log☇︎
100600+ entries in 0.06s
asciilifeform waves to the cia 'cloud' cluster repeatedly (wai..?) leeching the 193 keyz from last night
spyked: re enumeration, it seems that shithub has this in their public API: https://developer.github.com/v3/users/#get-all-users never tried it though ☟︎
spyked: ah, I didn't think that far yet. I wanna submit some of the ssh keys I have lying around (or see if they were previously submitted).
asciilifeform: spyked: the values to put in equation http://btcbase.org/log/2018-05-11#1812066 ☝︎
asciilifeform: ( i do not know how precisely jurov did it, but can think of several ways )
asciilifeform: spyked: the only even modestly difficult part of the puzzle, afaik, is to enumerate the user set.
lobbesbot: spyked: Sent 47 minutes ago: <asciilifeform> this script takes the format used in jurov's 'phathub' 2016 collection, and produces set of phuctor-compatible keys. do not forget to specify 'legend', the user string, to identify precisely what the key is, otherwise it will remain a mystery forever to reader
a111: Logged on 2018-05-11 09:42 ave1: I have a key with e==35! This one was generated 9 years ago on a redhat linux of that period.
asciilifeform: http://btcbase.org/log/2018-05-11#1812151 << iirc we had the thread; nonprime exponent is cryptologically equivalent to using the smallest prime factor of same as the exponent; the bits set in excess of this, simply help timing/radio/DPA attack to succeed ☝︎
asciilifeform: nao ! at some point i'ma rewrite it. again. and build it around 'naked' rsa moduli, and with variant types of indices, etc. but i have nfi when i will get a chance to do this. ☟︎
a111: Logged on 2016-05-20 18:00 asciilifeform: try to understand how special cases make complexity of a proggy explode.
asciilifeform: ( see also old thread , http://btcbase.org/log/2016-05-20#1469676 ) ☝︎
asciilifeform: additionally, the difficulty of keying in random garbage and having it show up as 'key', has worked to date as primitive, yet 100% effective, spam control. ☟︎
a111: Logged on 2018-05-11 08:49 mircea_popescu: asciilifeform, btw, can the form accept ssh format besides gpg format ?
asciilifeform: http://btcbase.org/log/2018-05-11#1812141 << phuctor was written very tightly around indexing pgp keys, and demands that all keys be indexable in the same ways ( by e.g. gpg-compat fingerprint ) . additionally , it demands that all keys have a human-readable legend, and ssh key format does not give any field for such. ☝︎☟︎
lobbesbot: asciilifeform: The operation succeeded.
asciilifeform: !Q later tell spyked this script takes the format used in jurov's 'phathub' 2016 collection, and produces set of phuctor-compatible keys. do not forget to specify 'legend', the user string, to identify precisely what the key is, otherwise it will remain a mystery forever to reader
lobbesbot: asciilifeform: The operation succeeded.
a111: Logged on 2018-05-11 08:51 spyked: ^ would also like to try $feature. digging through the logs for this, I found http://btcbase.org/log/2017-06-16#1671042 , but unfortunately link is broken
asciilifeform: !Q later tell spyked http://btcbase.org/log/2018-05-11#1812142 << >> http://p.bvulpes.com/pastes/j8MGT/?raw=true ☝︎
BingoBoingo: diana_coman: ty, fxing
diana_coman: BingoBoingo, typos "definte" in http://qntra.net/2018/05/revived-phuctor-breaks-a-big-pile-of-github-developer-ssh-keys-in-return/ and "continuing escaltion " + "Not content to the the big" in http://qntra.net/2018/05/largest-israeli-missile-barrage-in-7-years-of-syrian-war-aggresses-against-iranian-positions/;
BingoBoingo: Holy shit, I wake up with FAR less crackling in my lungs AND a milestone on the path to reddit bags for the reading!
ave1: I have a key with e==35! This one was generated 9 years ago on a redhat linux of that period. ☟︎☟︎
diana_coman: (in case anyone wonders: ref there is to google cloud's "/* we like this prime */" )
diana_coman: so much weird in that set re key generation; many seem to have e=35 which sounds like one step further from "we like 37" (so why not 35, it's a number just as good as 37!)
