Techrights logo

IRC: #techbytes @ Techrights IRC Network: Tuesday, May 24, 2022

(ℹ) Join us now at the IRC channel | ䷉ Find the plain text version at this address (HTTP) or in Gemini (how to use Gemini) with a full GemText version.

*psydroid2 has quit (Ping timeout: 2m30s)May 24 00:01
*MinceR has quit (Ping timeout: 2m30s)May 24 03:32
*MinceR (~mincer@bringer.of.light) has joined #techbytesMay 24 03:33
*irc.techrights.org sets mode +a #techbytes MinceRMay 24 03:33
schestowitz>>>> i believe the answer is in the question. debian is based on distributed trust.  i did the analysis (took 3 weeks): it is literally the only distro in the world with an inviolate chain of trust from a large keyring dating back 20 years that is itself GPG-signed as a package, with a package distribution chain from source where all components within the chain up to release are unbroken and inviolate.May 24 03:46
schestowitz>>> This is not an answer to the question though, OP was asking how we prevent abuse of that trust.May 24 03:46
schestowitz>> reputation, and potentially criminal and civil proceedings.May 24 03:46
schestowitz>>May 24 03:46
schestowitz>> all identities are known, and inviolate-known [through theMay 24 03:46
schestowitz>> above-described chain].May 24 03:46
schestowitz>> anyone stupid enough to abuse their position may only do so once, at whichMay 24 03:46
schestowitz>> point their GPG key is revoked.May 24 03:46
schestowitz>>May 24 03:46
schestowitz>> given that GPG key-signing parties require people's real-world identitiesMay 24 03:47
schestowitz>> to be known, it is easy to track down who signed whose key (it's rightMay 24 03:47
schestowitz>> there in the keyring-archive], and request that the signer provide assistanceMay 24 03:47
schestowitz>> to the relevant authorities in proving that real-world identity.May 24 03:47
schestowitz>>May 24 03:47
schestowitz>> this will sufficiently piss off those people that trusted them that they willMay 24 03:47
schestowitz>> be unlikely to work with them ever again [reputation]May 24 03:47
schestowitz>>May 24 03:47
schestowitz>> in addition there is the Debian Trademark which if brought into disreputeMay 24 03:47
schestowitz>> through abuse could be utilised to seek damages against the perpetrator.May 24 03:47
schestowitz>>May 24 03:47
schestowitz>> bottom line is that it would be a spectacularly stupid thing to do to violateMay 24 03:47
schestowitz>> the trust and responsibility of being a Debian Maintainer, and the reallyMay 24 03:47
schestowitz>> interesting bit to me is that this all works in an entirely distributed mannerMay 24 03:47
schestowitz>> and can all entirely be done entirely without a single centralised authority,May 24 03:47
schestowitz>> i.e. *not* having to trust f*****g google or f*****g github with anyone'sMay 24 03:47
*psydruid has quit (Ping timeout: 2m30s)May 24 03:47
schestowitz>> real-world identity in any way shape or form.May 24 03:47
schestowitz>>May 24 03:47
schestowitz>> l.May 24 03:47
schestowitz>>May 24 03:47
schestowitz> Luke Kenneth Casson Leighton's explanations have two fundamental flawsMay 24 03:47
schestowitz> and one clue of wrongdoingMay 24 03:47
schestowitz> May 24 03:47
schestowitz> The clue of wrongdoing is the manner in which he replied to my email andMay 24 03:47
schestowitz> completely cut all my own comments out of his response.  This means heMay 24 03:47
schestowitz> either meant to insult me or obscure something.May 24 03:47
*MinceR has quit (Ping timeout: 2m30s)May 24 03:47
schestowitz> May 24 03:47
schestowitz> Everything he wrote is generally good except for the two flaws:May 24 03:47
schestowitz> May 24 03:47
schestowitz> On the question of PGP IDs, people often use passports to verify ID andMay 24 03:47
schestowitz> this turns out to be quite bad.  Look at the Mossad passport forgeryMay 24 03:47
schestowitz> scandals, forging the passports of citizens from countries that areMay 24 03:47
schestowitz> typically sympathetic to Israel.  Then there was the FOSDEM 2016 fakeMay 24 03:47
schestowitz> passport scandal.  Mark Kennedy had no trouble using fake identities.May 24 03:47
schestowitz> May 24 03:47
schestowitz> The other flaw in LKCL's reasoning is the question of plausibleMay 24 03:47
schestowitz> deniability.  If an intelligence agency wants to put some back door inMay 24 03:47
schestowitz> the software they will find an obscure way to weaken the software.  TheyMay 24 03:47
