Hi,

I'm already using

from smtplib import SMTP_SSL
from email.message import EmailMessage

To send emails.

Now I would like to be able to encrypt them with the public key of the recipient. ( PublicKey.asc )

import smtplib
from email.message import EmailMessage
from cryptography.hazmat.primitives.asymmetric import ec
from cryptography.hazmat.primitives import serialization
from cryptography.hazmat.primitives.ciphers.aead import AESGCM

# Load the ECC public key from the .asc file
with open('recipient_public_key.asc', 'rb') as key_file:
    public_key_bytes = key_file.read()
public_key = ec.EllipticCurvePublicKey.from_public_bytes(
    ec.SECP384R1(),
    public_key_bytes
)

# Create the email message
msg = EmailMessage()
msg.set_content('This is the encrypted email.')
msg['Subject'] = 'Encrypted Email'
msg['From'] = 'you@example.com'
msg['To'] = 'recipient@example.com'

# Encrypt the email message using the ECC public key
nonce = bytes.fromhex('000102030405060708090a0b0c0d0e0f')
cipher = AESGCM(public_key.public_key().secret_key_bytes)
ciphertext = cipher.encrypt(nonce, msg.as_bytes(), None)

# Send the encrypted email
server = smtplib.SMTP('smtp.example.com')
server.send_message(msg, from_addr='you@example.com', to_addr='recipient@example.com')
server.quit()

# Save the encrypted email to a file
with open('encrypted_email.bin', 'wb') as f:
    f.write(ciphertext)

I like the approach, only one "low level" import cryptography

but the code seem wrong. if the body has been encrypted as ciphertext I don't see this one included while sending the email.

How are you doing it ? or do you have good tutorial, documentations ? because I found nothing "pure and simple" meaning not with of unnecessary stuff.

Thanks.

cross-posted from: https://programming.dev/post/19958073

Hi,

I'm looking for a solution to archive files in a decentralized system. that would meet those requirement:

• FLOSS
• date-stamp the upload of the file.
• immutable storage ~ WORM
• anonymous (like TOR)

I was considering IPFS but it does not date-stamp the upload :'( you can make a description-file but this is unreliable, as you can set any date..

I'm lost between hyphanet.org and Freenet.org ?!
are those the same project ?

According to A.I:

Hyphanet is focused on secure, private, and efficient communication and data sharing, with an emphasis on enabling users to monetize their data while maintaining control over their data sovereignty.

is that true ? I can't found the information on their website...

Hi,

I would like to change the owner of a directory on the sdcard /sdcard/aDirectory

I have a terminal installed on my Android 10 (LineageOS 17) com.android.terminal

sudo is not present so I use su and it works.

su
#Terminal was granted Superuser rights

cd /sdcard
chown 10:10 aDirectory
#I don't get any error message.

stat aDirectory
#Uid (0/root)

So the owner stay root no matter what I'm doing, any ideas ?

Hi,

I created another user on my custom rom Android (aka Multiple users)

Unfortunately when doing so the system do not adapt the permission of the sdcard and some other directory, thus the new user can't access them :/

So I wanted to "remote" terminal into my android device from my computer.

How are you achieving this ? ( without 3thparty apps please ! )

Thanks.

cross-posted from: https://programming.dev/post/18360806

Hi everyone,

I would like to enable Cross-Origin Resource Sharing on my Nginx server. for few origins (cors requestor)/domains.

I've found this article https://www.juannicolas.eu/how-to-set-up-nginx-cors-multiple-origins that is nice, but not complete and on my browser seem really hard to read due to the layout 🤮

So I've opened a CodeBerg git repository for the good soul that want to perfect this piece of code the allow the most of use to use CORS with Nginx.

https://codeberg.org/R1ckSanchez_C137/BestOfxxx/src/branch/main/Nginx/CORS_MultiDomains.py

If you don't want to create an account on codeberg feel free to post your code here !

