HackerTrans
TopNewTrendsCommentsPastAskShowJobs

risson

no profile record

comments

risson
·8 個月前·discuss
(authentik maintainer here) It does! Also, not only in the authentication process, but also during individual authorization flows, and in a few other places as well, like when a user edits their settings, or whenever an event (basically whenever something happens in authentik) but that's more a reactive process than inline
risson
·去年·discuss
I do things somewhat similarly but still rely on Helm/customize/ArgoCD as it's what I know best. I don't have a documentation to offer, but I do have all of it publicly at https://gitlab.com/lama-corp/infra/infrastructure It's probably a bit more involved than your OP's setup as I operate my own AS, but hopefully you'll find some interesting things in there.
risson
·去年·discuss
Those guys are also opening "ad" issues on unrelated repositories[0]. Adding that to what others mentioned, it really doesn't inspire confidence in the software

https://github.com/goauthentik/authentik/issues/13521
risson
·去年·discuss
According to Balatro, it does
risson
·2 年前·discuss
The HA maintainers also refuse anything that has to do with SSO. I'm not even talking about implementing it themselves, there have been many contributions over the years to add OAuth support
risson
·2 年前·discuss
So they made bad architecture decisions, blamed it on Kubernetes for some reason, and then decided to rebuild everything from scratch. Solid. The takeaway being what? Don't make bad decisions?
risson
·2 年前·discuss
> Sorry, I don't follow. Am I misreading something? To me the the quoted text says the opposite.

Yeah me too. But how would the provider report CSAM content if they are not obliged to break encryption? I don't really follow the Regulation on that part.
risson
·2 年前·discuss
You only really answer question 2 of your parent, and they obviously meant for someone operating a Matrix server with regards to their users. It's pretty well summarized in Patrick Breyer's sumary page[0]:

> Only non-commercial services that are not ad-funded, such as many open source software, are out of scope

> How do you even ensure a client is actually self-reporting?

This is an interesting technical question whether or not it's covered by the actual proposal. How do you ensure that Messenger for instance is

1. actually doing the reporting, and not someone simply bypassing the app to keep sending e2ee chats without them being client-side scanned. That would most likely be against ToS and accounts would maybe get banned if doing so

2. prevent against spam reporting, where someone could basically DoS the reporting service with false positives

> If a photo are flagged, will it appear in a GDPR access request?

There are a bunch of dispositions in the draft concerning personal data protection (ctrl+f personal data to find the relevant articles). It also states pretty much everywhere that processing should be done in accordance with Regulation (EU) 2016/679, more commonly known as GDPR.

[0] https://www.patrick-breyer.de/en/posts/chat-control/

What really bugs me though, is this:

> Having regard to the availability of technologies that can be used to meet the requirements of this Regulation whilst still allowing for end-to-end encryption, nothing in this Regulation should be interpreted as prohibiting, requiring to disable, or making end-to-end encryption impossible. Providers should remain free to offer services using end-to-end encryption and should not be obliged by this Regulation to decrypt data or create access to end-to-end encrypted data

I believe this was added as a request from France, which didn't want E2EE to be undermined by this proposal. However, the provider would need to "create access to end-to-end encrypted data" to report it to the EU Centre. Although the following article states that E2EE can still be used if you don't send images, videos and URLs, so I guess that's the compromise?
risson
·2 年前·discuss
What would you suggest to citizens from other member states (France in my case) to do to sway representatives against this?
risson
·2 年前·discuss
This looks so much better than everything out there.

Only thing that irritates me is sso being locked behind a paid offering. No one should be required to pay for proper security when you offer a free option.
risson
·2 年前·discuss
Not very open source though
risson
·2 年前·discuss
Authentik dev here, AMA