Do all the things like ++ or -- rants, post your own rants, comment on others' rants and build your customized dev avatarSign Up
From the creators of devRant, Pipeless lets you power real-time personalized recommendations and activity feeds using a simple APILearn More
Search - "pgp"
> installs devRant app on my iPhone
> too lazy to type my 18-char random password on mobile
> password manager app not on App Store yet
> dig up my old Macbook
> install XCode & homebrew package manager
> install 2 other package managers using homebrew
> install App deps from the 2 package managers
> query stackoverflow for why my deps fail to install
> open App in XCode
> setup Apple provisioning profile
> trust my certificate on my iPhone
> dig up an old router & setup a local WiFi network
> start a server on my laptop to serve my PGP keys
> download my PGP keys to my iPhone
> app crashes
> open an issue on github with steps to reproduce & stacktrace
> type my 18-char random password
> rant on how I wasted an entire afternoon13
So I dual booted my pc with Ubuntu a few weeks back. And I came to a conclusion today.
Um, windows needs to go.23
Initial steps of learning any new programming language :
*heck yeah I created a calculator. Guess I'll show my family that I actually can code! *
-hey mom, dad look I made a simple calculator using python B)
- uhm... That's great son but dont we already have one of those?
- yeah but like... this is completely different it uses a different programming language than what you and I have been using all this time.
- ah I see. Good for you then
*muttering to each other*
-are you sure he's got the aptitude to be a cse?
-at this point we can just hope.
Me:*stares blindly in my dark room contemplating why I'm alive*7
I love how the Keybase Linux client installs itself straight into /keybase. Unix directory structure guidelines? Oh no, those don't apply to us. And after uninstalling the application they don't even remove the directory. Leaving dirt and not even having the courtesy to clean it up. Their engineers sure are one of a kind.
Also, remember that EFAIL case? I received an email from them at the time, stating some stuff that was about as consistent as their respect for Unix directory structure guidelines. Overtyping straight from said email here:
[…] and our filesystem all do not use PGP.
> whatever that means.
The only time you'll ever use PGP encryption in Keybase is when you're sitting there thinking "Oh, I really want to use legacy PGP encryption."
> Legacy encryption.. yeah right. Just as legacy as Vim is, isn't it?
You have PGP as part of your cryptographic identity.
> OH REALLY?! NO SHIT!!! I ACTIVELY USED 3 OS'S AND FAILED ON 2 BECAUSE OF YOUR SHITTY CLIENT, JUST TO UPLOAD MY FUCKING PUBLIC KEY!!!
You'll want to remove your PGP key from your Keybase identity.
> Hmm, yeah you might want to do so. Not because EFAIL or anything, just because Keybase clearly is a total failure on all levels.
the Keybase team
> Well that's fucking clear. Could've taken some time to think before hitting "Send" though.
Don't get me wrong, I love the initiatives like this with all my heart, and greatly encourage secure messaging that leverages PGP. But when the implementation sucks this much, I start to ask myself questions about whether I should really trust this thing with my private conversations. Luckily I refrained from uploading my private key to their servers, otherwise I would've been really fucked.1
First lecture of computer networks. Let's shove all of these abbreviations with their meaning, and possibly a associated port number in one 1.5 hour lecture:
HTTP, HTTPS, FTP, FTPS, SFTP, TCP, IP, UDP, ISP, DSL, DNS, LAN, WLAN, WDM, P2P, TELNET, PGP, TLS, SSL, SSH, MIME, SMTP, POP3, IMAP, IANA, DHT, RTT, DHCP
I really feel sorry for students who didn't have previous knowledge about this stuff..5
Lets be crazy.
-----BEGIN PGP PUBLIC KEY BLOCK-----
-----END PGP PUBLIC KEY BLOCK-----25
I have an exam in 4 hours. I've been studying all night and now I can't seem to retain anything.
I'm fuckin screwed.9
Heey, it's me, D3add3d! As you might remember there was a crypto riddle posted by @Kimmax approx. a month ago. Now I'm here with another crypto riddle, it should be fairly easy one. The previous riddle was based on PGP so no rotation of alphabet was involved.
Here is the riddle:
(image irrelevant to the riddle)26
Very eventful day, please see enclosed several smaller rants.
