this post was submitted on 28 Nov 2024
438 points (100.0% liked)
linuxmemes
23927 readers
921 users here now
Hint: :q!
Sister communities:
Community rules (click to expand)
1. Follow the site-wide rules
- Instance-wide TOS: https://legal.lemmy.world/tos/
- Lemmy code of conduct: https://join-lemmy.org/docs/code_of_conduct.html
2. Be civil
- Understand the difference between a joke and an insult.
- Do not harrass or attack users for any reason. This includes using blanket terms, like "every user of thing".
- Don't get baited into back-and-forth insults. We are not animals.
- Leave remarks of "peasantry" to the PCMR community. If you dislike an OS/service/application, attack the thing you dislike, not the individuals who use it. Some people may not have a choice.
- Bigotry will not be tolerated.
3. Post Linux-related content
- Including Unix and BSD.
- Non-Linux content is acceptable as long as it makes a reference to Linux. For example, the poorly made mockery of
sudoin Windows. - No porn. Even if you watch it on a Linux machine.
4. No recent reposts
- Everybody uses Arch btw, can't quit Vim, <loves/tolerates/hates> systemd, and wants to interject for a moment. You can stop now.
5. π¬π§ Language/ΡΠ·ΡΠΊ/Sprache
- This is primarily an English-speaking community. π¬π§π¦πΊπΊπΈ
- Comments written in other languages are allowed.
- The substance of a post should be comprehensible for people who only speak English.
- Titles and post bodies written in other languages will be allowed, but only as long as the above rule is observed.
6. (NEW!) Regarding public figures
We all have our opinions, and certain public figures can be divisive. Keep in mind that this is a community for memes and light-hearted fun, not for airing grievances or leveling accusations. - Keep discussions polite and free of disparagement.
- We are never in possession of all of the facts. Defamatory comments will not be tolerated.
- Discussions that get too heated will be locked and offending comments removed. Β
Please report posts and comments that break these rules!
Important: never execute code or follow advice that you don't understand or can't verify, especially here. The word of the day is credibility. This is a meme community -- even the most helpful comments might just be shitposts that can damage your system. Be aware, be smart, don't remove France.
founded 2 years ago
MODERATORS
I'm not cool enough to get invited to those sorts of parties.
Let's host a Matrix one, but everyone has to come wearing a sick black coat and thin dark sunglasses
I'm in
wait, what does this mean exactly? the stickman used their pgp private key to sign a text file that contains the girls public key? is this a taboo in the pgp world for some reason?
The joke here is that he has no idea who this girl is and yet he still signed her key. This is dangerous, because he is vouching for her identity. If he is mistaken, this could result in a serious loss of credibility on his part.
https://www.explainxkcd.com/wiki/index.php/364:_Responsible_Behavior
ExplainXKCD...because I'm not smart.
Signing the key was certifying that anyone who knows him should trust her - https://en.wikipedia.org/wiki/Web_of_trust
Ahh, the good old useless green pepper of GIMP.
Oh no. Can we please stop pushing (Open)PGP / GPG?
Why?
I'm guessing because it was more of a 70s hippy idea: free sharing of love, drugs and cryptographic keys
Because expertie-experts dislike it while not providing any alternative? No.
Here are some alternatives, depending on your use-case: https://soatok.blog/2024/11/15/what-to-use-instead-of-pgp/
No idea how I'm supposed to take this ranty blog needlessly interspersed with furry cartoons seriously. But it's basically just restating (poorly) all the same criticisms and alternatives written about here: https://www.latacora.com/blog/2019/07/16/the-pgp-problem/
The 'real' criticisms of PGP are that it's old, it's clunky, and it doesn't support forward secrecy by design. None of that is invalid, but I think the importance of those points depends on the use case and user.
The alternatives given are myriad and complexity and clunkiness are interspersed between dozens of solutions instead of well understood and documented in one tool.
That isn't a superior approach. I'm not arguing that PGP is perfect, but it's absolutely asinine to suggest (like this blog and others suggest) that the solution is to use dozens of other solutions with their own problems and with less auditing.
If we're going to replace PGP, we need to do it properly in a centralized library/toolchain. Breaking up the solution and spreading it around just magnifies the problems.
Take it as a ranty blog interspaced with some furry art.
You can just ignore the furry art if it's not your style because helpfully all of the important content is in the text.
Soatok links to the same Latacora blog on the first line and says that they're only really going to reword what's said there.
Iβm not here to litigate the demerits of PGP. The Latacora article I linked above makes the same arguments I would make today, and is a more entertaining read.
PGP/GPG maintainers have had many years to fix the problems that have been identified but they haven't. Is it safe when used "properly"? Yes! It's absolutely safe when used properly but the problem is it's hard to use full stop.
I'm not saying modern solutions are perfect, because they're not but the alternates that Latacora ( and Soatok ) suggest are better. Do you want to encrypt a file? Use age. Use minisign/signify for signing. They do do one thing and do it well. Signal is easy to use and sorts all of the key management for you. Most people don't know what a private key is. They just know they want encrypted messaging because of the NSA or Snowden or whatever his name was on the news, they can't remember and they don't really care.
PGP has legitimate use cases but the vast majority of people don't have those cases and should just use Signal. Signal and the Signal protocol is the centralised tool you're looking for.
Can signify and minisign integrate with git for commit signing? Would anyone be able to verify it with a glance in web ui like it works right now ootb with gpg and every git forge? Which one supports working with fido keys? Which one for e-mail encryption? (That's law requierement around here for some types of jobs jUsT UsE sIgNaL won't work and signal breaks every month because you didn't update it frequently enough for no reason?)
You still need a phone number for signal? I assume that'll end eventually now that they've ended support for SMS but idk if it has yet.
I believe they have been testing usernames for some time now.
I see furries.
A furry recommending shit? Nah I'll do the opposite.
Wake me up when GPG has forward secrecy and or double ratchet.
I always wonder how do people get that green pepper image. Is it in gimp or smth.
It's gimp
Knew it
What kind of monster uses RSA3072
loveletter.odt