I have my own Matrix home server now and I’ve moved over to bsd.network...

@d71107 yeah, unfortunate but I’ve been debating running my own Matrix server; not sure which Mastodon server to switch to though.

I've started wroting a portable version of OpenBSD's signify(1): github.com/kisom/psignify

@stephenjahl now if only their server wasn’t closed source.

@stephenjahl or keybase but I guess that’s more work (also TIL about Tutanota)

macOS is becoming the new Windows: updates taking multiple reboots, which eats up ~30-45 minutes per pass; stability issues; etc not to mention awful hardware. It’s been quite nice being back on OpenBSD at home (and my 5 year old MacBook Air is doing okay), but stuck with this MacBook pro for work.

hephaestus$ uname -a
OpenBSD hephaestus.local 6.5 GENERIC.MP#38 amd64

Good to be back.

(This machine is a T480 with a 1T NVMe drive and 32G of memory...)

@stephenjahl @qbit I’ll have to find time to fix... after I fix the tyrfingr server...

@stephenjahl Hmm, I just set up tt-rss but maybe I should check it out, reduce the amount of php in my life...

It’s now running OpenBSD; still have to work out how to get FDE working.

Kyle boosted


We need to talk about packaging, signatures, checksums and reproducible builds:

On your system you have a keyring of packagers' GPG keys that you inherently trust.

Releases get signed with a key, which verifies the packager as the author, and supposedly lets you and your system trust their contents.

But do you really trust your packagers? How could you? Do you know them personally and monitor their packaging work?

Would you even know if they release a package with malicious content?

@fribbledom It was really heartening to see Debian making an effort towards this.

The problem is intermediates are often signed for ~3 years - just long enough for a lot of the engineers who set them up to have left or to be mostly forgotten because they just work. Three years comes faster than you think...

The core problem is people mostly only think about roots and leaves; it’s not until you get bit by this that it starts to become institutional memory.

Show more
Librem Social

Librem Social is an opt-in public network. Messages are shared under Creative Commons BY-SA 4.0 license terms. Policy.

Stay safe. Please abide by our code of conduct.

(Source code)