500+ entries in 0.135s
mircea_popescu: The
GPG we inherited fucks clearsigned text blocks inside a larger text block being clearsigned as it is clearsigned for reasons that appear to be related to retardation. << well theoretically it's related to in-band signalling, but practically it was too hard to have a proper parser, take CLOSING signature as the signature, had to have 1step parser which "does not know what to do" if it encounters five dashes mid-documen
mircea_popescu: "latest and greatest" asdf is exactly like all the other
gpg 2.0 - gcc 19.firefox & assorted thunderbirds. and François-René Rideau aka fare is still
that infantile dumbass.
mircea_popescu: so koch-
gpg is, out of the box, worse than useless for archival : tar / zip / etc as they exist on unix-likes are fucked in the head enough such that if there's a byte error, either the remainder of the archive or the bytes past that one in the list are lost ; but this can be mitigated at least by having multiple copies.
gpg however, multiple copies are equally useless, if none make it intact the contents is lost, because
mircea_popescu: in other "lulz", in the sense that koch & co are so fucking evil it boggles the mind :
gpg has an ascii armored mode, which however contains no error recovery.
mircea_popescu: eventually that could evolve into detaCHED signature. have tmsr-
gpg issue a one-line base-whatever tmsr standard detached sig for text.
mircea_popescu: da fuck's next, mod6 's patented "let's pass a
gpg'd tarball back and forth" ?
mircea_popescu: and since i've been stuck doing a shitload of these by [slave]hand : the
gpg format is fucking TERRIBLE, the small/caps duality is sheer idiocy (90+% of all errors and general slowdown on top of it because of shift) ;
mircea_popescu: and incidentally, trinque 's otp way the fuck smarter than
gpg's ascii armor format, slavegirl reports. degree of magnitude faster wetware diode if one needn't handle the shift.
mircea_popescu: i dun see the problem, so it takers a minute. current
gpg takes as much, and ssh which doesn't is sucja cryptojoke as to not be worth the mention.
mircea_popescu: "He said that they have also contacted the GNU Arch maintainer about adding
GPG signing. Though it may take some time to develop, the addition of
GPG signing to commits would be a welcome feature. " << see, because we
http://btcbase.org/log/2018-01-24#1775402 over his failure to bring gribble up to spec.
☝︎ mircea_popescu: "To that end, the compromise may actually be a good thing in the long run. Kuhn said that they have contacted the CVS maintainers and have offered to pay for development of features that would allow
GPG signing of commits through CVS -- making it much more difficult for changes to be inserted unnoticed into code held in a CVS repository." << guess how far this made it, 15 years later.
mircea_popescu: pretty sure it was triggered by discussion of
gpg "security" features, other-windows-can-read-keystrokes, how and wherefore idiots ended up stuffing everything in the top context and it's not really x's fault and so on.
mircea_popescu: (the view that
gpg aka koch-rsa leaks bits via signature isn't entirely dispelled even today)
mircea_popescu: you "shit-item-5 ; shit-item-6 ; shit-item-7" > tar >
gpg -aer pubkey > joe.ftp.server
mircea_popescu: nicoleci, how about you write a "how to
gpg on windows" page and put it on eulorum.com
mircea_popescu: hanbot hey, where's the "
gpg guide for windows tards" ? i thought we had this on eulora wiki somewhere but drawing blanks.
☟︎ mircea_popescu: asciilifeform no but how do you call it ? import gnupg ? and then
gpg = ?
mircea_popescu: asciilifeform you can define hooks for replacement. i suspect this might be a theme thing. mine replaces
gpg code with fixed format... apparently her theme replaces :)
mircea_popescu: ideally also has compatibility layer, which allows it to import
gpg 2.0 and 1.4 style keys (and converts them to republican format), verify
gpg 2.0 and 1.4 sigs and decrypt
gpg 2.0 and 1.4 messages (but not encrypt to them).
mircea_popescu: asciilifeform speaking of "taking suggestions" : suppose you bake me a proper drop-in
gpg replacement. in ada, constant time, does FG-aware keygen, signing, verification, and encryption/decription. 100% rsa, none of the "cipher" bs as per current.
☟︎ mircea_popescu: yet somehow can't find a SINGLE chick smart enough to figure out
gpg.
mircea_popescu: 1 gets around the limit on urlencoded puts ; 2 gets around the issues
gpg has with command line.
mircea_popescu:
http://btcbase.org/log/2018-08-18#1842694 << i'd like to expand on this. 1) to dump a file, the better format is curl -Ls -o /dev/null -w %{url_effective} -X POST -F "pastebox=@file.asc"
http://p.bvulpes.com -w %{url_effective} ; 2. to dump a pipe/process, the better format is eg item=`cat ~/.ssh/id_rsa.pub |
gpg --yes --no-tty --trust-model always -aer mod6`; echo $(curl -Ls -o /dev/null -w %{url_effective} -X POST -F "paste
☝︎