I stopped worrying after I began protecting all keys with a passphrase.
I protect mine with GPG for SSH authentication.
Readit Newszikduruqe commented on Put SSH keys in .git to make repos USB-portable dansjots.github.io/posts/... · Posted by u/dansjots
Does it?
Half of the IT team I am on is seemingly incapable of understanding using a public/private keypair for SSH logins.
Can I use yours? How to copy them? Should they be unique per user? Should I email the private key? Etc?
> Ect?
My favorite is when someone posts their private key to a Slack or Teams channel, then says "I'll just delete it after it is received..."
No. Just no. That key is forever unclean.
zikduruqe commented on Australia begins enforcing world-first teen social media ban reuters.com/legal/litigat... · Posted by u/chirau
Bullying is not new and was performed via sms before the internet. Social media however allows for easier targeting especially for bad actors that are not in the kid’s friend/acquaintance group.
> Bullying is not new and was performed via sms before the internet
I seem to remember real bullies would do it to your face before the internet. Not just anyone behind a keyboard.
zikduruqe commented on Let's put Tailscale on a jailbroken Kindle tailscale.com/blog/tailsc... · Posted by u/Quizzical4230
Whoa, now that sounds like the use case I've been looking for since I jailbroke mine.
I have calibre set up to just email books to my Kindle, but that's an extra layer of indirection that I really don't need. I'll have to check that out.
If you have calibre, just turn on the wireless connection and have your Koreader connect to it.
zikduruqe commented on GrapheneOS is the only Android OS providing full security patches grapheneos.social/@Graphe... · Posted by u/akyuu
The most likely contenders are OnePlus, Motorola, and HMD.
> "It is a big enough OEM that there is good chance you may have owned a device from them in the past."
I think this takes Nothing out of contention.
What about HTC, LG? Heck, Blackberry rising from the ashes?
I'd love for it to be Framework.
> We should be vaccinating kids against all of them rather than sending them to Chickenpox parties.
We do in the US. I was kind of surprised when my now 2 and 4 year olds were vaccinated against Chickenpox, since I remember doing the Chickenpox party thing myself when I was younger (staying home with some friends over, playing Daytona USA on my Sega Saturn, I think?).
Don't forget the one or two cool circular chickenpox scars that you might still have today.
It was like a badge of honor.
zikduruqe commented on Measuring the doppler shift of WWVB during a flight greatscottgadgets.com/202... · Posted by u/Jyaif
I've been travelling a lot the last 6 months and have really wanted to try out my SDR on the plane, but it looks so sketchy.
Many, many, many years ago (before 9/11 and before cell phones were commonplace) I used to carry my ham radio HT and call on simplex (146.52 for those that know) and make contacts. Those were fun times.
Thank you for your comment. For a minute I thought I was going insane because there is no way that GPG/PGP is used only by the minority. Literally everyone uses it, even non-techies.
phew
> any engineering role where security matters that is -not- using PGP smartcards to sign and push their commits, sign code reviews, sign build reproductions of container images, encrypt their passwords, etc.
I agree. Even without smartcards, at the very least sign your commits, among other things. Absolute minimum. Very low bar.
Every time I get a dev or executive sending me a Slack message saying "can you reset my password" or "can your provision me in...", my very next reply is "please send me your public key".
They do not get their credentials until they do so. And once they do, our security posture gets better and better.
Yeah, this time is different. Really
History doesn't repeat itself, but it often rhymes.