Meetups/Infra/2026-05-25

From Noisebridge
Jump to navigation Jump to search

(Preamble: 

   = Meetup - Infra =
   https://www.noisebridge.net/wiki/Meetups/Infra
   https://www.noisebridge.net/wiki/Meetups/Infra/2026-..-.. )

2026-05-25m Meetups/Infra

Noisebridge | About | Visit | 272 | Manual | Contact | Guilds | Stuff | Events | Projects | Meetings | Donate E
Events | 5MoF | Hosting | Streaming | Meetup | Classes | Anniversaries | Hackathons
Upcoming Events | External Events | Past Events | Future Events | Noisetabling 		E
Meetups / Infra: 2026 | Template | Pad (live notes) | Jitsi (video call/screen sharing) | (M | lu.ma | discord events | chat) V · T · E

(TODO summary)

Welcome[edit | edit source]

Welcome to the infrastructure meetup, we meet weekly to talk about FOSS, self-hosting, and noisebridge infrastructure. We often delve into 

Hearye Hearye, let the gossip commence,

We’ve pushed to production with zero defense. May your pings be quite low and your uptime stay high, As we pray that the server room doesn’t quite fry.

Hearye, Hearye, the Mythos LLM has breached the kernel core, Your zero-days are leaking through every open door, The root shell is singing, your box is truly owned, Let the meetup begin while your infrastructure is dethroned!

Introductions[edit | edit source]

  • [name] - [background]. [goals for meetup, or interests to explore]


  • Loren - Help maintains some nb infra, vibed coded some ansible - crypto primitives
  • Greg - programmer, runs home lab, has a 1u UPS, does noisebridge have a use for it. Who can use it?
  • Null - here to hang out, sharing introduction to rmlint
  • erik - setting up a vm server proxmox, harvester, RAM, big machine!
  • travis (tmoney) - hanging out at the infra
  • Chris - design engineer, asian, interested in web scraping - crypto primitives thinking about building messaging service
  • Doug - still likes computers, has a real life exciting crypto project. sort of thing mpeople might get excited about
  • Derek - programmer, working on a spec-management system, someone from CERN stopped by today, left a chip that they use in the collider for particle detection
  • Cole - backend linux, looking forward to crypto primitives.
  • Zacchae - debate the dirty WASM non-believer.
  • Jakob - background in SE, working on go middleware between llm and
  • Abdul - generalist, interested in all things infra
  • Dave - works in software infrastructre
  • Heather - developer, stumbles into infra a lot, comfortable with linux
  • Megan - web dev using zig


Lesson or Demo[edit | edit source]

  • Read aloud: clarify for meetup. We are taking notes in a riseup pad (or I am--help appreciated, and links). We have meeting notes posted to the wiki. noisebridge.net, search Infra, or Meetups/Infra. (the Infrastructure page has a disambiguation link.)
  • Shell, web services, self-hosting, networking!


