Notices by Joshua Judson Rosen (rozzin), page 11
-
Joshua Judson Rosen (rozzin)'s status on Saturday, 10-Aug-2019 01:04:20 EDT 
Joshua Judson Rosen
Hah--to be fair, #NH #1 cause of power-outages is probably #MA drivers coming up to gawk at fall foliage, and running into utility-polls while gawking.... That's just my guess, tho' ;p #fallpreytofoliage -
Bobby Casey (bobbyc)'s status on Friday, 09-Aug-2019 17:39:19 EDT 
Bobby Casey
@rozzin@status.hackerposse.com a few more outages and they'll reach the quality of PSNH! -
Joshua Judson Rosen (rozzin)'s status on Monday, 05-Aug-2019 13:11:35 EDT
Joshua Judson Rosen
!listening to Pentagram Home Video's "The Left Hand Path", thinking parts of it sound incredibly familiar... but can't identify the specific #memory: https://www.youtube.com/watch?v=U66MEIOmL1Y&list=OLAK5uy_njFK9ciO4Juqwi8W1CX2iiTdf7cfmNRVI&index=3 -
Joshua Judson Rosen (rozzin)'s status on Monday, 05-Aug-2019 13:03:08 EDT
Joshua Judson Rosen
Didn't Slack say something like "we want to be a utility company—like the power company!" recently? -
Joshua Judson Rosen (rozzin)'s status on Monday, 05-Aug-2019 12:51:59 EDT
Joshua Judson Rosen
Yeah, really. I just wish that some of them would *stay down* sometimes—let the world move on from them.... -
Bobby Casey (bobbyc)'s status on Monday, 29-Jul-2019 23:25:15 EDT
Bobby Casey
@rozzin@status.hackerposse.com Yeah, it is so much more convenient now that I never have to question who is affected by an outage. Amazon issue, everyone's affected. Dyn issue, everyone's affected. Slack issue, everyone's affected. Isn't progress great! -
Joshua Judson Rosen (rozzin)'s status on Monday, 29-Jul-2019 11:17:34 EDT
Joshua Judson Rosen
Remember when there were multiple egg-baskets in the world? -
Joshua Judson Rosen (rozzin)'s status on Monday, 29-Jul-2019 11:11:20 EDT
Joshua Judson Rosen
Another global Slack outage. Anyone want to skate around on chairs and swordfight? -
Joshua Judson Rosen (rozzin)'s status on Wednesday, 10-Jul-2019 03:37:55 EDT
Joshua Judson Rosen
!FoxtrotGPS 1.2.2 is out! https://lists.osgeo.org/pipermail/foss-gps/2019-July/001772.html
(and if you missed the release of 1.2.1, there are some notes on that as well) -
Joshua Judson Rosen (rozzin)'s status on Monday, 08-Jul-2019 15:00:26 EDT
Joshua Judson Rosen
There seems to be a "somethingsomething Piano Movers" truck sitting outside my house blasting out a very loud guitar solo from its radio right now. -
Joshua Judson Rosen (rozzin)'s status on Wednesday, 03-Jul-2019 10:32:33 EDT
Joshua Judson Rosen
So, "what am I doing when I get a new key from someone and check the signatures to see if there are any people in common" depends heavily on what you mean by "check the signatures" and "people in common". If you mean "trace through signature-chains with no #trust #metrics to find *reachable* signatures", then no you're not using #WoT verification, you're making your own inferences based on something else. -
Joshua Judson Rosen (rozzin)'s status on Wednesday, 03-Jul-2019 01:15:55 EDT
Joshua Judson Rosen
That #Tails "use the WoT" download #verification guide is telling you to do 2 distinct things:
1) use #PGP WoT metrics to identify someone who is a Tails developer (but not AFAICT to identify that person *as* a Tails developer);
2) make a WoT-less leap from "this is Bob" to "Bob is verified as a Tails developer AND his signatures mean something".
In that "→A→B→C" chain of mixed ops, #WoT only takes you to B. -
Joshua Judson Rosen (rozzin)'s status on Wednesday, 03-Jul-2019 00:56:58 EDT
Joshua Judson Rosen
It may also matter that when I say "#PGP", I really mean "#GnuPG" because AFAICT GPG is the PGP that everyone actually uses these days. There are "trust signatures" in #OpenPGP, and GPG can make and use them..., but they're a whole different thing from "trust", "signatures", and #WoT. And I don't think I've ever actually seen one in the wild. Some other PGP implementation might use tsigs by default? But I doubt it? -
Joshua Judson Rosen (rozzin)'s status on Wednesday, 03-Jul-2019 00:49:32 EDT
Joshua Judson Rosen
That #PGP's #WoT metrics (supposedly) propagate through signature-chains is somehow basically an extremely popular #myth; "talks about WoT being all about arbitrarily-long multi-hop chains of trust" and "conflates #trust and #identity #certification" have been "understands-pgp-p" litmus tests for me since I realized how confused *I was myself* years ago, and they've never failed before. -
Joshua Judson Rosen (rozzin)'s status on Wednesday, 03-Jul-2019 00:33:56 EDT
Joshua Judson Rosen
There is a chance I've misunderstood what you mean when you say "trust paths" if by "path" you didn't mean "linked lists that may be >1 indirection long". If so, sorry!☺ -
kat (boneidol)'s status on Tuesday, 02-Jul-2019 08:38:09 EDT 
kat
@rozzin help me out!
what am I doing then when I get a new key from someone I've not communicated with, and check the signatures to see if there are any people in common ?
What are the people at Tails doing here ? https://tails.boum.org/install/linux/usb-download/index.en.html#install-inc-steps-download.inline.web-of-trust https://indy.im/attachment/138158
It looks to me like building a human connection through the WoT -
Joshua Judson Rosen (rozzin)'s status on Tuesday, 02-Jul-2019 08:12:09 EDT
Joshua Judson Rosen
Contrary to popular belief, "trust paths" are not actually a thing in #PGP. -
Joshua Judson Rosen (rozzin)'s status on Monday, 01-Jul-2019 15:50:40 EDT
Joshua Judson Rosen
ALSO, I'm reminded that there was this other #HKP #keyserver released a few years ago, compatible w/ #SKS but written in #Golang, which might relieve some of "zomg unmaintainable!" problems with the SKS servers: https://hockeypuck.github.io/ !crypto #PGP #GnuPG -
Joshua Judson Rosen (rozzin)'s status on Monday, 01-Jul-2019 15:42:36 EDT
Joshua Judson Rosen
Also it seems kind of inappropriate to be using "poisoning" as its being used here: https://gist.github.com/rjhansen/67ab921ffb4084c865b3618d6955275f !crypto -
Joshua Judson Rosen (rozzin)'s status on Monday, 01-Jul-2019 15:40:24 EDT
Joshua Judson Rosen
@boneidol The signature-flooding attack on the SKS #keyservers (and DoS of their users) is bad but doesn't actually sound like any kind of #apocalypse, and has basically nothing to do with the #WoT; signature-chains maybe, but that's something else entirely. !crypto
All Hacker Poesy content and data are available under the 