Browse source
This commit is contained in:
Anthony Wang 2022-02-20 11:44:45 -06:00
parent 666f70c997
commit 9a677b39c4
Signed by: a
GPG key ID: BC96B00AEC5F2D76
5 changed files with 1 additions and 265 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

80
blog/dont-use-discord/index.html
View file

@ -1,80 +0,0 @@
<!DOCTYPE html>
<html>
<head>
<title>Don't Use Discord</title>
<link href="/style.css" rel="stylesheet" type="text/css" />
</head>
<body>
<div>
<br>
<h2>Don't Use Discord</h2>
2021 June 29
<br>
<a href="/blog">The exozyme blog</a>
<br>
<br>
<h3>Discord doesn't give a shit about your privacy</h3>
<p>
Discord <a href="https://github.com/Jiiks/BetterDiscordApp/issues/952">forbids third-party clients</a>, <a href="https://duckduckgo.com/?t=ffab&q=discord+ban+without+reason&ia=web">bans people for no reason and doesn't explain why</a>, shares everything with governments, and <a href="https://cadence.moe/blog/2020-06-06-why-you-shouldnt-trust-discord#business-model">sells off all your data to the highest bidder</a>. It has <b>no encryption at all</b>, <a href="https://support.discord.com/hc/en-us/community/posts/360047118232-Add-support-for-end-to-end-encryption">not even badly implemented end-to-end encryption</a> like WhatsApp. Everything about the app and servers are closed source and proprietary. That just exacerbates its <a href="https://cadence.moe/blog/2020-06-06-why-you-shouldnt-trust-discord#security-issues">already-bad security issues</a>.
</p>
<br>
<p>
<b>It collects a very large amount of data about you</b>, including your IP address, all your messages including "private" ones, all your voice chat data, and <a href="https://teddit.net/r/privacy/comments/eiicah/trawling_through_my_discord_data_package_after_35/">even information about other apps on your system</a> if you use the desktop client. <a href="https://discord.com/privacy">Discord's privacy policy</a> contains multiple occurrences of phrases such as "including but not limited to," which explicitly confirms that <b>Discord's privacy situation is even worse than we currently know.</b>
</p>
<br>
<p>
Best of all, <b>you can even pay them in the form of Discord Nitro to violate your privacy!</b> What fun!
</p>
<h3>So what now?</h3>
<p>
There are many great alternatives available, such as <a href="https://matrix.org/">Matrix</a>. You can even <a href="https://matrix.org/bridges/">bridge</a> your Discord account to your Matrix account, although this clearly violates Discord's Terms of Service. <b>Literally any chat app, other than Zoom, has better privacy than Discord.</b>
</p>
<br>
<p>
If you <i>must</i> use Discord, please do so in your browser, preferably in a private or incognito window. Treat everything you do on Discord as if it is public, including your "private" messages. <b>Do not download the spyware desktop or mobile apps at all costs!</b>
</p>
<br>
<p>
Anyways, I'll end with a quote from this <a href="https://teddit.net/r/privacy/comments/eiicah/trawling_through_my_discord_data_package_after_35/">very scary analysis of Discord's mass surveillance</a>:
</p>
<br>
<p>
<i>"Keep this in mind: - Every single thing you touch inside of the app, and even some things outside of it, are logged in an event containing your user ID, a unique event ID, a timestamp, and a very detailed description of what exactly you did. - Every single message and attachment you send may be perused by Discord staff and of course potential future hackers."</i>
</p>
<br>
<p>
Have fun with Discord!
</p>
<h3>Sources and further reading</h3>
<p>
<a href="https://spyware.neocities.org/articles/discord.html">Discord — Spyware Watchdog</a>
</p>
<br>
<p>
<a href="https://stallman.org/discord.html">Reasons not to use Discord</a>
</p>
<br>
<p>
<a href="https://archive.is/Q4N9J">Friends Don't Let Friends Use Discord - The Mega-Discussion : privacy</a>
</p>
<br>
<p>
<a href="https://cadence.moe/blog/2020-06-06-why-you-shouldnt-trust-discord">Why you shouldn't trust Discord | Cadence's Blog</a>
</p>
<br>
<p>
<a href="https://austinhuang.me/discord-issues">My view on the Issues of Discord | Austin Huang</a>
</p>
<br>
<p>
<a href="https://teddit.net/r/discordapp/comments/debr97/open_letter_to_discord/">Open letter to Discord : discordapp</a>
</p>
</div>
</body>
</html>

35
blog/index.html
View file

@ -1,35 +0,0 @@
<!DOCTYPE html>
<html>
<head>
<title>Blog</title>
<link href="/style.css" rel="stylesheet" type="text/css" />
</head>
<body>
<div>
<br>
<picture>
<source srcset="/logo.avif" type="image/avif">
<source srcset="/logo.webp" type="image/webp">
<source srcset="/logo.png" type="image/png">
<img src="/logo.png" alt="exozyme" height="324" width="324">
</picture>
<br>
<h2>Blog</h2>
<br>
<p style="text-align:center;">
<b>2021-08-02</b> <a href="ldap-hell">LDAP Hell</a>
</p>
<br>
<p style="text-align:center;">
<b>2021-07-26</b> <a href="next-step">The Next Step</a>
</p>
<br>
<p style="text-align:center;">
<b>2021-06-29</b> <a href="dont-use-discord">Don't Use Discord</a>
</p>
<br>
</div>
</body>
</html>

