This Blog Is Not For Reading

A blog, just like any blog, only more so

  • Subscribe

  • Categories

  • RSS Bob Jonkman’s Microblog

    • New note by bobjonkman 2 December 2019
      Don't worry about it. I know that's not really helpful advice, but I've had experiences like this too. I think of it as "the wheels falling off". I suspect everyone has these times, but most people won't admit it. An uplifting aphorism I heard in a movie: "It will all be alright in the end. […]
    • New note by bobjonkman 2 December 2019
      These all need illustrations for the box covers.
    • bobjonkman repeated a notice by nev 30 November 2019
      RT @nev i'm well aware canada's healthcare system is vastly inadequate, but just imagine if the housing system were anywhere near what the healthcare system was like. for-profit housing should be as obscene as for-profit healthcare. flipping houses should be seen as as unethical as hiking up insulin prices.
    • Favorite 30 November 2019
      bobjonkman favorited something by nev: i'm well aware canada's healthcare system is vastly inadequate, but just imagine if the housing system were anywhere near what the healthcare system was like. for-profit housing should be as obscene as for-profit healthcare. flipping houses should be seen as as unethical as hiking up insulin prices.
    • New note by bobjonkman 8 November 2019
      Elois and Morlocks, from another work of fiction co-opted into a user manual for the 1%
    • Favorite 8 November 2019
      bobjonkman favorited something by inkslinger: The fan theory that the Jetsons and the Flintstones are actually contemporaneous to one another -- the Jetsons' sky cities being the land of the wealthy (or formerly wealthy, perhaps, since capitalist wage relations still exist, even in a world with literal robot servants) and the Flintstones being the descendants […]
    • bobjonkman repeated a notice by inkslinger 8 November 2019
      RT @inkslinger The fan theory that the Jetsons and the Flintstones are actually contemporaneous to one another -- the Jetsons' sky cities being the land of the wealthy (or formerly wealthy, perhaps, since capitalist wage relations still exist, even in a world with literal robot servants) and the Flintstones being the descendants of the poor […]
    • Favorite 1 November 2019
      bobjonkman favorited something by ericxdu23: Hi. I'm still here.
    • Favorite 1 November 2019
      bobjonkman favorited something by hubert: ♲ @cryptpad@social.weho.st: Exactly 5 years ago at 16:42, was the first CryptPad commit by @cjdelisle, the start of a very ambitious project to restore privacy in collaboration tools. We believed in it 5 years ago and we thank the 200 supporters and 10000 weekly users from 150 countries that have […]
    • New note by bobjonkman 24 October 2019
      Best thread in a long time! nEVILle Park's ( @nev ) #Arachtober: https://social.coop/@nev/102887815460533048

Debian Wheezy Release Party at KWLUG; Guelph Raring Ringtail Release Party

Posted by Bob Jonkman on 4th May 2013

There’s no end to geeky computer operating system release parties, it seems.

Debian Wheezy Logo

Debian Wheezy Logo

Debian Wheezy is being released on the weekend of 4-5 May 2013, and KWLUG will be holding a party after the regular meeting:

What: Kitchener-Waterloo Debian Wheezy Release Party
When: Monday, 6 May 2013 at 9:00pm (after the regular meeting from 7:00pm to 9:00pm) iCal 4
Where: St. John’s Kitchen, 97 Victora Street North, Kitchener, Ontario Map 4
Bring: Party snack or beverage
Info: Follow the mailing list discussion (April, May)
Online: IRC channel #kwlug on Freenode Web Chat


Ubuntu Canada logo

Ubuntu Canada Circle Logo

In Guelph the Diyode makerspace is the venue for another Ubuntu 13.04 release party:

What: Guelph Raring Ringtail Release Party
When: Friday, 10 May 2013 7:00pm to 10:00pm iCal 3
Where: Diyode Community Workshop, Unit B, 71 Wyndham St. S, Guelph, Ontario Map 3
Online: #ubuntu-ca on Freenode Web Chat
Registration: Guelph Raring Ringtail Release Party on Ubuntu Canada LoCo Events

