My cheap alternative to Ngrok
Since GoBlog has an Auto-HTTPS feature that can automatically retrieve HTTPS certificates via ACME from e.g. Let’s Encrypt, I need a public IP address with which I can reach my test instance of GoBlog via port 80 and 443. ⌘ Read more

JMP: SMS Account Verification
Some apps and services (but not JMP!) require an SMS verification code in order to create a new account.  (Note that this is different from using SMS for authentication; which is a bad idea since SMS can be easily intercepted, are not encrypted in transit, and are v … ⌘ Read more

decided to boot it again. turns out I typed the wrong encryption password yesterday, and instead of saying that it printed that error. booted fine now :)

It booted fine! currently creating partitions etc. I like that you could enable encryption. when its done I’ll go through my usual routine and set up all development tools etc and get some stuff compiled.

Jérôme Poisson: Libervia progress note 2022-W45
Hello, it’s time for a long overdue progress note.

I’ll talk here about the work made on ActivityPub (AP) gateway and on end-to-end encryption around pubsub.

Oh, and if everything goes well, this blog post should be accessible from XMPP and ActivityPub (and HTTP and ATOM feed), using the same identifier goffi@goffi.org.

The work made on the AP gateway has been possible thanks to a NLnet/NGI0 grant (w … ⌘ Read more

@mckinley@twtxt.net Thank you! I didn’t even know about signing and encrypting XML documents. Right, RSS is a little bit messy.

Unfortunately, the autodiscovery document in one of your linked resources does not exist anymore. What annoys me in Atom is the distinction between <id> and <link>. I always want my URL also to be my ID, so I have to duplicate that – unnecessarily in my opinion.

Also, never found a good explanation why I should add <link rel="self" … /> to my feeds. I just do, but I don’t understand why. The W3C Feed Validation Service says:

[…] This value is important in a number of subscription scenarios where often times the feed aggregator only has access to the content of the feed and not the location from which the feed was fetched.

This just sounds like a very questionable bandaid to bad software architecture. Why would the feed parser need access to the feed URL at this stage? And if so, why not just pass down the input source? Just doesn’t make sense to me.

Also, I just noticed that I reference the http://purl.org/rss/1.0/modules/syndication/ namespace, but don’t use it in most of my feeds. Gotta fix that. Must have copied that from my yfav feed without paying attention what I’m doing.

Your article made me reread the Atom spec and I found out, that I can omit the <author> in the <entry> when I specify a global <author> at <feed> level. Awesome! Will do that as well and thus reduce the feed size.

Encryption & Entropy - Computerphile ⌘ Read more

How GitHub converts previously encrypted and unencrypted columns to ActiveRecord encrypted columns
This post is the second part in a series about ActiveRecord::Encryption that shows how GitHub upgrades previously encrypted and unencrypted columns to ActiveRecord::Encryption. ⌘ Read more

PSA: DMs on social media sites are not truely PMs. This is why we have a separate tool for private messaging from yarn. Always remember, if you don’t own the infra (or the parts at the ends of e2e encryption) you don’t own the data. and the true owners can view it any way they want!

https://twitter.com/TinkerSec/status/1587040089057759235?t=At-8r9yJPiG6xF17skTxwA&s=19

PSA: DMs on social media sites are not truely PMs. This is why we have a separate tool for private messaging from yarn. Always remember, if you don’t own the infra (or the parts at the ends of e2e encryption) you don’t own the data. and the true owners can view it any way they want!

https://twitter.com/TinkerSec/status/1587040089057759235?t=At-8r9yJPiG6xF17skTxwA&s=19

JMP: SMS Account Verification
Some apps and services (but not JMP!) require an SMS verification code in order to create a new account.  (Note that this is different from using SMS for authentication; which is a bad idea since SMS can be easily intercepted, are not encrypted in transit, and are v … ⌘ Read more

Encryption
⌘ Read more

Why and how GitHub encrypts sensitive database columns using ActiveRecord::Encryption
You may know that GitHub encrypts your source code at rest, but you may not have known that we encrypt sensitive database columns as well. Read about our column encryption strategy and our decision to adopt the Rails column encryption standard. ⌘ Read more

