173800+ entries in 0.102s
BingoBoingo: <sina> whenever DPR does a
thing, Vizzini is forced
to say "Inconceivable" << Except irl, mircea_popescu is not short and DPR sits in sodomy box while mircea_popescu's muscle has
titties
mod6: never hurts, get
the kinks out early
lobbes: I'll learn shit in
the process, at least.
lobbes: damn. looks like my plans for my old craptop being a
trb node will have
to wait until I secure better iron.
lobbes: in other questions: Prompted by up-stack
threads and after much log reading I've concluded
that a SSD is a must for
trb-ing. Would an external usb SSD be adequate, versus, say a SATA connection?
mircea_popescu: and once
there... well...
there'll be more stepping on more coals
to get away.
a111: Logged on 2017-07-19 00:58 sina: does my line of
thought really make so little sense?
mircea_popescu:
http://btcbase.org/log/2017-07-19#1686438 <<< yes, because you're applying
the pretense of statics
to a dynamic situation.
trinque 's metaphore is very much factual : we were paradopped on hot coals, by
the FAULT, inexcusable, and indelible, of our parents.
they should have
taken care
that we do not get dropped on hot coals, as children barely able
to move.
they did not, and derelict in
their first and practically speaking on
☝︎☟︎ mircea_popescu: the
theory is
that
there's no "best practices", and deliberately. i'm pretty sure
the practice follows
the
theory, but we'll definitely never know.
sina: anyhooz. patience from
the usual suspects on RSA discussion greatly appreciated. must be off, have wonderful days all.
a111: Logged on 2017-07-19 00:47 sina: feel free
to say "it's a dumb question, go away"
hanbot: lol
this poor guy's been
trying
to have a chuckle
the last 20 mins...NOT ALLOWED!
sina: mircea_popescu: and yet it is so,
the logs are
the only place I can imagine such a sentence being discussed
today
mircea_popescu: not
that i fault penny-an-hour hack/writer for not being able
to reproduce reality in his fancy.
a111: Logged on 2015-12-28 01:23 mircea_popescu:
the dictum "never get involved in a land war in asia" is mostly due
to
the fact
that
the portuguese were involved in a sea war in asia, and it worked splendidly for
them.
sina: I mean I can picture reading it in
the logs
sina: "You only
think I guessed wrong!
That's what's so funny! I switched glasses while your back was
turned! Ha ha, you fool! You fell victim
to one of
the classic blunders -
The most famous of which is "never get involved in a land war in Asia" - but only slightly less well-known is
this: "Never go against a Sicilian when death is on
the line"! Ha ha ha ha ha ha ha! Ha ha ha ha ha ha ha! Ha ha ha... "
sina: actually
this quote seems like 100% mircea_popescu
sina: that is
the one, although
the book from which it derived is equally enjoyable
sina: whenever DPR does a
thing, Vizzini is forced
to say "Inconceivable"
sina: oh. so in
the movie Vizzini is
the supersmart villain
trying
to kidnap
this lady, and
the good guy Dread Pirate Roberts keeps chasing him despite various obstacles Vizzini has created
a111: Logged on 2017-05-16 19:52 mircea_popescu: romania incidentally has a long history of just
this, it's called fanarioti period. hundreds of groups over 3-4 centuries did just
this, kept
taking over because pissed off with insolence of ex crown. discovered worse deal
to be king.
mircea_popescu: i get
that part, but what does it aim
to, what's
the
tendency ?
sina: some actor playing
the character of "Vizzini" in "The Princess Bride"
mircea_popescu: somewhere between 1 and 3 most people have enough bellyache. because, really, it's never fucking worth it
to 5.
sina: mircea_popescu: only as a matter of curiosity, given your worth re above statement, do you
take any of
these actions?
mircea_popescu: 2) get a proper power supply.
this means --
that
the power line should feed a battery, not your machine. you can measure leakage if you will, so
this can be
tweaked by hand
to an arbitrary level.
mircea_popescu: otherwise, in order of cheapness-effectivity : 1) get an isolated box for rsa ops.
this shouldn't ever connect ot
the internet. stuffing into it a stick which was in a net-connected machine counts.
a111: Logged on 2017-07-19 00:40 sina: given
that. what are
the practicalities,
today, on
the ground
sina: trinque:
to clarify, contentment in understanding, not of
the status quo
sina: asciilifeform,
trinque, no misconceptions in my summary?
sina: mircea_popescu: if
that is a complete list,
then I am content with a useful answer.
mircea_popescu: for as long as you're running
the "awl"
there are no solutions for
this -- just mitigations. do not permit micrphones ; do not permit antennas ; use inductor&battery arrangements ; shoot anyone seen approaching
the solitary hilltop fortress and so on and so forth ad infinitum.
