Notices by Joshua Judson Rosen (rozzin@status.hackerposse.com), page 9

Joshua Judson Rosen (rozzin@status.hackerposse.com)'s status on Monday, 29-Jul-2019 11:11:20 EDT Joshua Judson Rosen

Another global Slack outage. Anyone want to skate around on chairs and swordfight?

In conversation Monday, 29-Jul-2019 11:11:20 EDT from status.hackerposse.com permalink
Joshua Judson Rosen (rozzin@status.hackerposse.com)'s status on Wednesday, 10-Jul-2019 03:37:55 EDT Joshua Judson Rosen
- FoxtrotGPS
!FoxtrotGPS 1.2.2 is out! https://lists.osgeo.org/pipermail/foss-gps/2019-July/001772.html
(and if you missed the release of 1.2.1, there are some notes on that as well)

In conversation Wednesday, 10-Jul-2019 03:37:55 EDT from status.hackerposse.com permalink
Joshua Judson Rosen (rozzin@status.hackerposse.com)'s status on Monday, 08-Jul-2019 15:00:26 EDT Joshua Judson Rosen

There seems to be a "somethingsomething Piano Movers" truck sitting outside my house blasting out a very loud guitar solo from its radio right now.

In conversation Monday, 08-Jul-2019 15:00:26 EDT from status.hackerposse.com permalink
Joshua Judson Rosen (rozzin@status.hackerposse.com)'s status on Wednesday, 03-Jul-2019 10:32:33 EDT Joshua Judson Rosen
in reply to
- kat
So, "what am I doing when I get a new key from someone and check the signatures to see if there are any people in common" depends heavily on what you mean by "check the signatures" and "people in common". If you mean "trace through signature-chains with no #trust #metrics to find *reachable* signatures", then no you're not using #WoT verification, you're making your own inferences based on something else.

In conversation Wednesday, 03-Jul-2019 10:32:33 EDT from status.hackerposse.com permalink
Joshua Judson Rosen (rozzin@status.hackerposse.com)'s status on Wednesday, 03-Jul-2019 01:15:55 EDT Joshua Judson Rosen
in reply to
- kat
That #Tails "use the WoT" download #verification guide is telling you to do 2 distinct things:
1) use #PGP WoT metrics to identify someone who is a Tails developer (but not AFAICT to identify that person *as* a Tails developer);
2) make a WoT-less leap from "this is Bob" to "Bob is verified as a Tails developer AND his signatures mean something".

In that "→A→B→C" chain of mixed ops, #WoT only takes you to B.

In conversation Wednesday, 03-Jul-2019 01:15:55 EDT from status.hackerposse.com permalink
Joshua Judson Rosen (rozzin@status.hackerposse.com)'s status on Wednesday, 03-Jul-2019 00:56:58 EDT Joshua Judson Rosen
in reply to
- kat
It may also matter that when I say "#PGP", I really mean "#GnuPG" because AFAICT GPG is the PGP that everyone actually uses these days. There are "trust signatures" in #OpenPGP, and GPG can make and use them..., but they're a whole different thing from "trust", "signatures", and #WoT. And I don't think I've ever actually seen one in the wild. Some other PGP implementation might use tsigs by default? But I doubt it?

In conversation Wednesday, 03-Jul-2019 00:56:58 EDT from status.hackerposse.com permalink
Joshua Judson Rosen (rozzin@status.hackerposse.com)'s status on Wednesday, 03-Jul-2019 00:49:32 EDT Joshua Judson Rosen
in reply to
- kat
That #PGP's #WoT metrics (supposedly) propagate through signature-chains is somehow basically an extremely popular #myth; "talks about WoT being all about arbitrarily-long multi-hop chains of trust" and "conflates #trust and #identity #certification" have been "understands-pgp-p" litmus tests for me since I realized how confused *I was myself* years ago, and they've never failed before.

In conversation Wednesday, 03-Jul-2019 00:49:32 EDT from status.hackerposse.com permalink
Joshua Judson Rosen (rozzin@status.hackerposse.com)'s status on Wednesday, 03-Jul-2019 00:33:56 EDT Joshua Judson Rosen
in reply to
- kat
There is a chance I've misunderstood what you mean when you say "trust paths" if by "path" you didn't mean "linked lists that may be >1 indirection long". If so, sorry!☺

In conversation Wednesday, 03-Jul-2019 00:33:56 EDT from status.hackerposse.com permalink
kat (boneidol@indy.im)'s status on Tuesday, 02-Jul-2019 08:38:09 EDT kat
- Joshua Judson Rosen
@rozzin help me out!
what am I doing then when I get a new key from someone I've not communicated with, and check the signatures to see if there are any people in common ?

What are the people at Tails doing here ? https://tails.boum.org/install/linux/usb-download/index.en.html#install-inc-steps-download.inline.web-of-trust https://indy.im/attachment/138158

It looks to me like building a human connection through the WoT
In conversation Tuesday, 02-Jul-2019 08:38:09 EDT from indy.im at 32°58'59"N 49°7'59"E permalink Repeated by rozzin
Attachments
1. Untitled attachment
Joshua Judson Rosen (rozzin@status.hackerposse.com)'s status on Tuesday, 02-Jul-2019 08:12:09 EDT Joshua Judson Rosen
- kat
Contrary to popular belief, "trust paths" are not actually a thing in #PGP.

