log☇︎
214500+ entries in 0.132s
asciilifeform: veen: there's the one you described (conventional gpg with string '/dev/random' ripped out and replaced with the correct) ;
asciilifeform: this is deliberate, the os has no business knowing what it is.
veen: specific to tty devices no?
veen: unless i'm grossly misunderstanding the sematics, reading /dev/random for infinity should produce dat sweet flat spectrum, right?
veen: where's the problem?
veen: wait, what in the loop cares about control chars?
asciilifeform: (there is a red alarm lamp on the pcb to alert in case of analogue rng failure, but it is theoretically possible for the circuit to break outside of FUCKGOATS proper)
asciilifeform: you also MUST have some means for not attempting to cryptoate if the device for whatever reason is not functioning.
asciilifeform: the requisite necks for it to unexist, have not yet been broken.
asciilifeform: and this exists.
asciilifeform: or the tty will LOSE CONTROL CHARS !!!!
asciilifeform: there are some nuances though.
trinque: just to entertain the thing, since dev's this fancy udev thing now, could have some udev rule to delete /dev/random and plop another device node in its place, via symlink or w/e
veen: oh it runs output of /dev/random through it's own ('cs')prng? ☟︎
asciilifeform: veen: rng in gpg has serious problems , on top of using /dev/random
a111: Logged on 2017-02-23 19:28 mircea_popescu: how's that coming along ?
asciilifeform: ( http://btcbase.org/log/2017-02-23#1617259 << thread today ) ☝︎
veen: great, but gpg is only one of n programs on my system that need good random numbers, and i don't care to recompile them all
veen: be that as it may, we don't inhabit a world of sane programs
asciilifeform: i would say 'replace /dev/random in gpg source with /dev/fg and build' but the rng in gpg is monumentally retarded and i disrecommend its use entirely
asciilifeform: and there is no reason for it to happen in the kernel .
asciilifeform: my point is, sane proggy oughta know how to eat multiple /dev/ttyUSB0, /dev/ttyUSB1, ... however many, correctly.
veen: put it this way, i couldn't figure out how to generate a gpg keypair with fuckgoats, because gpg reads /dev/random, and i couldn't work out how to get fuckgoats (or any other file-like) shimmed in there
asciilifeform: it plugs in through a ttl to usbuart plug
veen: maybe i'm coming at this in completely the wrong way
asciilifeform: there's no driver, veen , it's a tty
veen: up to your fuckgoats hardward or driver, i suppose
asciilifeform: or suppose you have -- as i recommend - three FUCKGOATSen.
asciilifeform: let's suppose you trip over the cable. for sake of argument -- what then
asciilifeform: veen: file ? you gonna store the position somewhere ?
veen: consider a kernel patch to bypass /dev/*random insanity with say "just open and read such-and-such file which i trust has acceptably random bytes in it"
asciilifeform: what would you like to know, veen ?
a111: Logged on 2017-02-03 15:53 asciilifeform: not a difficult patch, but remains to ask, for which kernel.
veen: http://btcbase.org/log/2017-02-03#1611108 << soliciting further input on this question ☝︎
asciilifeform: lulzily we're banning ~100% of prb nao because they ~insist~ on shitting out 'alert' packets
asciilifeform: ( what this looks like : you get some, e.g., 'WARNING: disconnecting wire 127.0.0.1:9000 ! (will retry...)' in the debug log. until the wire peer is happy to eat again . )
asciilifeform: ben_vulpes: you got reversin' that needs doing, or wat
ben_vulpes: mircea_popescu: not looking for an answer, it's a compliment on the his prolific output
mircea_popescu: ben_vulpes you're not going to get a straight answer.
mircea_popescu: i thought you were sold by the year+
asciilifeform: i'm usually sold by the pound...
ben_vulpes: how many hours does it take to pay your rent?
