Testing commenting preparatory to restoring commands.
The security system I had to prevent commenter emails from being furtively reported by wordpress to the government is not yet restored, which should not be a problem since you should be using fake emals
Some wordpress code was complaining that about the the PHP version, and bad things were happening. So I updated the php version. And the server died, would not boot
So reinstallation, with the latest PHP and wordpress. And it did not like my (very old theme) and crashed
Unfortunately the old database seems to operate on different theme selection principles than the new database, or perhaps I am doing something silly.
Nah, it was my error. There were a bunch of spam comments that Mariadb rightly did not like, and when I told it to ignore them, instead of halting with a mysterious error message, then all was well.
All changes are unintentional, and frequently things have changed when they should not and I do not know why.
I know why everyone is getting new cats. This was an accident and error on my part, and I neglected to fix it being busy with more urgent matters. (And more serious errors.)
If people are bothered by it I will fix it. The fix is trivial, I just neglected it.
I had posted something about the hot new LLM meme coins but it was either lost or I got my login wrong.
There are coins called things like GNON: Religion of Natural Consequences
I’m sure some of them were created by Our Guys
The prices are a lot higher than when my comment got lost, even riskier now to buy, but just as interesting to look at as a natural phenomenon of the internet.
Please feel no urgency in my comment given the circumstances, would you intend to make the comments smaller at some point? It was great being able to quickly skim through them.
I disagree. The small comments were very annoying to read on mobile. New theme is much better. Maybe a solution to what you want would be a reddit-style button on each comment to collapse its child comments
The TLS key changed because certbot had to be rerun.
TLS keys do not matter. They are insecure anyway. The code in the repo is
1. Secured by Git SSH signatures, which are secure.
2. So crappy that no one is going to be using it except for testing and development.
Paying security attention to TLS keys is an effort to make a fundamentally broken system somewhat less broken. If your TLS key is an attack surface, you have a problem, which problem can be mitigated but not really solved.
If TLS “do not matter”, then you wouldn’t have changed the TLS key. So…
> why did the TLS key on rho repo just change?
None of your tangent lecture “matters” when your “secured by” “signatures” system, your box, therefore/and/or, you, has been compromised. So, the other original question, again…
Certbot was not auto renewing the key. Needed to rerun certbot so that it would automatically set up its cron job. And it changed the key. The old key is fine, and the new key is fine.
Anyone who needs to worry about TLS keys has a security problem, because TLS is fundamentally insecure. Forget about TLS.
Protocol devs, idea factories, paper/spec writers, don’t necessarily have to be coders, producers of any code, or let alone production code. But it helps.
Certbot (EFF’s Let’s Encrypt TLS cert widget) should only be submitting old keys to receive new signatures covering new validity period. Not generating new privkeys everytime, which is the actual response to a key compromise. With ephemeral session keys, new privkeys aren’t so much needed (well, google does that often).
> TLS is irrelevant.
No, most 99% of people’s use of it is broken.
If they used an out of band P2P keysigning regime like PGP, then your PGP would be used to sign over and attest to your own server certs. Users would be using PGP for free forever, instead of getting into the decades of PAYOLA SPYWARE of the cert “authorities”, and the HASSLE SPYWARE of “lets’ encrypt”.
And since CA Roots are ROGUE, and BGP and DNS and LAN ARP can all be MITM’d from the ISP all the way to Tier-1… well, the whole web thing is non-worthy of any trust… no user can truly “trust” that whatever website they type is really that site.
Because they’re not using P2P PGP OOB WoT like they were supposed to in the first place.
Oh well.
(Yes PGP WoT reveals the user network, that sucks. But now zero-knowledge might have some application there.)
(WoT has been used among anon groups since the same “string” named account was not available on every platform. Not necessarily limited to “trues” and “email@”.)
> contributor
At least you are one of few who know the value of anon dev.
> Because they’re not using P2P PGP OOB WoT like they were supposed to in the first place.
No one should have ever used WoT, nor any of the PGP features designed to support WoT. And the name servers were never designed to face a hostile internet, and they have now died, though PGP sails right along as if they were still up, causing much confusion.
PGP always sucked, and now that Git supports SSH signatures, its major remaining use case has gone away.
DNS was obsolete the day Bitcoin was released, if not earlier.
Tor somewhat obsoleted webhosting, but since the govt employed fags trannies pronouns jews and leftists at Tor refuse to add reclocked fulltime background fill traffic, any onion can be physically located by the NSA in about 5 minutes.
pgp wot is fine if you trust degrees of freedom (and don’t mind exposing some of that network if someone shares their key that you signed… at least until ZKP is used to avoid that problem).
pgp is as fine as any other standalone signing tool to sign shit. same as signing with ‘ssh’ or pissing in the snow.
no, email is not a mandatory use case for pgp, put whatever the fuck you want in the uid field or leave it blank.
A standalone signing tool, to be useful, requires everyone to see the same signing key. Which is what Blockchains are good at, and pgp nameservers were not good at, and now they do not work at all.
Putting the keys on git is a good enough workaround.
Testing commenting preparatory to restoring commands.
The security system I had to prevent commenter emails from being furtively reported by wordpress to the government is not yet restored, which should not be a problem since you should be using fake emals
spam filter test
So… what happened?
Some wordpress code was complaining that about the the PHP version, and bad things were happening. So I updated the php version. And the server died, would not boot
So reinstallation, with the latest PHP and wordpress. And it did not like my (very old theme) and crashed
Unfortunately the old database seems to operate on different theme selection principles than the new database, or perhaps I am doing something silly.
