Show newer

Huh. Wondered what this /etc/soii.key that I hadn't noticed up to now on my OpenBSD system is - apparently it's generated by /etc/rc and then is fed into net.inet6.ip6.soiikey on boot.

Turns out SOIIs are mentioned in the ifconfig(8) manpage ("Semantically Opaque Interface Identifiers as per RFC 7217"), but not much elsewhere, apropos doesn't know the keyword, and searching on DDG is next to useless.

Story of Truecrypt

If you remember last decade, you probably remember an enigmatic disk encryption utility Truecrypt. Some strange design choices, an eventual Linux port, a wealth of unheard of features and rather paranoid design features, as well as an unusual license that didn't play nice with Free software norms.

Its developers remained pseudonymous, something not so unusual back then, and didn't interact much except developing Truecrypt.

And then one day the music stopped. A warning noting that the program had flaws, to updated to the latest decrypt only, and migrate data was given that immediately threw off red flags. It was a very obvious sign to do something else with data.

Truecrypt was survived by its volume container format TCRYPT. The program was forked into a few other viable projects including the even more paranoid Veracrypt. Entirely Free software implementations such as tcplay sprung up for operating TCRYPT partitions.

Eventually, after many years, cryptsetup, the mainstream linux encrypted volume support added support for TCRYPT volumes. Truecrypt might be dead and buried, but its container format, with all its features live on.

So why was Truecrypt? As we later came to know, the creator of Truecrypt was unmasked as a mid-level drug trafficker. No better inspiration for writing decent security as if your data is actually at risk. Did the hidden volume actually work? We don't know. But we do know he flipped states witness.

We also know after he flipped, as soon as he was released from prison, he updated Truecrypt telling everyone to abandon the project. He might have given up drug dealers, but he didn't sell out the FOSS community.(also now, cannabis is legal)

Hrm, yeah... lighttpd forks another child after reading the certificates and such, which the angel then doesn't know about. How exactly was this ever supposed to work?

Show thread

...and again I'm wondering why lighttpd-angel doesn't work on OpenBSD (and hasn't in ages). It sure starts a lighttpd process, but then it exits instead of making sure the web server process is restarted in case of a fault.

When I'm reading the current kdump output correctly, the resulting running lighttpd process has a different PID than the one returned by the fork() from lighttpd-angel? Guess something's happening there that I'm not seeing right now.

Ugh. Someone asking for experiences with alternatives to a software for a certain purpose, and getting links to software directories as an answer. So not helpful. Why do these people even bother replying?

#BKA setzt #Pegasus ein

Und verweigert dem #Parlament Auskunft über den Einsatz der #Spähsoftware

Sie meint ernsthaft, dass „die Fragen hinsichtlich der Sicherheitsbehörden des Bundes mit polizeilichen und nachrichtendienstlichen Aufgaben auch nicht in eingestufter Form beantwortet werden können.“

Parlamentarische #Demokratie funktioniert anders.

#Fail
spiegel.de/netzwelt/netzpoliti

...looking up the name, I'm pretty sure that the invitation was sent to me by someone from the YakYak forums.

Show thread

@vertigo Sorry I did delete that toot you wrote a long reply to - somehow it didn't feel right, though I couldn't explain why :flan_shrug:

Stumbled over a Gmail invitation that someone sent to me in 2005. It was still in beta then? Huh.

32 years ago today, upset over an S&L bankruptcy that destroyed their retirement fund, two witches cursed all computers

Kinda wonder what kind of app on an iPad could make DNS requests for host names like this (it's always the same from that device):

marine-anchorage-nytlr47ssxydiva512jiwq8b.herokudns.com

It maps to a bunch of Amazon IPs that have services listening on Ports 80 and 443, but neither is http (and the one on 443 isn't even TLS).

Guess I'll lift the Pi-hole block and try to see if there's any hints in a packet capture?

Uhhh... When did this start to happen? Whenever I open a Fediverse page in Firefox Focus on Android, it asks me if I want to jump to "the app" (which in this case is Subway Tooter, but I assume it would be the same if I had something else installed)...

Though Surveillance Capitalism is a global phenomenon and a universal term, it is interpreted differently by people from different regions.

Americans see this mostly as a monopoly/anti-trust problem.

Europeans are calling it digital feudalism.

The once-colonized global south sees it as digital colonialism.

All of these interpretations are not only simultaneously true but also demonstrate that this issue is multi-faceted.

#SurveillanceCapitalism #DigitalColonialism #DigitalFeudalism

Show thread

"The vendor Texas Instruments has successfully replicated the security issue, however, at this stage has no plan for producing a patch. In particular, according to the Texas Instruments PSIRT team, they will consider producing a patch only if demanded by customers."
asset-group.github.io/disclosu

Neal Kravetz (FotoForensics) wrote an long text of why he will not talk to anyone on individual legal issues involving digital images, except when it comes as request for an expert witness from an attorney, and all communications go through them: hackerfactor.com/blog/index.ph

Has quite some background information on the expert witness process in the US legal system.

Uhhh... I really need to get my Nextcloud setup off from this el-cheapo web hosting... Ever since the occweb application was abandoned, running occ commands has become impossible (except non-interactively by abusing the cron service, which comes with runtime restrictions though).
Solving problems would be way easier with shell access.

This logic analyzer is old as hell but still works. my other hp broke. Found this one, its very limited but it still works!

I got hold of an Iomega Clik! Drive Plus kit, why not do a wee thread about it

Show older
INFRa Mastodon

The social network of the future: No ads, no corporate surveillance, ethical design, and decentralization! Own your data with Mastodon!