mircea_popescu: sina> just, hopefully a list of adversary capability mapping
to outcomes << anyone who can listen in (ie, intercept acoustic band) within a mile or so of your machine, can derive your key
that way. anyone who can measure your power draw (say, up
to
the pole) can derive your key
that way. anyone who can route
to your box, and measure delays, can idem.
sina: "today, until a constanttime solution is in place, gpg is
the
tool of choice for RSA encryption. any
time you use it, you can't know whether you have completely compromised your private key. and we use it anyway."
sina: alright. please let me attempt
to summarise
the discussion
thus far, and correct any misconceptions
trinque: sorta like
these guys
that come
through asking what
to do with
their raspberry pi wallet or w/e, life savings in dogecoin
trinque: absent asciilifeform's expertise which gave ^ as output, one'd just
turn
that into a
totem
sina: trinque: does
the general commit his
troops
to an action and see if he fails? or
try and understand
the enemy movement and
tactics,
to say "ok, crossing
the bridge with enemy awaiting on farside, bad idea" without needing
to act on it
trinque: how would you measure whether
they are or not, other
than acting in
the world and seeing if you fail?
sina: whereas I am asking, what is
the gradient of consequence, given differing scenarios and adversaries
sina: but
that is not congruent with actions
taken, otherwise all here would
treat
their keys as compromised?
sina: it seems
the answer so far given is only "the consequence is always
the worst, given
this particular act"
sina: trinque: of course! and I ask, is
there no value in understanding
the consequences of a given act?
trinque: sina: never been in a situation where you both had
to act and
there were no good options?
sina: again
to reiterate I seek only understanding, not
to make a point or argument
sina: does my line of
thought really make so little sense?
☟︎ sina: otherwise asciilifeform would surely say "what is
the point of encrypting, I am broadcasting my key
to all, every
time"
trinque: and meanwhile only sensible strategy would be
to move quickly / step as few
times as possible
til off
trinque: if standing on hot coals, I bet you'd run even
though you'd only step on more coals, at least for a while.
sina: want
to send my encrypted cake recipe
to
trinque"
sina: it's not an argument, only
the next
thought
that pops into my head as a consequence of
the discussion. all here seem on
the same page re constanttime stuff, yet all here are using
the
tool in spite of
that, so
there must be some
thought process which allows someone as reasonably paranoid as asciilifeform
to do so, i.e. "I am not concerned with
timing attacks of class X, Y, Z from adversary A, B,C when I
trinque: sina: be brave and actually state what made you say
that.
sina: and yet, here we all are, encrypting, decrypting, signing ascii with some RSA stuff all
the
time, in spite of
that
trinque: to
the antenna in your CPU! lets go full
tinfoil.
sina: anyone who can ping my box? anyone in
the world?
sina: or
to ask alternatively, broadcast
to whom?
sina: can I safely state, if I want
to email
trinque RSA encrypted cake recipe,
that asciilifeform can never read it?
sina: trinque: given
the quoted statement, what are
the implications? for example, does it imply
that a passive network adversary will not be in a position
to mount a
timing attack? or does it so?
a111: Logged on 2017-07-19 00:40 asciilifeform: sina:
the practicalities are -
that every
time you unholster your gpg key, you broadcast a few bits of it.
sina: feel free
to say "it's a dumb question, go away"
☟︎ sina: none of us do, and yet,
tmsr uses "18th century hygeine" anyway. I am assuming because of considered evaluation of possible
threats and
their outcome
trinque: sina: you do not and likely will not know
the manifold ways modern computing has been perforated for imperial
tyranny
sina: trinque: my question being, given a sina sitting in
the crater, what is
the list of
things ~impervious
to, what is
the list of
things not
trinque: "yes
things are
that bad. have a great day!"
trinque: there's
this reaction
to
the NSA mindrape
that ought
to be pointed at directly. and more broadly
the socialist mindrape.
sina: trinque:
to extend your analogy. you are on a field, in a crater. you are ~impervious
to horizontal machine gun attack
thanks
to
the crater, but vulnerable
to mortar attack
trinque: might
think of moving, while you're still alive
sina: given
that. what are
the practicalities,
today, on
the ground
☟︎ trinque: just
that you're
there, so might get hit.
trinque: that you are on a field being mortared does not mean you've discounted
the enemy
sina: e.g. asciilifeform uses gpg, even
though he knows some adversary might read his key via
timing attack, because
the list of adversary which can do so, he has discounted
sina: for
the purpose of proper understanding
sina: just, hopefully a list of adversary capability mapping
to outcomes
sina: which is fine, and I guess my point, because you must understand
there is some adversary which can read your keys and some which cannot and you as of current, accept
the risk