y.st./compiled/en/weblog/2015/03-March/11.xhtml

<?xml version="1.0" encoding="utf-8"?>
<!--
                                                                                     
 h       t     t                ::       /     /                     t             / 
 h       t     t                ::      //    //                     t            // 
 h     ttttt ttttt ppppp sssss         //    //  y   y       sssss ttttt         //  
 hhhh    t     t   p   p s            //    //   y   y       s       t          //   
 h  hh   t     t   ppppp sssss       //    //    yyyyy       sssss   t         //    
 h   h   t     t   p         s  ::   /     /         y  ..       s   t    ..   /     
 h   h   t     t   p     sssss  ::   /     /     yyyyy  ..   sssss   t    ..   /     
                                                                                     
	<https://y.st./>
	Copyright © 2015 Alex Yst <mailto:copyright@y.st>

	This program is free software: you can redistribute it and/or modify
	it under the terms of the GNU General Public License as published by
	the Free Software Foundation, either version 3 of the License, or
	(at your option) any later version.

	This program is distributed in the hope that it will be useful,
	but WITHOUT ANY WARRANTY; without even the implied warranty of
	MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
	GNU General Public License for more details.

	You should have received a copy of the GNU General Public License
	along with this program. If not, see <https://www.gnu.org./licenses/>.
-->
<!DOCTYPE html>
<html xmlns="http://www.w3.org/1999/xhtml">
	<head>
		<base href="https://y.st./en/weblog/2015/03-March/11.xhtml" />
		<title>Twitter and pinentry vex me, but email (including PGP) is up &lt;https://y.st./en/weblog/2015/03-March/11.xhtml&gt;</title>
		<link rel="icon" type="image/png" href="/link/CC_BY-SA_4.0/y.st./icon.png" />
		<link rel="stylesheet" type="text/css" href="/link/basic.css" />
		<link rel="stylesheet" type="text/css" href="/link/site-specific.css" />
		<script type="text/javascript" src="/script/javascript.js" />
		<meta name="viewport" content="width=device-width" />
	</head>
	<body>
		<nav>
			<p>
				<a href="/en/">Home</a> |
				<a href="/en/a/about.xhtml">About</a> |
				<a href="/en/a/contact.xhtml">Contact</a> |
				<a href="/a/canary.txt">Canary</a> |
				<a href="/en/URI_research/"><abbr title="Uniform Resource Identifier">URI</abbr> research</a> |
				<a href="/en/opinion/">Opinions</a> |
				<a href="/en/coursework/">Coursework</a> |
				<a href="/en/law/">Law</a> |
				<a href="/en/a/links.xhtml">Links</a> |
				<a href="/en/weblog/2015/03-March/11.xhtml.asc">{this page}.asc</a>
			</p>
			<hr/>
			<p>
				Weblog index:
				<a href="/en/weblog/"><abbr title="American Standard Code for Information Interchange">ASCII</abbr> calendars</a> |
				<a href="/en/weblog/index_ol_ascending.xhtml">Ascending list</a> |
				<a href="/en/weblog/index_ol_descending.xhtml">Descending list</a>
			</p>
			<hr/>
			<p>
				Jump to entry:
				<a href="/en/weblog/2015/03-March/07.xhtml">&lt;&lt;First</a>
				<a rel="prev" href="/en/weblog/2015/03-March/10.xhtml">&lt;Previous</a>
				<a rel="next" href="/en/weblog/2015/03-March/12.xhtml">Next&gt;</a>
				<a href="/en/weblog/latest.xhtml">Latest&gt;&gt;</a>
			</p>
			<hr/>
		</nav>
		<header>
			<h1>Twitter and pinentry vex me, but email (including <abbr title="Pretty Good Privacy">PGP</abbr>) is up</h1>
			<p>Day 00004: Wednesday, 2015 March 11</p>
		</header>
</p>
	I registered an account with <a href="http://freeola.com/">Freeola</a> today, thinking I could set up email at my own domain through them.
	However, it seems they only offer that service for domains registered through them.
	Even if I wanted to transfer my domain to Freeola, which I don&apos;t, Freeola does not support <code>//st.</code> domains.
</p>
</p>
	I have still not received a response from Zoho, but I decided to try again to register there.
	Registration is back to being functional.
	So now, I have email up and running.
</p>
</p>
	The main reason I needed to get my email account set up so quickly is that without an email address, you can&apos;t register accounts in most places.
	Now that I have email access, I began setting up accounts.
	First, I tried to register an account at the <a href="ircs://volatile.club:6697/">Volatile Club</a>.
	However, services are currently down.
	Next, I registered at <a href="ircs://irc.oftc.net:6697/">OFTC</a>.
	After that, I thought a bit, and decided to get onto Twitter.
	It&apos;s a decent source of quick news for when I&apos;m on my break at work.
	However, Twitter does not seem to like me.
	They locked up my account within about ten minutes, and I hadn&apos;t even done anything.
	I couldn&apos;t tweet to Twitter support with my Twitter account on lockdown, so I decided to try email support, which meant I needed to get my <abbr title="Pretty Good Privacy">PGP</abbr> key set up.
</p>
</p>
	And cue more technical difficulties.
	As you&apos;ve no doubt guessed from my previous entries, I rely on a password database application called KeePassX.
	I don&apos;t actually know any of my passwords, they are all stored in an encrypted database, and I paste them into whatever application is asking for a given password.
