Liz Denys

Keybase updated their verification methods to include a command line method that relies on echo, gpg, perl, and curl. I really like this so-called "hardcore mode" because it uses only tools I already trust - I don't have to install anything from Keybase. The process involves running a script they provide, and you get to read through it and see exactly what it will do.

This actually happened a few months ago, but I just used it to verify my Keybase identity. I'm excited to see Keybase improve the web of trust.

i

I sit down in my premium economy seat, the abbreviated way of saying "economy as it was fifteen years ago, but at a higher premium," and deeply internalize my physical constraints for the next six hours. A small box outlined by my seat, the side of the plane with its tiny window, the seat in front of me, and a precise, though invisible, boundary between myself and 19B. I grab a thin paperback out of my bag before sliding it underneath the seat in front of me.

It's just barely light out, and I won't be turning on the light above my seat. I have less than an hour to spend peeling through my book's pages before the night will fall, the plane's lights will dim, and a redeye passenger such as myself should fall asleep. I think to myself that I should have packed a hardcover instead - this paperback will certainly bend and fold on its way to wherever it ends up between me and my seat - but a hardcover wouldn't have packed well.

It doesn't matter. Black inks on bound textured pages with their soft scents are familiar feelings. I can read them on planes, on trains, in cafes, or between the sheets of my hotel bed and feel at home in their arms.

ii

I was afforded a recommendation for a book I do not own and another recommendation for a place to find it. I make my way to what is apparently their new store, just one address over from its predecessor, south of the Tottenham Court Road station. It's a bright white all over, like at the start of a new lease where the owners kindly paid for a new coat of sterile paint for the apartment walls. There are many books on many warm wood shelves on many open floors, and each book knows precisely where to reside and how far apart from every other book it should be. Well, they know those details until someone like me comes along and plucks them from their shelves. Gives them new life outside the store. Or instead confuses them just enough that they can't find their way home on their own and end up on a mobile, metal shelf for refiling.

But it's the twenty-first century and we have a mobile app. Just type in some information about a book, and receive where it can be found and how many copies are available. Drat, the recommendation would usually be in Fiction W, but it's currently out of stock. Pop over to searching a few book sites back in the States and no dice to find it directly. I didn't actually want to purchase it from either of the two giants, but if at least one of them had it, my local bookstore could order a copy with some luck.

iii

Off to the poetry section - I find staff picks the most useful here because while I like poetry, I am not a good judge of the genre. I pull the top copy of a staff recommendation off a stack, lift open its cover, and am taken by the boldness of this paperback's particularly stiff cover as my fingers grace it. Maybe this is why the store's walls are so coldly white, to contrast how much life resides within its books.

I read a few lines, smile, and remember how much I love the escape of poetry and how grateful I am that someone more well-versed than I will curate it for me. I read a few more lines, glance up, read another, and am reminded about how this process causes me to tie together poems and the places I am when I read them. I pop in and out of the fragmented world of the poems and the one around me such that they begin to quickly meld into one. And they are. I am there, in those pages, in the moment, in that place. Poetic Scientifica still feels like Portland, and Bright Travellers has already begun to feel like London between my hands.

These thoughts pass. I read the next page, put the book down, and remember I still need to purchase it. And I do.

iv

I know I've already made the one purchase I allotted for this trip, but I can't help myself from browsing more. I'm a bouncy, smiling cliché just shy of twirling through the stacks. So many more books to buy - there are always more books I desire to read - but especially on vacation, especially now with a suitcase already overflowing with tea, I cannot.

So I jot down titles, authors, notes within my graph paper notebook to take advantage of this store's curation. I know that this store's arrangement - the way it highlights some stories and relegates others to distant corners - must be studied carefully before I leave it behind. I turn careful placements in the reality that surrounds me into two-dimensional scratches in hopes that I can remember enough of the feelings that prompted me to want the books I note.

Curating a list for my future self through the curation of another. Touching the pages and reading early excerpts to see what sticks. Seeing another's nose in a novel you were considering and the smile across his face as he closes it.

The art of the physical bookstore that I hear is dying. Today, for me, it is very much alive.

When I'm plowing away at a project, I almost always feel confident in my abilities. Sometimes, I question if I am a good enough engineer, designer, or statistician, but once I get started, my excitement transforms those doubts into motivation.

But all bets are off as soon as I want someone else to be excited about me and my work - I feel like an impostor. I often feel like I can't be a real software engineer or a data scientist because I do this work within a finance company. I frequently don't feel like a singer or designer because no matter how deep I dive, I have no plans to pursue either professionally. I love the life I live because I span a lot of fields instead of fitting neatly inside a box, but I have trouble feeling like that's something other people will appreciate.

I know I am wrong.