Happy to see you and the blog are still here. I was afraid “they” got to you.
I have just discovered that old mariadb backup has incompatibility with the new mariadb restore in edge cases
Still struggling to restore the comments.
The old Microsoft had religion about backward compatibility.
Lacking that, you get update hell. You update, and things break, so you have to update something more, and things break massively.
Nah, it was my error. There were a bunch of spam comments that Mariadb rightly did not like, and when I told it to ignore them, instead of halting with a mysterious error message, then all was well.
Well, as a side effect I think this is a nice theme, simple yet elegant. The old theme was not aligning properly on mobile browsers.
Are we getting different coloured cats?
All changes are unintentional, and frequently things have changed when they should not and I do not know why.
I know why everyone is getting new cats. This was an accident and error on my part, and I neglected to fix it being busy with more urgent matters. (And more serious errors.)
If people are bothered by it I will fix it. The fix is trivial, I just neglected it.
I had posted something about the hot new LLM meme coins but it was either lost or I got my login wrong.
There are coins called things like GNON: Religion of Natural Consequences
I’m sure some of them were created by Our Guys
The prices are a lot higher than when my comment got lost, even riskier now to buy, but just as interesting to look at as a natural phenomenon of the internet.
Testing
Testing
Testing to see what feline avatar I get.
Please feel no urgency in my comment given the circumstances, would you intend to make the comments smaller at some point? It was great being able to quickly skim through them.
I disagree. The small comments were very annoying to read on mobile. New theme is much better. Maybe a solution to what you want would be a reddit-style button on each comment to collapse its child comments
Testing
why did the TLS key on rho repo just change?
were you compromised?
The TLS key changed because certbot had to be rerun.
TLS keys do not matter. They are insecure anyway. The code in the repo is
1. Secured by Git SSH signatures, which are secure.
2. So crappy that no one is going to be using it except for testing and development.
Paying security attention to TLS keys is an effort to make a fundamentally broken system somewhat less broken. If your TLS key is an attack surface, you have a problem, which problem can be mitigated but not really solved.
If TLS “do not matter”, then you wouldn’t have changed the TLS key. So…
> why did the TLS key on rho repo just change?
None of your tangent lecture “matters” when your “secured by” “signatures” system, your box, therefore/and/or, you, has been compromised. So, the other original question, again…
> were you compromised?
Certbot was not auto renewing the key. Needed to rerun certbot so that it would automatically set up its cron job. And it changed the key. The old key is fine, and the new key is fine.
Anyone who needs to worry about TLS keys has a security problem, because TLS is fundamentally insecure. Forget about TLS.
The security model for the source code is is described in the contributor code of conduct https://reaction.la/security/setup/contributor_code_of_conduct.html#code-will-be-cryptographically-and-pseudonymously-signed.
TLS is irrelevant. It is not nothing, might as well have it around but it does not matter much.
> crappy
Protocol devs, idea factories, paper/spec writers, don’t necessarily have to be coders, producers of any code, or let alone production code. But it helps.
> Certbot
Certbot (EFF’s Let’s Encrypt TLS cert widget) should only be submitting old keys to receive new signatures covering new validity period. Not generating new privkeys everytime, which is the actual response to a key compromise. With ephemeral session keys, new privkeys aren’t so much needed (well, google does that often).
> TLS is irrelevant.
No, most 99% of people’s use of it is broken.
If they used an out of band P2P keysigning regime like PGP, then your PGP would be used to sign over and attest to your own server certs. Users would be using PGP for free forever, instead of getting into the decades of PAYOLA SPYWARE of the cert “authorities”, and the HASSLE SPYWARE of “lets’ encrypt”.
And since CA Roots are ROGUE, and BGP and DNS and LAN ARP can all be MITM’d from the ISP all the way to Tier-1… well, the whole web thing is non-worthy of any trust… no user can truly “trust” that whatever website they type is really that site.
Because they’re not using P2P PGP OOB WoT like they were supposed to in the first place.
Oh well.
(Yes PGP WoT reveals the user network, that sucks. But now zero-knowledge might have some application there.)
(WoT has been used among anon groups since the same “string” named account was not available on every platform. Not necessarily limited to “trues” and “email@”.)
> contributor
At least you are one of few who know the value of anon dev.
No one should have ever used WoT, nor any of the PGP features designed to support WoT. And the name servers were never designed to face a hostile internet, and they have now died, though PGP sails right along as if they were still up, causing much confusion.
PGP always sucked, and now that Git supports SSH signatures, its major remaining use case has gone away.
> name servers
DNS was obsolete the day Bitcoin was released, if not earlier.
Tor somewhat obsoleted webhosting, but since the govt employed fags trannies pronouns jews and leftists at Tor refuse to add reclocked fulltime background fill traffic, any onion can be physically located by the NSA in about 5 minutes.
pgp wot is fine if you trust degrees of freedom (and don’t mind exposing some of that network if someone shares their key that you signed… at least until ZKP is used to avoid that problem).
pgp is as fine as any other standalone signing tool to sign shit. same as signing with ‘ssh’ or pissing in the snow.
no, email is not a mandatory use case for pgp, put whatever the fuck you want in the uid field or leave it blank.
A standalone signing tool, to be useful, requires everyone to see the same signing key. Which is what Blockchains are good at, and pgp nameservers were not good at, and now they do not work at all.
Putting the keys on git is a good enough workaround.