schestowitz> already got burnt by the Windows NSA key string and they won't be soMay 24 03:47
schestowitz> obvious in future.  The people who do this stuff are not necessarilyMay 24 03:47
schestowitz> going to lose their reputation with one bad commit and they may not beMay 24 03:48
schestowitz> detected for a long time anyway.May 24 03:48
*techrights_guest|83 (~519aa9f9@54n9xgft8g6u2.irc) has joined #techbytesMay 24 04:00
*MinceR (~mincer@bringer.of.light) has joined #techbytesMay 24 04:05
*irc.techrights.org sets mode +a #techbytes MinceRMay 24 04:05
*techrights_guest|83 has quit (Quit: Connection closed)May 24 04:06
*psydruid (~psydruid@jevhxkzmtrbww.irc) has joined #techbytesMay 24 06:46
*psydruid (~psydruid@jevhxkzmtrbww.irc) has left #techbytesMay 24 07:42
*psydruid (~psydruid@jevhxkzmtrbww.irc) has joined #techbytesMay 24 07:42
schestowitz<li>May 24 07:54
schestowitz                                            <h5><a href="https://www.ubuntubuzz.com/2022/05/how-to-turn-ubuntu-2204-into-kubuntu.html">How To Turn Ubuntu 22.04 Into Kubuntu</a></h5>May 24 07:54
-TechBytesBot/#techbytes-www.ubuntubuzz.com | How To Turn Ubuntu 22.04 into KubuntuMay 24 07:54
schestowitz                                            <blockquote>May 24 07:54
schestowitz                                                <p>This tutorial will explain how you can turn Ubuntu 22.04 with GNOME Desktop into Kubuntu with KDE Plasma Desktop. This will not remove the original GNOME, but we simply install Plasma Desktop on top of the system so we will have two different desktop environments as the result. Follow it carefully and have a friendly computing with Kubuntu!</p>May 24 07:54
schestowitz                                            </blockquote>May 24 07:54
schestowitz                                        </li>May 24 07:54
schestowitz <li>May 24 08:04
schestowitz                                            <h5><a href="https://palant.info/2022/05/23/hijacking-webcams-with-screencastify/">Hijacking webcams with Screencastify</a></h5>May 24 08:04
-TechBytesBot/#techbytes-palant.info | Hijacking webcams with Screencastify | Almost SecureMay 24 08:04
schestowitz                                            <blockquote>May 24 08:04
schestowitz                                                <p>Everyone has received the mails trying to extort money by claiming to have hacked a person’s webcam and recorded a video of them watching porn. These are a bluff of course, but the popular Screencastify browser extension actually provides all the infrastructure necessary for someone to pull this off. A website that a user visited could trick the extension into starting a webcam recording among May 24 08:04
schestowitzother things, without any indications other than the webcam’s LED lighting up if present. The website could then steal the video from the user’s Google Drive account that it was uploaded to, along with anything else that account might hold.</p>May 24 08:04
schestowitz                                            </blockquote>May 24 08:04
schestowitz                                        </li>May 24 08:04
schestowitz      <li>May 24 08:12
schestowitz                <h5><a href="https://ubuntu.com//blog/install-ros-2-humble-in-ubuntu-20-04-or-18-04-using-lxd-containers">Install ROS 2 Humble in Ubuntu 20.04 or 18.04 using LXD containers</a></h5>May 24 08:12
-TechBytesBot/#techbytes-Install ROS 2 Humble in Ubuntu 20.04 or 18.04 using LXD containers | UbuntuMay 24 08:12
schestowitz                <blockquote>May 24 08:12
schestowitz                    <p>We welcome the new release of ROS 2 Humble which targets the recently released Ubuntu 22.04. If you want to install it now, please visit the ROS 2 Humble documentation.</p>May 24 08:12
schestowitz                    <p>But if you want to install ROS 2 Humble and test compatibility, keeping your current Ubuntu (20.04, 18.04,…) environment stable until you know you are ready to upgrade, you can dive into LXD containers.</p>May 24 08:12
schestowitz                </blockquote>May 24 08:12
schestowitz            </li>May 24 08:12
schestowitz       <li>May 24 08:12
schestowitz                <h5><a href="https://ubuntu.com//blog/canonical-at-hpe-discover-2022">Canonical at HPE Discover 2022</a></h5>May 24 08:12
-TechBytesBot/#techbytes-Canonical at HPE Discover 2022 | UbuntuMay 24 08:12
schestowitz                <blockquote>May 24 08:12
