Maintainer and primary hardware producer of Signet: the completely open source, encrypted, hardware password manager!
The moral of the story here is that if you can afford to help with open source software, we could really use it!
I'm not talking about money. I'm talking about project management, learning how to reproduce issues, debug them, working towards a resolution and not just being able to do these, bit actually doing them in practice.
It takes time and effort. It means being part of a community. And the reward is that the world is a better place. It's not the riches tech bros promise.
Reason #25630 that I don't get things done faster: The MXE scripts to build .deb packages are broken and after dozens of hours trying to resolve it, I haven't been able to figure it out.
I opened a ticket about it a couple weeks ago, but no replies.
https://github.com/mxe/mxe/issues/3264
This is blocking my ability to fix the CI jobs that build the Windows releases of the Signet client, which is holding up a release.
In this case, I don't think anyone who knows about these scripts is still around.
Reason #25629 why I don't get things done faster. I spend time trying to get my patches upstreamed so more people can benefit from my work.
But just like my multi-year effort to get a patchlevel change in pam-u2f (from the original author and an official release, not a patch I wrote), it seems I'm being ghosted again.
Last time around, I reached out to the maintainer via email, the former maintainer, another person in auth, the maintainer via IRC, tried to get a mentor in IRC... all failed.
Reason #25628 why I don't get things done faster. I had to set aside my tasks to patch reprepro so it could handle control.tar.xz files which is what are created by all of Debian's modern tools to create .deb files.
I submitted a merge request 2 weeks ago, but it hasn't been commented on, let alone reviewed or accepted.
But I've got the .deb for it on my apt repo and you can see the change and compile my version here if you want it. https://salsa.debian.org/debian/reprepro/-/merge_requests/14
@beaiouns Yup, striving to be on most of the decentralized social media systems.
It's be nice to reach the people on exclusively on Facebook, X, and the others, but I just can't bring myself to create an account on any of those platforms. 🤷♂️
On the flip side, I feel like those who have at least one non-corporate social media account are more likely to be interested, so maybe kinda works out.
And physical access is within our threat model!
Contrast that to the way hardware security work when made by Intel, AMD or ARM:
https://infosec.exchange/@dangoodin/115459944536890363
AMD, Intel and Nvidia have poured untold resources into building on-chip trusted execution environments. These enclaves use encryption to protect data and execution from being viewed or modified. The companies proudly declare that these TEEs will protect data and code even when the OS kernel has been thoroughly compromised. The chipmakers are considerably less vocal about an exclusion that physical attacks, which are becoming increasingly cheap and easy, aren't covered by the threat model These physical attacks use off the shelf equipment and only intermediate admin skills to completely break all TEEs made from these three chipmakers. This shifting Security landscape leaves me asking a bunch of questions. What's the true value of a TEE going forward?. Can governments ever get subpoena rulings ordering a host provider to run this attack on their own infrastructure? Why do the companies market their TEEs so heavily for edge servers when one of the top edge-server threats is physical attacks? People say, "well yes. just run the server in Amazon or another top tier cloud provider and you'll be reasonably safe." The thing is, TEEs can only guarantee to a relying party that the server on the other end isn't infected and couldn't give up data even even if it was. There's no way for the relying party to know if the service is in Amazon or in an attackers's basement. So once again aren't we back to just trusting the cloud, which is precisely the problem TEEs were supposed to solve? https://arstechnica.com/security/2025/10/new-physical-attacks-are-quickly-diluting-secure-enclave-defenses-from-nvidia-amd-and-intel/
Today I helped a user compile the #signet client for an #ARM based version of #MacOS.
It required changing a couple library paths, and I've already upstreamed those changes to the latest copy of the repo.
This was something I've been wanted to test for a long time now, but I don't have the hardware and it's hard to get the time of someone who does. But we did it. Together.
Hardware secured encryption is #cipherpunk meets #cyberpunk ✊
If you made it to the end, do me a favor and tell some friends about #Signet and ask them to spread the word. It's not for everyone, but I want those people who will appreciate it to be able to find it.
❤️
Finally, I'm making it sustainable. I've had my device for years and replaced the USB-A connector after half a decade of daily use. I still use that same device daily. I still support 32-bit computers. It's not my place to tell you that you have to upgrade your computer. This culture of making everything cheap & disposable doesn't jive with me. Things should be built to last!
3/4