server {
    # Server

    map "$http_origin" $cors { # map in Nginx is somewhat like a switch case in a programming language.
        default ''; #Seem to set $cors to '' empty string if none of the follwing rexeg match ?
        "~^https:\/\/([\w-_\.]+\.)?example.com$" "$http_origin";
            #regex domain match
            # ~ mean I suppose the string is RegEx ?
            # Need to come with a RegEx expression that match https://anything.example.com[optional ports and Query string ?X=Y]
        "~^https:\/\/([\w-_\.]+\.)?example2.com$" "$http_origin"; #regex domain match
        }
               

    location /static {
        
        # if preflight request, we will cache it
        if ($request_method = 'OPTIONS') {
            add_header 'Access-Control-Max-Age' 1728000; #20 days
            add_header 'Content-Type' 'text/plain charset=UTF-8';
            add_header 'Content-Length' 0;
            return 204; #https://developer.mozilla.org/en-US/docs/Web/HTTP/Status/204 }

        if ($cors != "") {
            add_header 'Access-Control-Allow-Origin' "$cors" always; # <-- Variable $cors
            add_header 'Access-Control-Allow-Credentials' 'true' always;
            add_header 'Access-Control-Allow-Methods' 'GET, POST, PUT, DELETE, OPTIONS' always;
            add_header 'Access-Control-Allow-Headers' 'Accept, Authorization, Cache-Control, Content-Type, DNT, If-Modified-Since, Keep-Alive, Origin, User-Agent, X-Requested-With' always;}

       # configuration lines...

    }
}

}

Hi everyone,

I would like to enable Cross-Origin Resource Sharing on my Nginx server. for few origins (cors requestor)/domains.

I've found this article https://www.juannicolas.eu/how-to-set-up-nginx-cors-multiple-origins that is nice, but not complete and on my browser seem really hard to read due to the layout 🤮

So I've opened a CodeBerg git repository for the good soul that want to perfect this piece of code the allow the most of use to use CORS with Nginx.

https://codeberg.org/R1ckSanchez_C137/BestOfxxx/src/branch/main/Nginx/CORS_MultiDomains.py
and
https://codeberg.org/R1ckSanchez_C137/BestOfxxx/issues \

If you don't want to create an account on codeberg feel free to post your code here !

server {
    # Server

    map "$http_origin" $cors { # map in Nginx is somewhat like a switch case in a programming language.
        default ''; #Seem to set $cors to '' empty string if none of the follwing rexeg match ?
        "~^https:\/\/([\w-_\.]+\.)?example.com$" "$http_origin";
            #regex domain match
            # ~ mean I suppose the string is RegEx ?
            # Need to come with a RegEx expression that match https://anything.example.com[optional ports and Query string ?X=Y]
        "~^https:\/\/([\w-_\.]+\.)?example2.com$" "$http_origin"; #regex domain match
        }
               

    location /static {
        
        # if preflight request, we will cache it
        if ($request_method = 'OPTIONS') {
            add_header 'Access-Control-Max-Age' 1728000; #20 days
            add_header 'Content-Type' 'text/plain charset=UTF-8';
            add_header 'Content-Length' 0;
            return 204; #https://developer.mozilla.org/en-US/docs/Web/HTTP/Status/204 }

        if ($cors != "") {
            add_header 'Access-Control-Allow-Origin' "$cors" always; # <-- Variable $cors
            add_header 'Access-Control-Allow-Credentials' 'true' always;
            add_header 'Access-Control-Allow-Methods' 'GET, POST, PUT, DELETE, OPTIONS' always;
            add_header 'Access-Control-Allow-Headers' 'Accept, Authorization, Cache-Control, Content-Type, DNT, If-Modified-Since, Keep-Alive, Origin, User-Agent, X-Requested-With' always;}

       # configuration lines...

    }
}

}

Hi,

I got FileA that have 640 a getfacl FileA give me

# file: FileA
# owner: me
# group: me
user::rw-
user:aUser:r--
group::r-x			#effective:r--
mask::r--
other::---

So it's give me the expected...

but when I do

chmod 600 aFile
getfacl aFile

...
user:aUser:r--		#effective:---
...
mask::---
...

Why suddenly aUser lost his ability to read the file !?!?!

Hi,

I've set for a directory the following

setfacl -dm u:aUser:r aDirectory
#set new files to be readable by aUser

cp ~/Desktop/aFile.txt /xx/xx/xx/aDirectory

getfacl aFile.txt #the copied one

# file: aFile.txt
# owner: me
# group: me
user::rwx
user:aUser:r--
group::r-x
mask::rwx
other::rwx

So indeed we see the aUser got r--

but

stat aFile.txt

return

(0777/-rwxrwxrwx) #!!!!

is that normal !!!!???

