I know I just moved mastodon servers three months ago, but unfortunately tenforward.social just wasn't working out for me. I do like Star Trek, but my initial impression had been that the community would be a little more general interest, and unfortunately the Local Timeline ended up looking a bit more like a 90's era single-subject forum than I'd like. So, anyhow, I've moved to hachyderm.io (specifically, to @roguelazer@hachyderm.io), which is a tech-focused instance and where a lot of folks from mastodon.technology ended up going.

Beyond that, the fact that it was a small instance …

Unfortunately, the Mastodon server I've been on for the last few years (mastodon.technology; since 2018) is shutting down next month. Thankfully, the decentralized nature of Mastodon means that it's pretty easy to jump ship to another server¹, and there are even semi-automated migration tools. Since Twitter seems to be about to dive back into being the hosting platform of choice for neo-nazis, I don't want there to be any gap in my Fediverse access; I've set up a new Mastodon account at @roguelazer@tenforward.social². Hopefully it'll be another great community, like mastodon.technology was.

I'm currently staying in a Best Western hotel in Eureka, CA, avoiding the Bay Area heat wave, and I noticed something remarkable: the hotel's free WiFi network performs automatic man-in-the-middle interception of all SSH traffic. I've literally never seen this before on public WiFi… Check it out:

$ ssh github.com
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@    WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!     @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that a host key has just been changed.
The fingerprint for the RSA key sent by the remote host is
SHA256 …

Yet again, it has come time to rotate my PGP/GnuPG private key. My old key (1ED5E5A301C3D109904022893C7775DD37811E62) actually expired a couple of weeks ago, and I've been procrastinating writing up this transition. The new key is 0xC6496DEB3DA8E9B5 (full fingerprint: 24F8AA354990F3F562EC014BC6496DEB3DA8E9B5) You can also find it at https://files.roguelazer.com/roguelazer.gpg. It has also been attached to my keybase.io account¹ and my Github profile. It is cross-signed by the old key.

My signed transition document is below, and can also be found at 2022-05-28-key-transition-statement.txt.asc if you prefer to download it directly.

As far as I …

Yesterday, California released their Digital Vaccine Record system for securely verifying residents' COVID-19 vaccination status. I took a look at it and thought I'd write up my findings here. At a high level, the DVR consists of a QR code which contains a cryptographically-signed assertion in JSON Web Token (JWT) format. I'll walk you through how to get one, how to decode it, and what it contains in the rest of this article.

Getting one of the tokens is pretty easy; you just go to the Digital Vaccine Record website and put in your name, date of birth, and the …

Once upon a time in 2013, there was a tool called etcd which was a really lightweight database written around the Raft consensus algorithm. This tool was originally written in 2013 for a bullshit unsuccessful project called CoreOS Container Linux that was EOL'd several years ago, but that doesn't really matter — etcd was greater than its original use-case. Etcd provided a convenient and simple set of primitives (set a key, get a key, set-only-if-unchanged, watch-for-changes) with a drop-dead simple HTTP API on top of them. I have built a number of tools using etcd as a lightweight consensus store behind …