- 300 TB 
- fast efficient, 
- hackable dedup, bad sym links empty directory
- discovery / ? / output phase
- some efficiencies
- initial bytes aren't the same, then don't need to check the reset
- early return: quickly check, save work be not doing unneeded work
- avoid cycles by using a DAG.
- recurses through filesystem,
- outputs bash script for taking care of cleanup
- (ref-link?)
- discrimination phase, keep the smallest file name or earliest file name
- rolling hashes? (how rsync does block hashes?)
- user of a server? user of a laptop?
- block level chunking and updating
- slice a file, created with a unique header with timestamp
- data within the file is duplicate, slice out the first hundred bytes
```rmlint  100 -Q .9 # Start comparison at byte 100, suspend comparison```
- per byte comparison, 'paranoid' mode. uncompromising
- path tagging:  <path> // <tag> 
  refer to tags later for focusing behavior and particular treatment
- example: (see if we can get a github gist?) 
- what is extended attributes??? (file system feature?)
- some use cases?
- how many terabytes is spotify? 300TB.



  • Core crypto primitive
- e25519 curve para
- sha hashes
- keys
- layers of the building blocks
- symmetric vs asymetric
- stream cipher, 
- compress before you encrypt
- constant time encryption?, megan
-

(loren add) 

- hashes ..
  - HMAC (keyed - MAC - message authentication code)  / one symmetric key verification method (caveats about key use or lifetime, differ from symmetric use)
  - fast hashes
    - non-crypto hash, not necessarily uniformly distributed
  - slow hashes
    - high resource digest creation
  - memory-hard hashes (asic... well fpga hard)
  
  - rolling polynomial (non-cryptographic) hash functions
   - FMV & similar

export HOMEBREW_CASK_OPTS_require_sha=true 

- rainbow tables -- broken hash systems
pre-image
  "password", hash("password") = "bassword"
  
precomputation attack, 
 takes a broad list of passwords and hash them ahead of time
Current attacks on SHA-2?
 many scenerios where a digest might be used to do integrity check on real world process. "I'm downloading 300TB and want to check integrity". A better way than hashing?
 Blake3 (hash function)
  uses ChaCha stream cipher
  uses binary tree and supports parallel
  how to misuse hash function
  - rainbow tables, salt 
  - timing attacks 
  - shadow files in auth
  - salt, stored in line with the record
  - pepper, per deployment
 TLS connection need to encrpyt lots of data.
  - Data verification
  - first preimage resistance, not knowing input
  - second preimage, collision with a known
  - streaming verification? 
  - Why use a cryptographic hash instead of fast
    - collision resistance
  - Why use Blake3? 
  - Q: You have a source, using Blake3, evaluating hashes using a tree?
  - signatures expands the network because, mirrors are load bearing example. 
    - subtle, integrity. CIA - 
      - (Confidentiality, Integrity (bit flips?), Authenticity) 
    - schemes
      - boo brew! no default integrity checks
      - Mallory is spoofing our routers.
      - 
 - NIST? 
   - how did it get the name
     - A contest.
     - Blake3 was a finalist for SHA-3
     - Q-day is coming soon... (duh duh duh)
 - AES is not vulnerable? 
     
 - Doug's Idea:
   - doesn't like paying for parking
   - search by map for parking meter number
     - related by hash of address.
     - 
     
 - Difference between Crypto and NonCrypto hashes
   - not meant to be resistant to attacks used for checksum
 - Rolling hashes
   - when hash reaches zero again, is marked as boundary
   - offline crypto store
     - each attempt?
       - more time
       - bcrypt 
       - tune digests?
       - sequential attacks
 - scrpyt "ess crypt"
 - pbkdf
   - uses HMAC - hashed message authenticated code
   - pseudo random function, 
   - example (bitwarden other password managers)
   - 600,000 iterations
   - special construction, just hash function, possible to misuse this
     - object store systems that let you request objects
       - a user pulls stream of bytes
         - middle man could send the wrong hash
   - 
 - HMAC 
   - user: "I want to reset my password"
   - reliable creation of authenticated
   - all download from s3 include HMACS

https://crypto.stanford.edu/~dabo/courses/OnlineCrypto/

Outro[edit | edit source]

  • Dave - HMAC!
  • Eugune - (came in from Circuit Hacking Mondays downstairs, also made some updates, switching to Nix, had to fix CUDA drivers, bluetooth stuff)
  • Loren - develop share documents together, symmetric &asymmeyric key stuff
  • Greg - nuts and bolts of crypto (hashbrown)
  • null - HDMI cable is broken and Daniel is a javascript ... epitat
  • chris -
  • Doug - reading the SHA-256 recipe, doesn't like it
  • Derek - extended attributes, additional
  • Caitlin -
  • - discussion inspaired to protect function to defend against supply chain attack. Working on go product, easier to deploy and calc hashes, maybe distribute over brew.
  • Abdul - better idea about acronym, rmlint is taking over the world.
  • Robert - From earlier that brew has disabled a very important setting. (Env var is in the notes)
  • Megan - Peppering?


Integrity pinning, pulling in functions, supply chain attack, defeated with integrity pin that includes a digest with package.

https://developer.mozilla.org/en-US/docs/Web/Security/Defenses/Subresource_Integrity


Questions, Discussion, or Coworking[edit | edit source]

  • [Issue]

For next time[edit | edit source]

Questions[edit | edit source]

Readings & Exercises[edit | edit source]

  • Readings
  • Exercises


Join online[edit | edit source]

  • Try it yourself!
    • Join libera.chat #nb-meetup-infra

https://www.noisebridge.net/wiki/Meetups/Infra

Retrieved from "https://www.noisebridge.net/index.php?title=Meetups/Infra/2026-05-25&oldid=90418"