whaack: diana_coman: EOD Report: I only completed my revised article for TheFleet. I distracted myself for part of the day by responding to the concerns that arose from a meatwot friend having seen a comment from mp on ztkfg + then reading trilema
diana_coman: whaack: lol, did you put their concerns to sleep at least?
diana_coman: jfw: that photo article made a lovely start to my day.
diana_coman: dorion: hardcore classicist this Chad friend of yours I gather; all downhill from beethoven, heh.
feedbot: http://ossasepia.com/2020/02/07/thinkpad-in-gales/ << Ossa Sepia -- Thinkpad in Gales
whaack: diana_coman: maybe slightly but i don't think so. the politics are a 180
whaack: 180 degree turn*
diana_coman: whaack: well, the gain usually is simply to get them to engage (in this case to get them to comment on your blog first, on trilema then etc) rather than attempt the sort of turning on the spot anyway; unless you really want to apply that ever useful advice to "use a bigger hammer" to put ~everything to sleep, ofc.
whaack: diana_coman: what do you mean by "'use a bigger hammer' to put ~everything to sleep"?
diana_coman: whaack: lol, it's the "rule of (non)engineering" - if it doesn't work/fit/start/stop, you can *always* use a ...bigger hammer; literally!
diana_coman: in the case of other people's concerns, it usually goes along the lines of giving them worse to be concerned about.
whaack: aha
whaack: jfw: do you use znc with yrc / have instructions anywhere for setting that up?
dorion: http://logs.ossasepia.com/log/ossasepia/2020-02-07#1017693 - for sure. though he's also been known to indulge Tool and Jimi Hendrix since I suppose Bach and Mozart didn't express every emotion.
ossabot: Logged on 2020-02-07 06:49:25 diana_coman: dorion: hardcore classicist this Chad friend of yours I gather; all downhill from beethoven, heh.
dorion: whaack nah. we run yrc on a server in a tmux.
jfw: diana_coman: http://logs.ossasepia.com/log/ossasepia/2020-02-07#1017692 - glad to hear it and the thinkpadingales one made a lovely start to mine.
ossabot: Logged on 2020-02-07 06:35:39 diana_coman: jfw: that photo article made a lovely start to my day.
jfw: whaack: I have not used bouncers and don't know how they do their thing; if they're supposed to be compatible with a normal irc server then I expect it should work
whaack: jfw: There's a property "login name" separate from "nick" on my current client, and I believe that needs to be set appropriately for znc. The other property that gets used is 'server password'
whaack: jfw: But I think I will use your tmux method.
jfw: normal irc has a username separate from nick as well, and yrc can give a password on login
jfw: It doesn't look like I've made it possible to set the username differently from the nick though. Some clients implicitly grab it from your OS username which I always thought kinda rude.
d41r: how do you guys import all the wot keys into your gpg client?
jfw: d41r: typically one only imports those in one's own WoT or that one is otherwise interested in
d41r: that sounds like mining bitcoin with a pencil and a leaf of paper
jfw: lol, do you expect to have meaningful & important conversations with everyone in there or what?
d41r: what is the purpose of the WOT if you can't use it?
d41r: (unless doing a lot of manual stuff)
d41r: btw, something's broken, my nick still does not appear on the "D" page
dorion: d41r join #trinque and ping raise it with trinque there. note that http://wot.deedbot.org/5092C1145245B67517A6CC1C8FE0D8F9352472FC.html exists.
d41r: dorion: thanks, i guess you need rating before appearing on the list, or something like that
jfw: d41r, again with not answering the question. What do you suppose automation would achieve there? Why would I care about the set of all alleged identities that've been announced somewhere, except perhaps for research projects?
billymg: http://logs.ossasepia.com/log/ossasepia/2020-02-05#1017311 << very productive, including a meeting about the fiber optic line with the technician you put me in touch with (thanks again)
ossabot: Logged on 2020-02-05 13:10:30 whaack: travel_billy: how has the rest of your trip turned out?
whaack: billymg: nice.
billymg: back in tx now, with a multipage todo list in my notebook to chew through before the move date
billymg: yeah, turns out the only fiber service they can offer me is enterprise tier, not residential (which he explained is split between 5 businesses vs. residential which is split between 25 homes)
billymg: cost for 10/10 is about $380/mo
billymg: 3 month buildout to lay the cable, need to first fill out an RFP to get a detailed proposal from them
billymg: going to do that and also research to see if there are other ISPs serving that area
billymg: (perhaps BingoBoingo can weigh on whether this all sounds legit or not based on his experience with latam internet service)
whaack: billymg: does your place have dsl in the meantime?
d41r: jfw: "Obtaining the PGP/GPG key of an author (or developer, publisher, etc.) from a public key server also presents risks, since the key server is a third-party middle-man, itself vulnerable to abuse or attacks. To avoid this risk, an author can instead choose to publish their public key on their own key server (i.e., a web server accessible through a domain name owned by them, and securely located in
d41r: their private office or home) and require the use of HKPS-encrypted connections for the transmission of their public key. For details, see WOT Assisting Solutions below." from https://en.wikipedia.org/wiki/Web_of_trust#Problems
billymg: whaack: previous owners had _something_, will have to look into that as temp measure as well
d41r: just a reminder that wot.deedbot.org is totally unencrypted
whaack: lol @ wikipedia article explaining how something else is 'vulnerable to abuse or attacks'
billymg: but i think best option might be one of those cellular hotspots and a data plan, provided i can find one that has LTE coverage where i am (which i know exists because some people visiting the property were getting it on their phones)
whaack: billymg: yes, you're going to want the cellular hotspot + data plan anyways
d41r: in the case of mitm or any other attack on wot.deedbot.org we're basically... fucked
d41r: it's 100% unencrypted and centralized
jfw: d41r, how would you authenticate someone's dns private home hkps etc without already having their key?
