tmsr - Search: a

190600+ entries in 1.385s

asciilifeform: mircea_popescu: here the pole also has a battery, for the telco routers. but the house optical chest has another. this is actually on account of an ancient law that proclaims that voice telephony must work during mains outages

asciilifeform: mircea_popescu: the particular telco's optical terminal chest comes with a battery. and lusers whine interminably that 'why do i have to replace this battery every year, i w4ntz fr3333 stuff'

asciilifeform: decimation: aha. there was a rat's nest of mangled copper when i got to it.

asciilifeform: for what it's worth, i have the damned thing plugged into a monster 'liebert' doubleconverter along with the rest of the orchestra.

asciilifeform: when i got the building there wasn't even a battery.

undata: asciilifeform: I'd not mind if you hurried up making a computer that works for me :D

undata is in progress haggling a new computer out of lenovo

asciilifeform spend ~2h today haggling with a door-to-door flunkie from his isp, which recently hauled in extra fiber & is trying to upsell folks

asciilifeform: a little mindfuck.

asciilifeform: forgot, for a min, what the original question was

mircea_popescu: thus accomplishing more than western europe + north america, by a damned sight.

asciilifeform: (which is actually a pedestrian doctored build)

decimation: or email address, that we can't penetrate that, that's a problem.""

decimation: http://www.theregister.co.uk/2015/01/16/obama_and_cameron_cybersecurity_partnership/ < "The President acknowledged concerns that encryption technology may make intelligence-gathering efforts more difficult, saying, "If we get into a situation which the technologies do not allow us at all to track somebody we're confident is a terrorist … and despite knowing that information, despite having a phone number or a social-media address

asciilifeform: erasure's a snore.

asciilifeform: and a few lists of pwned hardware.

asciilifeform: http://www.spiegel.de/international/world/new-snowden-docs-indicate-scope-of-nsa-preparations-for-cyber-battle-a-1013409.html << arguably the first genuinely interesting snowdenism. with actual crapware samples, protocol docs.

cazalla: ah, clearly i gots to learn the new assbot rules, been a little busy

cazalla: rate Rozal -3 threatened to rate me -10 because he doesn't understand how the WoT actually works, see http://pastebin.com/PABNbsex for conversation, offered to then pay me to remove the -1 earning him a -3

mircea_popescu: http://w.b-a.link/trust/7C1FBEC924FBD66531A02AE3F95E4E395927DC9C/FC66C0C5D98C42A1D4A98B6B42F9985AFAB953C4/json

mircea_popescu: w.b-a.link/trust/7C1FBEC924FBD66531A02AE3F95E4E395927DC9C/FC66C0C5D98C42A1D4A98B6B42F9985AFAB953C4/json

assbot: 3 results for 'dual ec drbg' : http://s.b-a.link/?q=dual+ec+drbg

asciilifeform: this assumes a universally agreed upon timestamp mechanism, yes.

mircea_popescu: and you can retire a key any time you feel like.

mircea_popescu: a complicated matter.

undata: asciilifeform: still seems father would sign a public statement granting his possessions to a son

asciilifeform: granted, not everyone is a pope.

asciilifeform: dead pope's seal is broken for a reason.

davout: asciilifeform: also if you see a message signed with your key, and timestamped 200 years after your first timestamped message you can reasonably assumed it's been broken

mircea_popescu: asciilifeform no but suppose your 4kb key is factorized. this matter is discovered by joe on june 19th, 3211. he signs, with his 64kb key, a note saying so.

davout: i just fail to see a good reason to make the signatures mandatory, outside of access control that is

davout: say i want to timestamp a contract i made with someone also in the L2 group as nested clearsigns, i doesn't really matter which signature is checked by deedbot, right?

davout: i don't really see a use for that

PeterL: did it not have a key before?

mircea_popescu: PeterL idea kinda is to make a further record of people's sigs, help guard them against mitm and other nefariousness. but as davout points out, now the bot needs a key.

davout: mircea_popescu: well, now the bot needs a key too :-)

mircea_popescu: is "and pushes it to public repositories" a point of contention ?

undata: mircea_popescu: I read the payment as coming from the party wanting a signature, not the bot?

undata: keeps the published bundles down to a size that is manageable

davout: we don't need Z to witness that X and Y signed a contract together, because any party can and will use GPG

undata: or why one has it observed by a 3rd party?

undata: do you know what a deed is?

davout: why do you absolutely want to shoehorn your conception of a notary into deedbot?

undata: have you ever been to a notary?

undata: god... do the proceedings of court note that a pidgeon shat on the window?

undata: davout: its output should be the history of valid deeds, not "that which a rubber stamp has touched"

davout: undata: you fail to comprehend that it's not deedbot's job to certify to a third party that the contract is signed by an identified party, gpg already does that

mircea_popescu: davout undata gossipd can well be a year or two away.

davout: anyway, my point wrt to deedbot is that it's supposed to be used by ppl with L1/L2 trust, it doesn't need to check gpg signatures, so let anyone with +v in -assets use it, do away with the requirement that a keyid belonging to someone in assbot's wot be presented or maliciously hammered into the message