ben_vulpes: asciilifeform: this is quite neat
mircea_popescu: meanwhile in termic engines, http://68.media.tumblr.com/b690d4d66a18d5f44de2edf2d68bb0d4/tumblr_o8jfq0HgWU1ulgtj6o1_500.gif
deedbot: http://www.dianacoman.com/2017/02/24/basic-toolchain-for-blender-cal3d-crystal-space/ << Ossasepia - Basic toolchain for Blender – Cal3d – Crystal Space
asciilifeform: ok this is delicious, but i must briefly revisit upstack: mircea_popescu , mod6 , or anyone else in my l1 who wants to ssh+wire-peer with dulap: please gpggram a ssh rsa pubkey to me.
asciilifeform: pretty lulzy that they had the 'how we FOUND our BUG!' document hot an'ready to broadcast.
asciilifeform: https://archive.is/X00QT << from the horse's mouth.
asciilifeform: because this unrapes, apparently, someone.
asciilifeform: usg.google, unsurprisingly, has top priority of... purging 13333337 s33333kr1tz from its public caches.
asciilifeform: 'I don't know if this issue was noticed and exploited, but I'm sure other crawlers have collected data and that users have saved or cached content and don't realize what they have, etc. We've discovered (and purged) cached pages that contain private messages from well-known services, PII from major sites that use cloudflare, and even plaintext API requests from a popular password manager that were sent over https (!!).'
asciilifeform: h that some colleagues around the Project Zero office even got intrigued. It became clear after a while we were looking at chunks of uninitialized memory interspersed with valid data. ...'
asciilifeform: 'On February 17th 2017, I was working on a corpus distillation project, when I encountered some data that didn't match what I had been expecting. It's not unusual to find garbage, corrupt data, mislabeled data or just crazy non-conforming data...but the format of the data this time was confusing enough that I spent some time trying to debug what had gone wrong, wondering if it was a bug in my code. In fact, the data was bizarre enoug
asciilifeform: in other lulz, mircea_popescu , https://archive.is/HIr9r << i think we have the answer to 'why did asciilifeform get 64kb of crapolade in the guise of ZIPs from archive.is in july of '16 ? '
asciilifeform: anyway this is up an' running.
asciilifeform: and holy mother of fuck, jurov , why does your thing mangle '@' into 'at' ☟︎
asciilifeform: [BTC-dev] (EXPERIMENTAL) A Recipe for the use of Wires via SSH Tunnels. ☟︎
asciilifeform: in other noose! zoolag and dulap are now wire-via-ssh-tunneled together.
mircea_popescu: (but nice trick with the archive there, got me to check out reddit and it wasn't even talking about me!)
mircea_popescu: turns out "the biftinex hack" was ~= same as "the mtgox blabla", ie usg ran off with the coins ?
asciilifeform: meanwhile, in the monkey cage, https://archive.is/TlYxN
mircea_popescu: this could be because "rape" (this happened before, a few trilema articles that google unhappened) ; or maybe triloxic content finally got its comeuppance.
mircea_popescu: o hey check it out -- latest trilema article not actually indexed by google.
mircea_popescu: anyway, re "online trolling", it's by now a rather transparent euphemism for "racist homophobic terrorism" aka "russia influencing elections" aka pantsuit clown getting raped by reality.
asciilifeform: first it went to 1300s.
mircea_popescu: asciilifeform mtgox went to 1 cent, not high.
asciilifeform: unrelatedly, system of two 'wired' trb nodes appears to have marked resistance to 'blackhole'.
asciilifeform: or what, we aren't counting mtgox ? then why count the other leveraged and otherwise paper-addled exchanges.
asciilifeform: 'Update February 23rd, 1:45PM ET: Twitter user Ramsey Nasser points out that the algorithm has consistently high toxicity for Arabic, no matter the content.'
asciilifeform: 'The software works by determining the “toxicity” of online comments, a scale that has been established by mining millions of comments from the web and then presenting them to panels of 10 people (humans!) at a clip to get their feedback. '
a111: Logged on 2017-02-22 07:26 mircea_popescu: anyway, there's a common thread going through the google go ai, attempts to "secure the banking system against risk", the surveillance state / internet of things / smart cars and so on.