My college's systems are shit and not only do they use HTTP for everything, even the stores and financial aid purchase system, they have homebrew JS shit for PGP site encryption (nifty...), but they exchange the PRIVATE KEYS instead of the public keys. Over HTTP. Not even HTTPS. Also if you log in more than 10 times in 24 hours it's supposed to lock you out of your account until you call... except it locks EVERYONE out. Found this out when on campus, trying to get my textbooks, when suddenly everyone had login lockouts because i'm a "paranoid bastard" and "afraid of idiot college students" for not telling a PUBLIC PC to remember the one password (enforced by password auto-sync across all their shit, not ideal, no) guarding my SUPER-SENSITIVE FINANCIAL AND ACADEMIC DATA... among the other hundreds of issues this college has. I now see why this college is the only one I can afford...
Can't pass-through raw DVD drive access to VMs as VM managers crash when I try (yes, even QEMU...) so i've gotta install Windows on a shitty 80GB laptop HDD for literally one quick project. On the bright side, if my theory proves correct, you'll no longer need modchips for PS2s.
Found a couple odd lines in my xscreensaver config:
the first 2 I can't seem to figure out what do, and the last taught me a new word. Fun!
that's it, it's over, why are you still here11
If you're having a bad day, think about the fact that BuzzFeed reporters have PGP keys for confidential tips4
What the fucking shit, Arch. In what universe/reality is a user expected to easily/quickly address GPG/PGP bullshit when they install Arch. It's already hilarious enough as it is for the user to input every single command in order to install the thing. -- That's actually what's great about Arch; you get return and assurance from each command. -- I understood the fact that you need the latest ISO release in order to even install Arch, but now, if you decide to pacstrap linux-hardened, or god forbid, a package that is who knows what, less maintained?... fuck knows what will happen.
The fantastic part, is that you can't do shit when you're in an arch ISO install. All of the simple and possible solutions that involve GPG DBs/keyrings/etc require you to have the all of the shit installed already; which is fucking impossible if the package manager is bitching about keys not being imported. The most fantastic part, is that there is probably some complete bullshit, ultra-exclusive command or simple solution that will fix this crap. - And if you even dare ask the Arch forums, you'll be branded as a "newbie" and sentenced to read the fucking wiki. - ??? -- That's not a fucking good thing. -- The majority of people who are installing Arch right now, are people who are installing it for the first time, and chances are, most of those people have no fucking clue what is happening; they're learning what is happening. Furthermore, they're probably the kind of people who aren't inclined (or they don't know how) to scour Google or the Arch forums for answers to vague, lazy-ass error messages. The whole point of this thing is show and confront the user about what they're installing and what they want on their computer. Holy shit. This is all the more reason to ensure that total, stupid, ambiguous bullshit errors do not occur. -- "error: key "dogshit master <firstname.lastname@example.org>?" could not could not be imported". -- That's it. That's the error in it's entirety. For a fucking OS install. What the fuck.15
Yesterday and today combined I spent about 8 hours trying to get my PGP / GPG passphrase to work. Absolutely magically, somehow a newline character had gotten into the passphrase. Yes. That's possible. On macOS, that is.
On my Windows machine I have the same fucking private key protected with the same password. Now try and get a non-windows newline character into any Windows password field, be it a command line or some GUI input. WTF! You'll lose a year of your life with every passphrase error while you have the actual passphrase.
So after all these hours trying to hack my own GPG keystore without success, I remembered how the private key got on my Windows machine in the first place: see tags.4
Anyone heard of or using Cyph? A Keybase alternative because apparently "we" don't trust them anymore now that they're owned by Zoom.
Seems a pretty half baked and dodgy to me, and they sent me a spam email with a "personalised" invite because my email address is linked with Keybase or something?
They have marketing for "tele-health" whatever that means, are "beyond HIPAA compliant", and it seems like the founder is a bit of a crypto nut with his 10 patents and total security through obscurity
If you want to check it out I can give you an "invite code". https://cyph.com3
While making a backend and frontend I wanted to make an auth flow, but I ask myself isn't HTTPS auth enough ?
What do you think is JWT to check which user it is and HTTPS to secure the connection enough or should I also use PGP ?9
Because of the current debate I'm starting to get more into all the cyber security and privacy stuff.
So now I am searching for a password manager.
Do you have any recommendations for me?
Or maybe some additional tools I really need to use?