I'm working on fighting it. I haven't figured it all out yet, but here are some things that have been helpful for me:

• I maintain a list of things I'm proud of. Some are tangible things like code I've written to solve a problem; others, like someone I respect thinking I'm talented, aren't. Looking over this list makes it harder for me to dismiss myself as having done nothing worth discussing.
• I write down small, even very small, projects that I'd like to see happen. When I'm feeling as though I don't bring enough to the table, I find a bit of time to knock out one of these projects. I get to add another small accomplishment to my list and benefit from something that makes my life a little better, too.
• Instead of shying away from seeking an opportunity I want but don't think I deserve, I ask a friend to read over my application or talking points and hold me accountable for following through. I find it easier to feel proud of things I've done when my audience is a friend - it's less intimidating when I already know they believe I'm qualified. I'm betting that enough practice with writing first to a friend will translate into being comfortable writing about myself without this step.
• I remember to pat myself on the back for trying. It's all too easy to decide that not finishing a project or getting a conference talk means you didn't do anything, but that's wrong. You tried, and by trying, you get to think about what didn't work and how to do better when you try again. Or at least feel a little bit more comfortable putting your neck on the line. I can't say thinking this way about failure is easy - it's not. I've been upset on more than one occasion over not getting what I wanted, but after a bit of distance, I make it a point to think of my attempts as accomplishments.

I'd be lying if I said doing these things have eliminated my impostor syndrome, but they've helped me make progress. And I'm going to keep on fighting it.

Keybase seeks to be a "public directory of publicly auditable public keys" with simpler usernames than PGP and verified account linking to popular sites such as Twitter and GitHub. This is awesome because "PGP for humans" is long overdue and because I snatched up the namespace liz.

Linking my verified public PGP key with Keybase was easy enough by using gpg on a trusted machine and copying into their web client. I associated my PGP key with fingerprint 89CB 0766 5EB4 2515 EE7F 3FAA E0B9 3B4A 4E8E A664 to the username liz, but this doesn't establish much in the way of my identity.

PGP's standard for establishing identity, the web of trust, is complicated and non-intuitive - I trust my friend Nelson's key, Nelson trusts Anders's key, Anders trusts Alex's key, and Alex trusts Ceres's key, so naturally, I should believe 9D06 536F FD85 F747 8846 CAAD 7688 4EEA 6E6D 80F4 is Ceres. Instead of relying on trusting a chain of signatures, the bread and butter of Keybase's directory is using accounts on popular and personal sites to establish identity. While this is arguably insecure because such accounts can be compromised (though so can PGP keys), I already have mappings from people to those accounts and am inclined to believe that their keys belong to them after they've established those accounts on Keybase.

Unfortunately, I couldn't find a way to securely establish @redroselet, lizdenys on GitHub, or lizdenys.com as liz. Uploading a client-encrypted copy of my private key was right out - if a malicious attacker com­pro­mis­es Keybase's soft­ware, they'll have access to my key and could get my passphrase the next time I type it. The only other option is the Keybase command line client, which is already more appealing to me because I love living my life inside a terminal (really).

The Keybase command line client installer depends on npm. The machine I trust with my PGP keys is running Ubuntu 12.04.4 LTS (Precise Pangolin), which is supported until October 2017. The version of node in apt is 0.6.12, which is older than the minimum required version to install keybase. This is unfortunate because apt-get authenticates packages as an entity I trust because I trust my operating system. If I install a later version of node, I either need to trust another party, whom I may not be able to easily verify as trustworthy, or build npm from source myself, which requires that I understand how the node source code and a packaging system I've never seen before works to my satisfaction. Beyond that, I couldn't easily figure out if npm authenticates packages. It doesn't seem particularly safe for me to trust my valuable PGP keys to this system.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

So I'm liz on Keybase.io, and I'm refusing to verify myself.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)

iQIcBAEBAgAGBQJTOYAgAAoJEOC5O0pOjqZkiK8QAIhBS85fxa/W3q9yQUEKCuMy
sWwWSaSEDDj494p86Rh6IvBMJfNxkkCLrW8RJr03Y4v2mCkCQ/n6i03ro2AvKZbt
bHoDPL+dfqA5DVU7LOmy6WNXkX77eXGYkOAkWeWt/VLE9ZRmuGJJYXlvs04mgU1k
hj1eN7eBP5VR6+Q4kse6o8+a/Yr71YE4w/4BWQbnL3vgqGnrmP836rbx1RnoEI5t
2+yYX++piIasbT1RJtbetJwcR2SBBpFlll9B1QFAIqxxJE+ccBzxXnwyW7OTQsFf
ykMl0v2REFjCGaxyrluuVz6ZiXEu1FYYuO6TdJGUN3s3loRZ6a4MaF6u0l3qtNDi
uVAQm5RK5lS6nt5W+cWkIZNtTewFItX8IvTx7MOpE5hdB+Qvj6IKQqkEYyrY+r43
drR3gYklQUAAoZwWlnjdkUSxYEM9/SO/AW6c5awJUXB1mcn5qCDXjsVioLWYtKDo
fraKvZc0xMUktRBVG7e/8t1zu1O/ixvOo6aLMyuVIfsspy5XhXbR4STHBJzFOMoK
3AMpPIATdWFJOn35tZXWgjd7QFE46nTqZgK0co2QY60aWO2oI8lI9YLVMwHm6vyJ
vhEZGyaJ9MPN5vbWc4tdjCNzU7tv1zUyUJNLtBQ1yWUaCJldQYW8AO1wUNpzbk79
RYEUUgRtrPKkb4Cdh/09
=s/8d
-----END PGP SIGNATURE-----

So I made a purse shaped like the Gogo Yubari's meteor hammer for a Kill Bill themed party...

The spherical shape comes from quilt batting stuffed between the beach ball style outside and a stiff dodecahedron lining. The body is hand-painted, punched out vinyl over black neoprene. All the stitching was done by hand, and this project probably took about 20 hours - though a lot of that was spent fumbling around with prototypes.