a111: Logged on 2016-10-04 19:27 mircea_popescu: there is of course jurov's http://explo.yt/post/2016/05/20/Parsing-OpenSSH-RSA-keys-in-Python
a111: Logged on 2016-06-17 19:08 jurov: whoever wants my tool for converting rsa moduli to phuctor, send him to http://explo.yt/post/2016/05/20/Parsing-OpenSSH-RSA-keys-in-Python
a111: Logged on 2017-06-16 15:34 Framedragger: asciilifeform: unless #3 you meant ssh key to rfc4880 pgp converter (http://siphnos.mkj.lt/datadrop/crap-from-scans-to-be-sorted/ssh-to-pgp.py), but again, prolly not. don't remember seeing any phuctor innards tbh (except for fingerprint algo), but could just be me
spyked: ^ would also like to try $feature. digging through the logs for this, I found http://btcbase.org/log/2017-06-16#1671042 , but unfortunately link is broken ☝︎☟︎
mircea_popescu: asciilifeform, btw, can the form accept ssh format besides gpg format ? ☟︎
mircea_popescu: in other lulz, phuctor acts as a de facto ssh to gpg bridge now, can download the gpg style keys.
spyked: (ftr, /me has read some of dood's work, he seems well-regarded by ro math/logic ppl; unfortunately too ensconced in grantola, sorta the bernstein type I guess)
a111: Logged on 2018-05-10 18:40 mircea_popescu: meanwhile lulzdraft upgraded with a "i think i know his mom", also. ima go have lunch, this is a monster.
spyked: http://btcbase.org/log/2018-05-10#1811954 <-- can't help but ask: in the biblical sense? ☝︎
mircea_popescu: well, put the rockchip to the test i guess.
ave1: I can bash script. But I've never scraped in any real volume. So if anybody has hints to servers that can be used for this...
mircea_popescu: ave1, if you feel like taking a break from diddling ada, feel free to walk the github/bitbucket/we db. spit out keys in the republican format ( http://btcbase.org/log/2016-05-20#1469647 ). it'll take a day or two to put in, and the chances of the new set being devoid of lulz are ~0. ☝︎
ave1: For example, https://api.github.com/users/rimolive/keys, has a list of keys, but not the one phunctored. For others the list is simply empty
ave1: And unhappening, I cannot find the broken keys on github... (Also bitbucket ssh-key api gives errors)
mircea_popescu: i suppose in the end that's what phantom.js is doing anywya.
mircea_popescu: basically, scrape its cookie and then fuck it.
lobbes: hell, the rockchip may even suffice for a prototype if anything
lobbes: But, once I learn to properly represent www as ASTs we can have the beginnings of a proper republican archive
lobbes sacrificed an old lappy as the proverbial 'public toilet'; loaded to the hilt with js-crapolade
mircea_popescu: the fucking cheek of these fucktards.
lobbes: yup. was a bitch to get around
mircea_popescu: jesus look at that, redirects to .today, which is fakeproxied by cloudflare and attempts to force javascript being active.
lobbes: hence, needing the hack around the cloudshit
lobbes: mircea_popescu: aye, but try that out for yerself; comes back as 0 bytes
mircea_popescu: ie, not ~exactly~ "picked a random number, tested for no primalities". but biased source.
mircea_popescu: asciilifeform, it seems to me the factors ~aren;t~ normally distributed. ☟︎
a111: Logged on 2018-05-11 04:11 mircea_popescu: asciilifeform, here's a suspicious : so many of these tards have known factors like 2, 3, 5 -- showing there was ~no primality test involved. isn't it bizarre we don't see other factors then, say 111 ?
asciilifeform: http://btcbase.org/log/2018-05-11#1812072 << riemann had sumthing to say re subj iirc ☝︎
mircea_popescu: though at this point ima call it "fix your browser".
mircea_popescu: lobbes, curl will get any url you point it to neh ? curl 'https://archive.is/download/AvNme.zip' > AvNme.zip
lobbes: mircea_popescu: curl will get the 'https://archive.is/AvNme,' but the thing I'm running downloads the 'https://archive.is/download/AvNme.zip'
mircea_popescu: holy shit check this out.