43
blog/ldap-hell/index.html
View file

@ -1,43 +0,0 @@
<!DOCTYPE html>
<html>
<head>
<title>LDAP Hell</title>
<link href="/style.css" rel="stylesheet" type="text/css" />
</head>
<body>
<div>
<br>
<h2>LDAP Hell</h2>
2021 August 2
<br>
<a href="/blog">The exozyme blog</a>
<br>
<br>
<p>
As exozyme enters beta, we've switched over from Keycloak to <a href="https://en.wikipedia.org/wiki/Lightweight_Directory_Access_Protocol">LDAP</a> for user management. The issue was Keycloak's excessive use of 600MB of RAM and a <i>ridiculous</i> 150 processes. All of that just for an authentication server! Even more problematic, getting OpenID Connect to work with all the web services required quite a lot of hacks, such as recompiling Mastodon with OIDC support. Yeah, that doesn't look to fun to maintain. Furthermore, it prevents us from getting to our one account to rule them all goal. At the minimum, you need one local Linux account and one Keycloak account. Of course you can use LDAP to sync these two... but why use Keycloak then?
</p>
<br>
<p>
Alright, so Keycloak has got to go. Time to research LDAP with the legendary ArchWiki! Unfortunately, the ArchWiki's guide for <a href="https://wiki.archlinux.org/title/LDAP_authentication">LDAP</a> is pretty outdated and lacking in details. Even worse, LDAP uses a whole jumble of weird terminology like BaseDN, cn, ou, and more.
</p>
<br>
<p>
The problem is that LDAP isn't something that's that difficult to understand. It's just that the docs are terrible.
</p>
<br>
<p>
LDAP is not something that normal users are going to bother with. It's almost entirely in the realm of enterprise stuff, a bridge into the world of 389, Active Directory, Kerberos, IPA, and more terms that I know absolutely nothing about. There are a few guides out there, but due to a relatively recent change in the way the OpenLDAP server is configured renders even three-year-old guides obsolete. It's terrible.
</p>
<br>
<p>
Still, I persisted, trudging through the scarce documentation for adding users and groups to LDAP and the nonexistent documentation for StartTLS with a Let's Encrypt certificate. At one point, I was stuck for several hours until I realized that I edited <i>/etc/pam.d/systemd-auth</i> instead of <i>/etc/pam.d/system-auth</i>. What an impossible error to catch...
</p>
<br>
<p>
Three days later, I <i>finally</i> got it all figured out. OpenLDAP only uses 8MB of RAM and you can finally log on to all exozyme core services with one account. Perfect! Now I want those three days back...
</p>
<br>
</div>
</body>
</html>

