| whaack: | diana_coman: EOD Report: I only completed my revised article for TheFleet. I distracted myself for part of the day by responding to the concerns that arose from a meatwot friend having seen a comment from mp on ztkfg + then reading trilema | [02:40] |
| diana_coman: | whaack: lol, did you put their concerns to sleep at least? | [06:35] |
| diana_coman: | jfw: that photo article made a lovely start to my day. | [06:35] |
| diana_coman: | dorion: hardcore classicist this Chad friend of yours I gather; all downhill from beethoven, heh. | [06:49] |
| feedbot: | http://ossasepia.com/2020/02/07/thinkpad-in-gales/ << Ossa Sepia -- Thinkpad in Gales | [11:01] |
| whaack: | diana_coman: maybe slightly but i don't think so. the politics are a 180 | [11:49] |
| whaack: | 180 degree turn* | [11:49] |
| diana_coman: | whaack: well, the gain usually is simply to get them to engage (in this case to get them to comment on your blog first, on trilema then etc) rather than attempt the sort of turning on the spot anyway; unless you really want to apply that ever useful advice to "use a bigger hammer" to put ~everything to sleep, ofc. | [11:59] |
| whaack: | diana_coman: what do you mean by "'use a bigger hammer' to put ~everything to sleep"? | [12:00] |
| diana_coman: | whaack: lol, it's the "rule of (non)engineering" - if it doesn't work/fit/start/stop, you can *always* use a ...bigger hammer; literally! | [12:03] |
| diana_coman: | in the case of other people's concerns, it usually goes along the lines of giving them worse to be concerned about. | [12:05] |
| whaack: | aha | [12:06] |
| whaack: | jfw: do you use znc with yrc / have instructions anywhere for setting that up? | [16:17] |
| dorion: | http://ossasepia.com/2020/04/21/ossasepia-logs-for-07-Feb-2020#1017693 - for sure. though he's also been known to indulge Tool and Jimi Hendrix since I suppose Bach and Mozart didn't express every emotion. | [16:20] |
| ossabot: | Logged on 2020-02-07 06:49:25 diana_coman: dorion: hardcore classicist this Chad friend of yours I gather; all downhill from beethoven, heh. | [16:20] |
| dorion: | whaack nah. we run yrc on a server in a tmux. | [16:21] |
| jfw: | diana_coman: http://ossasepia.com/2020/04/21/ossasepia-logs-for-07-Feb-2020#1017692 - glad to hear it and the thinkpadingales one made a lovely start to mine. | [16:25] |
| ossabot: | Logged on 2020-02-07 06:35:39 diana_coman: jfw: that photo article made a lovely start to my day. | [16:25] |
| jfw: | whaack: I have not used bouncers and don't know how they do their thing; if they're supposed to be compatible with a normal irc server then I expect it should work | [16:25] |
| whaack: | jfw: There's a property "login name" separate from "nick" on my current client, and I believe that needs to be set appropriately for znc. The other property that gets used is 'server password' | [16:27] |
| whaack: | jfw: But I think I will use your tmux method. | [16:28] |
| jfw: | normal irc has a username separate from nick as well, and yrc can give a password on login | [16:28] |
| jfw: | It doesn't look like I've made it possible to set the username differently from the nick though. Some clients implicitly grab it from your OS username which I always thought kinda rude. | [16:31] |
| d41r: | how do you guys import all the wot keys into your gpg client? | [16:32] |
| jfw: | d41r: typically one only imports those in one's own WoT or that one is otherwise interested in | [16:35] |
| d41r: | that sounds like mining bitcoin with a pencil and a leaf of paper | [16:36] |
| jfw: | lol, do you expect to have meaningful & important conversations with everyone in there or what? | [16:37] |
| d41r: | what is the purpose of the WOT if you can't use it? | [16:38] |
| d41r: | (unless doing a lot of manual stuff) | [16:38] |
| d41r: | btw, something's broken, my nick still does not appear on the "D" page | [16:41] |