a111: Logged on 2018-05-11 04:16 mircea_popescu: asciilifeform, also webnitpick. see eg in https://archive.is/AvNme how the table cuts off the field ? is there some way to flow it instead ?
mircea_popescu: but i mean... for what part ? plain curl will fetch the page.
lobbes: oh yeah, I've had the automated downloading thing going for months
lobbes: yeah sorry, I'm sleep deprived. I remembered I only need the phantom js shit for the -download- portion, not submit
lobbes: side note, that mass-submit archiver.is script puts mine to shame. You were able to get around the damn cloudshit with that?
mircea_popescu: its funny too, wp counts 3k words, but it's like 85kb. LONG WORDS
ben_vulpes: 'please never give us money or trust us with anything'
ben_vulpes: there is, or was i don't really care to look, something named like that in portland too: "The Open Sourcery"
mod6: I love this post.
mod6: Software Engineer at The Nerdery, Minneapolis, MN << leeel
ben_vulpes: are ukeleles the instrument for people both too poor for a piano and lazy to learn guitar?
ben_vulpes: > especially the varieties you can afford << har har har
mircea_popescu: i'll have to get back to you on that.
ben_vulpes: mircea_popescu: howdja determine "some access to private repos"?
mircea_popescu: asciilifeform, also webnitpick. see eg in https://archive.is/AvNme how the table cuts off the field ? is there some way to flow it instead ? ☟︎
mircea_popescu: asciilifeform, here's a suspicious : so many of these tards have known factors like 2, 3, 5 -- showing there was ~no primality test involved. isn't it bizarre we don't see other factors then, say 111 ? ☟︎
deedbot: http://trilema.com/2018/and-in-things-that-didnt-happen-today-heres-192-cracked-github-keys-some-hotties-in-tech-included-yes/ << Trilema - And in things that "didn't happen" today : here's 192 cracked github keys (some hotties in "tech" included, yes).
mircea_popescu: prolly should re-do the db walk anyways.
asciilifeform: some of the lusers ( i specifically did not bother with exhaustive survey ) swapped keyz since '16, others -- not
mircea_popescu: curious which of the luminaries of pantsuit technologees gets pwnd first.
asciilifeform: at any rate thing oughta be able to stand up to whatever treatment the upstream pipe can give it, nao.
asciilifeform: i assume it's for the pingback feature
mod6: oh yah, there you go
asciilifeform: bahaha fortunately db is o(n log n) nao, since each time mircea_popescu fixes a typo, his wptron loads all 193 keyz...
mod6: but seems to be pretty good anyway
mod6: they go cascading from left to right, looks ok but when you get down to 'jgabrielygalan' there is a funny looking wrap where 'key: 1' is left most justified.
mircea_popescu: hm, is the lining messed up ?
asciilifeform: mircea_popescu: exactly what i wanted, ty
a111: Logged on 2018-05-09 19:21 asciilifeform: hey mircea_popescu ( or anybody else ) do you happen to have a script handy for mass submission of links to archive.is ?
mircea_popescu: incidentally, and for all time : http://btcbase.org/log/2018-05-09#1811668 <<->> http://trilema.com/2018/and-in-things-that-didnt-happen-today-heres-192-cracked-github-keys-some-hotties-in-tech-included-yes/#footnote_4_79316 ☝︎
asciilifeform originally thought 'such small find, what can even be had from it' but mircea_popescu's olive press worx wonderz.
mircea_popescu: you know it took like 30 woman-hours, this thing ? not even counting my time.
ben_vulpes: and also the hn instaban
mircea_popescu: i;d say is one of the lulziest ever.
ben_vulpes quite looking forward to this trilema
ben_vulpes: esthlos: i made a gensym dir in /tmp, passed that to gpg for the workdir, and then various operations take a teardown key, defaulting to true which could be overriden to inspect keyring state should the operator so desire
mircea_popescu: i plan to publish in ~hour.
ben_vulpes: i think mod6's worked that way eventually too
ben_vulpes: esthlos: yeah, that's what i did and i think asciilifeform as well
trinque: esthlos: I don't think anyone demands you use precisely that name, if doing so results in more needless complexity than just picking another.
esthlos: not to make excuses: makes sense to read it
asciilifeform: generally recommended, for folx writing their own.