PeterL: would it be hard to maintain a keyring with all us in it?

mircea_popescu: dude rms, you saved 24 bytes aren't you a smart fucking cookie.

davout: gpg can't know the fpr for a key it doesn't have, the information isn't part of the signature packet

davout: this sounds a bit overkill to me

davout: the crux is 'verified keys', if deedbot doesn't maintain a full keyring at all times it can't pull fingerprints

davout: s/for a key/for a sig/

davout: mircea_popescu: with the fingerprint for a key it could simply do what you said wrt requesting trust data as a json blob from the w.b-a.link thing

Apocalyptic: go try it on a system you have no

davout: asciilifeform: well, keyid is a part of the fpr afaik

mircea_popescu: apparently nobody heard of a "shut.the.fuck.up.and.hire.cleaning.crew.cheapskates."

asciilifeform: not cleaning lady. demented bomzh who breaks into the office and takes a shit in the coffee pot.

mircea_popescu: PeterL weren't you a biochemist by trade dabbling into code as a hobby recently ?

davout: by this account i'm a core contributor to bitcoin too, i reset testnet once, fuck it

davout: ah, yea lol, i had a look to see if this chick had any other commits on the project, seems like it's her sole 'contribution' to the whole thing

mircea_popescu: PeterL there's a difference between the innocent and the stupid.

mircea_popescu: the "o look mom, i made a github commit. it changes the spelling of comments" thing

mircea_popescu: davout everyone can now be a "developer". even idiots.

nanotube: kakobrekla: i have no idea why i keep keyid as a separate column in db either. probably something grandfathered in...

asciilifeform: this is a considerably less-fantastic scenario than it would have appeared to be in the '90s, because of the 'nintendoization' of computing. gpg simply won't appear in the apple and microshit 'app stores' and thereby vanish

asciilifeform: undata: at some point it will be forbidden in usa to sell or even own a computer which can meaningfully run classic gpg

assbot: 0 results for 'cooper-pair' : http://s.b-a.link/?q=cooper-pair

davout: well, if you want to pull off an attack on someone you'll want to get a collision with a specific key id

Apocalyptic: and that's just for a preimage, if you want a collision the birthday paradox will tell you that you need much less than that

Apocalyptic: 2**64 is well within reach of a supercomputer

davout: that would be the number of distinct keyids, not sure how practically feasible it would be to bruteforce a collision

gribble: Error: Something in there wasn't a valid number.

davout: the signature verification would in this case (assuming both keys are in the keyring) yield both a pass and a fail, right?

asciilifeform: davout: picture if you were trying to pass a document off as having been signed by X. you generate a key with the correct name, etc. and colliding keyid, then try to pass it off as the genuine article; then, when chumps swallow it, sign with it

davout: that doesn't make much sense to me, how would a maliciously crafted pubkey even verify the signature?

asciilifeform: if it seems asinine, it is because it was designed for a certain pattern of use, which does not apply now.

asciilifeform: davout: assuming it was an accidental collision, and that you have not entered a properly, maliciously crafted pubkey into your keychain that it -will- verify with

davout: and i guess even in the case of a keyid collision that has no impact on actual signature verification

asciilifeform: hence the 'key id' was meant as merely a soft handle to quickly pick out the right pubkey.

asciilifeform: and hence have a reasonably confident idea of genuine key for.

asciilifeform: davout: a little subtler than that. the original assumption was that you would only ever verify sigs from folks you had a proper key party with

asciilifeform: 'it saves a few bytes' probably sounded like 'good reason' to the authors.

undata: doesn't our agreement being public and with firm verification of identity bolster my claim among peers that you're a knucklehead?

undata: davout: surely you understand that the wot quantifies what a deed may provide historicity

undata: davout: what is the point of publishing a scientific work in a credible journal?

davout: lol, where does the spec even mention a second party?

undata: whether it says inside "A owes B his kidney" or "The sky is blue" both can be held to account that they have made the utterance by the existince of the thing

davout: look, there is a reason it's called deedbot, and not notarybot, it's none of deedbot's business to know what happened, for all you know the notarized stuff could perfectly be encrypted

undata: or I'll go sit on a park bench and call myself a notary

undata: ^not a valuable service

undata: davout: a notary is not just a person with a clock and eyes

undata: davout: because no one ever once was opped in a chan that shouldn't have been

davout: the thing is that, whatever turd comes along is necessarily given by someone who has voice in assets, so by very definition, not a turd

undata: davout: isn't the whole point of a notary verifying the identities of the parties involved then verifying that an agreement has taken place?

davout: kakobrekla: tbh if verifying the signature on notarized data is not considered necessary i don't think it's a big issue if the dump is unsigned

davout: it still boils down to a fpr <-> keyid mapping tho, not that this is evil _for this particular purpose_ but still

davout: kakobrekla: if a 24h delay between asswot registration and ability to notarize is acceptable that would work