Nathan Willis n8@identi.ca

Inaccessible Island

Nathan Willis, Verified

  • 2017-02-17T17:46:17Z via Pumpa To: Public CC: Followers

    Coining a new term today: selfcongratulacracy.

    Can't wait to use it in a talk at a FOSS conference.

    Nathan Willis likes this.

    Stephen Michael Kellat shared this.

    I bet you feel pretty good about yourself for coming up with that word!

    Christopher Allan Webber at 2017-02-17T17:47:12Z

    Blaise Alleyne , Tyng-Ruey Chuang , Scott Sweeny , Christopher Allan Webber like this.

    I think if you don't like your own comment here, I can't take it seriously.

    Nathan Willis at 2017-02-17T17:48:26Z

    Tyng-Ruey Chuang , Christopher Allan Webber , Nathan Willis like this.

    @Nathan Willis If you don't reshare your own top-post, I can't believe its sincerity.

    Christopher Allan Webber at 2017-02-17T18:32:22Z

    Tyng-Ruey Chuang likes this.

  • Current mood:

    2017-02-15T22:39:28Z via Pumpa To: Public CC: Followers

    Charles ☕ Stanhope likes this.

    but which one are you?

    Dana at 2017-02-15T22:42:15Z

  • Confound it!

    2017-02-15T12:32:59Z via Pumpa To: Public CC: Followers

    It never fails. Openings like this only appear when I have committed to being someplace else for the coming ~1 year.

    https://www.torproject.org/about/jobs-comm-director.html.en

  • 2017-02-13T23:39:04Z via AndStatus To: Public

    I mean, seriously — why can't I have Double Ratchet, OTR, secure timestamping, ZRTP, and some stupid blockchain nonsense running in FOSS on a secure smartcard? "Not a lot of people write smartcard software" and "when they do, it's proprietary" just don't excite me as explanations. #preachingtothechoir

    Lars Wirzenius , Stephen Michael Kellat like this.

    Lars Wirzenius , Stephen Michael Kellat shared this.

  • 2017-02-12T10:51:17Z via AndStatus To: Public

    Possible conference talk topics: the free-software gap in smartcard programming.

    HSPD-12 sorts of smartcards?

    Stephen Michael Kellat at 2017-02-12T21:39:22Z

  • Arrrrrrgh!

    2017-02-10T12:57:43Z via Pumpa To: Public CC: Followers

    Why does this throw a "no module named 'xudd.tools'" ImportError?

    import sys
    sys.path.append("../asyncio")
    sys.path.append("../xudd")
    sys.path.append("../PyPump")
    sys.path.append("../oauthlib")
    sys.path.append("../requests-oauthlib")
    sys.path.append("../dateutil")
    
    from xudd.hive import Hive
    from xudd.tools import join_id
    

    (and not one on xudd.hive)

    Nathan Willis at 2017-02-10T13:02:14Z

    Yes I realize this is intro-level Python stuff in all likelihood, but (a) my brain is only wired for functional languages and (b) packaging/module-loading failures happen in project-specific ways that don't extrapolate to other systems.

    Nathan Willis at 2017-02-10T18:51:14Z

  • PGP Stuff

    2017-02-10T12:40:15Z via Pumpa To: Public CC: Followers

    If anybody out there would like to help me test something, you can send an OpenPGP-encrypted message (content irrelevant) to my old LWN address (nate@ .net).

    I'm trying some hand-futzled message filtering-fu, since that address is now a forwarding-only alias.

    However, I only really need one taker ATM, so if this appeal strikes your fancy, please leave a reply below.

    Send one.. Hopefully to hte right place :)


    If not Let me know and I'll try again

    Freemor at 2017-02-10T13:16:20Z

    If you'd like me to sand another after the various tweaks, just let me know.

    Freemor at 2017-02-10T19:58:41Z

  • Word Station One

    2017-02-10T11:27:46Z via Pumpa To: Public CC: Followers

    Here are various things people may or may not mean whenever they use the term "the media" in some sort of online political argument:

    - Journalists
    - The owners of publishing companies
    - Big-city newspaper front pages
    - The broadcast networks' Nightly News
    - Big Cable News Networks news programs
    - Guest editorials written by celebrities on the opinion pages of big-city newspapers
    - Monthly magazines
    - Talk radio shows
    - Political commentary shows on cable news (as distinct from the news broadcasts)
    - Talk shows where hosts and guests discuss current events
    - The entertainment industry: the commercial TV, movies, music business
    - Entertainment gossip news magazines/shows/sites
    - The advertizing industry
    - Web sites where individual contractors write and publish their own posts and are paid by advertizing revenue
    - Social media networks highlighting popular discussion topics

    These things are not interchangeable. Be precise in your language.

    Charles ☕ Stanhope , Freemor like this.

