Finally figured out the PGP stuff. Turns out Keybase, at some point without telling me, just forgot the private key they generated for me at the beginning. Good thing I had exported and backed it up years ago. Looks like it's really easy to update the expiration of sub keys, and then push that (mine was already on pgp.mit.edu). Keybase wasn't actually helping with anything, the signing key they generated just had a really long expiration to begin with. #pgp#KeyBase
I have no idea if I should keep using KeyBase to manage PGP. I know nothing about PGP, I just need the key for git commit signing, so in that regard it's helping. They added crypto wallet junk a long, long time ago, but no longer seem to mention it on their home page. They got sold to Zoom in 2020, which seems to have stopped development. But it still works, and is still encrypted the same way as always. #KeyBase#pgp#git
How do I manage and update my PGP key? I started with Keybase years ago, but not particularly interested in them anymore. I have no idea how they were managing it, but the current key expires in 2024. Is there some way I renew it? Do I create a new one? What happens to things signed with the old one? All I want is for my GitHub commit signatures to continue to remain valid. Is there any simple guide for this? #git#pgp#gpg#KeyBase#GitHub
Roughly 2 weeks ago Google patched a critical vulnerability, CVE-2023-4863, that was being exploited in the wild. The broad impact of the root cause of the vuln and the fact that it will have a long tail of unpatched software has been poorly communicated. You can read more in @dangoodin 's excellent article on Ars Technica.
As pointed out in the article above, Electron is based on Chromium and is impacted. Electron is bundled in a ton of apps that people might overlook.
I threw together the following shell command to help macOS audit which versions of Electron apps are installed.
find /Applications -type f -name "*Electron Framework*" -exec <br></br> sh -c "echo "{}" && strings "{}" | grep '^Chrome/[0-9.]* Electron/[0-9]' | head -n1 && echo " ;<br></br>
When run, you should see something similar to the following:
/Applications/Visual Studio Code.app/Contents/Frameworks/Electron Framework.framework/Versions/A/Electron Framework<br></br>Chrome/114.0.5735.289 Electron/25.8.1<br></br><br></br>/Applications/Slack.app/Contents/Frameworks/Electron Framework.framework/Versions/A/Electron Framework<br></br>Chrome/116.0.5845.188 Electron/26.2.1<br></br>
Started looking at #keybase but think #keyoxide is where I’ll stay. How are files encrypted when I haven’t uploaded my GPG keys? Seems a bit odd. Also don’t want to sent my private key to them, although it makes sense they need one to do some actions.
Is it worth having another key dedicated to Keybase that matches another primary address I use?
After all the #Furry community should be able to use #Keyoxide (or even #Keybase) to verify producers and reviews to make scamming harder and more expensive.
Sadly this would kinda raise the bar for new suitmakers, but it would reward those doing their craft longterm and having good customer relations.
Escrow exist for juristictions w/o consumer protections...
With so many new social media sites popping up, it won't be long before some techbro introduces the idea of everyone having their own standalone page they can customise however they want which people can link to if they choose, and is lauded as a genius for inventing the website
My standpoint is that, not only should all social software support ActivityPub, it should be required by law.
Further to that, all social software should have an account migration path towards and away from it.
No, I’m not saying all servers should federate with each other. What I am saying is that it should be impossible for any one server software to monopolize the network effect.
@atomicpoet everyone who trusts any of the #PRISM collaborators, espechally #NSAbook, disqualifies themselves for any #security-based discussion - period!