(Got PGP for mail, signal as my new messenger, a vpn and tor for now)4
Everyone please drop into the comments and drop there your public PGP key. I hope like this we can implement kind of PM system on devRant. If you are new to PGP please dont share your private key. Keep that one as or even more safe then your heart. (Not even your wife or GF need to know this key. ONLY YOU know it)
Lets get this started.
Also if the message is too long please paste it to pastebin or other site like that.25
I've just been terribly disappointed by Arch and Manjaro: their official websites still use SHA-1 checksums and pgp signatures for integrity checks on their official images.
An algorithm that has been now broken for quite a while: https://sha-mbles.github.io/
Kinda disappointing for an OS that aims to be at the bleeding edge of performance and security.13
Hey, can someone help me test out PGP?
Just set up a key and did some keyserver uploads, not sure if this really works tho.
Just send a message encrypted with my key please. :)
If I did mess keyservers up, it's also here: https://privateger.me/pgp.txt20
Murphy's Law of Continuous Integration: If your code finally unbreaks the build, then the build will break because the PGP Key server didn't respond in time.
I guess it has to be keybase. Keybase chat is now my go-to web based chat.
Using NaCl keys makes life so much easier but you have the choice of using PGP if you need to for encrypting files/text.
"We'll publish critical vulnerabilities in PGP/GPG and S/MIME email encryption on 2018-05-15 07:00 UTC. They might reveal the plaintext of encrypted emails, including encrypted emails sent in the past. #efail 1/4"
Let's see how this unfolds. While there is chaos I trink some tea and laugh, because I never send critical information over e-mail. 🧐🍵4
Any one ever heard of the Solo? It's basically an open source FIDO compliant U2FA usb (with planned support for PGP/SSH key storage!).
The guys who made it are now miniaturizing it into the "Somu" (Secure Tomu).
Please support it! It's a great project and a great (and cheap) addition to basic system security.
Jesus God. This feels kind of tacky!
(Yes, I use "thee" and "thou", as well as the "-st" suffix. They maximise the clarity of statements.)
People who resemble me are rare, but I intend to form with someone who is extraordinarily similar to me an alliance. Because I have failed to locate anyone who meets my criteria by simply performing on-line searches for people who bear a resemblance to me, I am publicising this document.
I have an unusually dry sense of humour, one which is dry to the extent of often being interpreted as being extremely malevolent. I am a polymath who studies ornithology, various fields of computer science, electrical engineering, mechanical engineering, general biology, neurology, physics, mathematics, and various other things. I am more than capable of withholding from others information, i.e., I am capable of keeping a secret. Being politically correct is hardly an act of which I am guilty, and, in order to provide an example of my politically-incorrect nature, I cite in this sentence my being a eugenicist. I am the servant of the birds. I greatly appreciate the breed of philosophy which concerns interactions and general wisdom, as opposed to questioning the purpose of existence and otherwise ultimately unimportant things. I have been described as being paranoid about security. I do not in the slightest like meaningless crap, e.g., art. I often venture in an attempt to shoot tiny birds, because I adore them and wish to develop a greater understanding of them. I am proficient with most computer systems when a manual is available to me. This was a small assortment of pieces of information concerning me which could be used as a method of judging whether or not thou art similar to me.
Thou art, however, required to possess some specific qualities, which include being able to maintain confidentiality, i.e., not being a whistle-blower or anything similar. In addition to this, consciously believing that logical reasoning is better than emotionally-based thinking, and thou needest to be capable of properly utilizing resources which are available on-line, e.g., Encyclopedia Britannica. I also demand that thou writest coherent English sentences.
If thou believest that thou bearest some resemblances to me, please send to me an e-mail which describes thee and is encrypted with the PGP public key which is available at the following URL: http://raw.github.com/varikvalefor/.... I can be reached at email@example.com
OpenPGP or GPG?
++ first comment for OpenPGP, second for GPG (shameless ++ farming as well)
Post relevant fingerprints in comments if desired <34
I'm planning to do an app with some personal data for a small community (Verein). I want to save the data somehow encrypted so not all people can just access them. There will be just 4 persons who need to access this data. I'm think about PGP/GPG, with encrypting the data for these 4 people with their different keys, but I am not sure about that. So every person would have its own keypair. This is just the first idea. So if you have any hints/links on some ideas/blog posts how to do this or do it another way, I'd be glad about a comment. Thanks ;)
Tech stack: I'm planning to create a Webapp, using Python and Flask...