diana_coman: !o uptime
ossabot: diana_coman: time since my last reconnect : 0d 15h 20m
shrysr: http://logs.nosuchlabs.com/log/ossasepia/2019-08-26#1000639 << what exactly do you mean by public toilet? I searched the trilema logs and found some references - but I don't think I really understand. Any computer connected to the internet, or say is hosting a website accessible over the internet is a public toilet? i.e any non air-gapped machine?
snsabot: Logged on 2019-08-26 09:48:32 diana_coman: shrysr_: do me a favour and get rid of the https thing as it makes your blog inaccessible from anything other than my public-toilet computer so you're missing out on me commenting there.
diana_coman: shrysr: it has more to do with what runs on that machine really and how open to the network it is; it might mean different precise things for different people.
shrysr: diana_coman: okay, so what does it mean to you? do you have strict classification of activities you do on your public toilet computer, versus another.... well.. 'somewhat' air gapped computer, to the extent of the degree that you can live with?
shrysr: i guess the question is also about how to start thinking / upgrade the way i deal with my data. I'm not totally ignorant abt security in the sense that i have never stored anything of importance on dropbox ... on the other hand I did store almost everything on evernote for a period. I guess that cancels it out, but it was terribly convenient to whip up a tax return or receipt or whatever in a snap... and
shrysr: was literally how I could manage my migration here in a smooth manner. I gather it is a matter of degree.. but are there absolute 'wrong' things I should avoid at all costs?
shrysr: for example - does it mean, I should never use my linode VPS as a mail server of sorts, or have any private keys on it? Should I have a public toilet edition of gpg keys as well ?
BingoBoingo: shrysr: I recommend not running your own mail server. Keeping up with mail serving standards can eat ALL of your time and the big inbox cartels can still default distrust your mailings.
BingoBoingo: And no private keys on linode at all. People have lost Bitcoin for doing that http://trilema.com/2012/the-bitcoin-drama-timeline/
BingoBoingo: Or "no private keys of value" on linode
diana_coman: shrysr: as BingoBoingo points out, the one most important thing is for sure NEVER store your private keys there (and esp. not on a vps/online/someone else's machine/...)
diana_coman: I have a "travel key " (i.e. the one for diana_alt as you might have noticed), yes; even that one was never stored on vps and the like.
diana_coman: the part to grasp is that your private key IS "you", your identity whole here
diana_coman: anything signed/done under that key is *done by you* by definition, there is no way to claim "it wasn't me" after the fact
diana_coman: and moreover, losing that key (i.e. being unable to decrypt something encrypted to it) literally means you "die" around here because there's no way to tell it's "you"
diana_coman: you can of course make another key but you start over with it, as if you just came in.
diana_coman: onth re gov data and paperwork and the like - they are pretty much nothing to do with actual security anyway (despite the whole loud pretense otherwise "we take care of your data" bla bla)
diana_coman: sure, you can observe some degrees there too but you won't be able to secure it meaningfully anyway, because of its actual use (i.e. yes, you are pretty much required to handle it over insecure media and in insecure ways)
diana_coman: so yes, all my interfacing with usual gov/local admin/child's school etc that is done online is done through the public toilet pc for instance
diana_coman: for that matter I consider though that data pretty much public anyway i.e. I'm under no illusion that it is not public, whatever is claimed otherwise.
diana_coman: shrysr: as a general principle, the core of non-public would be this: the default rule is "no" to everything and the exceptions (i.e. what CAN be done/access/make it there) are each and every one specifically added when/if needed.
diana_coman: you might see the link there with the earlier advice re new software and tools: by default it's NO to everyone; the onus is on them to prove they do something useful and can be trusted before being even considered.
diana_coman: that's after all the definition of "private": not open to everyone, default closed; by contrast, public (at its total extreme) is default open to everyone with specific exceptions that are not allowed
diana_coman: so: on public toilet there's default allowed and a list of not allowed stuff; on private computer there's default forbidden and a (small) list of allowed stuff.
diana_coman: !o uptime
ossabot: diana_coman: time since my last reconnect : 1d 3h 48m
asciilifeform: diana_coman: neato. loox like your pipe is quite stable enuff for bot.
diana_coman: so far so good, yes