On Wed, Mar 30, 2022 at 08:47:00PM -0700, Russell Senior wrote: > Ubuntu does not come standard with keybase, fwiw. If it is on your > machine, you (or someone) must have put it there.
On Wed, Mar 30, 2022 at 09:36:25PM -0700, Keith Lofstrom wrote: >... > Isolate the suspect machines from the network. Then > try to learn how and when the keybase package showed up. > Then download a mate-ubuntu install DVD image from a > different source, wipe my test machines, and start over. Turns out that the small network activity (simultaneous trickle of network activity on two machines) was querying the Ubuntu repositories (hosted on AWS!) for updates. Only one machine had keybase, which my notes suggest I manually installed (in early February, Russell is correct) following some dodgy instructions on a webpage howto. That webpage told me that keybase was necessary to verify the authenticity of the repos. Since I have no good way to verify that keybase itself is more trustworthy than the Ubuntu repositories and DNS, I just expunged it. No wipe and reinstall necessary. ---- Web of trust. A comforting myth. Years ago ... I remember key exchange parties, gatherings of geeks (who I mostly didn't know) frantically swapping public keys and other bonafides. I didn't understand that process well enough to trust, either. We also swapped Safeway Club discount cards. I still have the last one I got, for the erratic globetrotting Safeway customer "Ronald Cypherpunki". Keith -- Keith Lofstrom kei...@keithl.com