JMP: SMS Account Verification
Some apps and services (but not JMP!) require an SMS verification code in order to create a new account.  (Note that this is different from using SMS for authentication; which is a bad idea since SMS can be easily intercepted, are not encrypted in transit, and are v … ⌘ Read more

Paul Schaub: Using Pushdown Automata to verify Packet Sequences
As a software developer, most of my work day is spent working practically by coding and hacking away. Recently though I stumbled across an interesting problem which required another, more theoretical approach;

An OpenPGP message contains of a sequence of packets. There are signatures, encrypted data packets and their accompanying encrypted session keys, compressed data and literal data, the latter being the packet … ⌘ Read more

Kaidan: Encrypted Audio and Video Calls

Image

Kaidan will receive a grant by NLnet for adding encrypted audio and video calls.

The calls will be end-to-end encrypted and authenticated via OMEMO.
Furthermore, Kaidan will support small group calls.
We strive for interoperability between Kaidan and other XMPP apps supporting calls.
In order to achie … ⌘ Read more

Kaidan: Kaidan’s End-to-End Encryption Trust Management
We worked several months on Kaidan’s upcoming end-to-end encryption and trust management.
Once Kaidan 0.9 is released, it will provide the latest OMEMO Encryption.
But it will also make trust decisions in the background for you if it’s possible.
Some trust decisions have to be made manually but there are many others Kaidan automates without decreasing your security.
That is done by automatically sharing … ⌘ Read more

I use encrypted email as well. But not frequently, since almost noone does the same.

I maintain keys for my email addresses.. but like most in this thread i almost never receive encrypted emails.. other than the BTC exchange i use that sends automated mail encrypted.

I maintain keys for my email addresses.. but like most in this thread i almost never receive encrypted emails.. other than the BTC exchange i use that sends automated mail encrypted.

Does anyone of you use PGP encrypted mail, or any kind or email encryption? Why? Why not?

#randomQuestionsForAThursday

SourceHut encrypts all emails if PGP key is uploaded to user profile (can be disabled in settings). Just… wow!

**RT by @mind_booster: ½ 📢The Commission wants to do the impossible of detecting illegal content in end-to-end encrypted communications, but has no idea how to do this (because it IS impossible).

Solution: leave it to service providers under the guise of technological neutrality.**
½ 📢The Commission wants to do the impossible of detecting illegal content in end-to-end encrypted communications, but has no idea how to do this (because it IS impossible).

Solution: leave it to service providers under the guise of te … ⌘ Read more

When you submit a GDPR request to American Express (Germany), you get an “Encrypted Mail” (for which you have to log in again somewhere and set a password), which then contains two PDFs, one of which is full of screenshots of mainframe terminals. ⌘ Read more

@prologic@twtxt.net Re: Chat system, What if the base specification included a system for per-user arbitrary JSON storage on the server? Kind of like XEP-0049, but expanded upon. Two kinds of objects: public and private. Public objects can be queried by anyone, private objects cannot and must be encrypted with the user’s private key. Public keys could be stored there, as well as anything else defined by extensions. Roster, user block list, avatar, etc.

Dino: Dino 0.3 Release
Dino is a secure and privacy-friendly messaging application. It uses the XMPP (Jabber) protocol for decentralized communication. We aim to provide an intuitive, clean and modern user interface.

Image

Image

The 0.3 release is all about calls. Dino now supports calls between two or more people!

Calls are end-to-end encrypted and use a direct connection between … ⌘ Read more

Sorry if anyone saw my last Yarn here… I deleted it, I was wrong. Looks like everything is encrypted attachments phew but my other concerns above still stand.

It’s the (roughly) bi-annual platform convention. I think the new platform does a good job of holding to progressive values (even if I wish it went farther in places). I got an amendment in to improve our stance on encryption-related issues, which was nice.

