Notices by OCTADE (octade@soc.octade.net)
-
Embed this notice
OCTADE (octade@soc.octade.net)'s status on Tuesday, 28-Jan-2025 15:25:54 JST 
OCTADE
parsing with 'jq' tends to ginormous one liners -
Embed this notice
OCTADE (octade@soc.octade.net)'s status on Friday, 24-Jan-2025 05:26:06 JST
OCTADE
looks at fruit bowl with wolfish hunger ... -
Embed this notice
OCTADE (octade@soc.octade.net)'s status on Wednesday, 22-Jan-2025 07:33:29 JST
OCTADE
Kodo and Podo in the soup:
https://www.youtube.com/watch?v=uNdGn-9W0ZY -
Embed this notice
OCTADE (octade@soc.octade.net)'s status on Wednesday, 22-Jan-2025 03:20:13 JST
OCTADE
snac was recently added to the Debian repos. Did you try installing it with apt? -
Embed this notice
OCTADE (octade@soc.octade.net)'s status on Wednesday, 22-Jan-2025 02:54:53 JST
OCTADE
which linux distro runs on your server? -
Embed this notice
OCTADE (octade@soc.octade.net)'s status on Tuesday, 21-Jan-2025 16:45:20 JST
OCTADE
When you settle out, maybe you could post some notes of your experiences in your timeline. That would save me from trying everything else ... -
Embed this notice
OCTADE (octade@soc.octade.net)'s status on Tuesday, 21-Jan-2025 16:26:40 JST
OCTADE
Ah, good question. How can you trust that my public key is really my public key?
You can't. Or you can. It is up to you. Let me explain.
Because my web server is secured with a HTTPS connection with HSTS and you can view the LetsEncrypt SSL cert that secures the data request. Or does it?
And because it is also on the hockeypuck servers you can trust that is my key: https://keys.openpgp.org/vks/v1/by-fingerprint/B9B2A8EC2C4B20D2011CFEAA07E4A7FFF6585E8F
Or can you?
However, my web server is more trustworthy than PGP keyservers. Or is it?
How do you prove that the PGP key server didn't replace my uploaded key with one of their own? Where did you get the key fingerprint? How can you know that connection was secure and not MITM'd?
You can't. Unless you have met me face-to-face and gotten the key from my own hand in meatspace, there is always the possibility, however slight or great, that someone in the chain of trust can impersonate me and give you their fake key instead of mine.
That's what I mean about cryptography and security theater. It sounds cool to get PGP keys from a keyserver, but any key server can poison the keys with their own fakes. And any CA can poison SSL certs under a secret order from the government, or upon the directive of a corrupt person working in their company.
Ring of trust is supposedly there to avoid that problem with PGP. Good luck trying to get any industry hacks to sign your PGP key into their ring of trust.
See what I mean?
I suppose that LetsEncrypt or any CA could also poison a connection with a malicious SSL cert for a MITM. How would anyone know?
See what I mean?
At some point, you have to trust someone, and you have to take someone else's word to trust the next person in the chain.
And this is why you should never rely upon public key cryptography to secure information that could get you hurt, imprisoned, or killed. Anyone who says otherwise is selling you rope and a tree. Under no circumstances should you ever communicate death-defying information over a public network using public key cryptography. Just don't ever do that, not ever.
The only verifiable cryptographic security is when you own the keys, and you exchange them in meat space with the other party, encrypted with very strong passphrases, with many gigabytes of OTP key material. Any other method requires you to trust someone or trust that a trapdoor function doesn't have a secret weakness.
This requirement to trust someone to vouch for identity is why it is called a certificate AUTHORITY or ring of trust. You have to accept some authority to vouch for the authenticity of the key and the identity of its holder. But you can't prove it unless you are face-to-face with that person.
In the old days, it was common to have PGP key signing parties, where people met in person in groups to verify each others' identities then sign each others' keys.
I'm not a high value target. It is highly unlikely that anyone running a hockeypuck server or SSL CA would serve a fake key on my account. Hacking me would net zero dollars return, so I don't worry about it. If I had high value information to communicate it would be either in person or through a courier using one-time pad keys. I wouldn't touch PGP or any Internet cryptosystem for something like that.
