Doing end-of-the-year security housekeeping and figured it was time to generate a new GPG key with modern defaults. After looking into the model of a main key stored offline (like in a firesafe) and only using subkeys locally, I decided it wasn’t worth the effort. The reality is I almost only use these for signing GitHub commits. 🤷

The cypherpunk fever dreams of key signing parties and a robust web of trust feel pretty far away. Even Keybase is no longer mentioned. We’ll continue to solve this in different ways.

At any rate, my transition statement is linked here and included below.

If you can’t contact your loved ones, or government agencies and relief organizations can’t coordinate, you can’t get anything done. […] A communications system is only useful if you can connect to every other endpoint on the network. If you have power but no one else does, you have a well powered and expensive paperweight (assuming you still have paper). To that point, if your phone has power but the switching station does not, or the cell towers in half the city are down, you still aren’t able to communicate with anyone else.”

—emtcharlie on ArsTechnica

A secret process that requires neither “concrete facts” nor “irrefutable evidence” …

“Instead of a watchlist limited to actual, known terrorists, the government has built a vast system based on the unproven and flawed premise that it can predict if a person will commit a terrorist act in the future,” says Hina Shamsi, the head of the ACLU’s National Security Project. “On that dangerous theory, the government is secretly blacklisting people as suspected terrorists and giving them the impossible task of proving themselves innocent of a threat they haven’t carried out.”

—The Secret Government Rulebook For Labeling You a Terrorist

Yesterday, virtualenv-burrito 2.7 was released. There are two significant changes:

1. All Python packages in the .venvburrito directory are now inside a versioned site-packages directory. For example, if you are running Python 2.7 during the install or upgrade, all packages will now live in lib/python2.7/site-packages.
2. The pip program is no longer user accessible (i.e., in the PATH). You could easily figure out where it’s been moved, but that’s discouraged (and unsupported).

After 14 years, it’s time for a new GPG key adhering to modern standards. You can find my transition statement here. The full-text follows.

x.pose is a wearable data-driven sculpture that exposes a person’s skin as a real-time reflection of the data that the wearer is producing.

—x.pose – xuedi.chen