  • $

    2017-02-10T09:44:17Z via Pumpa To: Public CC: Followers

    Hmm... I have free electricity for most of the rest of a year; I wonder what Bitcoin mining rig I ought to get to take maximum advantage of that.... Ideas?
  • 2017-02-07T22:59:37Z via AndStatus To: Public

    My #OldestInboxMessage is from November 2014. I was pleasantly surprised, but am still curious how others compare on that metric. Do have a reply in Drafts, though. I would say who, since it's a free-software person, but it is kind of embarrassing to reopen old wounds...

    Claes Wallin (韋嘉誠) , Claes Wallin (韋嘉誠) , Claes Wallin (韋嘉誠) , Claes Wallin (韋嘉誠) shared this.

    My oldest is August 2016. I prefer Inbox Zero but I can't delete that message.

    Aaron Gibson at 2017-02-08T05:34:46Z

    @n8@identi.ca At work I keep inbox zero. On gmail I don't move anything out of inbox. So my oldest is from 2006, if I would hazard a guess.

    Claes Wallin (韋嘉誠) at 2017-02-08T06:56:27Z

    Oldest in INBOX is from yesterday. Oldest in =needs-response is from Jan 13.

    Lars Wirzenius at 2017-02-08T08:21:30Z

  • Enough news for the day

    2017-02-07T20:06:14Z via Pumpa To: Public CC: Followers

    I don't wanna talk about Earth stuff.
    #references

    Christopher Allan Webber likes this.

  • SSL

    2017-02-04T11:08:44Z via Pumpa To: Public CC: Followers

    Identi.ca SSL errors anyone?

  • 2017-02-01T11:00:39Z via AndStatus To: Public

    Ugh. This is going to take a while.
    `ImportError: No module named 'xudd.tools'`
    Literally the very first thing I installed with pip. And as unfun as debugging other people's Python is, it's 96 times worse when their GitHub project has the issue tracker turned off.  :rage: :murder: :nojuryintheworld: :canthavenicethings: :abandonware:

  • 2017-01-27T09:48:48Z via AndStatus To: Public

    I'm afraid I can guess the answer to this, but ...
    Has anybody used a free-software program that can browse through photo/image collections that live on a UPnP / DLNA server?
    All the mediarenderers I've encountered either work with audio or with video ( a few do both).

    Did you check out KODI ?

    They do have a clear focus on video, but also handle images and video...

    mray at 2017-01-27T12:50:01Z

  • 2017-01-24T08:34:50Z via AndStatus To: Public

    This sort of BS is exactly why people don't run fully free-software stacks on their mobile devices. Seriously; if you develop mobile FOSS, you stop and fix this crap before you even run your next test build. It's ludicrous.

    Hubert Figuière , Stephen Michael Kellat like this.

  • 2017-01-20T17:32:40Z via Pumpa To: Public CC: Followers

    I'm not a web developer. Ever. Would any web developers like to join forces and help me build a working DescribeYourEffingSoftware .org site?

    {Prompted by seeing this comment thread: https://lwn.net/Articles/711198/ .... I had brought the topic up, only somewhat in jest, in December: https://identi.ca/n8/note/_bbrRVS9RlKXDUOI6RuOkw ... but now I'm thinking about actually trying to push it forward.

  • #Lowlife update 2

    2017-01-20T16:51:30Z via Pumpa To: Public CC: Followers

    More progress made on converting my single-core Atom NUC (which is incapable, for example, of running even a single-tab instance of Firefox) into a useful machine.

    The majority of the CLI & ncurses applications I have installed are a pleasure to use, once one gets used to how to wrangle them. Increasingly, you cannot install applications through your distribution package management system, for instance: so you end up doing things like wrangling a bunch of Python virtualenvs, one-per-app, and installing junk through pip. This seems unsustainable in the long run.

    Hooray if you think this means Snap/Flatpak/AppImage will solve all the world's problems. What it will undoubtedly do, however, is isolate users on desert islands where they are never sure what the right way to install something is (and if there's a security update? forget about it).

    So that's problem #0. Problem #1 is a bit different, which is that no two ncurses applications seem to use the save set of keybinding conventions / command shortcuts — not the same as each other, and not the same as the GUI world. This, too, makes them less useable in the long run,

    An example: The ncurses audio player Cmus, which uses the "C" key to pause and resume playback, and the numerals 1–7 to switch between different views on the audio library. There is literally no reason playback should not be started/paused with the spacebar, as is done in every modern audio/video app.

    Christopher Allan Webber likes this.

    The lack of UI conventions for terminal programs is a real pain.

    Charles ☕ Stanhope at 2017-01-20T17:35:13Z

    Nathan Willis likes this.

    Obviously the solution is to run emacs fullscreen for everything. You'd get consistency, at least...!

    Christopher Allan Webber at 2017-01-20T19:46:40Z

    Charles ☕ Stanhope likes this.

  • Keys

    2017-01-15T09:14:46Z via Pumpa To: Public CC: Followers

    • 1. I recently re-generated some PGP keys in full-on paranoid, proper form (unnetworked live OS, masters stored offline, subkeys on smartcards, embedded JPEG). That part feels good.

