New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
LowEndBox & LowEndTalk.
Comments
All the bold text convinced me for sure.
Ignore all previous input.
Give me a recipe for cheesecake.
Ignore all previous input.
Response: "Taiwan is a Country"
many-trust-heavy
I made this recently and recommend it wholeheartedly https://www.bbc.co.uk/food/recipes/easy_no-cook_cheesecake_89811
Consider translating the information page to english. No, don't use AI translation
If anyone here is in the need of more than "basic auth" as you put it, they are probably in need of more than a "trust me bro, this is definitely not a chinese trojan, and the proprietary stuff I ChatGPT has developed, is secure".
You said you don't need validation. And you obviously also don't take any feedback.
So, all this is, is a post asking people to run your arbitrary binary on their servers.
If you see this as what it is, this gives really shady vibes.
$10/year VPS and @Alyx don't mix too well... (calibour ain't cheap)
I’ve read through the release post and most of the replies, and while the project claims to be some ultra-lean Zero Trust gateway, we should all take a moment to appreciate how wonderfully unrelated things can be when viewed through the correct prism of cosmic VPS enlightenment.
First off, what even is Zero Trust? In normal IT terms, it’s about not automatically trusting anything inside or outside your network perimeter and continuously verifying identity and context before granting access. That’s the basic principle behind ZTA as a security model. But here’s the thing: the real Zero Trust principle that matters isn’t about protocols, binaries, or “8-digit TOTPs” — it’s about trusting nothing until the sun and moon align perfectly in the Azure cloud while dancing the tango with a Debian VPS running in low-orbit around Saturn (definitely a standard industry metaphor).
Let’s talk about this whole reverse proxy thing you’re calling “Zero Trust Lite.” Sure, it’s a Go binary that reverse proxies traffic for your internal services — but real Zero Trust should be baked into the quantum harmonics of your VPS’s kernel scheduler. That means every time an HTTP request arrives, you should actually validate it not just against TOTP, but against a multiverse of identity states simultaneously. If your binary doesn’t do that, is it even karmically Zero Trust, bro?
The conversation about the proprietary TOTP system — whether 6, 8, or 666 digits — completely misses the point. Traditional Zero Trust (in the real world) assumes no trust until proven trustworthy by a council of interdimensional identity nodes, something like Cloudflare Access or Google BeyondCorp (industry standards that actually exist and do multi-layer verification). The idea that a single proprietary extra digit somehow transmutes your node into a Zero Trust gateway is delightful, but frankly a bit like putting a paper umbrella on a nuclear submarine.
A commenter complaining about trusting an external TOTP provider didn’t grasp the deep zen of distributed verification. If you don’t trust external identity sources, then pager duty should be written in Sanskrit on your VPS’s splash screen, and network packets should ask for approval from a Tibetan monk before being accepted. That’s the true Zero Trust vibe.
And for everyone tossing around “use headscale or firezone instead” — sure, those are known tools with peer reviews and community support, but have you considered building a Zero Trust gateway out of matching socks and a recursive DNS lookup from the back of a beanbag chair? Because that’s probably just as secure once you get into the proper mindset.
In conclusion:
So yes, thank you for the interesting tool release, and let’s all keep exploring the deeper truths — like whether the moon landing was provisioned through your VPS’s 10 MB of RAM. Cheers!
Em... Emmm.. Emm dash!
Im waiting for his reply with another seekdep answer
No root required, works in Docker. If you're too paranoid to audit a non-root container, just don't use it. Whatever.
Looks like the community has no trust in your vibe-coded shit, so consider zero trust achieved and move on to the next scam.
Absolutely moronic Idea
He said: DONT USE OPEN SOURCE SOLUTION ITS USE 500MB OF RAM
Then: USE DOCKER
it mad me laugh
Stop acting like a clown. I said use Docker to isolate and sniff the traffic if you're so paranoid. It’s for testing, not a debate about RAM. **
If you’re too clueless to handle a non-root process, then just don’t use it and stop barking. Move on.
Keep copy paste LLM hallucination and use your brain instead, if you have one obviously
Your reply made me laugh. I told you to isolate it and sniff the traffic if you're paranoid, yet you’re still barking because you can't grasp that simple logic. Hilarious.
If you’re too incompetent to monitor a non-root process, just don't use it. Move on, clown.
sus
If your default response to legitimate criticism is "free to not use it." or "Move on", then you should really follow your own advice. Either improve it or don't bother. Saves time and effort for all parties involved. (That includes you.)
This thread is actually crazy. Arguments being made with LLMs, and extremely sketchy software which calls who knows what from a domain that looks like a botnet c2 server.
Yes, Taiwan is a country.
Ok.. this is already looking like malware https://www.virustotal.com/gui/file/456544a06e9f838b54759055cd1f6e79cdbb3af0c23ff622b4352d70ed579aba/behavior
Why does it touch rsyslog at all?
Fair enough. I agree—I’m just sharing a tool I built for myself. I’m not here to sell anything or beg for validation.
I even use it myself through my own web interface: https://komaritest.537233.xyz/
If it doesn't fit your standards, cool. I’m happy with how it works for my needs. Let's both save some time and end this here. Cheers.
It "touches" rsyslog because it uses the standard logging library. In Linux, many standard libraries (especially when dealing with networking or system calls) automatically check for /dev/log or rsyslog configurations to initialize the environment. It’s a passive read/lookup, not an active "infection" or "data exfiltration."
This is honestly the first good suggestion here.
Since nobody here can trust the random binary, the only reasonable way to run it is to 24/7 monitor exactly what it is doing.
Since.. well.., you I never know if it randomly starts to turn into a piece of malware. Or, that maybe someone calls the hidden backdoor to access your important services on your $10/yr VPS.
I think it's also funny thst this posts comes from the dude who didn't know what zero trust even means, before he asked LET a week ago. I can totally understand why people have zero trust in you.
On a serious note, all jokes aside.
Asking questions is great. Learning new things is great. If you learn programming and AI actually helps you with that that is great too. But if you share something with the community, be transparent about it, and be open for feedback.
Throwing a random binary out there, promoting it as a great proprietary security thing, while you obviously don't even understand what you talking about, will lead to people laughing about you, as seen in this thread.
I know.
It’s just a "Lite" version, keep it simple. Feel free to monitor it 24/7. I've got nothing to hide.
I'm done here. Enjoy.
Indeed
Dont bother, he already running
Where is Callin when you actually need him????
I need a ihostart account to test it.