EmreSokullu, nitot, mblaney, gRegorLove, friedcell, cdchapman, zfphvxmxwt, sebsel, jegqowuhzo, vaqqectsjb, KartikPrabhu and [shurcool] joined the channel
#[shurcool]This is still in the early stage of a trial period, but... a milestone I'm happy about it, so I'll share.
#[shurcool]As of last night, I've made it possible for me—after being notified about activity on GitHub issues I'm subscribed to—to be able to read, comment on, and react to said GitHub issues completely through my personal site (and open source software I'm actively developing).
#[shurcool]My goal was to dogfood this software even harder (it's pretty stable and feature complete by now), and most of the issues I deal with are on GitHub, so this only made sense as the next step hehe.
#[shurcool]gotcha. It's already there. and screenshots aren't really needed because there are links to where one can see it in action (in a browser). I just offered to share a screenshot of this particular new use case I found for it.
#KartikPrabhuscreenshots would be useful nonetheless. What is the page for your software?
#[shurcool]it's mentioned at https://indieweb.org/Selfdogfood#Dmitri_Shuralyov. I'll update that to say I use it to read GitHub issues as well... but later on, after the dust settles. who knows, i might end up backing out if the experiment doesn't go well.
#ZegnatIt doesn’t circumvent it, as attacker would still have access to your WiFi and can monitor the data stream. But it does mean the attacker should be incapable of reading the contents of the stream because that is end-to-end encrypted.
#dgoldyes, they have access, but they do _anyway_ via the ISP
#dgoldso https or ssh encryption remains as vulnerable as its ever been
#ZegnatOf course once they are on your network they might try other things. E.g. your DNS requests probably aren’t encrypted, so they might feed you dummy DNS and send you to a fake bank site. HTTPS doesn’t matter then because they are in control of the fake bank site.
#tantekthat's what certificate pinning is supposed to solve
#ZegnatKRACK doesn’t make HTTPS/SSH more or less vulnerable, no. You just have new problems because a network you probably treat as secure no longer is.
#tantekassuming you've at least once before visited your actual bank site
#sknebeldgold: having AES instead of TKIP protects you against packet injection if I remember correctly, so if at all possible you should at least have that. Should be default nowadays, but...
#dgoldI don't think any connection over the internet is free of surveillance, monitoring and logging by state actors
#tantekdgold, your expression "network as secure" seems to imply that a framing of absolute security is possible or even useful as a concept, whereas security is never about absolutes, just about raising barriers
#dgoldoh, no, I don't think any 'secure network' is _possible_
#tanteksimilarly "free of" seems to imply absolute framing, also not helpful for surveillance, monitoring and logging. again, raising barriers is the point
#tantekso there is no point to describing something 'as secure', or 'free of', because it's an impossible goal and thus a distraction from what is achievable
#dgoldit is important, and valid, to make people aware of the fact that their every webclick is monitored
alexhart_ joined the channel
#dgoldjust because there is no point in describing something 'as secure' it doesn't follow that there is no point in describing something as 'manifestly insecure'
#skippytying in with the above discussion about KRACK and state actors and all that ... I would like some level of control and confidence in my DNS queries.
#myfreewebif you care a lot about privacy, you can use Tor as a DNS resolver. otherwise, set up your local resolver to query root servers directly and check DNSSEC signatures (of course not every domain is signed lol… but some are)
#skippymyfreeweb: sure, but my ISP and anyone on the wire can see all my queries. I want the queries themselves encrypted.
#skippyI have a ProtonVPN account. I thought about setting up a Raspberry Pi with an always-on VPN connection and unbound sending requests to the ProtonVPN DNS servers.
#myfreewebTor is not that slow, especially with a local cache in front of it