@lyse@lyse.isobeef.org there was an old tool for encrypted volumes that you could use random files as the unlock keys. And you could havemultiple hidden volumes that would unlock depending on the files supplied

@lyse@lyse.isobeef.org there was an old tool for encrypted volumes that you could use random files as the unlock keys. And you could havemultiple hidden volumes that would unlock depending on the files supplied

@fastidious@arrakis.netbros.com Yeah.. mine is all server side.. so it doesn’t make much sense to be encrypt/decrypting anything. :D

@fastidious@arrakis.netbros.com Yeah.. mine is all server side.. so it doesn’t make much sense to be encrypt/decrypting anything. :D

@prologic@twtxt.net
BEGIN SALTPACK ENCRYPTED MESSAGE. kiNJamlTJ29ZvW4 RHAOg9hm6h0OwKt iMGN9pY3oc5peJE UcRA8ysyQ7e8co9 shMfScCFgmQgU5Q 6w6XD2FT6szO1i1 N8qWqFRwJcHliqp hlaSvsTNhuwe1Fs KESywjL8ZvxNeyb ro0RVcRIip4Itpv NKvFZ822RoDR6pb hVvSqgubr3IanFT 6VAGQe2mYvErE7i G0O284HNvj0tcbC qzY0uB3ZFePu2fp l8nHOeEm9QLkH4Y PNKY2bXjqtblDGq 7pNiNHXtNJDjrpG nUoEXK9CaB6DGe7 oaF1P9sTz7fFrUo qwIgzw4Z1yqULQW 6dcFgsGwQEMc6bV mXuJHkrDWbfw35o 2Lpevp4PAVw884t 5Jf4cDLAe3QfRjG 4y6uwJg8BwIr2Lb 2pCX23ffwJ0yjGs Ptyzuaq2Alfl3QX AcMNGFzTNHjHfqY cvsoTrSMbyE3ssS A0k0zeRJQLoGOK4 DGkdltMXaQyXq9d zzbueCXCsIM1vYG vcy85vKuqM0ikoG caUNUuIVCc6FMs5 2JtadCtbVKyG8Wx Z4R672Fd71eDjCc lEtCdJlEAmEJePw ThkxVJutJt2R2Ce lKp9tEKmrx1jMWW V8hJNTaQGAfFDEB Unh8YasaV24NqAi GKSnstFWk3DYCxC lvws9js2jJ9OKeq 2mMgFmzEmCr99RW 2CrxZStPpB1iEDU d0Un7W7bnyo2KpV xqe8rCeHA6CUwVs 0XMmxPvU1Q0wp9A 0Jwxo5CY9QF5EJl yVwaXiVP2CKw2aH tqEE5yTp9OmpNF0 jFqgr8vHOjosPyL c3nke0S9QFjAxjt Dr6xwYpnASDr1l1 N96G3FB5iVYLFaz FkXGm7oQNTaDY8e OtHXQiXRhQY3PCi VIYYVhc9RExVnfX fvzgfgc5uSxUynD sPp4eq2rJXkX5. END SALTPACK ENCRYPTED MESSAGE.

Let’s see how resilient this is, or if it breaks.

Sometimes I am a perfectionist. Having previously made my private diary blog available via a Tailscale sidecar container in my Tailnet, I have now integrated Tailscale directly into GoBlog. Both Tailscale and Tailscale’s Let’s Encrypt certificates can be configured directly in GoBlog. No sidecar container is needed anymore. A much simpler solution! (And Tailscale rocks!) ⌘ Read more

Matrix vs. XMPP

Image

XMPP and Matrix are two decentralized and federated free sofware projects for chat, including true end-to-end encrypted chat.

Users can either install the software on their own server if they want, but they can also easily register on any public server—both allow any XMPP or Matrix user to talk to users on their server or on any other one. In essence, it works like email: you might have an em … ⌘ Read more

updated email address and made a new encryption key

Signal Status

Signal is experiencing technical difficulties. We are working hard to restore service as quickly as possible.

One thing I’d like to have one day (and it would be nice if it were integrated into twtxt.net and other pods with a familiar and pleasant user experience on Desktop, Web and Mobile) is an e2e encrypted messaging that is self-hosted and federated that doesn’t suck operationally (so many complicated solutions that exist that are hard to setup even for a Senior DevOps/SRE)

@felixp7@twtxt.net “Yo, crypto-heads. Encrypted communication doesn’t protect your privacy. Laws …” I guess crypto-heads are often happy with acknowledging this, but also arguing that e.g. deniable crypto is a useful way out here (and, of course, just doing illegal stuff if it gets really rough).