#PGP #Encryption #CyberSecurity #SecurityTheater #Cryptography -
Embed this notice
OCTADE (octade@soc.octade.net)'s status on Tuesday, 21-Jan-2025 16:18:15 JST
OCTADE
When MIT keyserver actually works ;) -
Embed this notice
OCTADE (octade@soc.octade.net)'s status on Tuesday, 21-Jan-2025 16:07:38 JST
OCTADE
Yeah, I think Mastodon is overkill for low count user bases. Pleroma is better, Friendica is even better yet, and snac is just right for me. Gotosocial and Tahake are probably decent, too, although I have not tested them since I like what I have and if it ain't broke I don't want to fix it. -
Embed this notice
OCTADE (octade@soc.octade.net)'s status on Tuesday, 21-Jan-2025 15:24:32 JST
OCTADE
I have several PGP public keys for making signatures. This key is for sending me email:
--BEGIN PGP PUBLIC KEY BLOCK-----
mDMEZpxhTxYJKwYBBAHaRw8BAQdAJEsfaeZOg4YwKq4oaJ+AuDFqjstXh/3A8JRq
VROOXx+0KkJ5cmwgUmF6ZSBCdWNrYnJpYXIgPGtleW94aWRlMEBvY3RhZGUubmV0
PokCwgQTFggCagIbAwULCQgHAgYVCgkICwIEFgIDAQIeAQIXgBYhBLmyqOwsSyDS
ARz+qgfkp//2WF6PBQJmnbCPTRSAAAAAABAANHByb29mQGFyaWFkbmUuaWRvcGVu
cGdwNGZwcjo2NzdBRTMyMzkyOUY4RkVFN0Q2RUFCODlBODY5REQ1OTYwRTY2NjE3
TRSAAAAAABAANHByb29mQGFyaWFkbmUuaWRvcGVucGdwNGZwcjpCOUIyQThFQzJD
NEIyMEQyMDExQ0ZFQUEwN0U0QTdGRkY2NTg1RThGPhSAAAAAABAAJXByb29mQGFy
aWFkbmUuaWRodHRwczovL29yY2lkLm9yZy8wMDA5LTAwMDktNTE0NC0zMjc4QxSA
AAAAABAAKnByb29mQGFyaWFkbmUuaWRodHRwczovL2NvZGViZXJnLm9yZy9PQ1RB
REUva2V5b3hpZGVfcHJvb2YwFIAAAAAAEAAXcHJvb2ZAYXJpYWRuZS5pZGRuczpv
Y3RhZGUubmV0P3R5cGU9VFhURBSAAAAAABAAK3Byb29mQGFyaWFkbmUuaWRodHRw
czovL2Jza3kuYXBwL3Byb2ZpbGUvb2N0YWRlLmJza3kuc29jaWFsRBSAAAAAABAA
K3Byb29mQGFyaWFkbmUuaWRodHRwczovL25ld3MueWNvbWJpbmF0b3IuY29tL3Vz
ZXI/aWQ9T0NUQURFKxSAAAAAABAAEnByb29mQGFyaWFkbmUuaWRuZXdzOi8vYWx0
LnJodWJhcmIrFIAAAAAAEAAScHJvb2ZAYXJpYWRuZS5pZHNtczovLzc4MS1PQ1Qt
QUdPTgAKCRAH5Kf/9lhej1PnAQDgqfTE2hKnMSMvspqk4YUBUNVjjI3571lGZUNC
forCVAD+OZExOp+mat0oJtCL/zMInmBeNnlu6xO/iwGndsAEIQC4OARmnGFPEgor
BgEEAZdVAQUBAQdAaf3rf2xm8ONAVAbV6UtFHehUJy7YmoPW2skWABd7FjQDAQgH
iHgEGBYIACAWIQS5sqjsLEsg0gEc/qoH5Kf/9lhejwUCZpxhTwIbDAAKCRAH5Kf/
9lhej8yWAQDnHRRWZKNQDNl+yQDZRe4gn/QICF2SB6DyLhGjpiLbdQEAmZ5M1HHQ
TslBggyfJ99HZicprQZw4f/rgNj2SGqW3gw=
=xzHb
--END PGP PUBLIC KEY BLOCK----- -
Embed this notice
OCTADE (octade@soc.octade.net)'s status on Tuesday, 21-Jan-2025 14:12:55 JST
OCTADE
@infostorm@a.gup.pe @crypto@a.gup.pe
Reportedly Elon Musk also said that Ross Ulbricht will be freed by Trump.
