| Time |
Nickname |
Message |
|
03:45
🔗
|
|
odemg has quit IRC (Read error: Operation timed out) |
|
04:02
🔗
|
|
odemg has joined #archiveteam-ot |
|
06:15
🔗
|
|
BlueMax has quit IRC (Leaving) |
|
08:02
🔗
|
|
BlueMax has joined #archiveteam-ot |
|
09:37
🔗
|
|
logchfoo1 starts logging #archiveteam-ot at Tue May 15 09:37:50 2018 |
|
09:37
🔗
|
|
logchfoo1 has joined #archiveteam-ot |
|
09:38
🔗
|
|
betamax has joined #archiveteam-ot |
|
10:49
🔗
|
|
wp494 has quit IRC (Ping timeout: 492 seconds) |
|
10:49
🔗
|
|
wp494 has joined #archiveteam-ot |
|
10:50
🔗
|
|
svchfoo1 sets mode: +o wp494 |
|
11:09
🔗
|
|
lswutg has joined #archiveteam-ot |
|
11:15
🔗
|
|
lswutg has quit IRC (Quit: Leaving) |
|
12:50
🔗
|
|
rbraun has quit IRC (Read error: Operation timed out) |
|
12:52
🔗
|
|
BlueMax has quit IRC (Leaving) |
|
12:53
🔗
|
|
rbraun has joined #archiveteam-ot |
|
14:18
🔗
|
|
godane has joined #archiveteam-ot |
|
14:18
🔗
|
|
svchfoo3 sets mode: +o godane |
|
16:06
🔗
|
|
schbirid has joined #archiveteam-ot |
|
18:25
🔗
|
|
godane has quit IRC (Read error: Operation timed out) |
|
19:14
🔗
|
|
godane has joined #archiveteam-ot |
|
19:14
🔗
|
|
svchfoo3 sets mode: +o godane |
|
20:28
🔗
|
ivan |
would any grab-site users with a macOS like to tell me if this homebrew-based install works? https://github.com/ludios/grab-site/issues/121#issuecomment-389301496 |
|
20:28
🔗
|
ivan |
pypi disabled < TLS 1.2 |
|
20:42
🔗
|
|
schbirid has quit IRC (Quit: Leaving) |
|
20:43
🔗
|
ivan |
never mind I finally got my macOS VM working (by not updating it) |
|
22:16
🔗
|
|
godane has quit IRC (Read error: Operation timed out) |
|
22:19
🔗
|
|
godane has joined #archiveteam-ot |
|
22:19
🔗
|
|
svchfoo3 sets mode: +o godane |
|
22:21
🔗
|
|
godane has quit IRC (Client Quit) |
|
23:21
🔗
|
hook54321 |
JAA: If someone is able to intercept an email then not having it encrypted wouldn't really help, because at that point they could just read the email. |
|
23:21
🔗
|
ivan |
JAA: it's way too complicated, the web of trust model never worked except for people who met IRL all the time, there are alternatives to signing things now |
|
23:21
🔗
|
JAA |
hook54321: Yeah, disabling it doesn't make sense at all. |
|
23:22
🔗
|
ivan |
s/to/for/ |
|
23:23
🔗
|
JAA |
ivan: Yeah, that's true. What are the alternatives? (Please don't say X.509 certificates.) |
|
23:23
🔗
|
ivan |
https://man.openbsd.org/signify.1 |
|
23:25
🔗
|
ivan |
http://www.openbsd.org/papers/bsdcan-signify.html |
|
23:26
🔗
|
ivan |
https://www.schneier.com/blog/archives/2015/11/testing_the_usa.html |
|
23:26
🔗
|
JAA |
That still has the key distribution problem, doesn't it? |
|
23:27
🔗
|
ivan |
well, everything has the key distribution problem |
|
23:28
🔗
|
JAA |
Right. So I don't see how it's better than GPG. |
|
23:31
🔗
|
ivan |
GPG is complicated to integrate with correctly, as seen in that latest mail client bug caused by ignoring some warning message |
|
23:35
🔗
|
ivan |
here is the crap you have to to type just to generate a deterministic gpg2 keybox https://gist.github.com/ivan/b6b4630ed914290af5e1bdefe42dd9c2#file-gpg-ex-L111-L144 |
|
23:35
🔗
|
xmc |
what is a deterministic gpg2 keybox |
|
23:35
🔗
|
xmc |
i've been using gpg for years and i don't even know why i should care |
|
23:37
🔗
|
ivan |
say you want to configure apt to use a set of keys in a manner that doesn't involve trying to mutate some state with apt-key |
|
23:37
🔗
|
ivan |
you realize you need to just overwrite the list of keys that it trusts, but wait, gpg is a flaming pile of garbage so good luck |
|
23:40
🔗
|
ivan |
a keybox is a gpg2's new format for storing keys, incompatible with the old format of just concatenating keys together |
|
23:41
🔗
|
ivan |
a deterministic one has the timestamps set to a predictable value (impossible without faketime) |
|
23:44
🔗
|
JAA |
If I understand it correctly, the timestamps in the keybox have zero effect on the actual keys inside the box though, right? |
|
23:45
🔗
|
ivan |
AFAIK both the key entries and the keybox itself are timestamped |
|
23:45
🔗
|
ivan |
but yeah I'm sure no one else cares about this I guess |
|
23:46
🔗
|
JAA |
Also, timestamps are used absolutely everywhere. You can't create reproducible Debian packages without faking the timestamps (and many other things) either. So I don't think this is a valid argument against GPG. |
|
23:47
🔗
|
JAA |
Or hell, compiling things... |
|
23:48
🔗
|
JAA |
I tried to produce reproducible binaries once. Fortunately, I was able to flee in time. |