Aaruni's Blog v 3.0

Authentication

Authentication is any process that verifies and validates the identity of a client. Any login process is a type of authentication. Traditionally, authentication is done via a username and a password.

Multi Factor Authentication

Multi factor authentication (MFA) uses multiple factors to establish identity, instead of a single one, as in the classical case. These factors can be

• Something you know (e.g., password)
• Something you have (e.g., a phone)
• Something you are (e.g., biometrics)
• Somewhere you are (e.g., GPS coordinates)

With a sane setup, for the vast majority of daily activities, 2 Factor Authentication (2FA) is sufficient.

One Time Password

A One Time Password (OTP) is, as the name suggests, a single use password. It is most frequently used as a second factor in a 2 Factor Authentication scheme. It provides the “something you have” factor: the device providing the password.

Time based One Time Password

A Time based One Time Password (TOTP) is a One Time Password which uses the current time to generate the One Time Password. This means that TOTPs do not need a working network connection, and can still make a valid OTP on demand. Mathematically, a TOTP is just a function which takes two inputs, a seed, and the time. If the seed is shared ahead of time, as a pre shared secret, TOTP can be, and is used, as a complete and secure replacement for classical forms of OTP.

Tail-what?

Tailscale is a project by Tailscale Inc which creates a mesh network of your devices. It allows all the devices on your tailscale network, the “tailnet”, to talk to each other direclty, in a peer to peer manner. It does not matter if your devices are separated by the internet, or a NAT, or even a CGNAT: tailscale can break through and create a functional tunnel between each of your devices. It works by employing Wireguard behind the scenes to create a tunnel from each device, to every other device in your tailnet. For 9 devices, that means 90 tunnels have to be created and maintained, and without tailscale, this operation would be MANUAL! The full breakdown of exactly how Tailscale works can be found here.

As part of my work, I’m heavily using ostree. Ostree is a git like content addressed store for filesystem trees. Its a really cool technology for distributing software, and is used by many major players in the industry : GnomeOS, rpm-ostree, flatpaks, and so on. While ostree has capability of deploying entire OS trees (hence the name), it can also be used in “user mode” (as opposed to “host mode”), where it manages only a target user repository, instead of the entire host. (Fun fact, ostree has the ability to juggle between different versions of the OS, or even different OSs!)

Pi-hole

Pi-hole is a network wide adblocker service for Linux systems. It works as a DNS blackhole, that is, it blocks resolving DNS queries for certain addresses. So, it is able to block ads by refusing to resolve the address from which an ad must be loaded! Contrary to what the name might suggest, Pi-hole can run on almost any Linux box on almost any platform, not just a Raspberry-Pi computer. More information about Pi-hole can be found at their official website.