| dorion: | d41r join #trinque and ping raise it with trinque there. note that http://wot.deedbot.org/5092C1145245B67517A6CC1C8FE0D8F9352472FC.html exists. | [16:44] |
| d41r: | dorion: thanks, i guess you need rating before appearing on the list, or something like that | [16:45] |
| jfw: | d41r, again with not answering the question. What do you suppose automation would achieve there? Why would I care about the set of all alleged identities that've been announced somewhere, except perhaps for research projects? | [16:47] |
| billymg: | http://ossasepia.com/2020/04/21/ossasepia-logs-for-05-Feb-2020#1017311 << very productive, including a meeting about the fiber optic line with the technician you put me in touch with (thanks again) | [16:48] |
| ossabot: | Logged on 2020-02-05 13:10:30 whaack: travel_billy: how has the rest of your trip turned out? | [16:48] |
| whaack: | billymg: nice. | [16:49] |
| billymg: | back in tx now, with a multipage todo list in my notebook to chew through before the move date | [16:49] |
| billymg: | yeah, turns out the only fiber service they can offer me is enterprise tier, not residential (which he explained is split between 5 businesses vs. residential which is split between 25 homes) | [16:51] |
| billymg: | cost for 10/10 is about 80/mo | [16:51] |
| billymg: | 3 month buildout to lay the cable, need to first fill out an RFP to get a detailed proposal from them | [16:52] |
| billymg: | going to do that and also research to see if there are other ISPs serving that area | [16:52] |
| billymg: | (perhaps BingoBoingo can weigh on whether this all sounds legit or not based on his experience with latam internet service) | [16:53] |
| whaack: | billymg: does your place have dsl in the meantime? | [16:53] |
| d41r: | jfw: "Obtaining the PGP/GPG key of an author (or developer, publisher, etc.) from a public key server also presents risks, since the key server is a third-party middle-man, itself vulnerable to abuse or attacks. To avoid this risk, an author can instead choose to publish their public key on their own key server (i.e., a web server accessible through a domain name owned by them, and securely located in | [16:53] |
| d41r: | their private office or home) and require the use of HKPS-encrypted connections for the transmission of their public key. For details, see WOT Assisting Solutions below." from https://en.wikipedia.org/wiki/Web_of_trust#Problems | [16:53] |
| billymg: | whaack: previous owners had _something_, will have to look into that as temp measure as well | [16:54] |
| d41r: | just a reminder that wot.deedbot.org is totally unencrypted | [16:55] |
| whaack: | lol @ wikipedia article explaining how something else is 'vulnerable to abuse or attacks' | [16:55] |
| billymg: | but i think best option might be one of those cellular hotspots and a data plan, provided i can find one that has LTE coverage where i am (which i know exists because some people visiting the property were getting it on their phones) | [16:55] |
| whaack: | billymg: yes, you're going to want the cellular hotspot + data plan anyways | [16:56] |
| d41r: | in the case of mitm or any other attack on wot.deedbot.org we're basically... fucked | [16:56] |
| d41r: | it's 100\% unencrypted and centralized | [16:56] |
| jfw: | d41r, how would you authenticate someone's dns private home hkps etc without already having their key? | [16:56] |
| d41r: | is that the case of wot.deedbot.org? | [16:57] |
| jfw: | not sure what you mean there really. | [16:59] |
| d41r: | deedbot's wot is 100\% unencrypted and centralized | [17:00] |
| jfw: | is it possible deedbot serves a malicious key? sure, as it's possible someone registers "d4lr" to try some social engineering, or my name isn't really jfw. Building trust starts from human relationships, the tools follow | [17:01] |
| jfw: | what would encryption accomplish anyway? public keys necessarily are... public | [17:02] |