	Enigmail refuses to allow me to paste the password needed to use my <abbr title="Pretty Good Privacy">PGP</abbr> key! I ended up sending the letter without signing it because I thought it would take at least until tomorrow to fix the problem.
</p>
</p>
	I tried to register at SourceForge, because the Enigmail forums are hosted there.
	No dice.
	I wanted to report the issue there and find out for sure if it was an accidental bug in need of fixing (similar to the bug in Irrlicht that prevents pasting text into Minetest) or an intentional anti-feature.
	With nowhere else to turn on the Enigmail issue, I decided to ask around in <a href="ircs://irc.oftc.net:6697/%23nottor">#nottor</a> and see if anyone there knew of a better email client and/or plugin for sending <abbr title="Pretty Good Privacy">PGP</abbr>-encrypted/signed email.
	Instead of recommending a new mail setup, cacahuatl showed me <a href="http://blog.philippbeck.net/security/enigmail-pinentry-paste-problem-thunderbird-gpg-gnupg-163">how to trick Enigmail into accepting the password</a>! Additionally, it seems that the issue <a href="https://bugs.launchpad.net/ubuntu/+source/pinentry/+bug/326132">is an intentional anti-feature</a>, not a bug.
	This auto-type feature of KeePassX is great news though! Using this same feature that bypasses Enigmail&apos;s anti-feature, I can also work around Irrlicht&apos;s bug.
	I can now store my Minetest passwords in my KeePassX database.
</p>
</p>
	At work today, I learned that both the government and criminals have access to these scary devices called &quot;<abbr title="international mobile subscriber identity">IMSI</abbr>-Catchers&quot;.
	These devices are used for man-in-the-middle attacks against mobile devices.
	They pretend to be legitimate cell towers, capturing and tracking traffic and device information.
	Law enforcement uses this data to take roll at protests, for example, and <a href="https://firstlook.org/theintercept/2014/02/10/the-nsas-secret-role/">the <abbr title="National Security Agency">NSA</abbr> uses it to track targets to be taken out</a>.
	Criminals use this to steal credit card numbers and passwords.
	The government&apos;s use of this technology is much scarier.
	All my traffic is run encrypted through <abbr title="The Onion Router">Tor</abbr>, so credit card information and passwords cannot be stolen locally.
	But tracking by the government for their evil purposes is still a possibility.
	I doubt the government would bomb me, honestly.
	I&apos;m not a threat to national security and they don&apos;t need any more bad <abbr title="public relations">PR</abbr>.
	But head counts are a realistic invasion of privacy.
	I suggest everyone use a prepaid anonymous <abbr title="subscriber identity module">SIM</abbr> card if they have a mobile device, and install <a href="https://secupwn.github.io/Android-IMSI-Catcher-Detector/">Android <abbr title="international mobile subscriber identity">IMSI</abbr>-Catcher Detector</a>.
</p>
</p>
	We got a spammer in <a href="ircs://irc.oftc.net:6697/%23tor">#tor</a>, repeatedly asking <q>WHAT IS THE FUTURE OF TOR? WHATS PLANNED FOR 2016?</q> in full capitals and pinging everyone.
	One thing led to another, and arma said a way we could all help prevent this sort of spam was by answering <abbr title="The Onion Router">Tor</abbr>-related questions online.
	I took a look at the linked site, and saw a very interesting one: <a href="https://tor.stackexchange.com/questions/3274/why-does-claws-mail-included-in-tails-generate-pgp-keys-with-only-1024-key-lengt">Why does Claws Mail included in Tails generate PGP keys with only 1024 key length?</a>.
	Claws Mail can use <abbr title="Pretty Good Privacy">PGP</abbr>!? The whole reason I use Icedove is because I never found a way to get Claws Mail to use <abbr title="Pretty Good Privacy">PGP</abbr>.
	I tracked down and installed <a href="https://www.claws-mail.org/plugin.php?plugin=gpg">the appropriate plugin</a>, as well as Claws Mail, then purged Icedove.
	The Claws Mail <abbr title="Pretty Good Privacy">PGP</abbr> plugin has the same anti-feature that Enigmail does, the one that prevents pasting of passwords.
	It turns out pinentry is not Enigmail-specific, and is also used by the <abbr title="GNU Privacy Guard">GnuPG</abbr> plugin for Claws Mail.
</p>
		<hr/>
		<p>
			Copyright © 2015 Alex Yst;
			You may modify and/or redistribute this document under the terms of the <a rel="license" href="/license/gpl-3.0-standalone.xhtml"><abbr title="GNU&apos;s Not Unix">GNU</abbr> <abbr title="General Public License version Three or later">GPLv3+</abbr></a>.
			If for some reason you would prefer to modify and/or distribute this document under other free copyleft terms, please ask me via email.
			My address is in the source comments near the top of this document.
			This license also applies to embedded content such as images.
			For more information on that, see <a href="/en/a/licensing.xhtml">licensing</a>.
		</p>
		<p>
			<abbr title="World Wide Web Consortium">W3C</abbr> standards are important.
			This document conforms to the <a href="https://validator.w3.org./nu/?doc=https%3A%2F%2Fy.st.%2Fen%2Fweblog%2F2015%2F03-March%2F11.xhtml"><abbr title="Extensible Hypertext Markup Language">XHTML</abbr> 5.1</a> specification and uses style sheets that conform to the <a href="http://jigsaw.w3.org./css-validator/validator?uri=https%3A%2F%2Fy.st.%2Fen%2Fweblog%2F2015%2F03-March%2F11.xhtml"><abbr title="Cascading Style Sheets">CSS</abbr>3</a> specification.
		</p>
	</body>
</html>