Thanks.

Hi,

I've noticed something quite odd, but I don't know if the problem come from Linux itself or nginx..

In order to grant nginx access to a directory let say your static see: https://stackoverflow.com/questions/16808813/nginx-serve-static-file-and-got-403-forbidden

These parent directories "/", "/root", "/root/downloads" should give the execute(x) permission to 'www-data' or 'nobody'. i.e.

but it seem not only the direct parent need to be given XX5 but all the chain

for example

example
└── sub1
    └── sub2
        └── static

it seem you need to set allow others to read and execute 5 all the parents example, sub1, sub2 Why is that !?? I've found it so akward and unsecure ! is there a workaround ?

Thanks.

Hi,

You might be aware that if a DNS request point your nginx server.

and this later do not have a server rule for it , nginx will server anyway the first server found in your config file, WTF !

So I've found https://stackoverflow.com/a/23281442

server {
  listen       80 default_server;
  server_name  everythingelse;

  error_page 404 /404.html;

  # Everything is a 404
  location / {
    return 404; #return the code 404
  }

  # link the code to the file
  location = /404.html {
    #EDIT this line to make it match the folder where there is your errors page
    #Dont forget to create 404.html in this folder
    root  /var/www/nginx/errors/;
  }
}

But this is not working !

I made one of my domain pointing to this nginx server, and he still server another site aka server For httpS for http nothing appear..

Thanks.

Hi,

I'm confuse about those mandatory legal notices that governments impose for websites..

Before going further I invite you to read:
A Declaration of the Independence of Cyberspace
and
Discourse on Voluntary Servitude[^1] \

From all the articles^2 that I read about the mandatory notice to display for website none of them reference the URL of their claim !! / of the legal text !! WTF[^links]

Internet is by essence world wide, and when reading all those legal requirement it's seem that you should display notices for EVERY country !

it's seem also that if you own a private website, just for your own or family use, like for example a web file hosting services. (NextCloud etc..) You should comply with the same requirement that are asked for company ! again... WTF !

Also I don't understand, why make mandatory those notices...(beside the scam (money) ) , I'll come back to this below.

• If you want to buy something off a website, and this later do not mentions any legal address , contact info and so on, the responsibility to buy or not should be only yours. (For example, will you buy a yogurt in the supermarket if there were no brand, contact info on the packing or bill ?)
• if the state want to ~~censor~~ "regulate" a website on the old internet[^OI] there is plenty of way to know who is the author or at the very least where is it hosted..
• if a website use/distribute a copyrighted© elements. The right holder can do/contact in the following order:
  • check the website for contact (if any)
  • check the DNS record
  • check the hosting
  • contact the owner of the IP (IP are leased by company../ ISP )

So there is no sense to ask everyone that extra heavy burden. The only advantage is for law firm (and those cookies related firm) that make a profit out of it. I heard in my entourage peoples that had pay thousandth of $$ to generate those text, keep up to date etc.. even for small website.

• If you think those legal notice are a good thing please do not hesitate to motivate your answer.
• If you have any good links about it, feel free to share.
• What are you doing your self on website of customer and/or for your private websites ?
• if you know a Lemmy community worth to share this post, step forward.

Thanks...

[^1]:https://en.wikipedia.org/wiki/Discourse_on_Voluntary_Servitude
https://archive.org/details/0000-00-00-00-etienne-de-la-boetie-00_202201/1548-00-00_Discourse%20on%20Voluntary%20Servitude_1942_org/mode/2up \

https://www.websitepolicies.com/blog/legal-requirements-for-websites [^OI]:The one that you are using now with the domains scam. A future internet might be using TOR or GNU Name System

[^links]: if you have those links feel free to share !

Hi,

Unfortunately I need to register a domain name for the "old" Internet. So this one with the domain name scam[^DomainScam] and so on..

So which registrar would you recommend that is the closed regarding the FLOSS / GNU philosophy ?

And then I hope the world, will migrate to something better than this WWW scam and I could get rid of this domain..

Thanks.

[^DomainScam]: - https://www.namepros.com/threads/is-the-domain-industry-like-a-ponzi-scheme.725672 - https://www.w3.org/2014/strint/papers/65.pdf - https://www.gnunet.org/en - https://www.torproject.org - https://youbroketheinternet.org