Starting to understand why #OpenPGP has never really dominated :-)

I wonder what is the best practice to remove #passphrase from #OpenPGP subkey. I’m using #gnupg2. I’ve spend hours on this and still not able to do it :-(

I.e. I have this:

$ gpg -K
/home/jarkko/.gnupg/pubring.kbx
-------------------------------
sec   rsa4096 2019-06-24 [C] [expires: 2024-07-04]
      5107E66D34788A93E3227C903AB05486C7752FE1
uid           [ unknown] Jarkko Sakkinen <jarkko.sakkinen@iki.fi>
uid           [ unknown] Jarkko Sakkinen <jarkko@kernel.org>
uid           [ unknown] Jarkko Sakkinen <jarkko.sakkinen@tuni.fi>
ssb   ed25519 2019-06-25 [S] [expires: 2025-07-27]
ssb   rsa4096 2020-08-11 [A]
ssb   rsa4096 2022-03-21 [E] [expires: 2024-03-20]
ssb   ed25519 2022-12-29 [A]

And I want to remove passphrase from #ed25519 #authentication #key.

Maybe a few years and #Apple will be out with #iTape, the appliance for time machine backups :-)

Looking #LTO #tape #drives :-) I might get one at some point to support my #NAS. There's a lot of options below 1000 EUR range, and tapes are neither that expensive, when archiving frequency is maybe few times a year.

Xfig looks still hot tho :-)

Learning #Inkscape in order to substitute #LibreOffice Draw. I moved into LibreOffice Draw some years ago from #Xfig, only because it had turned into legacy. However, I've learned over the time that the structural complexity of actual diagram tools tend to take my focus away from the actual problem, and more into fiddling between the choices in the tool itself.

I created my own12 cm x 9 cm template, which are pretty good starting point metrics (and aspect ratio) for many situations, especially when you have to embed pictures. These metrics are also in good harmony with the primitive (but functional) connector tool of Inkscape, and on keeping complexity of the diagram low :-)

... was not fun to not reach the machine for some time lol

… the most important thing to remember post installation :-) #systemd

$ sudo systemctl mask sleep.target suspend.target hibernate.target hybrid-sleep.target
[sudo] password for jarkko:
Created symlink /etc/systemd/system/sleep.target → /dev/null.
Created symlink /etc/systemd/system/suspend.target → /dev/null.
Created symlink /etc/systemd/system/hibernate.target → /dev/null.
Created symlink /etc/systemd/system/hybrid-sleep.target → /dev/null.

Installed #Debian 12 to my #desktop #PC (migrated back from #Ubuntu). Recent switch to #Intel #ARC #GPU considerably lowered the barrier.

A shallow #Git clone with shallow clones of the #submodule’s:

git clone --depth=1 \
          --recurse-submodules \
          --shallow-submodules \
          <URL>          

#note

https://github.com/keystone-enclave/keystone/issues/350

A generic flashing and verification script draft (will be edited over time):

#!/usr/bin/env bash
#
# Authors:
# Jarkko Sakkinen <jarkko.sakkinen@tuni.fi>

set -e

if [ $# -ne 2 ]; then
    echo "`basename $0` <payload> <block device>"
    exit 1
fi

PAYLOAD=`realpath $1`
SIZE=`wc -c $1 | cut -d' ' -f1`
START="2048"
END="$((START + (SIZE >> 9)  + 1))"

parted --script $2 mklabel gpt
parted --script $2 mkpart primary fat32 ${START}s ${END}s

PARTITION="${2}1"
if [ ! -b $PARTITION ]; then
  echo "Invalid partition"
  exit 1
fi

echo "Payload: $PAYLOAD"
echo "Partition: $PARTITION"

DD_OPTIONS="count=$((END - START)) bs=512 status=progress conv=sync"

dd if="$PAYLOAD" of="$PARTITION" $DD_OPTIONS
sync

echo "Payload MD5: `dd if="$PAYLOAD" $DD_OPTIONS 2> /dev/null | md5sum`"
echo "Partition MD5: `dd if="$PARTITION" $DD_OPTIONS 2> /dev/null | md5sum`"

#flashing #firmware #image #riscv #CVA6 #Keystone #EFI #note

@linjaaho Pitää todeta, että mullakin on nollatoleranssi sikäli, että en naura misogynisten tai rasististen juttujen mukana, vaan vaihdan seuraa :-) Uskon, että tuollainen kuvakaappaussota pikemminkin vie rasistisia viestejä eteenpäin, koska negatiivinenkin mainos on mainos somessa.

Something that has probably existed forever but I just learned. You can pass status=progress to dd, and it will show progress. #note

@linjaaho Epäsuosittu mielipide ehkä, mutta mielestäni kaikkeen toksiseen läppään ei pidä puuttua, vaan sille pitää kääntää ainoastaan selkänsä. Siihen pitää puuttua vasta silloin, kun se aiheuttaa todellista henkilöön tai yhteiskuntaan kohdistuvaa uhkaa. Nollatolerenssin kanssa on menty ehkä vähän överiksi, tai se on otettu vähän liian kirjaimellisesti ja laput silmillä.

Would be nice if you could at least simulate #keystone with widely available SBC's, even with insecure #attestation (or no attestation at all). #riscv #opensbi #sanctum.

https://github.com/keystone-enclave/keystone/issues/339

@linjaaho joo ja ihan liberaaleiltakin tyypeiltä saattaa kaatokännissä tulla wa-viesteissä ties mitä päätöntä läppää.

Fom now on you are required to scp -O to your router instead of scp with no flags whatsoever. #openwrt

I love the new #feature in #openssh, which breaks backwards #compatibility with e.g. #dropbear with the default options: https://www.openssh.com/txt/release-9.0 #ssh

OK cool:

$ sudo apt dist-upgrade
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
Calculating upgrade... Done
#
# You can verify the status of security fixes using the `pro fix` command.
# E.g., a recent Ruby vulnerability can be checked with: `pro fix USN-6219-1`
# For more detail see: https://ubuntu.com/security/notices/USN-6219-1
#
0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.

$ pro fix
usage: pro fix <CVE-yyyy-nnnn+>|<USN-nnnn-d+> [flags]
the following arguments are required: security_issue

#ubuntu #cve #security #note