logo

blog

My little blog can’t be this cute!
commit: 68d08d3882061c1803fa691345d30788d820c87f
parent: 7599e27d40dbbe71c6728f7a3969a9c63ef052bf
Author: Haelwenn (lanodan) Monnier <contact@hacktivis.me>
Date:   Thu,  3 May 2018 07:40:36 +0200

canary.asc: Update

Diffstat:

Mcanary.asc45++++++++++++++++++++++++++++++++-------------
1 file changed, 32 insertions(+), 13 deletions(-)

diff --git a/canary.asc b/canary.asc @@ -7,7 +7,15 @@ I choosed OpenPGP because it allows to: • have a crypto-signed: text, date, expiration date • make more use of good cryptography -This canary will be updated as often as possible and cryptographicaly expires after 6 months. +This canary will be updated as often as possible and cryptographicaly expires after 2 months. + +## Why a canary? +I originally started it for fun, but I ended up: +• Hosting my own software, which is a good thing btw. https://hacktivis.me/git/ +• Being a proxy-maintainer for few gentoo packages +• Hosting my own social-network instance + +And I will probably have more involvements in the future and I think it's better and or even mandatory to have a canary in thoses cases. ## Statements • anything that can harm and/or have harmed data, received or send to me and or my machines: @@ -21,30 +29,41 @@ This canary will be updated as often as possible and cryptographicaly expires af • my keys are all safe and protected and old ones are revoked and few old ones unuseable(shred) • On 2016-12-17 I made myself a new keyring, the old one was a huge mess… sorry for the mess of revoked keys • On 2017-05-03 04:19:00 I made new (ECC) keys, after hardware failure and no backups or old keys, and so broke HPKP - • On 2018-01-11 I changed my default GPG key set to DDC9237C14CF6F4DD847F6B390D93ACCFEFF61AE and it’s now store only on a Nitrokey Start and a paperkey backup + • On 2018-01-11 I changed my default OpenPGP key set to DDC9237C14CF6F4DD847F6B390D93ACCFEFF61AE and it’s now store only on a Nitrokey Start and a paperkey backup [2] ### Certificates Log (for hacktivis.me) -Begin on/Not Before; Expire on/Not After; Organisation; Serial -2018-01-22T00:24:54; 2018-04-22T00:24:54; Let's Encrypt; 03:56:2e:f8:c5:5f:24:08:4b:52:15:71:03:cf:7d:64:4b:23 -2017-10-23T23:02:20; 2018-01-21T23:02:20; Let's Encrypt; 03:2E:23:BF:A9:31:5C:25:5F:12:00:70:44:12:3E:DB:77:BD -2017-07-25T23:56:00; 2017-10-23T23:56:00; Let's Encrypt; 03:BC:D9:81:CF:CA:53:90:2E:90:B4:D0:81:26:6A:4B:C6:34 +Begin on/Not Before; Expire on/Not After; Organisation; SHA256 Fingerprint +2018-03-22T23:17:24; 2018-06-20T23:17:24; Let's Encrypt; D0:5B:25:9C:3D:2E:E4:FD:78:B5:1C:7C:58:A0:FD:29:81:8E:7F:68:CE:95:D6:4E:CC:84:BD:E0:2A:5F:17:9A +2018-01-22T00:24:54; 2018-04-22T00:24:54; Let's Encrypt +2017-10-23T23:02:20; 2018-01-21T23:02:20; Let's Encrypt +2017-07-25T23:56:00; 2017-10-23T23:56:00; Let's Encrypt -### TL;DR -• I’m safe but you should not have a blind trust on me. +Note: The certificates are automatically renewed by acme.sh, this canary isn't so expect a bit of lag. +Command used for the fingerprint: openssl x509 -fingerprint -sha256 -noout -in ~/.acme.sh/hacktivis.me_ecc/hacktivis.me.cer + +## Recent News +• Void Linux got a central point of failure in their management and are avoiding it: https://www.voidlinux.eu/news/2018/05/serious-issues.html +• Mozilla continues in a weird path with Privacy/Public Relation, they want to show ads again (and hi again to Pocket): https://blog.mozilla.org/futurereleases/2018/04/30/a-privacy-conscious-approach-to-sponsored-content/ +• The new Stardew Valley update calls you out for dating everyone (And so I guess I'm not updating it…): https://www.pcgamer.com/the-new-stardew-valley-update-calls-you-out-for-dating-everyone/ ## Commands used • cp canary.asc canary • vis canary -• gpg --default-sig-expire 6m --clearsign canary +• gpg --default-sig-expire 2m --clearsign canary • shred -u canary +### TL;DR +• I’m safe but you should not have a blind trust on me. + +- -- Inspired by: https://fyb.patternsinthevoid.net/canary.asc and https://github.com/QubesOS/qubes-secpack/blob/master/canaries 1: https://hacktivis.me/articles/La%20neutralit%C3%A9e%20du%20Net%20sur%20un%20wifi%20Orange%E2%84%A2,%20deuxi%C3%A8me%20mensonge +2: https://hacktivis.me/articles/I%20changed%20my%20OpenPGP%20keys -----BEGIN PGP SIGNATURE----- -iHsEARYKACMWIQT4W9xj/ZtK9Ev2uBLVt6jkPJl97gUCWnd7RgWDAO1OAAAKCRDV -t6jkPJl97nh6AQC8y8FTbNJU0Y8OF98n9gMHU1iPvZdbCRUkyCqPYclcwwEAqpno -MUDnteh0Yfjfw3ZVOdPRgLrKAz6tgj5EO5AfZw0= -=8nx9 +iHsEARYKACMWIQT4W9xj/ZtK9Ev2uBLVt6jkPJl97gUCWuqgnAWDAE8aAAAKCRDV +t6jkPJl97v3TAP0fXL5JxGfbL1KMCsdEEoZvUadsGWLXYsqv2PQs/bwQGwEA8s6d +L6IwC18sOoozaqO58SvcLyRtHzMzEED29vqncAs= +=ChCp -----END PGP SIGNATURE-----