Ladar Levison

It's been a long time since I posted. I've been busy working. If your want to know what I've been doing, you can look here: forums.lenovo.com/t5/ThinkPad-P-… or here bugzilla.redhat.com/show_bug.cgi?i… and a public imitation of the former, for those without access: bugs.centos.org/view.php?id=17… for a taste.

Hi Everybody! We'll be upgrading the #Lavabit core infrastructure over the next few hours, so if you're a night owl, you might see a short service interruption. If so, don't fret, we'll be back in a jiff. (Or is it gif?)

I'll be appearing on Meet the Drapers tonight ... 3pm PT / 6pm ET ... on the Sony Asia channel. Uverse 3704. Will follow up with a link if one comes my way.

For my #Dallas friends. I'm playing host to Cyrus Farivar (@cfarivar) next week. He'll be in #Dallas to promote his book Habeas Data, (#Lavabit features heavily in chapter 6). Join us Wednesday night, at UTD for, as we talk privacy and tech. It's #free! eventbrite.com/e/habeas-data-…

I know that technology can be fickle to other people, but usually it likes me. So it was a little strange seeing this web page.

Public service announcement. The next round in legal fight over "extraordinary assistance" has arrived. Should anyone decide to grant me access to the filings, I would be much obliged. reuters.com/article/us-fac…

This article is why I build all of my docker/vagrant/virtual machines from isos. My team of benevolent robots are now spitting out 305 roboxes every time I click go. That's 25 operating systems, for 6 hypervisors (5 + docker). Plus my custom magma bots. bleepingcomputer.com/news/security/…

@Netzblume The forum seemed to be working last night. But I disabled it just the same, as it's been replaced by other channels. I also posted an updated PDF. Took a couple hours to get it generated correctly.

Hi folks. Just a heads up. We'll taking Lavabit down for a couple hours this evening to make some much needed, planned system upgrades.

@MrTangent @VessOnSecurity @rx13 @ATX @skiddi33 @matthew_d_green @wire @MySudoApp We developer help, or the funds to hire another senior developer. The code is on GitHub. We currently need to extract the production implementation from magma, and use it to replace the prototype code in the libdime, so we can use libdime to finish the GUI clients.

@kingladar @VessOnSecurity @rx13 @ATX @skiddi33 @matthew_d_green @wire @MySudoApp I cannot wait. Just take your time so that it’s done right. Any way I can contribute? Will there be an audit eventually?

Dear Universe: if the only thing you’ve got against Signal is the use of phone numbers, just install Wire. This isn’t cold fusion, people.

@mbhbox It probably got lost in the noise. You should resubmit. You can also email the engineer directly... the username is support. Pick a subject that isn't spammy.

@kingladar Hey man. I had submitted a support request via form a while back but never got a reply. Any other method of communication?

@Netzblume I didn't know the board was down. I haven't logged into it for quite some time. Only kept it online for posterity. I need to push an updated PDF to the website, but it's harder than it sounds, b/c the Adobe generator crashes whenever I've tried... my focus is on the code.

@CatVsHumanity @lavabit_support I'll forward your tweet to the support engineer via email.

@Danger__Zone_ @lavabit_support No. But guessable addresses are easy to discover through brute force. We support + addresses, which are helpful when it comes to catching vendors who leak their lists.

@lavabit_support has your client list been compromised? I've started receiving phishing emails to my lavabit email address which has never be used with a 3rd party. @kingladar

@jake_b2392 Dark mail is the technology, anybody can implement/deploy... while Lavabit is the service. Our server, magma, is already storing messages in the dark mail format. What we're working on now, is a GUI client, so the server doesn't need to act as a proxy.

@VladMeier @lavabit_support We have a support engineer, but he gets more inquires than he can handle. Personally, I rarely log into Twitter.

@MrTangent Every message uses an ephemeral ECC key pair, but that is just how ECC works.

@kingladar So, does DIME have perfect forward secrecy built in? Ideally it would do away with legacy PGP-type static keys and have some sort of PFS/ratchet for ephemeral keys.

@MrTangent Yes. It's a #DIME implementation option. Run in paranoid mode, rotate your signet/key daily, and then delete the key once the TTL expires (a 1 day later), giving you forward secrecy. 1 day TTL is minimum value, and Paranoid mode ensures you hold the only copy of the key.

@MrTangent @VessOnSecurity @rx13 @ATX @skiddi33 @matthew_d_green @wire @MySudoApp Dark mail solves all your problems, provided I can finish implementing it.

@VessOnSecurity @rx13 @ATX @skiddi33 @matthew_d_green @wire @mysudoapp Speaking of PGP, what do you see supplanting it (for email)? Ideally ephemeral keys/perfect forward secrecy would be used in its replacement. Metadata protection and ease of use would be nice, too. Wondering if @kingladar’s @DarkMailA/DIME will ever take off?

@Netzblume No. I just published an updated STACIE draft last month, that is on the IETF website. I need to publish the most recent PDF. Focus has shifted from spec to implementation.

There is a rumor going around that my #DEFCON talk, "Hacking the Pentagon Climate Control System: A Live Demo" was accepted... for the record, that rumor is only partially true.