Do all the things like ++ or -- rants, post your own rants, comment on others' rants and build your customized dev avatarSign Up
Get a devDuck
Rubber duck debugging has never been so cute! Get your favorite coding language devDuckBuy Now
Search - "pgp"
> installs devRant app on my iPhone
> too lazy to type my 18-char random password on mobile
> password manager app not on App Store yet
> dig up my old Macbook
> install XCode & homebrew package manager
> install 2 other package managers using homebrew
> install App deps from the 2 package managers
> query stackoverflow for why my deps fail to install
> open App in XCode
> setup Apple provisioning profile
> trust my certificate on my iPhone
> dig up an old router & setup a local WiFi network
> start a server on my laptop to serve my PGP keys
> download my PGP keys to my iPhone
> app crashes
> open an issue on github with steps to reproduce & stacktrace
> type my 18-char random password
> rant on how I wasted an entire afternoon13
So I dual booted my pc with Ubuntu a few weeks back. And I came to a conclusion today.
Um, windows needs to go.23
Initial steps of learning any new programming language :
*heck yeah I created a calculator. Guess I'll show my family that I actually can code! *
-hey mom, dad look I made a simple calculator using python B)
- uhm... That's great son but dont we already have one of those?
- yeah but like... this is completely different it uses a different programming language than what you and I have been using all this time.
- ah I see. Good for you then
*muttering to each other*
-are you sure he's got the aptitude to be a cse?
-at this point we can just hope.
Me:*stares blindly in my dark room contemplating why I'm alive*7
I love how the Keybase Linux client installs itself straight into /keybase. Unix directory structure guidelines? Oh no, those don't apply to us. And after uninstalling the application they don't even remove the directory. Leaving dirt and not even having the courtesy to clean it up. Their engineers sure are one of a kind.
Also, remember that EFAIL case? I received an email from them at the time, stating some stuff that was about as consistent as their respect for Unix directory structure guidelines. Overtyping straight from said email here:
[…] and our filesystem all do not use PGP.
> whatever that means.
The only time you'll ever use PGP encryption in Keybase is when you're sitting there thinking "Oh, I really want to use legacy PGP encryption."
> Legacy encryption.. yeah right. Just as legacy as Vim is, isn't it?
You have PGP as part of your cryptographic identity.
> OH REALLY?! NO SHIT!!! I ACTIVELY USED 3 OS'S AND FAILED ON 2 BECAUSE OF YOUR SHITTY CLIENT, JUST TO UPLOAD MY FUCKING PUBLIC KEY!!!
You'll want to remove your PGP key from your Keybase identity.
> Hmm, yeah you might want to do so. Not because EFAIL or anything, just because Keybase clearly is a total failure on all levels.
the Keybase team
> Well that's fucking clear. Could've taken some time to think before hitting "Send" though.
Don't get me wrong, I love the initiatives like this with all my heart, and greatly encourage secure messaging that leverages PGP. But when the implementation sucks this much, I start to ask myself questions about whether I should really trust this thing with my private conversations. Luckily I refrained from uploading my private key to their servers, otherwise I would've been really fucked.1
First lecture of computer networks. Let's shove all of these abbreviations with their meaning, and possibly a associated port number in one 1.5 hour lecture:
HTTP, HTTPS, FTP, FTPS, SFTP, TCP, IP, UDP, ISP, DSL, DNS, LAN, WLAN, WDM, P2P, TELNET, PGP, TLS, SSL, SSH, MIME, SMTP, POP3, IMAP, IANA, DHT, RTT, DHCP
I really feel sorry for students who didn't have previous knowledge about this stuff..5
Gmail is a cancer.
You can have as safe of an email provider as you want but it doesn’t matter if half to three quarters of the people you want to talk too are on it.
Pgp doesn’t hide metadata.
Well played google.23
Lets be crazy.
-----BEGIN PGP PUBLIC KEY BLOCK-----
-----END PGP PUBLIC KEY BLOCK-----25
Heey, it's me, D3add3d! As you might remember there was a crypto riddle posted by @Kimmax approx. a month ago. Now I'm here with another crypto riddle, it should be fairly easy one. The previous riddle was based on PGP so no rotation of alphabet was involved.
Here is the riddle:
(image irrelevant to the riddle)26
Don't you just hate ignorance of others? I sure do. Don't you just hate when you try to tell someone something, but the person on the receiving end is like "Well, it's not my job, so I cannot relate, so I am not going to listen to you at all."
Now, let's talk about a little thing called PRIVACY. Whenever people ask me "Why do you not use Google Chrome, but you use firefox instead?" I always answer "Because it does not compromise your online privacy as much." But, those idiots never listen. The same goes with me being in favor of Unix-like systems such as MacOS and Linux. But they for some idiotic reason do not care for online privacy. They go for the "convenience". I know Google uses the data it collects to "help" you find better results. But the problem is is that you do not get a say in the choice that the algorithm chooses. Also, I know Google might say "Oh, we never look at your files and your information," and it is indeed true that most of the time when you try to research about the cons of Google using Google, only the pros of Google will pop up. Now, if I go onto DuckDuckGo or Bing or even Yahoo!, the results are going to be quite different. I have been using Gmail since about 2011. I have not switched because mainly of Youtube and because I have been using it for so long. True I have two other accounts, which are AOL and Hotmail, but I barely use them, and when I will be 100% concerned about my privacy, I am probably going to switch to AOL.