d41r: is that the case of wot.deedbot.org?
jfw: not sure what you mean there really.
d41r: deedbot's wot is 100% unencrypted and centralized
jfw: is it possible deedbot serves a malicious key? sure, as it's possible someone registers "d4lr" to try some social engineering, or my name isn't really jfw. Building trust starts from human relationships, the tools follow
jfw: what would encryption accomplish anyway? public keys necessarily are... public
BingoBoingo: billymg: This doesn't sound too abnormal. You probably want to ask everyone in the country, if everyone needs to build to get to you... You're essentially working as a small rural ISP yourself.
BingoBoingo: And if they are calling the service "enterprise" all of the 10/10 should be yours.
billymg: BingoBoingo: that was the only part that sounded funny to me too, "enterprise" being split between 5
dorion: d41r it's always best to meet in person and exchange keys, which many people have already done, which means someone will probably notice if someone tries to mitm and they'll speak up ;)
BingoBoingo: d41r: jfw any myself met, exchanged key fingerprints, ate very cheesy pizza, good times to be had breaking out of the 'anon' bubble
billymg: and yes, when he told me this i started thinking about using this for my personal hosting needs, although i'm not sure if it's a good idea to mix blog/bouncer hosting with what will also be my home internet
dorion: d41r then jfw brought me one of BingoBoingo's business cards with fingerprint and voila.
whaack: d41r: And I have BingoBoingo's fingerprint through meeting jfw
BingoBoingo: billymg: At the very least see what every ISP in Costa Rica can offer your place. I suspect that the monthly price per bps can drop quite a bit if you get more speed.
jfw: I'm patient 0 of the dreaded uruguayo identivirus!
d41r: jfw: an attacker could substitute a considerable amount of public keys with his own public keys, at any moment, and intercept private communication channels (irc, email, etc.)
BingoBoingo: d41r: One advantage of blog keeping is being able to publish your own keys for folks to compare.
d41r: ...on unencrypted web servers
BingoBoingo: "An attacker can" many things.
dorion: d41r there's no substitute for getting to know people.
d41r: then yet again... what is the purpose of having wot.deedbot.org?
BingoBoingo: d41r: What's your understanding of the "Heartbleed" episode
billymg: BingoBoingo: makes sense
BingoBoingo: <d41r> then yet again... what is the purpose of having wot.deedbot.org? << Repository for ratings.
d41r: BingoBoingo: a lot of work updating stuff, I remember
BingoBoingo: d41r: It allowed reading arbitrary bits of memory while creating no loglines on the victim machine.
d41r: BingoBoingo: great, that you need to manually verify and manually replicate on your own personal WoT
d41r: I mean, this is not a new problem, Keybase exists for a reason.
BingoBoingo: d41r: This is actually something a bit of scripting can assist, but yes. It is my WoT and keybase doesn't exist for it.
whaack: jfw or anyone else: does your normal work flow involve being in an x session? if so, do you use a tool to hotkey the movement of windows?
jfw: whaack, I sometimes use tiling window managers and otherwise might use alt-click to drag them around, not sure what movement you have in mind though
BingoBoingo: d41r: I didn't acquire all the public keys in my keyring all in one gulp if that's what you are asking.
BingoBoingo: It happened 2012/2013 through present and it is ongoing
whaack: jfw: i'm looking for a way to hotkey "move + resize active window to left/right half of screen" (and top/bottom left/right corner)
whaack: looks like yes, the term for what i'm looking for is a 'tiling window manager'
jfw: whaack: I don't know a thing that does specifically that other than it's what the tiling ones do full-time, though many have hotkeys for vertical or horizontal maximize
dorion: d41r how does PKI protect you from CAs diddling the WoT ?
d41r: it doesn't
dorion: good. so why do you want it ?
d41r: when I said I wanted it?
d41r: pki is shit, bro, it's literally technological shit
d41r: the epitome of centralization
d41r: what I did say is that we don't even have that level of shitty protection, we're totally unprotected right now, we only got the centralization and no protection, not even a shitty one
d41r: I think I'll work on solving that.
dorion: d41r hm, perhaps I inferred incorrectly, apologies.
d41r: no worries
dorion: I disagree that there's no protection though. e.g. I put the probability of me having an incorrect key for jfw at ~0%.
d41r: well, yeah, maybe next time I aqcuire teleportation powers I'll meet each one of you while wearing a mask (muh anonymity) so that we can exchange keys, jokes, and drink beer together
dorion: and , e.g. if he did end up issuing a new key signed by the one I now have, I'd not allocate the same level of trust until I verified it in person.
d41r: meanwhile, as I don't have many teleportation powers (or money for plane tickets, for that matter), I'll go with a more remote approach, like keybase.io, just decentralized
d41r: for now, if anyone wants to pm me, you can use this script I wrote: http://dpaste.com/32P2SSB , and a lot of trust on this link: http://wot.deedbot.org/5092C1145245B67517A6CC1C8FE0D8F9352472FC.html
dorion: d41r don't take it personal, but I wouldn't hold my breath for that if I were you. I'm open to be corrected, but I think it's safe to say the logs are a big reason people are here.
d41r: I'll put it this other way: don't pm me unless you encrypt your messages.