My current PGP/GnuPG key is expiring, so I've rolled a new one. The ID of the new key
0x3C7775DD37811E62 (full fingerprint:
1ED5 E5A3 01C3 D109 9040 2289 3C77 75DD 3781 1E62)
and it should be in your favorite keyservers,
cross-signed by my old key. You can also find it at https://files.roguelazer.com/roguelazer.gpg.
It has also been attached to my keybase.io account and my Github
profile. My previous key (
) has not been revoked
and has not been compromised, but you should still stop using it if possible. The new key is a 4096-bit RSA
key with SHA-2 digest signatures — I'm not quite bold enough to switch to ECC for a long-lived key yet.
My signed transition document is below, and can also be found at 2019-04-27-key-transition-statement.txt.asc if you prefer to download it directly.
Additionally, I have generated a separately-signed key with ID
0x233E5EAF0EC3ABA9 (full fingerprint:
14E8 9660 188D BC9B 2C17 67AA 233E 5EAF 0EC3 ABA9). This key should not be used for communication,
but will only be used to sign VCS commits/tags/&c (in Git and perhaps in
Pijul1). It's going to be on my [managed] work computer2, so treat it with a grain
I received an e-mail today at my work address with the subject
[Feature Ideas [Customers Only]] - [Survey] The G Suite Admin Experience team wants to learn your needs around data/resource access boundaries which looked like the following:
Quick — is this real or is this spam? What would you look for?read more
We do not disclose an individual user’s data to third parties unless (1) you have given explicit consent to each such disclosure, (2) we are required to comply with a legal obligation or (3) if our business or assets …
Shortly after I upgraded to OS X 10.9.2, I was connecting to battle.net, and I got an SSL error. At the time, I didn't think anything of it (after all, sites have bad SSL certificates all the time). However, I noticed it again today when looking at the page for Reaper of Souls, and decided to look into it again. When I did, I found something very unusual: my system has a second copy of the DigiCert root CA certificate in the "login" keychain. For those of you who aren't familiar, OS X uses a hierarchy of …read more
In light of all of the hullabaloo about PRISM and other spying technology, I thought it'd be good to remind all of your dear readers that we've had the technology to ensure private communications on the Internet for 22 years in the form of Pretty Good Privacy (and the much-more-commonly-used implementation, GnuPG). Ars Technica had an okay article about e-mail encryption with PGP which I recommend reading, although you should keep in mind that most security professionals would consider infrastructural PKI like SSL and S/MIME to be compromised by nation-state-level adversaries (and all associated MIC contractors).
Anyhow, my GPG …read more
It's nice to have DNS records for all of your computers. It's a giant pain in the ass to remember IP addresses, especially if you're on something like a cable connection, where the IP address is dynamic (but only changes every month or two). Now, you could go ahead and use DynDNS or No-IP or something. But those are lame. You have to use a subdomain of one of their domains, and you have to use their software to update. You might be wondering if there's a better way. Well, there is. Standard DNS supports updating, it turns out. In BIND, this is managed through the allow-update parameter. I had some free time this week after I finished finals, so I went ahead and set it up, along with the other trimmings required for Wide-Area Bonjour. It's cool, so I thought I'd post a bit.
The most important resource for all of this stuff is dns-sd.org.
Aside from a couple of minor errors that I corrected and an update for
OS X 10.5+, this Tip will be based off of the guides from that site. So
credit to them.