You might think that it is hypocritical of me to use Gmail, but have you ever tried switching from an email address that you have been using for years? It is hard. So I do the next good thing, and encrypt my emails whenever possible (GOD BLESS PGP). I know Google says that it itself encrypts the Emails itself, but, how can I trust such an advertisement monopoly? I mean, the encryption means nothing if they have the secret key, if needed, they'll just decrypt my email and read the fucking thing. That's why I have my own set of Public and Private keys, and I recommend you too encrypt your Emails, especially any sensitive data that you ever send. I am also buying a web camera cover, because I really do not trust the folks at the NSA and the CIA and all other 3 letter government agencies. But people always tell me "But how can I be significant to the government, I have nothing to hide," which is a fucking lie, EVERYONE HAS GOT SOMETHING TO HIDE.There cannot be freedom of speech if the government constantly sees what you're saying. I wish there were more people in the world like Snowden :/4
I have an exam in 4 hours. I've been studying all night and now I can't seem to retain anything.
I'm fuckin screwed.9
Very eventful day, please see enclosed several smaller rants.
My college's systems are shit and not only do they use HTTP for everything, even the stores and financial aid purchase system, they have homebrew JS shit for PGP site encryption (nifty...), but they exchange the PRIVATE KEYS instead of the public keys. Over HTTP. Not even HTTPS. Also if you log in more than 10 times in 24 hours it's supposed to lock you out of your account until you call... except it locks EVERYONE out. Found this out when on campus, trying to get my textbooks, when suddenly everyone had login lockouts because i'm a "paranoid bastard" and "afraid of idiot college students" for not telling a PUBLIC PC to remember the one password (enforced by password auto-sync across all their shit, not ideal, no) guarding my SUPER-SENSITIVE FINANCIAL AND ACADEMIC DATA... among the other hundreds of issues this college has. I now see why this college is the only one I can afford...
Can't pass-through raw DVD drive access to VMs as VM managers crash when I try (yes, even QEMU...) so i've gotta install Windows on a shitty 80GB laptop HDD for literally one quick project. On the bright side, if my theory proves correct, you'll no longer need modchips for PS2s.
Found a couple odd lines in my xscreensaver config:
the first 2 I can't seem to figure out what do, and the last taught me a new word. Fun!
that's it, it's over, why are you still here11
What the fucking shit, Arch. In what universe/reality is a user expected to easily/quickly address GPG/PGP bullshit when they install Arch. It's already hilarious enough as it is for the user to input every single command in order to install the thing. -- That's actually what's great about Arch; you get return and assurance from each command. -- I understood the fact that you need the latest ISO release in order to even install Arch, but now, if you decide to pacstrap linux-hardened, or god forbid, a package that is who knows what, less maintained?... fuck knows what will happen.
The fantastic part, is that you can't do shit when you're in an arch ISO install. All of the simple and possible solutions that involve GPG DBs/keyrings/etc require you to have the all of the shit installed already; which is fucking impossible if the package manager is bitching about keys not being imported. The most fantastic part, is that there is probably some complete bullshit, ultra-exclusive command or simple solution that will fix this crap. - And if you even dare ask the Arch forums, you'll be branded as a "newbie" and sentenced to read the fucking wiki. - ??? -- That's not a fucking good thing. -- The majority of people who are installing Arch right now, are people who are installing it for the first time, and chances are, most of those people have no fucking clue what is happening; they're learning what is happening. Furthermore, they're probably the kind of people who aren't inclined (or they don't know how) to scour Google or the Arch forums for answers to vague, lazy-ass error messages. The whole point of this thing is show and confront the user about what they're installing and what they want on their computer. Holy shit. This is all the more reason to ensure that total, stupid, ambiguous bullshit errors do not occur. -- "error: key "dogshit master <email@example.com>?" could not could not be imported". -- That's it. That's the error in it's entirety. For a fucking OS install. What the fuck.15
If you're having a bad day, think about the fact that BuzzFeed reporters have PGP keys for confidential tips4
Yesterday and today combined I spent about 8 hours trying to get my PGP / GPG passphrase to work. Absolutely magically, somehow a newline character had gotten into the passphrase. Yes. That's possible. On macOS, that is.
On my Windows machine I have the same fucking private key protected with the same password. Now try and get a non-windows newline character into any Windows password field, be it a command line or some GUI input. WTF! You'll lose a year of your life with every passphrase error while you have the actual passphrase.
So after all these hours trying to hack my own GPG keystore without success, I remembered how the private key got on my Windows machine in the first place: see tags.4
Anyone heard of or using Cyph? A Keybase alternative because apparently "we" don't trust them anymore now that they're owned by Zoom.
