Yojimbo @yojimbo@hackers.town

#introduction I've been hacking unix systems since the mid-80s in a good way, and I try to stay in the unix/free software/open source software world as much as possible.

I build far too many workflows that mix bash, python, awk, sed and golang together to drag data from odd places, polish it up, and put the results somewhere where the sun does shine. With possibly less input safety than is needed ...

For money, I do infosec. For fun, I play Elite:Dangerous and help run the in-universe radio station RadioSidewinder.com.

I also live somewhere that isn't in your timezone, have a family that just wants their tech to work, and look forward to owning electric vehicles.

https://www.vice.com/en_us/article/qkmeyd/meet-the-artist-using-ritual-magic-to-trap-self-driving-cars

When did "No discrimination against fields of endeavour" become "unless you're a Nazi, or ICE"?

Is everyone *actually* re-discovering Karl Popper's Paradox of Tolerance (https://en.wikipedia.org/wiki/Paradox_of_tolerance) or are they just failing to understand the history of Free Software?

The Emirates NBD anti-phishing advert recently: https://www.youtube.com/watch?v=sVoowiXytWY

Very good, re-purposing a bit of pop culture like this for #security advice.

But I'm very very conflicted over their use of the original track - one of the most misogynistic and abusive stories of gaslighting in music lyrics. Not rescued by a line in the last chorus of "we should say sorry".

Over time, it seems like most of my USB sticks have ended up with either Ubuntu or OpenBSD on them ...

Current Linux getrandom() blocks, even when you think you're defaulting to urandom, if an initial entropy estimate gate hasn't been reached (512 bits), because CVE-2018-1108.

Less than 2 months into $newjob and we have a genuine production issue caused by insufficient entropy! They sure hired the right person for this job! 🙂

I like the thinking behind https://solar.lowtechmagazine.com/2018/12/keeping-some-of-the-lights-on-redefining-energy-security.html

It would be interesting to structure power delivery for wider access; for free everyone gets X kWh available for Y hours every 24. If you want more, you can start to pay for it. If you need less, you don't. In cold conditions the values of X and Y can be increased; in warm ones decreased; in hot ones increased again 🙂

But the 'basic human right of access to electricity' is not the "unlimited consumption as long as you pay for it; or nothing at all" model we currently have.

The International Date Line is a human construction, and is strange ...

Something I didn't know before:

"""
For the two hours between 10:00 and 11:59 UTC each day, three different calendar dates are observed at the same time in different places on Earth. For example, at 10:15 UTC Thursday, it is 23:15 Wednesday in American Samoa (UTC−11:00), Thursday in most of the world, and 00:15 Friday in Kiritimati (UTC+14:00).
"""

The OpenPGP keyserver network is at risk of collapse. https://gist.github.com/rjhansen/67ab921ffb4084c865b3618d6955275f

I've been using OpenPGP for a long time now; at $lastjob I signed 99% of all my outgoing email, for example. I do not now, and never have, used the "web of trust". I directly manually verify every key I have in my keystore. If someone else signs my key for me, I thank them and keep the email, but don't publish the results. (With one exception for a period where it was looking like I'd have to become a Debian contributor).

I've phone up organisations and asked for their key fingerprints (yes, including CERTs). I've printed my fingerprints on business cards. I've used keys from the keyservers, to communicate with people that I know but don't happen to have the current key for.

I have never trusted someone elses' signature on a key, because I don't know if they have the same standards as I do.