ec changed the topic of #elliottcable to: a 𝕯𝖊𝖓 𝖔𝖋 𝕯𝖊𝖙𝖊𝖗𝖒𝖎𝖓𝖊𝖉 𝕯𝖆𝖒𝖘𝖊𝖑𝖘 slash s͔̞u͕͙p͙͓e̜̺r̼̦i̼̜o̖̬r̙̙ c̝͉ụ̧͘ḷ̡͙ţ͓̀ || #ELLIOTTCABLE is not about ELLIOTTCABLE
yorick has quit [Remote host closed the connection]
yorick has joined #elliottcable
<ec> lord I have no idea what I'm doing
<ec> default: Progress: 76% (Rate: 1521k/s, Estimated time remaining: 0:00:54)
<ec> i'm so bad at linux
<ec> such a waste of time and effort i h8 it i h8 it
<ec> *starts from scratch* arg.
<ec> argh
<pikajude> what you scratchin
<ec> after a year-or-so's random research and planning, I'm trying to finally *build* my icebox
<pikajude> oh, i have one of those in my freezer
<Elphaba> lol
<ec> turns out the weird obscure Linux distro I was planning to use is like dead and unmaintained, and I can't make it build
<ec> idk debian things ugh
<ec> after driving around all day writing down fucking GPG keys and taking photos of QR codes, I have a headache, want some fucking dinner, and want to stab everybody who ever thought linux-anything was a good fucking idea
<ec> also my Internet is slow and that's very frustrating
<ec> 12 minutes meh brb watching tv until it's done
pikajude has quit [Quit: ZNC 1.6.3 - http://znc.in]
pikajude has joined #elliottcable
wdfwefewvfgew has joined #elliottcable
wdfwefewvfgew has left #elliottcable [#elliottcable]
<joepie91> ec: I'm good at blending in
<joepie91> :P
Guest56947 has joined #elliottcable
Guest56947 has quit [Remote host closed the connection]
mylesborins has quit [Quit: farewell for now]
mylesborins has joined #elliottcable
ec\_ has joined #elliottcable
ec\ has quit [Remote host closed the connection]
ohhmaar has quit [Ping timeout: 256 seconds]
ohhmaar has joined #elliottcable
<ec> < gqbrielle> elliottcable is a textbook example of unreliable narrator
<ec> awwwuh
<pikajude> i can't believe they have textbooks about those
<joepie91> pikajude: with the advent of self-publishing, there's textbooks about everything!
<ja> wat. @ “after driving around all day writing down fucking GPG keys and taking photos of QR codes”
<ec> ja: no more purr.
<ec> and I was verifying encryption fingerprints on presumed-uncompramised networks
<ec> I've got a kinda play-paranoia thing
<ja> ec: you keep purr in your icebox?
<ec> no
<ec> that would make no sense because the point of an airgapped computer is it can't connect to the network?
<ec> unless ... I went and retrieved the machine, and ran purr discretely, every single time somebody addressed purr
<ec> airgapped IRC bot let's do this.
<ja> lol, nice
<ja> but... QR codes?!...
* ja confused
<pikajude> questionable reality codes
<ja> o i c, pikajude
<ec> one of the safest, easiest ways to transfer data around without using USB drives, in the era of a complete lack of CD drives
<ec> man am I the only security nut in here
<ec> that's kinda surprising, given the membership of this room?
<ec> tl;dr anything with a USB port or plug is fairly trivial to compromise; every publicly documented breach of an airgapped network has been via a USB device.
<ja> idk, I'm just a major noob at mostly everything
<gkatsev> I'm interested in security, definitely not a nut, though
<gkatsev> I did enable 2FA on most of my accounts with lastpass generating and storing passwords
<ec> old-school OPSEC involves CDs, because 1. no firmware, any compromise is going to have to include *executables at both ends*, as opposed to only on one end; and 2. if the airgapped system is executable-compromised, then *exfiltration* over CDs of large quantities of data is difficult — it's very obvious if a CD you intended to burn a small amount of data
<ec> to, suddenly has a huge area burnt
<ec> physically-obvious, that is
<ja> ec: why did you have to drive around writing down keys? do you scatter them across the city, carve them into old trees and such?
<ec> QR codes have the same properties, with the added benefit of it being basically *impossible* to exfiltrate any large amount of data with one, lolol
<ec> ja: Okay, so ground-zero of information-security paranoia is “assume you're already fucked all over” lol
<ec> assuming my local machines are at least partially, if not completely, compromised ... how can I build a new, non-compromised system?
<ec> software checksums and signatures give me a great start ... but if my local network is compromised to the point that someone can ship me backdoored software (or more realistically, dynamically backdoor software that's in transit), then they can easily MITM-doctor signatures, keys, etceteras as well
<ec> “Sure,” GPG says, “this set of checksums was indeed signed by John Doe Developer!” ... except, lol, how do I know that.
<ec> so without a web-of-trust of signatures and known-trusted local public keys, the only way for me to have any confidence in the keys I obtain and verify locally, is basically brute-force.
<ec> so in my little personal “wargaming security” project, I drove around the city to a couple locations with public computers, and pulled up the websites for a small array of critical software I'm about to install on my airgapped machine — the OS distribution, gpg itself, the whole-disk-encryption software, the Bitcoin wallet — and recorded/compared the
<ec> publisher's PGP-keys over separate networks and machines.
<ec> now when downloading and building that software locally, I can be slightly more secure in the knowledge that I'm installing *what the author wrote* onto my security-enhanced machine.
<ec> being paranoid is a fun exercise for the weekend ¯\_(ツ)_/¯
<ec> it's a bit like foxhunting as a HAM, or capture-the-flag infosec games
<ec> not intended to be an accurate reflection of reality, so much as an exploration of the space.
<ja> oh, like that. it all makes sense now.
<ja> ... so how many different public computers did you use?
<ec> that's a handheld YAGI attached to a HT
<ec> lmfao one made out of PVC and measuring-tapes — I love it
<ja> why the tape measures?
<ja> judging from Google Images, seems like a lot of people make them out of measuring tapes, so I thought it had some significance, but I guess not, lololol
<ec> just cheap and widely-available chunks of metal tbh
<ec> and probably because they roll up easily, makes the whole thing pseudo-portable
<ec> ugh so I had a password stolen along with my wallet
<ec> which is what's prompted this whole infosec adventure
<ja> that sucks, dude :<
<ja> at least you got an adventure out of it
<ec> it was one I haven't fully memorized yet
<ec> and have. no. backups. of. argh.
<ja> yeah, I was just about to say: you keep your passwords in your wallet?
<ec> absolutely *struggling* to remember one of the words in the passphrase
<ec> I was trying to memorize a new master-password; ugh I put it off for too long and it was in my wallet for like a couple months
<ec> I have an extremely poor memory ;_;
<ja> maybe it rhymes with something and you'll suddenly recall it when you least expect it?
<ec> ugh
<ja> maybe it was “floccinaucinihilipilification”?
<ec> lmao
<ja> oh man, I never thought I would be using C# for anything *ever*, yet here I am, typing away with pascal case method names, and MSDN is now my new best friend