| BingoBoingo: | billymg: This doesn't sound too abnormal. You probably want to ask everyone in the country, if everyone needs to build to get to you... You're essentially working as a small rural ISP yourself. | [17:02] |
| BingoBoingo: | And if they are calling the service "enterprise" all of the 10/10 should be yours. | [17:03] |
| billymg: | BingoBoingo: that was the only part that sounded funny to me too, "enterprise" being split between 5 | [17:04] |
| dorion: | d41r it's always best to meet in person and exchange keys, which many people have already done, which means someone will probably notice if someone tries to mitm and they'll speak up ;) | [17:05] |
| BingoBoingo: | d41r: jfw any myself met, exchanged key fingerprints, ate very cheesy pizza, good times to be had breaking out of the 'anon' bubble | [17:05] |
| billymg: | and yes, when he told me this i started thinking about using this for my personal hosting needs, although i'm not sure if it's a good idea to mix blog/bouncer hosting with what will also be my home internet | [17:05] |
| dorion: | d41r then jfw brought me one of BingoBoingo's business cards with fingerprint and voila. | [17:06] |
| whaack: | d41r: And I have BingoBoingo's fingerprint through meeting jfw | [17:06] |
| BingoBoingo: | billymg: At the very least see what every ISP in Costa Rica can offer your place. I suspect that the monthly price per bps can drop quite a bit if you get more speed. | [17:07] |
| jfw: | I'm patient 0 of the dreaded uruguayo identivirus! | [17:07] |
| d41r: | jfw: an attacker could substitute a considerable amount of public keys with his own public keys, at any moment, and intercept private communication channels (irc, email, etc.) | [17:07] |
| BingoBoingo: | d41r: One advantage of blog keeping is being able to publish your own keys for folks to compare. | [17:08] |
| d41r: | ...on unencrypted web servers | [17:08] |
| BingoBoingo: | "An attacker can" many things. | [17:08] |
| dorion: | d41r there's no substitute for getting to know people. | [17:08] |
| d41r: | then yet again... what is the purpose of having wot.deedbot.org? | [17:09] |
| BingoBoingo: | d41r: What's your understanding of the "Heartbleed" episode | [17:09] |
| billymg: | BingoBoingo: makes sense | [17:09] |
| BingoBoingo: | <d41r> then yet again... what is the purpose of having wot.deedbot.org? << Repository for ratings. | [17:09] |
| d41r: | BingoBoingo: a lot of work updating stuff, I remember | [17:09] |
| BingoBoingo: | d41r: It allowed reading arbitrary bits of memory while creating no loglines on the victim machine. | [17:10] |
| d41r: | BingoBoingo: great, that you need to manually verify and manually replicate on your own personal WoT | [17:10] |
| d41r: | I mean, this is not a new problem, Keybase exists for a reason. | [17:10] |
| BingoBoingo: | d41r: This is actually something a bit of scripting can assist, but yes. It is my WoT and keybase doesn't exist for it. | [17:11] |
| whaack: | jfw or anyone else: does your normal work flow involve being in an x session? if so, do you use a tool to hotkey the movement of windows? | [17:11] |
| jfw: | whaack, I sometimes use tiling window managers and otherwise might use alt-click to drag them around, not sure what movement you have in mind though | [17:13] |
| BingoBoingo: | d41r: I didn't acquire all the public keys in my keyring all in one gulp if that's what you are asking. | [17:13] |
| BingoBoingo: | It happened 2012/2013 through present and it is ongoing | [17:14] |
| whaack: | jfw: i'm looking for a way to hotkey "move + resize active window to left/right half of screen" (and top/bottom left/right corner) | [17:15] |
| whaack: | looks like yes, the term for what i'm looking for is a 'tiling window manager' | [17:17] |
| jfw: | whaack: I don't know a thing that does specifically that other than it's what the tiling ones do full-time, though many have hotkeys for vertical or horizontal maximize | [17:17] |