schestowitz                    <p>HPE and Canonical have a long-standing relationship, certifying Ubuntu on HPE hardware. Now, you can go beyond the operating system and engage with us on hybrid cloud, AI/ML, and open source support projects.</p>May 24 08:12
schestowitz                    <p>Now we’re excited to share that we’ll be at the HPE Discover 2022 in Las Vegas on June 28-30 showcasing our solution in the expo.</p>May 24 08:12
schestowitz                    <p>Join Canonical and Ubuntu at HPE Discover in Las Vegas.</p>May 24 08:12
schestowitz                    <p>Meet with one of our experts and get a demo of our opens source solutions.</p>May 24 08:12
schestowitz                </blockquote>May 24 08:12
schestowitz            </li>May 24 08:12
schestowitz <li>May 24 08:18
schestowitz                <h5><a href="https://linuxgizmos.com/multi-sensor-device-packed-with-raspberry-pi-rp2040-chip/">Multi sensor device packed with Raspberry Pi RP2040 chip</a></h5>May 24 08:18
-TechBytesBot/#techbytes- ( status 520 @ https://linuxgizmos.com/multi-sensor-device-packed-with-raspberry-pi-rp2040-chip/ )May 24 08:18
schestowitz                <blockquote>May 24 08:18
schestowitz                    <p>Sfera Labs released the Exo Sense RP which is a compact module that combines sensors to monitor air quality, humidity, temperature, light, motion and audio sensing. Unlike the SENSE board by Nexus Electronics and presented by LinuxGizmos a few days ago, the Exo Sense RP integrates a Raspberry Pi RP2040 IC.</p>May 24 08:18
schestowitz                    <p>Featuring a dual core ARM Cortex-M0+ processor (up to 133MHz), with 16MB of Flash and 264kB of RAM, the MCU offers more than enough speed and supports several data protocols to interface with various types of sensors efficiently. </p>May 24 08:18
schestowitz                </blockquote>May 24 08:18
schestowitz            </li>May 24 08:18
*psydruid (~psydruid@jevhxkzmtrbww.irc) has left #techbytesMay 24 08:42
*psydruid (~psydruid@jevhxkzmtrbww.irc) has joined #techbytesMay 24 08:42
*psydruid (~psydruid@jevhxkzmtrbww.irc) has left #techbytesMay 24 12:04
*psydruid (~psydruid@jevhxkzmtrbww.irc) has joined #techbytesMay 24 12:05
*GNUmoon2 has quit (connection closed)May 24 12:28
*GNUmoon2 (~GNUmoon@txkdaiuveepza.irc) has joined #techbytesMay 24 12:57
*GNUmoon2 has quit (connection closed)May 24 13:16
*GNUmoon2 (~GNUmoon@vmfsukqv656ba.irc) has joined #techbytesMay 24 13:23
*Despatche has quit (Quit: Read error: Connection reset by deer)May 24 13:48
schestowitz[02:52] <xxx> Hey, you should consider looking into the Stripe mafia bolt thingMay 24 13:57
schestowitz[02:52] <xxx> All comes back to Nat Friedman and the bs I experienced with y combiMay 24 13:57
schestowitz[02:53] <xxx> Alex did yc tooMay 24 13:57
schestowitz[04:03] <xxx> I have Nat Friedmans high school https://en.wikipedia.org/wiki/St._Anne%27s-Belfield_SchoolMay 24 13:57
-TechBytesBot/#techbytes-en.wikipedia.org | St. Anne's-Belfield School - WikipediaMay 24 13:57
schestowitz[04:03] <xxx> Boarding school outside of DCMay 24 13:57
schestowitz[04:04] <xxx> I'm not entirely convinced that his father was always a stockbrokerMay 24 13:57
schestowitz[04:04] <xxx> Although I have noticed there is a pattern of switching back-and-forth between the intelligence community and financeMay 24 13:57
*psydruid (~psydruid@jevhxkzmtrbww.irc) has left #techbytesMay 24 16:51
*u-amarsh04 has quit (Quit: Konversation terminated!)May 24 16:55
*u-amarsh04 (~amarsh04@v6xmmrhxmbafc.irc) has joined #techbytesMay 24 17:01
*psydruid (~psydruid@jevhxkzmtrbww.irc) has joined #techbytesMay 24 17:23
*psydruid (~psydruid@jevhxkzmtrbww.irc) has left #techbytesMay 24 17:39
*psydroid2 (~psydroid@memzbmehf99re.irc) has joined #techbytesMay 24 18:12
*psydruid (~psydruid@jevhxkzmtrbww.irc) has joined #techbytesMay 24 18:17
*Despatche (~desp@u3xy9z2ifjzci.irc) has joined #techbytesMay 24 20:31
*psydroid2 has quit (Ping timeout: 2m30s)May 24 21:53
*psydruid (~psydruid@jevhxkzmtrbww.irc) has left #techbytesMay 24 22:12
*psydruid (~psydruid@jevhxkzmtrbww.irc) has joined #techbytesMay 24 22:12
*Despatche has quit (Quit: Read error: Connection reset by deer)May 24 23:30
*psydruid (~psydruid@jevhxkzmtrbww.irc) has left #techbytesMay 24 23:33

Generated by irclog2html.py 2.6 | ䷉ find the plain text version at this address (HTTP) or in Gemini (how to use Gemini) with a full GemText version.