Kaidan: Kaidan will receive a grant for end-to-end encryption ⌘ Read more…

@prologic@twtxt.net

-----BEGIN CRYPTUTIL ENCRYPTED MESSAGE-----
l0GwFAQpx3ed+bZlcQ+pexbynFzZOm8EI/FivGbWQ16whyTkToVv8S2GSAjrsJoT
37MdaBDpoitli/f/aP130b6O6SnK/LdHHJ1DTvWgxB14sq9b4mRtk7HvYzA=
-----END CRYPTUTIL ENCRYPTED MESSAGE-----

@prologic@twtxt.net

-----BEGIN CRYPTUTIL ENCRYPTED MESSAGE-----
l0GwFAQpx3ed+bZlcQ+pexbynFzZOm8EI/FivGbWQ16whyTkToVv8S2GSAjrsJoT
37MdaBDpoitli/f/aP130b6O6SnK/LdHHJ1DTvWgxB14sq9b4mRtk7HvYzA=
-----END CRYPTUTIL ENCRYPTED MESSAGE-----

@prologic@twtxt.net Ok.. so using NaCL boxes. yeah its just a combo of using secretbox with a generated key/nonce. and then using the pubkey box to encrypt the key/nonce for each device.

@prologic@twtxt.net Ok.. so using NaCL boxes. yeah its just a combo of using secretbox with a generated key/nonce. and then using the pubkey box to encrypt the key/nonce for each device.

@prologic@twtxt.net sender generates an AES key encrypts message. gets the device list for user and encrypts key for each device. sends the encryptedkeys+cypertext.

@prologic@twtxt.net sender generates an AES key encrypts message. gets the device list for user and encrypts key for each device. sends the encryptedkeys+cypertext.

@prologic@twtxt.net for encryption. we can have browser/app generate ec25519 keypair. store the private on device and add pub to list of devices for the user on pod.

@prologic@twtxt.net for encryption. we can have browser/app generate ec25519 keypair. store the private on device and add pub to list of devices for the user on pod.

Snikket: Sponsoring Group Chat Encryption in Siskin ⌘ https://snikket.org/blog/sponsoring-group-omemo-in-siskin/

Opportunistic Encryption on the IP Layer ⌘ https://hack.org/mc/blog/ipsec-dns.html

Cryptee | Private, Secure, Encrypted Photos and Encrypted Documents ⌘ https://crypt.ee/

@lucidiot@tilde.town @kas@enotty.dk There’s also Keybase as good GPG tool. They offer a lot of encrypted services as well :)

Even though noone send me GPG encrypted messages, I renewed my expiration date to one more year :)

…or encrypted in iCloud 🤔

@freemor@freemor.homelinux.net I also always try to have a few ssh servers with several ports available for me to use. My favorite port is 443. Once had a firewall that wouldn’t allow SSH on 22 but 443 was acceptable because it expected encryption on it.

Alex Schroeder: 2018-01-10 Encrypted Gopher https://alexschroeder.ch/wiki/2018-01-10_Encrypted_Gopher

How to keep your ISP’s nose out of your browser history with encrypted DNS | Ars Technica https://arstechnica.com/information-technology/2018/04/how-to-keep-your-isps-nose-out-of-your-browser-history-with-encrypted-dns/

@freemor@freemor.homelinux.net I think we already discussed encrypted tweets some time ago, but no encryption seemed short enough. GPG ist just too big. Any ideas?

@freemor@freemor.homelinux.net I think we already discussed encrypted tweets some time ago, but no encryption seemed short enough. GPG ist just too big. Any ideas?

You Can Encrypt Your Face – The New Inquiry https://thenewinquiry.com/you-can-encrypt-your-face/

@kas@enotty.dk Is #starttls-everywhere just to ease configuration or is there any reason why #lets-encrypt certs won’t work on mail servers?

@kas@enotty.dk Is #starttls-everywhere just to ease configuration or is there any reason why #lets-encrypt certs won’t work on mail servers?

@kas@enotty.dk That’s what i’m using. But shouldn’t i be able to generate keys to communicate with other users? How could i encrypt a message for you?

@kas@enotty.dk That’s what i’m using. But shouldn’t i be able to generate keys to communicate with other users? How could i encrypt a message for you?

Wow, a third of all ssl certificates on twtxt are from Let’s Encrypt. Incredible.

Wow, a third of all ssl certificates on twtxt are from Let’s Encrypt. Incredible.