Seems a pretty half baked and dodgy to me, and they sent me a spam email with a "personalised" invite because my email address is linked with Keybase or something?
They have marketing for "tele-health" whatever that means, are "beyond HIPAA compliant", and it seems like the founder is a bit of a crypto nut with his 10 patents and total security through obscurity
If you want to check it out I can give you an "invite code". https://cyph.com3
Inspired by this post's comments: https://devrant.com/rants/1907870/...
I wanted to start a pgp key-exchange post for devrant users. I'll start.25
While making a backend and frontend I wanted to make an auth flow, but I ask myself isn't HTTPS auth enough ?
What do you think is JWT to check which user it is and HTTPS to secure the connection enough or should I also use PGP ?9
Because of the current debate I'm starting to get more into all the cyber security and privacy stuff.
So now I am searching for a password manager.
Do you have any recommendations for me?
Or maybe some additional tools I really need to use?
(Got PGP for mail, signal as my new messenger, a vpn and tor for now)4
Murphy's Law of Continuous Integration: If your code finally unbreaks the build, then the build will break because the PGP Key server didn't respond in time.
Everyone please drop into the comments and drop there your public PGP key. I hope like this we can implement kind of PM system on devRant. If you are new to PGP please dont share your private key. Keep that one as or even more safe then your heart. (Not even your wife or GF need to know this key. ONLY YOU know it)
Lets get this started.
Also if the message is too long please paste it to pastebin or other site like that.25
I've just been terribly disappointed by Arch and Manjaro: their official websites still use SHA-1 checksums and pgp signatures for integrity checks on their official images.
An algorithm that has been now broken for quite a while: https://sha-mbles.github.io/
Kinda disappointing for an OS that aims to be at the bleeding edge of performance and security.13
"We'll publish critical vulnerabilities in PGP/GPG and S/MIME email encryption on 2018-05-15 07:00 UTC. They might reveal the plaintext of encrypted emails, including encrypted emails sent in the past. #efail 1/4"
Let's see how this unfolds. While there is chaos I trink some tea and laugh, because I never send critical information over e-mail. 🧐🍵4
I guess it has to be keybase. Keybase chat is now my go-to web based chat.
Using NaCl keys makes life so much easier but you have the choice of using PGP if you need to for encrypting files/text.
Any one ever heard of the Solo? It's basically an open source FIDO compliant U2FA usb (with planned support for PGP/SSH key storage!).
The guys who made it are now miniaturizing it into the "Somu" (Secure Tomu).
Please support it! It's a great project and a great (and cheap) addition to basic system security.
Jesus God. This feels kind of tacky!
(Yes, I use "thee" and "thou", as well as the "-st" suffix. They maximise the clarity of statements.)
People who resemble me are rare, but I intend to form with someone who is extraordinarily similar to me an alliance. Because I have failed to locate anyone who meets my criteria by simply performing on-line searches for people who bear a resemblance to me, I am publicising this document.
I have an unusually dry sense of humour, one which is dry to the extent of often being interpreted as being extremely malevolent. I am a polymath who studies ornithology, various fields of computer science, electrical engineering, mechanical engineering, general biology, neurology, physics, mathematics, and various other things. I am more than capable of withholding from others information, i.e., I am capable of keeping a secret. Being politically correct is hardly an act of which I am guilty, and, in order to provide an example of my politically-incorrect nature, I cite in this sentence my being a eugenicist. I am the servant of the birds. I greatly appreciate the breed of philosophy which concerns interactions and general wisdom, as opposed to questioning the purpose of existence and otherwise ultimately unimportant things. I have been described as being paranoid about security. I do not in the slightest like meaningless crap, e.g., art. I often venture in an attempt to shoot tiny birds, because I adore them and wish to develop a greater understanding of them. I am proficient with most computer systems when a manual is available to me. This was a small assortment of pieces of information concerning me which could be used as a method of judging whether or not thou art similar to me.
Thou art, however, required to possess some specific qualities, which include being able to maintain confidentiality, i.e., not being a whistle-blower or anything similar. In addition to this, consciously believing that logical reasoning is better than emotionally-based thinking, and thou needest to be capable of properly utilizing resources which are available on-line, e.g., Encyclopedia Britannica. I also demand that thou writest coherent English sentences.
If thou believest that thou bearest some resemblances to me, please send to me an e-mail which describes thee and is encrypted with the PGP public key which is available at the following URL: http://raw.github.com/varikvalefor/.... I can be reached at firstname.lastname@example.org
I'm planning to do an app with some personal data for a small community (Verein). I want to save the data somehow encrypted so not all people can just access them. There will be just 4 persons who need to access this data. I'm think about PGP/GPG, with encrypting the data for these 4 people with their different keys, but I am not sure about that. So every person would have its own keypair. This is just the first idea. So if you have any hints/links on some ideas/blog posts how to do this or do it another way, I'd be glad about a comment. Thanks ;)
Tech stack: I'm planning to create a Webapp, using Python and Flask...
OpenPGP or GPG?
++ first comment for OpenPGP, second for GPG (shameless ++ farming as well)
Post relevant fingerprints in comments if desired <34