asciilifeform: elsewhere, in re http://btcbase.org/log/2017-02-22#1616821 >> http://archive.is/QoAki << 'Google’s Jigsaw unit, as part of a larger effort to battle online trolling, said earlier today that it was releasing a new tool called Perspective, software that uses machine learning to detect harassment and abuse online.' ☝︎
trinque: it has now been zero minutes since the last all time low for USD
asciilifeform: 'YouTube cuts popular live stream of giraffe about to give birth for 'nudity and sexual content''
deedbot: http://www.contravex.com/2017/02/23/joseph-and-the-amazing-technicolor-dreamcoat/ << » Contravex: A blog by Pete Dushenski - Joseph and the Amazing Technicolor Dreamcoat
a111: Logged on 2016-12-11 21:09 asciilifeform: trinque: it is a very simple thing, think 'rpn calculator' and you almost have it.
asciilifeform: http://btcbase.org/log/2016-12-11#1581753 << prev thread re subj ☝︎
asciilifeform: ben_vulpes: it is more than simply 'reduce', but yes
ben_vulpes: asciilifeform: 'SPARKify'? reduce existing code to fit into SPARK subset of ada?
asciilifeform: this is one of those 'sapper -- errs once' affairs.
mircea_popescu: i think it's a good time to release (provided it doesn't turn into a wires thing eh!), we can have it on qntra and "republic same day response" etc.
asciilifeform: ~done. i was aiming to SPARKify it before release...
mircea_popescu: how's that coming along ? ☟︎
a111: Logged on 2016-12-11 23:00 asciilifeform: i was not going to expand on the 'p' thread until the proggy is done, but this is probably a good time to say 1 more
asciilifeform: we also have a few other things, e.g., http://btcbase.org/log/2016-12-11#1581867 . ☝︎
mircea_popescu: (and, of course, we have, courtesy of you know, that "unreasonable expenditure that will spell the ruin of s.nsa and with it of the entire republic!!11" a complete list of all rsa moduli.)
mircea_popescu: now, this said, we still should prolly replace gpg.
asciilifeform: will add also that from the pov of a third party unliked to wot of (owner) or (usurper), there are now ~two~ 0x8A736F0E2FB7B452 people.
mircea_popescu: anyway. to get back to the point of interest : it is entirely possible to produce a 'i eat toe fungus!', signed, sincerely, 0x8A736F0E2FB7B452. ; but it is not possible to hide the fact that this was a fake from the owner of the privkey and anyone who has his pubkey.
asciilifeform: should not have been a surprise, to anyone. like the old example of derelict bridge falling down. 'not an if, but a when'
mircea_popescu: i'm not disputing that part ; just saying that it's not exactly a surprise.
asciilifeform: regardless of knob settings. it is required by the rfc, and is in common among all known pgptrons.
asciilifeform: they are hard-wired to sha.
asciilifeform: mircea_popescu: yes but this does 0 for gpg fp.
mircea_popescu: we started moving away from sha-1 to sha-512 digests for clearsigned messages what, coupla years back ?
mircea_popescu: apparently replacing gpg just became top priority.
asciilifeform: the keyring thing is a work of evil.
mircea_popescu: if you --import it gpg will probably update trinque's key under your signature won't it.
mircea_popescu: asciilifeform o hey, consider this situation : 1. i know your fp, so i make fake key for that fp. 2. i know trinque 's fp, so i make fake key for that fp too. 3. i know you keep a signed copy of trinque's key on your keyring ; so : 4. i proceed to sign trinque's fake key with your fake key and 5. pretend to be a noob and give you my gpg pubkey. ☟︎
asciilifeform: the real headache is that it is entirely possible to produce a 'i eat toe fungus!', signed, sincerely, 0x8A736F0E2FB7B452. a year ago i estimated that this costs 100k usd. today -- probably a few thou.