https://cryptobriefing.com/trump-pardon-ulbricht-prediction/
I'm digging for information on this matter.
#RossUlbricht #FreeRoss #SilkRoad #Darknet #Pardons #Trump #DreadPirateRoberts #DPR #Journalism #Journalists #Prisoners #Prisons #POTUS #Politics #President #USA #ElonMusk -
Embed this notice
OCTADE (octade@soc.octade.net)'s status on Tuesday, 21-Jan-2025 13:53:43 JST
OCTADE
@infostorm@a.gup.pe @crypto@a.gup.pe
Has anyone heard any word on the promised liberation of Silk Road opearator, Ross Ulbricht, also known as Dread Pirate Roberts?
"If you vote for me, on day one, I will commute the sentence of Ross Ulbricht ..."
According to this reported promise, Trump technically needs to pardon Ross or commute his sentence before midnight in the time zone where Ross is imprisoned.
I can't find any news on a commutation or pardon for Ross. Was the promise false news? Or has it already happened?
Journalists, have any of you contacted the White House or BOP about this matter?
https://www.yahoo.com/news/reminder-donald-trump-promised-free-220635344.html
#RossUlbricht #FreeRoss #SilkRoad #Darknet #Pardons #Trump #DreadPirateRoberts #DPR #Journalism #Journalists #Prisoners #Prisons #POTUS #Politics #President #USA -
Embed this notice
OCTADE (octade@soc.octade.net)'s status on Tuesday, 21-Jan-2025 07:51:38 JST
OCTADE
I had similar storage space issues with multiple activitypub servers. So I nuked them and I installed SNAC2.
Now my total disk space is 1.7 GB, which is far less than any of the other servers I tried.
SNAC2 fediverse server software: https://codeberg.org/grunfink/snac2 -
Embed this notice
OCTADE (octade@soc.octade.net)'s status on Tuesday, 21-Jan-2025 07:43:21 JST
OCTADE
non, vieille blague américaine sur les frites... ici on les appelle frites... comme blague pour les Français, c'était de dire "frites de la liberté" -
Embed this notice
OCTADE (octade@soc.octade.net)'s status on Tuesday, 21-Jan-2025 07:35:12 JST
OCTADE
All wars are holy wars. They are waging holy war for their idol. They consider the 'profane' people as livestock to be sacrificed on their battlefield altar.
We now return to your regularly scheduled programming. -
Embed this notice
OCTADE (octade@soc.octade.net)'s status on Tuesday, 21-Jan-2025 07:27:16 JST
OCTADE
freedom fries -
Embed this notice
OCTADE (octade@soc.octade.net)'s status on Tuesday, 21-Jan-2025 03:38:33 JST
OCTADE
The octopus looks like a brain with tentacles. -
Embed this notice
OCTADE (octade@soc.octade.net)'s status on Monday, 20-Jan-2025 12:06:55 JST
OCTADE
Either this is a, 'Well bless his heart' situation or some artist has a really sly sense of humor. -
Embed this notice
OCTADE (octade@soc.octade.net)'s status on Monday, 20-Jan-2025 11:51:31 JST
OCTADE
woot woot ... gangsta maff -
Embed this notice
OCTADE (octade@soc.octade.net)'s status on Monday, 20-Jan-2025 00:32:23 JST
OCTADE
@infostorm@a.gup.pe
Seriously?
#PixelFed #Captcha #CloudFlare
All GNU social JP content and data are available under the