Meetups/Infra/2026-05-18

From Noisebridge
Jump to navigation Jump to search

2026-05-18 m Meetups/Infra

Noisebridge | About | Visit | 272 | Manual | Contact | Guilds | Stuff | Events | Projects | Meetings | Donate E
Events | 5MoF | Hosting | Streaming | Meetup | Classes | Anniversaries | Hackathons
Upcoming Events | External Events | Past Events | Future Events | Noisetabling 		E
Meetups / Infra: 2026 | Template | Pad (live notes) | Jitsi (video call/screen sharing) | (M | lu.ma | discord events | chat) V · T · E

(TODO summary)


Introductions[edit | edit source]

  • [name] - [background]. [goals for meetup, or interests to explore]
  • Loren - working on automating a little more infra
  • Daniel - noted web dev, general computer man, how to dox null
  • null- interested in many things, geolocation stuff, worked on systems that used noise crypto protocol, dealing with transport and authentication scheme.
  • Doug - Likes computers, consistently out of his depth
  • Ciara - playing a lot with noise garden, came across interesting kernel hackery to improve stability
  • Victor - spent this week messing with network block devices
  • Derek - designing a system for doing spec driven development -- working with Kevin to arrive at something
  • Max - we know him, lately ricing linux going nowhere, interested in CVE?s, dev containers,
  • Eugene - after weeks of discussion process moving arch to nix, also on NAS runing ZFS for a long time, adopting 3-2-1 backup, getting the second box to copy over not so easy, messing around with sync thing, maybe second box will be nix?
  • Erik - trying to make his home setup quieter, it has a mysterious hum! no more spinning drives, reducing noise, unplugged all the servers. Reducing functionality are gains in peace and quiet. (Doug wonders about 15.6 kHz CRT device - 70db)
  • Elan - Recently looking into refactoring API to be more secure, not just more secure, and bot resistant to DDOS, setting up fail to ban properly.
  • Robert - currently trying to make a system that makes a toy box, like busy box, all the main utlities are contained in one binary. Has been working on that all day. Was compiling linux kernel on the thinkpad, did bring a usb drive containing current process, a binary containing bash and another containing a compiled result of toy box. No current image, but does have files.



Topics[edit | edit source]

  • Noise protocol
    • Cryptographic framework

people are often bitten rolling their own crypto pick n' choose A Layer 2 protocol called lightning over bitcoin https://github.com/lightning/bolts/blob/master/08-transport.md Comprehensive Overiew: https://noiseprotocol.org/noise.html Need to transport, authenticate Rather than develop their own protocol will adopt noise protocol tune up the framework, or tune it down to meet the project requirements Example: The buoy project, hunting for gold, should use the noise protocol instead of learning and failing at implementing cryptolgraphy. Example: In protocol setup there are 3 handshake patterns

https://en.wikipedia.org/wiki/Noise_Protocol_Framework#Handshake_patterns

    • atoms of noise handshakes

when paired together 1st is initiator. 2nd is responder.

The first character refers to the initiator's static key: N = No static key for initiator K = Static key for initiator Known to responder X = Static key for initiator Xmitted ("transmitted") to responder I = Static key for initiator Immediately transmitted to responder, despite reduced or absent identity hiding The second character refers to the responder's static key: N = No static key for responder K = Static key for responder Known to initiator X = Static key for responder Xmitted ("transmitted") to initiator

https://en.wikipedia.org/wiki/Noise_Protocol_Framework#Handshake_patterns


(static key = A long term key) (Ephemoral key might be generated by a session)

      • happiest path, GPG, two known keys, just use the key to encrypt
      • TLS mostly works starting with an ephemoral key is used to create the session, relies on the entire infrastructure to transfer? the long term key
    • All these patterns are in existing encryption schemes

Framework for modeling encrypted systems, models can autogenerate clients Overall actions happen in many protocols may not used in noise methods Signal had some noise pieces Widely used in the industry for secure

Are you really talking to Bob? Are you really talking to Alice? There are a lot of concerns beyond modulo arithmetic, which is what noise protocol is especially good at.

https://en.wikipedia.org/wiki/Diffie%E2%80%93Hellman_key_exchange g is the generator of the cyclic group of order G.

