Profile cover photo
Profile photo
John Wright
101 followers
101 followers
About
Posts

Post has attachment
Sunset from the foothills near my house (30 second exposure).
Photo
Add a comment...

Post has attachment
Last Sunday, on the way back to our car after a relaxing hike at Santa Teresa County Park, Jane and I noticed some giant soap bubbles emanating from the parking lot. A local bubble master (Brian Lawrence) was putting on an ad-hoc show while some people waited for the moon to rise in the sunset afterglow.

We joined the party. It was surreal, beautiful, watching the moonrise with a group of people we had never met.

A little while later, I was enjoying capturing the unbridled joy of popping bubbles as only a child can experience.
Add a comment...

Post has attachment
Milky Way as seen from Rockton, Wisconsin.

There's a bit of nearby light pollution, but overall it's much darker (and the sky clearer) than anything near my home in San Jose.
Photo
Add a comment...

Post has attachment
PhotoPhotoPhotoPhotoPhoto
Saturday Evening in Santa Cruz
29 Photos - View album
Add a comment...

Post has attachment
TL;DR: I am transitioning in earnest from my old GPG key (1024D/0xD14219877A786561) to a newer, stronger one (4096R/0xCC79866F99409084).  I have published a transition document signed by both keys here: http://johnwright.org/key-transition-2014-06-08.txt.asc .  If you have signed my old key, I would appreciate signatures on my new
key as well, provided that your signing policy permits that without
reauthenticating me.

Some history

In 2009 (during DebConf9), I generated a new GnuPG key to replace my aging 1024-bit DSA key (see http://www.debian-administration.org/users/dkg/weblog/48 for context and rationale).  I got some signatures and even published a transition document.  Then I had this shiny new key, safely stored offline, and never actually followed through with the transition...

OpenPGP card on a USB stick

A few days ago I bought a YubiKey NEO (http://www.yubico.com/products/yubikey-hardware/yubikey-neo/) for myself.  Google has been using these internally for second-factor authentication, but I hadn't realized that they accepted JavaCard applets, including one for OpenPGP.  I took out the new key, generated new signing and encryption subkeys (I would have used the original encryption subkey, but the YubiKey won't accept a 4096-bit key, so I revoked that one), and moved them to the YubiKey after backing them up to an encrypted USB drive.

+Neal Harrington wrote a great article on how to set up the YubiKey and move keys to it: http://www.digitalllama.net/2014/03/importing-your-existing-gpg-key-into.html .  I am considering packaging up the required tools and a pre-compiled applet and publishing them to a Deban PPA, but I need to find some free time first...

SSH key on the YubiKey

The YubiKey (or the OpenPGP applet, anyway) has three key slots: sign, encrypt, and auth.  The auth key can be used for ssh - you can generate the key on the card itself (the addcardkey command in the gpg edit-key interface), and use it with gpg-agent with its enable-ssh-support option.  See http://www.gniibe.org/memo/software/ssh/ssh-gpg.html for system setup (in short, you want use gpg-agent as your ssh-agent, and stop GNOME Keyring from acting as ssh-agent and gpg-agent).  Once the agent is running, 'ssh-add -L' will show the public key on the YubiKey in the correct format for ~/.ssh/authorized_keys (no need for the gpgkey2ssh command mentioned in the article).

Still reading?

In all, I've been very impressed with the YubiKey.  My only disappointment was that the OpenPGP applet it comes with only supports generating keys on the device (and naturally the secret keys cannot then be exported for safe keeping), and getting a less crippled applet required fetching and compiling three or four different software packages.

If you're interested in more securely carrying your GPG and SSH (sub)keys,  you don't want to fuss with a smart card reader, and you can stomach a $50 price tag, the YubiKey NEO might be worth checking out.
Add a comment...

Post has attachment
Decided to take pictures of various facial hair styles that were possible to achieve by successively removing hair from the full beard I grew in #Movember.
PhotoPhotoPhotoPhotoPhoto
Shaving the #Movember growth
40 Photos - View album
Add a comment...

from the sickening dept Reinforcing the fact that Chris Dodd really does not get what's happening, and showing just how disgustingly corrupt the MPAA relationship is with politicians, Chris Dodd went on Fox News to explicitly threaten politicians who accept MPAA campaign donations that they'd bette
http://pulse.me/s/5c3ji
Add a comment...

Read this article about the corrupt (yet somehow legal) abuse of material non-public information by congress members to make a profit in the stock market, even at the expense of those they represent.

http://www.cbsnews.com/8301-18560_162-57323527/congress-trading-stock-on-inside-information/?tag=contentMain;contentBody
Add a comment...

American English Dialects
http://aschmann.net/AmEng/
Add a comment...

Post has attachment
Add a comment...
Wait while more posts are being loaded