asciilifeform: 'GnuPG 1.2.3... If you have used ElGamal keys for signing your private key can be compromised, and a malicious keyserver could remotely execute arbitrary code with the permissions of the user running gpgkeys_hkp.'
asciilifeform: ty, to defend you must hire good people who do information security professionally...'
asciilifeform: 'Should have not fallen for pseudosecurity technobuble talk. Should have gotten second opinions. Should have used established information security frameworks and be extremely suspicious on why they are not being used... ...It is a common misconception that to defend against hacking you must hire a hacker. Perhaps you've been watching that old movie "hacker" and lots of other Hollywood produce too much and believed that crap. In reali
asciilifeform: i dun care if it's pronounced 'hoover vacuum co.'
asciilifeform: vorhees was always a scumbag, and it is no surprise to me that his verminous nest is full of scumbags likewise.
asciilifeform: ve a salary and confidence from that team, and then screw them all for barely enough money to buy a Tesla. Oh yeah, and then abandon a dog to starve alone, likely soon to be put down by animal services.'
asciilifeform: 'Bob betrayed us. He betrayed his privileged position, profiting directly from the destruction of those who trusted him. He stole, lied, ran away, and then after being afforded a period of time long enough to reflect upon his actions, decided to betray us again for a few more scraps in his pathetic bowl. Hackers gonna hack, but it takes a certain variety of bastard to ascend to a trusted position, work face to face with a team, recei
asciilifeform: 'Our server admin, in the midst of an investigation into a $130,000 theft, deletes his two keys, and only these two keys, without telling anyone, and then admits on our call that he did it because “they weren’t important.”'
asciilifeform: thing special, but we were content to have a professional taking care of devops at least well enough to enable our engineers to build upon the architecture.' << l0l!!
asciilifeform: 'We hired such a person, and patted ourselves on the back for our proactive decision. On paper, he looked great; the reference we called confirmed his prior role and responsibility. He’d even been into Bitcoin since 2011/2012 and had built miners in his room. Awesome. We’ll call this new employee Bob… indeed his real name starts with a B. Over the next months, Bob built and managed ShapeShift’s infrastructure. He did okay, no
asciilifeform: standardized templates for frequent chores, e.g., queues, stacks
asciilifeform: 'haxx0r3d because did not use the standard amulet and did not sacrifice to Great Inca!11'
asciilifeform: and, likewise, 'Although Deterministic Keys is another CCSS Level 2 requirement and not Level 1, LLI recommends ShapeShift’s architecture be re-architected to make use of deterministic seeds.'
asciilifeform: << ahahahaha! finally the usgtronic payload
asciilifeform: 'Although this is required for CCSS Level 2 and not Level 1, LLI recommends that ShapeShift’s architecture be re-architected to require multiple signatures.... ...End-users should be presented with a P2SH address (or equivalent for its coin type) that is built from a script that requires 3 signatures – 2 signatures from online signing agents that exist external to ShapeShift’s infrastructure'
asciilifeform: as mircea_popescu might say, 'jobsworths bore something fierce'
asciilifeform: 'Ledger Labs drafted an Employee Security Policy and an Infrastructure Security Policy that identify security procedures and protocols for the use of ShapeShift assets. Employees are required to read and sign the policies and submit identification to ShapeShift’s Human Resources department. This control helps ShapeShift achieve compliance with CCSS Level 2.'
asciilifeform: which i thought even in zimbabwe was baseline civilization
asciilifeform: apparently this 'standard' does not include basics such as server-logs-on-paper-tape
asciilifeform: 'LLI performed an assessment of the ShapeShift infrastructure against the CryptoCurrency Security Standard (CCSS). The assessment identified...' << holy FUCK what?!!
asciilifeform: Simpson which had its log deleted. The last few lines of the log were overwritten with NULL (0x00) bytes, preventing digital-forensic recovery.'
asciilifeform: 'Analysis of Lenny’s Ubuntu operating system’s configuration revealed that – similar to Simpson – there was no logging or auditing configured beyond the default configuration that ships with Ubuntu. Analysis of the /var/log/auth.log file showed tampering via overwriting unlike
asciilifeform: mircea_popescu: my heuristic is that i consider problems involving simple physical systems, thousands of years in test, as SOLVABLE. and those involving people/social skill, etc. NOT.
asciilifeform: or is actually a nuke sub funded by moscow ?
asciilifeform: mircea_popescu: so mr o's tub never leaks ?
asciilifeform: and yes, somehow life on ships is 'adolescentine male fantasy' to mircea_popescu but shooting tax collectors (who, where i live, come in tanks and with heavy machine guns, by the dozen) isn't...
asciilifeform: BingoBoingo: i just happened to go in one, on the way from place 'a' to place 'b'
asciilifeform: phf: understand, i find it appealing strictly from the escape-from-rent angle.
asciilifeform: and when they start to leak, they use the lift (comes with the slip rent) and drag the tub to the communal repair lot, and work.
asciilifeform: BingoBoingo: my understanding is that many of the folks doing the boat thing (and we have them even here in dc) don't go far from the parking dock.
asciilifeform: realize, the 2k/mo i wouldn't be paying in rent buys quite a few fixed leaks.