Tags: , , , , , , , , , , , ,
Posted in Events, GNU/Linux, KWLUG, Operating System, Ubuntu | Comments Off on Debian Wheezy Release Party at KWLUG; Guelph Raring Ringtail Release Party

Pictures from the KW Ubuntu Release Party

Posted by Bob Jonkman on 21st October 2012

The Kitchener-Waterloo chapter of the Ubuntu Canadian Team had a wonderful Ubuntu Release Party today. Laurel Russwurm baked a cake and I made some devilled eggs:

Quantal Cake and Devilled Eggs
Quantal Cake and Devilled Eggs

If you squint a little you can make out the Ubuntu logos…

Ralph brought the official Ubuntu banner:

People at the Ubuntu Release Party behind an Ubuntu banner
At the Kitchener Quantal Quetzal Ubuntu Release Party

That’s Jeff, Sergiane, Raul, Ralph, Karim, Bob, and Henrique.

Then it was time to cut the cake:

Bob Jonkman cuts the cake
Cutting cake is serious business!

And the second shift finishes it off:

The rest of the partygoers
The rest of the partygoers

That’s David, Gord, Bob, Ralph, and Darcy.

Many thanx to Paul for hosting and The Working Centre for the use of St. John’s Kitchen!

Pictures taken by Laurel L. Russwurm and used under a CC BYCreative Commons — Attribution — CC BY license.

Tags: , , , , , , , , , , , , , , ,
Posted in FLOSS, GNU/Linux, Operating System, Software, Ubuntu | 2 Comments »

KW Ubuntu Release party, 20 October 2012

Posted by Bob Jonkman on 15th October 2012

Pictures!

Hello Everybodee! I’m happy to announce that we’ll be having the Kitchener-Waterloo Ubuntu Release Party for the version named Quantal Quetzal, v12.10 at St. John’s Kitchen this Saturday.

The best parties always happen in the kitchen. Although we won’t have access to the cooking facilities, bring along some snack food to share, maybe some blank DVDs, and your laptop or netbook.

Map to St. John's Kitchen

St. John’s Kitchen, 97 Victoria St. N.

Here’s the details:

Saturday, 20 October 2012 from 4:00pm to 8:00pm iCal

St. John’s Kitchen Map
97 Victoria Street North
Kitchener, Ontario Canada

Automobile parking is available through Heit Lane in the Worth A Second Look parking lot; bicyles can be locked to railings at the entrance to St. John’s Kitchen.

Event link: http://loco.ubuntu.com/events/ubuntu-ca/2029/detail/
(Registration is optional, but appreciated)

Tags: , , , , , , ,
Posted in Events, GNU/Linux, Operating System, Ubuntu | 1 Comment »

How to hold a Key Signing Party

Posted by Bob Jonkman on 14th October 2011

Key in lock

Key by Quasimondo

While planning a Keysigning Party, the organizer suggested that among the things to bring:

Some ID would also be a good idea, for those who do not already know you.

No no no.

If people don’t know you, then they shouldn’t be signing your key. If you don’t know someone, then you shouldn’t be signing their key.

Using ID of any sort is assigning trust by proxy to an “authority”. You’re no longer vouching for a person based on your own knowledge, but relying on the “authority” to provide that trust. If you’re going to rely on third-party authorities you might as well revert to a hierarchical PKI and pay lots of money to a certificate authority to assign levels of trust for you.

The point of the keysigning is to associate a key value with a real person, with no opportunity for a Man in the Middle attack [1]. It is not to verify name, address and permission to drive in Ontario.

When I sign your key it is not because the government says that you’re allowed to drive under your name, but I sign your key because I believe that you’re the same guy who drinks Jagermeister and hacks on Blackberries and hangs out at the Syrup Festival. It is based on my personal knowledge of you, and my trust in your claim that you own the GPG key with fingerprint D2CCE5EA [2].