In conversation Tuesday, 02-Jul-2019 08:12:09 EDT from status.hackerposse.com permalink
Joshua Judson Rosen (rozzin@status.hackerposse.com)'s status on Monday, 01-Jul-2019 15:50:40 EDT Joshua Judson Rosen
in reply to
- kat
ALSO, I'm reminded that there was this other #HKP #keyserver released a few years ago, compatible w/ #SKS but written in #Golang, which might relieve some of "zomg unmaintainable!" problems with the SKS servers: https://hockeypuck.github.io/ !crypto #PGP #GnuPG

In conversation Monday, 01-Jul-2019 15:50:40 EDT from status.hackerposse.com permalink
Joshua Judson Rosen (rozzin@status.hackerposse.com)'s status on Monday, 01-Jul-2019 15:42:36 EDT Joshua Judson Rosen
in reply to
- kat
Also it seems kind of inappropriate to be using "poisoning" as its being used here: https://gist.github.com/rjhansen/67ab921ffb4084c865b3618d6955275f !crypto
In conversation Monday, 01-Jul-2019 15:42:36 EDT from status.hackerposse.com permalink
Attachments
1. SKS Keyserver Network Under Attack
  
  from Gist
  
  SKS Keyserver Network Under Attack. GitHub Gist: instantly share code, notes, and snippets.
Joshua Judson Rosen (rozzin@status.hackerposse.com)'s status on Monday, 01-Jul-2019 15:40:24 EDT Joshua Judson Rosen
in reply to
- kat
@boneidol The signature-flooding attack on the SKS #keyservers (and DoS of their users) is bad but doesn't actually sound like any kind of #apocalypse, and has basically nothing to do with the #WoT; signature-chains maybe, but that's something else entirely. !crypto

In conversation Monday, 01-Jul-2019 15:40:24 EDT from status.hackerposse.com permalink
kat (boneidol@indy.im)'s status on Sunday, 30-Jun-2019 07:39:51 EDT kat

oh Shit... the GPG web of trust is dead https://gist.github.com/rjhansen/67ab921ffb4084c865b3618d6955275f
In conversation Sunday, 30-Jun-2019 07:39:51 EDT from indy.im permalink Repeated by rozzin
Attachments
1. SKS Keyserver Network Under Attack
  
  from Gist
  
  SKS Keyserver Network Under Attack. GitHub Gist: instantly share code, notes, and snippets.
Joshua Judson Rosen (rozzin@status.hackerposse.com)'s status on Friday, 28-Jun-2019 12:13:21 EDT Joshua Judson Rosen

Spent yesterday optimizing an uploader, and today half of the data in my datasets are now uploading at "infinite speed". So... proud? I guess? Hope I don't turn into a salamander....

In conversation Friday, 28-Jun-2019 12:13:21 EDT from status.hackerposse.com permalink
Joshua Judson Rosen (rozzin@status.hackerposse.com)'s status on Thursday, 27-Jun-2019 15:32:29 EDT Joshua Judson Rosen
- Free Software Foundation
Also remember: the #FreeSoftware community introduced the first #OpenMoko months before #Apple launched #iPhone — and #GreenPhone months before that. Even with major... debut foibles, they were amazing—not just technically, but also socially: https://www.mail-archive.com/gnhlug-discuss@mail.gnhlug.org/msg26330.html

In conversation Thursday, 27-Jun-2019 15:32:29 EDT from status.hackerposse.com permalink
Free Software Foundation (fsf@status.fsf.org)'s status on Thursday, 27-Jun-2019 12:10:52 EDT Free Software Foundation

The first Apple iPhone was introduced 12 years ago this week, making today a good day to remind you how much Apple loves to stomp on privacy rights and software freedom: https://u.fsf.org/2mz See resources at https://u.fsf.org/1w8 https://status.fsf.org/attachment/1197034

In conversation Thursday, 27-Jun-2019 12:10:52 EDT from status.fsf.org at 42°21'30"N 71°3'35"W permalink Repeated by rozzin
Joshua Judson Rosen (rozzin@status.hackerposse.com)'s status on Thursday, 27-Jun-2019 14:27:34 EDT Joshua Judson Rosen
- Joshua Judson Rosen
#q «It’s basically like having all of the letters in the English alphabet, but getting rid of random ones. Like, “Let’s take out ‘B’ because ‘B’ kind of offends me.”» https://status.hackerposse.com/url/18772 #emoji

In conversation Thursday, 27-Jun-2019 14:27:34 EDT from status.hackerposse.com permalink
Joshua Judson Rosen (rozzin@status.hackerposse.com)'s status on Thursday, 27-Jun-2019 14:25:09 EDT Joshua Judson Rosen

The more I try to use #emoji, the more it feels like the whole attempt their #globalization has been a colossal #fail. Like: "wait, it's `triumph', not `fuming mad'?". And that's not even getting into the intentional iconoclast #shenanigans like "sci-fi vs. waterplay vs. guns".

In conversation Thursday, 27-Jun-2019 14:25:09 EDT from status.hackerposse.com permalink
Joshua Judson Rosen (rozzin@status.hackerposse.com)'s status on Wednesday, 26-Jun-2019 21:19:38 EDT Joshua Judson Rosen
- Stephen Sekula
@steve, I don't know if it's on the same level, but I'm listening to this right now...: https://thirdmanstore.com/carl-sagan-a-glorious-dawn-7-vinyl
In conversation Wednesday, 26-Jun-2019 21:19:38 EDT from status.hackerposse.com permalink
Attachments
1. A Glorious Dawn
  
  Side A: A Glorious Dawn B side features etched artwork on vinyl

After
Before

Public

Notices by Joshua Judson Rosen (rozzin@status.hackerposse.com), page 9