| dorion: | d41r how does PKI protect you from CAs diddling the WoT ? | [19:09] |
| d41r: | it doesn't | [19:11] |
| dorion: | good. so why do you want it ? | [19:12] |
| d41r: | when I said I wanted it? | [19:13] |
| d41r: | pki is shit, bro, it's literally technological shit | [19:13] |
| d41r: | the epitome of centralization | [19:14] |
| d41r: | what I did say is that we don't even have that level of shitty protection, we're totally unprotected right now, we only got the centralization and no protection, not even a shitty one | [19:16] |
| d41r: | I think I'll work on solving that. | [19:16] |
| dorion: | d41r hm, perhaps I inferred incorrectly, apologies. | [19:18] |
| d41r: | no worries | [19:20] |
| dorion: | I disagree that there's no protection though. e.g. I put the probability of me having an incorrect key for jfw at ~0\%. | [19:20] |
| d41r: | well, yeah, maybe next time I aqcuire teleportation powers I'll meet each one of you while wearing a mask (muh anonymity) so that we can exchange keys, jokes, and drink beer together | [19:22] |
| dorion: | and , e.g. if he did end up issuing a new key signed by the one I now have, I'd not allocate the same level of trust until I verified it in person. | [19:22] |
| d41r: | meanwhile, as I don't have many teleportation powers (or money for plane tickets, for that matter), I'll go with a more remote approach, like keybase.io, just decentralized | [19:24] |
| d41r: | for now, if anyone wants to pm me, you can use this script I wrote: http://dpaste.com/32P2SSB , and a lot of trust on this link: http://wot.deedbot.org/5092C1145245B67517A6CC1C8FE0D8F9352472FC.html | [19:28] |
| dorion: | d41r don't take it personal, but I wouldn't hold my breath for that if I were you. I'm open to be corrected, but I think it's safe to say the logs are a big reason people are here. | [19:35] |
| d41r: | I'll put it this other way: don't pm me unless you encrypt your messages. | [19:41] |
| dorion: | http://ossasepia.com/2020/04/21/ossasepia-logs-for-06-Feb-2020#1017538 - thank you for the update. | [21:23] |
| ossabot: | Logged on 2020-02-06 01:11:58 lobbes: dorion: just to explicitly state it somewhere: I'm pulling off of tmsr os work for now while I sort out some other priorities. | [21:23] |
| feedbot: | http://younghands.club/2020/02/08/rmd-review-feb-1st-7th-2020/ << Young Hands Club -- RMD review, Feb 1st-7th, 2020 | [21:24] |
| dorion: | diana_coman my review was a bit on the heavy side and I have some potential clients to meet up with for an hour or two. my plan is to be back in relative early tonight, sleep at a decent hour and make the plan tomorrow am. I hope that doesn't throw off your plan for tomorrow. | [21:34] |
| d41r: | dorion: clients? | [21:43] |
| d41r: | what do you sell? | [21:43] |
| trinque: | http://ossasepia.com/2020/04/21/ossasepia-logs-for-02-Feb-2020#1016795 << ok, I won't sign a patch that removes functionality I use. no biggie either way, but I question this "PROGRAM MAY NOT HAVE FLAGS" undercurrent implicit. | [22:31] |
| ossabot: | Logged on 2020-02-02 10:35:49 whaack: trinque: I agree with diana_coman and so in the end decided to remove the rejoin on kick feature altogether | [22:31] |
| trinque: | http://ossasepia.com/2020/04/21/ossasepia-logs-for-05-Feb-2020#1017513 << yeah, the guy can sign the new key with the old, and I'll get around to it. I don't mind. | [22:32] |
| ossabot: | Logged on 2020-02-05 16:54:35 jfw: your best bet would be to join #trinque and ask trinque nicely | [22:32] |
| trinque: | http://ossasepia.com/2020/04/21/ossasepia-logs-for-06-Feb-2020#1017555 << thanks for flagging that. I'll fix. | [22:32] |
| ossabot: | Logged on 2020-02-06 11:21:30 d41r: trinque: https://0x0.st/iic8.png | [22:32] |
| d41r: | what about trb? has it forked from btc's chain? | [23:19] |
Comments feed: RSS 2.0