The Web of Trust extends this, so that since I trust your identity and judgment, I’m also likely to grant some level of trust to the people you trust. After a successful keysigning party then I’m going to trust many more people because they’re all trusted by people I trust. And I’ll be trusted by more people, because they trust the people who have signed my key.

So, how do you hold a keysigning party? Here’s an excerpt from the PGP FAQ:

I’ve written complete instructions for holding a Formal Keysigning.

The comp.security.pgp FAQ

Wouter Slegers

This FAQ is copyright © 2001 by Wouter Slegers.

It may be distributed freely in online electronic form, provided the copyright notice is left intact. Since this FAQ is always available from USENET and the PGP network, there should be no problems getting access to it. However mirrors with outdated versions can confuse the users, so I request you not to mirror this FAQ elsewhere.

[…]

Q: What’s a key signing party?

A: A key signing party is a get-together with various other users of PGP for the purpose of meeting and signing keys. This helps to extend the web of trust to a great degree, making it easier for you to find one or more trusted paths to someone whose public key you didn’t have.

Kevin Herron has an example of a keysigning party announcement page [3].

Q: How do I organize a key signing party?

A: Though the idea is simple, actually doing it is a bit complex, because you don’t want to compromise other people’s private keys or spread viruses (which is a risk whenever floppies are swapped willy-nilly). Usually, these parties involve meeting everyone at the party, verifying their identity and getting key fingerprints from them, and signing their key at home.

Derek Atkins has recommended this method:

There are many ways to hold a key-signing session. Many viable suggestions have been given. And, just to add more signal to this newsgroup, I will suggest another one which seems to work very well and also solves the N-squared problem of distributing and signing keys. Here is the process:

  1. You announce the keysigning session, and ask everyone who plans to come to send you (or some single person who will be there) their public key. The RSVP also allows for a count of the number of people for step 3.

  2. You compile the public keys into a single keyring, run pgp -kvc on that keyring, and save the output to a file.

  3. Print out N copies of the pgp -kvc file onto hardcopy, and bring this and the keyring on media to the meeting.

  4. At the meeting, distribute the printouts, and provide a site to retrieve the keyring (an ftp site works, or you can make floppy copies, or whatever — it doesn’t matter).

  5. When you are all in the room, each person stands up, and people vouch for this person (e.g., “Yes, this really is Derek Atkins — I went to school with him for 6 years, and lived with him for 2”).

  6. Each person securely obtains their own fingerprint, and after being vouched for, they then read out their fingerprint out loud so everyone can verify it on the printout they have.

  7. After everyone finishes this protocol, they can go home, obtain the keyring, run pgp -kvc on it themselves, and re-verify the bits, and sign the keys at their own leisure.

  8. To save load on the keyservers, you can optionally send all signatures to the original person, who can collate them again into a single keyring and propagate that single keyring to the keyservers and to each individual.

I’m going to have to put my key signature where my mouth is. Hopefully there will be another key signing party soon, for which I will be more prepared.

–Bob.

[1] Yes, it is still possible to have a meatspace MitM attack if you’re signing keys for people you don’t know and relying on ID. If you’ve never met me before then it is possible that someone mugs me in the parking lot, takes my ID and wears my goofy hat. If you don’t know me you would never be able to tell the difference, and you’d be signing a key for the wrong person.

[2] Although that’s really my PGP key, so as not to divulge the identity of innocent and unsuspecting Key Signing Party Organizers.

[3] Sadly, Kevin Herron makes the same mistake of requiring "Positive picture ID". Please ignore that part.

Key by Quasimondo is used under a Creative Commons by-nc license.

Tags: , , , , , , , , , , , , ,
Posted in Crypto, PGP/GPG, privacy | 1 Comment »

 
Better Tag Cloud