106
blog/next-step/index.html
View file

@ -1,106 +0,0 @@
<!DOCTYPE html>
<html>
<head>
<title>The Next Step</title>
<link href="/style.css" rel="stylesheet" type="text/css" />
</head>
<body>
<div>
<br>
<h2>The Next Step</h2>
2021 July 26
<br>
<a href="/blog">The exozyme blog</a>
<br>
<br>
<h3>From one to eight</h3>
<p>
Over the past month, something big has happened with exozyme. Really big.
</p>
<br>
<p>
We're no longer just a small person project used by me exclusively. We've gone from one user, me of course, to eight already, in the span of a month. It's been quite a wild ride!
</p>
<br>
<h3>An ArchWiki betrayal</h3>
<p>
Alright, so one of exozyme's core services is remote desktop. Easy enough, right? VNC seems to be the dominant solution, but by some fortunate stroke of luck, SDDM happens to be the only display manager that doesn't support the XDMCP protocol for multi-user sessions. (That was a lot of accronyms in one sentence) Darn it. Time to use a different display manager maybe? Or, maybe start a VNC session for each user?
</p>
<br>
<p>
Both solutions have their flaws. XDMCP is pretty dated protocol, and running a VNC session each for potentially dozens of users is a huge waste of RAM when only a few might be accessing their remote desktop at the same time. What now then? There's an assorted jumble of more accronyms for other remote desktop protocols, like RDP and X2Go, or even plain X forwarding over SSH, just to name a few. X2Go is quite convoluted to set up on Windows and Macs so that's out of the picture. Same with X forwarding. Looks like RDP is the answer then!
</p>
<br>
<p>
As always, when setting up a new piece of software, we'll consult the godly ArchWiki. In this case, it's xrdp, the RDP server. Except...
</p>
<br>
<p>
I'll never seen a worse ArchWiki page. <a href="https://wiki.archlinux.org/index.php?title=Xrdp&oldid=681814">Here's what it looked like</a> when I first read it. It's terrible. There's no logical organization, and I barely get what half of it is even trying to do.
</p>
<br>
<p>
But, I tried anyways, and finally, once everything was ready, I launched up <i>freerdp</i> and tried connecting to a KDE Plasma remote desktop.
</p>
<br>
<p>
Guess what? Black screen.
</p>
<br>
<h3>Time for some debugging fun!</h3>
<p>
OK, time to DuckDuckGo it then. Unfortunately, I could not find a single working solution to this on the web. I even tried running xrdp in one of my Ubuntu VMs and it worked. Perfectly! I also tried starting single apps instead of Plasma, and that worked too, although the apps were often oddly sized. So, I was seriously confused what was wrong with exozyme's xrdp server.
</p>
<br>
<p>
The whole situation reminded me an awfully lot like the <a href="https://ta180m.exozy.me/blog/2021/06/22/anti-window-manager.html">Anti Window Manager</a>. What was the problem there? The truly despicable piece of software that is D-Bus. I haven't ever met a person that likes D-Bus. So, I tried running my remote KDE Plasma desktop with <i>dbus-run-session</i>, and it actually worked!
</p>
<br>
<p>
Unfortunately, it was a pretty broken experience. Audio didn't work, the logs were filled with D-Bus errors, Polkit didn't work, and there wasn't any graphical acceleration. But first, I swiftly documented my new fix on the ArchWiki so the next folks to try xrdp wouldn't have to suffer through the same problems. While I was at it, I also extensively cleaned up the article, and it looks <a href="https://wiki.archlinux.org/index.php?title=Xrdp&oldid=689493">beautiful now!</a>.
</p>
<br>
<p>
I ended up installing some extra Pulse modules and simply adding <i>pulseaudio &</i> to the startup script to get sound to work, although the PulseAudio processes sometimes don't get killed properly upon ending the remote desktop session. For graphical acceleration, a handy package in the AUR enabled it to work, too. Perfect! And of course, I contributed these fixes to the ArchWiki as well. I have no idea about the D-Bus errors or Polkit, but those aren't too important as far as I can tell.
</p>
<br>
<p>
Anyways, it's awesome that exozyme users can now effortlessly start up a remote desktop and things like sound, graphical acceleration, and even installing local apps with Flatpak and Discover work without any extra work. Another perk about RDP is that there's a built-in client for it on Windows, which makes things even easier for users. Of course, FreeRDP will always be the best client!
</p>
<br>
<h3>No more memorizing a bunch of passwords</h3>
<p>
The annoying thing about hosting so many services is that they are way too many passwords to remember. Of course, I have my personal password generating algorithm, so it's not as much of an issue, but still, it's a ton of work to have so many accounts for each user and each service.
</p>
<br>
<p>
Enter the vast and disorienting world of single sign-on and directory management. There's just so many terms and accronyms thrown around about this: OAuth2, OpenID Connect, SAML, LDAP, Active Directory, 389, Keycloak, FreeIPA, and more. I decided to go for something as simple as possible. After a bad experience with using Nextcloud as a single sign-on (specifically, Nextcloud's not exactly compliant OAuth2), I decided to ask in some Matrix rooms about this, and several people endorsed Keycloak.
</p>
<br>
<p>
Fortunately, there's a decent ArchWiki entry for Keycloak this time, and it's surprisingly easy to use, although it presents a ridiculously large amount of configuration options. Yeah, forget about them, they aren't important, at least for my setup. I managed to get Nextcloud, Gitea, and Synapse integrated well, and I'm working on the others right now.
</p>
<br>
<p>
Alright! So you now only need to remember two passwords: Your Linux user password that you use for SSH, and your Keycloak password for all the web services. Of course, you could do it with only one password and LDAP, but that's a huge PITA and not torture that I want to put myself through. Plus, it's trivial now to only give someone access to SSH and remote desktop, or alternatively access only to the web services.
</p>
<br>
<h3>So many services, where to start!</h3>
<p>
About that... I wrote a <a href="/quickstart">quickstart guide</a> to address this, but it may still contain some technical information that I copied over from the FUQs page. (I love that name) If you have any suggestions or feedback, feel free to leave them on <a href="https://github.com/exozyme/exozy.me">GitHub</a> or <a href="https://git.exozy.me/exozyme/exozy.me">Gitea</a>.
</p>
<br>
<h3>The future</h3>
<p>
Take a look at our <a href="exozy.me/roadmap">roadmap</a> if you want a preview of the future. Thanks for reading yet another long and rambling exozyme blog post! See you when we hit 64 users! 😉
</p>
<br>
</div>
</body>
</html>

2
index.html
View file

@ -27,7 +27,7 @@
</p>
<br>
<p style="text-align:center;">
<pre><a href="about">About</a> <a href="quickstart">Quickstart</a> <a href="explore">Explore</a> <a href="fuqs">FUQs</a> <a href="blog">Blog</a></pre>
<pre><a href="about">About</a> <a href="quickstart">Quickstart</a> <a href="explore">Explore</a> <a href="fuqs">FUQs</a></pre>
</p>
<br>
</div>