Huh. Wondered what this /etc/soii.key that I hadn't noticed up to now on my OpenBSD system is - apparently it's generated by /etc/rc and then is fed into net.inet6.ip6.soiikey on boot.
Turns out SOIIs are mentioned in the ifconfig(8) manpage ("Semantically Opaque Interface Identifiers as per RFC 7217"), but not much elsewhere, apropos doesn't know the keyword, and searching on DDG is next to useless.
Story of Truecrypt
If you remember last decade, you probably remember an enigmatic disk encryption utility Truecrypt. Some strange design choices, an eventual Linux port, a wealth of unheard of features and rather paranoid design features, as well as an unusual license that didn't play nice with Free software norms.
Its developers remained pseudonymous, something not so unusual back then, and didn't interact much except developing Truecrypt.
And then one day the music stopped. A warning noting that the program had flaws, to updated to the latest decrypt only, and migrate data was given that immediately threw off red flags. It was a very obvious sign to do something else with data.
Truecrypt was survived by its volume container format TCRYPT. The program was forked into a few other viable projects including the even more paranoid Veracrypt. Entirely Free software implementations such as tcplay sprung up for operating TCRYPT partitions.
Eventually, after many years, cryptsetup, the mainstream linux encrypted volume support added support for TCRYPT volumes. Truecrypt might be dead and buried, but its container format, with all its features live on.
So why was Truecrypt? As we later came to know, the creator of Truecrypt was unmasked as a mid-level drug trafficker. No better inspiration for writing decent security as if your data is actually at risk. Did the hidden volume actually work? We don't know. But we do know he flipped states witness.
We also know after he flipped, as soon as he was released from prison, he updated Truecrypt telling everyone to abandon the project. He might have given up drug dealers, but he didn't sell out the FOSS community.(also now, cannabis is legal)
Hrm, yeah... lighttpd forks another child after reading the certificates and such, which the angel then doesn't know about. How exactly was this ever supposed to work?
...and again I'm wondering why lighttpd-angel doesn't work on OpenBSD (and hasn't in ages). It sure starts a lighttpd process, but then it exits instead of making sure the web server process is restarted in case of a fault.
When I'm reading the current kdump output correctly, the resulting running lighttpd process has a different PID than the one returned by the fork() from lighttpd-angel? Guess something's happening there that I'm not seeing right now.
Sie meint ernsthaft, dass „die Fragen hinsichtlich der Sicherheitsbehörden des Bundes mit polizeilichen und nachrichtendienstlichen Aufgaben auch nicht in eingestufter Form beantwortet werden können.“
Parlamentarische #Demokratie funktioniert anders.
Protonmail: Important clarifications regarding arrest of climate activist https://protonmail.com/blog/climate-activist-arrest/
...looking up the name, I'm pretty sure that the invitation was sent to me by someone from the YakYak forums.
@vertigo Sorry I did delete that toot you wrote a long reply to - somehow it didn't feel right, though I couldn't explain why
Kinda wonder what kind of app on an iPad could make DNS requests for host names like this (it's always the same from that device):
It maps to a bunch of Amazon IPs that have services listening on Ports 80 and 443, but neither is http (and the one on 443 isn't even TLS).
Guess I'll lift the Pi-hole block and try to see if there's any hints in a packet capture?
Though Surveillance Capitalism is a global phenomenon and a universal term, it is interpreted differently by people from different regions.
Americans see this mostly as a monopoly/anti-trust problem.
Europeans are calling it digital feudalism.
The once-colonized global south sees it as digital colonialism.
All of these interpretations are not only simultaneously true but also demonstrate that this issue is multi-faceted.
"The vendor Texas Instruments has successfully replicated the security issue, however, at this stage has no plan for producing a patch. In particular, according to the Texas Instruments PSIRT team, they will consider producing a patch only if demanded by customers."
Neal Kravetz (FotoForensics) wrote an long text of why he will not talk to anyone on individual legal issues involving digital images, except when it comes as request for an expert witness from an attorney, and all communications go through them: https://www.hackerfactor.com/blog/index.php?/archives/932-Dont-Talk-to-Me.html
Has quite some background information on the expert witness process in the US legal system.
Uhhh... I really need to get my Nextcloud setup off from this el-cheapo web hosting... Ever since the occweb application was abandoned, running occ commands has become impossible (except non-interactively by abusing the cron service, which comes with runtime restrictions though).
Solving problems would be way easier with shell access.
generic computer and internetworking geek
network and systems administration, infosec, retrocomputing
The social network of the future: No ads, no corporate surveillance, ethical design, and decentralization! Own your data with Mastodon!