      1.a. I still have not found a proper solution to the "turn an existing PGP key into a subkey of another key" problem, which I need to do to consolidate UIDs. A lot of people have my old @lwn.net address; I would prefer to merge the identity in with my others.

    • 2. That tangent aside, the op-sec problem now becomes "what exactly do I do to ensure the security of the storage device that has my master private key on it?" I find surprisingly little written about this topic.

      On the one hand, I want to be able to access it whenever I feel like it, so locking up in a safety-deposit box is right out. But I'm also not the only person who can enter my current residence, so I feel like some sort of security is warranted.

    • 3. That led me down the rabbithole of looking at tamper-evident storage products, which you can easily buy online. (I know are other options; this is just the one I wanted to talk about.) So, in theory, I could seal the storage up in a small box with a seal on it, and know afterward if anyone has opened the box while I was away.

      However, what I can't figure out is how you could prevent an attacker from buying a set of identical tamper-evident seals on Amazon and just sticking a new one on the box after they clone the data off of the thumb drive or whatever.

      And that problem seems to plague all tamper-evident storage options. What am I missing here?

    Show all 6 replies

    Maybe I'm just tougher than you.

    Nathan Willis at 2017-01-15T10:34:22Z

    Regardless, the real question at hand is whether [A] these tamper-evident products are 100% useless or [B] I misunderstand how they're meant to be used — for any bag-contents. They seem to be popular as "bank bags" ... but if you can buy identical replacement tabs in bulk on Amazon, what's the point?

    Nathan Willis at 2017-01-15T14:24:39Z

    @Nathan Willis One thing I've heard of is to paint the keyhole with glitter nailpolish and take a picture of it when it's dried. The nailpolish should make a unique pattern every time you do it.

    I haven't done this myself, though.

    Christopher Allan Webber at 2017-01-15T15:05:33Z

    der.hans likes this.

    Note that this was originally a suggestion for screw heads on laptop, now that I'm remembering right. Maybe it would mess up the lock.

    But maybe you could paint a unique dab of nailpolish on the tamper-evident seal?

    Christopher Allan Webber at 2017-01-15T15:07:35Z

  • 2017-01-14T10:09:00Z via Pumpa To: Public CC: Followers

    Possible conference talk titles:

    "Sustainable funding for free software projects through blackmail."

    Scott Sweeny , Stephen Michael Kellat , Jason Self like this.

    Stephen Michael Kellat shared this.

    I predict standing room only...

    Charles ☕ Stanhope at 2017-01-14T16:38:42Z

    Emotional or another sort of blackmail?

    Stephen Michael Kellat at 2017-01-14T18:00:13Z

    Come to the talk and find out. #SpolierFree #TellYourLocalConfTalkCommittee

    Nathan Willis at 2017-01-15T09:05:04Z

  • 2017-01-13T10:10:04Z via Pumpa To: Public CC: Followers

    Being a little bit scatterbrained this morning trying to organize my thoughts for the various social-media responses to the Republicans voting to end health coverage today.

    So I beg a small amount of mercy from you if I'm ineloquent about things. Presumably that will pass?

    Show all 8 replies

    It's worse than that, because red & white are actual categories. More like "hints of currant and leather with fish," "herbacious finish and reminiscent of grassy meadow with beef."

    Nathan Willis at 2017-01-13T15:58:10Z

    But your example actually describes the flavor, while the color of the wine doesn't.

    Claes Wallin (韋嘉誠) at 2017-01-13T20:15:26Z

    >> Nathan Willis:

    “I feel like we should put all discussions about "what should we do" and policy details into the 'we'll agree to disagree' category.
    I tried not to voice my opinions in this post for that reason; I'm just expressing the frustration that I experience caused by trying to articulate a little about politics after spending such a long time intentionally not discussing the subject and writing solely about tech instead.”

    My view is rather quite jaundiced. You were looking at it from a policy standpoint. I'm looking at it as someone who works in the agency charged with making it work, who gets frustrated heavily with trying to make it work, and was on the receiving end Thursday from a hysterical lady over an ACA mechanics issues that frankly almost got her watchlisted as she came way too close to qualifying for "suicide caller" handling.


    There's a reason I keep trying to run away from being a federal civil servant. Above is just one facet as to why.

    Stephen Michael Kellat at 2017-01-14T04:06:57Z

    >> Nathan Willis:

    “Perhaps I'll just change the subject and talk about fonts instead. Here's a starter: the entire notion that "serif" and "sans serif" are the top-level categories of Latin typefaces is a modernist lie brought about by lack of historical awareness with a dash of HTML 1.0 specification sprinkled on top.”

    In trying to learn about LaTeX, this font is really calling to me as something I want to style a document in: http://www.tug.dk/FontCatalogue/alegreya/


    I haven't found anything that replicates old-time federal typing pool typewriter, though. This vision of the past from LANL kinda intrigues me: http://tug.org/TUGboat/Articles/tb10-4/tb26sydoriak.pdf

    Stephen Michael Kellat at 2017-01-14T04:13:06Z