    • Alice and Bob agree on a natural number n and a generating element g in the finite cyclic group G of order n. (This is usually done long before the rest of the protocol; g and n are assumed to be known by all attackers.) The group G is written multiplicatively.
    • Alice picks a random natural number a with 1 < a < n, and sends the element ga of G to Bob.
    • Bob picks a random natural number b with 1 < b < n, and sends the element gb of G to Alice.
    • Alice computes the element (gb)^a = g^(ba) of G.
    • Bob computes the element (ga)^b = g^(ab) of G.

Certificate authorities operate on harder and impossibly expensive to cheat the system, to make a key to claim to be google.com

Three letter agencies are constantly trying to own CAs, so they can attack target systems.

Signing things that are not in the transparency log is a sign of malfeasence.

It comes down to trust?

More fun to be had, KK

Magic worm hole: https://github.com/magic-wormhole/magic-wormhole

AxyotlRatchet? (regrows a secure hash)

Forward secrecy, property, what you want, even if box gets popped and keys are infiltrated. Rotate keys every so often. Prevent decrypting all historically encrypted.

Zacchae was wondering if there is a way to detect missing messages somehow.

On signal, system ratchets key on every message. (called MLS)

https://en.wikipedia.org/wiki/Double_Ratchet_Algorithm#Functioning

OTR-mode (Off the record), with Jabber. repudiation and non-repudiation

Deck of cards entropy In [5]: -math.log2(1/fact(52)) Out[5]: 225.58100312370277


From Claude: The Noise spec [1] is genuinely one of the most readable cryptography documents out there if you want to go deeper.


  • e2e principle -- end-to-end principle -- careful design of protocols, clients, architecting systems -- allows you not to keep state there


  • CVEs -- VMs for dev containers - light use

podman in rootless mode, in a vm

3 CVEs recently -

How do you isolate environments for development - Use a micro vm! Boot in 150ms

Use nix -- use direnv -- and when you cd into a project, it loads you into

Victor: thing about network block devices, I was looking into for microvms -- you can use memory snapshots to start the vm even faster, but still mount the project directory through from the file system.

Elan: I've been doing some of this isolation with Bazel, running builders in vms


  • nix / lix -- nix run nixpkgs#sl

you can use it as a package manager on other linux distributions, macOS, ...windows linux frontent

use the determinate installer, or

  • NAS stuff - zfs syncing -- backups 3-2-1.


SBC - single-board computers - 4 NVMe -- Eugene successfully using

  • demo? robert's toybox --


  • Google -- Location component of ..central auth gateway
    • wiggle.net
    • eDNS
    • Firefox / macOS -- SSID lookup
    • non-location fingerprinting? canvas - any of the wild Malboge-like login scripts
  • pol.is, for spec feedback, for derek?


Outros[edit | edit source]

  • null - learned nix has a (beta?) installer
  • Cole - contributed to the meetup as much as this lamp -- requested cryptography,
  • Brandon - thoura.ai - ai chatgpt, 2 syrians
  • Loren - more interested in crypto stuff and primitives.
  • Erik - nix - want to see real workflows people do
  • Eugene - nice to hear the ELI5 for Diffie-Hellman, also getting into nix so excited to put up my hand as a user next time
  • Max - forgot how satisfying doing deep dives on math, higher level discussions also appreciated (if you get into nix, there is a decent amount of self packaging involved)
  • Derek - like the DSL used by noise, so succinctly describes the pieces (will look into Pol.is, thanks!)
  • Renaud - enjoyed the crypto stuff, regrets not paying more attention in college
  • Victor - wants to look more into noise
  • Elan - am no longer affected by dirty frag?
  • Ciara - n/a
  • Doug - wants to do some elliptic crypto by hand
  • Robert - Feels like switching to nix so he doesn't have to deal with deps.
  • Zacchae - re: dissecting the signal protocol, how much effort exists for bridging.



Lesson or Demo[edit | edit source]

  • Read aloud: clarify for meetup. We are taking notes in a riseup pad (or I am--help appreciated, and links). We have meeting notes posted to the wiki. noisebridge.net, search Infra, or Meetups/Infra. (the Infrastructure page has a disambiguation link.)
  • Shell, web services, self-hosting, networking!





Questions, Discussion, or Coworking[edit | edit source]

  • [Issue]

For next time[edit | edit source]

Questions[edit | edit source]

Readings & Exercises[edit | edit source]

  • Readings
  • Exercises

Join online[edit | edit source]

  • Try it yourself!
    • Join libera.chat #nb-meetup-infra

https://www.noisebridge.net/wiki/Meetups/Infra

Retrieved from "https://www.noisebridge.net/index.php?title=Meetups/Infra/2026-05-18&oldid=90344"