log☇︎
229700+ entries in 0.142s
asciilifeform: http://www.insecam.org/en/view/168264/#camstream << the strangest i/o relay i've ever seen. lamp is hooked, by all indications, to the 'network contact' box. as is the toggle.
trinque: also at least one of them appears to be paid for her work
Framedragger: not enough butt-sniffing, so maybe that's a no.
Framedragger: given that this is in san francisco, am i looking at a typical californian startup hackaton here?
asciilifeform: asciilifeform for example can't stand the prepared kind.
phf: hehe, that rsa one is beautiful
asciilifeform: would be interesting to auto-crawl these, apply image transform where you search for flesh tones
Framedragger: hm. i still run one (low bandwidth), would be interesting to check things i suppose..
asciilifeform: when i ran evil tor exit, collected a bunch of these
mircea_popescu: http://www.insecam.org/en/view/384721/ << looks like a great place to take a coupla sluts and some rope/chain
asciilifeform: but i have yet to see mushroom get up and fight.
asciilifeform: the man's a living mushroom, i dun think this has a constructive answer
mircea_popescu: "what's he to do" only counts for lords of the republic - not of usg peons.
mircea_popescu: how's that consideration within my interest ?
asciilifeform: what's he to do
mircea_popescu: can't say rms / gnu is hindering them any.
asciilifeform: what the shitgnomes are really trying for is to smoke folks out of using gcc entirely
asciilifeform: not quite so simple, e.g., c++11 ~dunwork under 4.x, and you're stuck with 'boost' and other abortions to make up for the missing functionality.
mircea_popescu: your ability to use computers may come to depend on obeying the above.
mircea_popescu: which i suppose warrants a general warning : DO NOT UPGRADE YOUR GCC TO 5.0! SAVE YOUR COPIES OF 4.X AND PRIOR! ☟︎☟︎
asciilifeform: and yes, all according to plan, it goes.
asciilifeform: noshit, i rang this alarm bell right here 2+ yrs ago
mircea_popescu: they're forcing the latest in static linking deliberate breakage (+ no doubt other goodies) into the "ecosystem"
mircea_popescu: and the gcc 4.x issue is not without ramifications. consider : http://logs.minigame.bz/latest.log.html#t18:28:17
mircea_popescu: ubuntu pioneered this.
asciilifeform: pick it up - there is no meat in it, only a billion ant
asciilifeform: the scene from '100 years of solitude', where ants eat the baby but carefully leave the skin in roughly the correct shape, comes to mind
asciilifeform: in other probably-not-news, http://wotpaste.cascadianhacker.com/pastes/ug540/?raw=true << MOST gentoo mirrors have been converted into 'glue traps' where you either get 'file not found' for a CATALOGUED package (best case), or it HANGS FOR FIVE WHOLE MINUTES on 'PASV ...'
a111: Logged on 2014-06-22 17:22 asciilifeform: that many of the titles bear a striking resemblance to each other. "Adaptive Mesh Analysis" reads one and "An Adaptive Algorithm for Mesh Analysis" reads another. Dividing the total remaining by the average number of repetitions halves the list again. Mozart disappears before your very eyes.'
asciilifeform: too hard ? no paper. too easy ? no paper.
mircea_popescu: if your criteria becomes "i won't do that because too hard ; and i won't do this because too easy" then yes you've just about described present day academia.
asciilifeform: whereas martini, most folx have to fix with own hands.
asciilifeform: mircea_popescu: this is so, but mt. everest screams out to climbers from afar
a111: Logged on 2016-12-23 14:07 mircea_popescu: http://btcbase.org/log/2016-12-21#1587182 << speaking of this, here's a question for the eager : a diophantine equation is a multivariate polynomial, something like ax+by^2 = 0. the question is : given an arbitrary finite set of known-good equations, can you use recursion to decide whether an arbitrary equation in the same variables is good (has integer solution) or no good ?
mircea_popescu: asciilifeform the difference being you know, that "come up with block cipher with ~any~ theoretical basis" is more in the vein of http://btcbase.org/log/2016-12-23#1589135 whereas eulora bot things are more in the vein of "fix yourself a martini" ☝︎
asciilifeform: maybe i fill it with transformer oil.
BingoBoingo: how does RAM compare to Phuctor?
mircea_popescu: stuff currently in the eulora hackathon could have been done ~two years ago.
asciilifeform: (e.g., block cipher with ~any~ theoretical basis)
asciilifeform: very basic jobs, comprehensible even to a retarded lemur, remain screamingly undone.
mircea_popescu: eh, what was appointed for them to disappoint ?
asciilifeform: the non-academics, on the other hand, also disappoint. for wholly other reasons.
mircea_popescu: this is judicious - there's 0 inclination on our part to feed them so they do what they want to do.
mircea_popescu: the alternative explanation being that people are seriously disabled in the sense of coming up with motivation on their own.
asciilifeform: the academics, any and all of them, afaik, the bought and the unbought, the imbeciles and the brilliant, americans or chinese, so far show 0 inclination to distinguish us from the ants.
asciilifeform: mircea_popescu: incidentally, when i wrote to bernstein, there was 0 answer.
asciilifeform: they, if they live, are in another kingergarten, somewhere far.
asciilifeform: anyway, there are surely people, but i have not met them yet.
asciilifeform: 'when choosing astrologer, hire the cheapest' ☟︎
asciilifeform: there are surely people other than mircea_popescu and asciilifeform who -- have interest in subj + have the theoretical pre-reqs + seriously ready to get their hands dirty + not thralls of usg
BingoBoingo: Lettuce not forget "Equation Group" allegedly uses RC6 to communicate with their turds
asciilifeform: but also i was referring to ~people~ as much as to algos.
asciilifeform: (keccak or another hash can be abused as a stream cipher, but it is precisely 'retarded homebrew', i will leave the reason ~why~ as an exercise)
asciilifeform: serpent is, i must note, 'best horse in the glue factory.'
mircea_popescu: and cs, and keccak, and things.
mircea_popescu: evidently, there's serpent :)
asciilifeform: now i cannot speak for others, but i spent past few yrs exploring the known space between usgola (aes et al) and http://trilema.com/2013/the-danger-of-homebrew-crypto
mircea_popescu: asciilifeform yeah i'm sure i don't exist because schneier didn't invite me to the latest round of rubber chicken.
asciilifeform: 'rocket is trivial, just sit in a pipe and throw hot gas out one end'
mircea_popescu: the solutions for all these "stop" are given and trivial, now time to apply.
asciilifeform: esp. because ciphers are a blindingly obvious 'political art', where if you aren't schneier et al, you don't get printed in journals, invited to conferences, implemented by open sores monkeys, etc.
mircea_popescu: anyway, to create the up-node : "stop doing stupid shit" is the universal pill to de-usg the world. stop doing stupid shit with crypto, as contemplarted here, there's no nsa nor any possibility of nsa. stop "plea bargain"ing, there's no us justice system. stop using us banks, there's no us finance. stop chasing the web-revolutionary-app-nonsense, there's no "us technical lead". stop trying to marry women there's no "5th wave
asciilifeform: moar folx went to the bottle.
asciilifeform: (answer is, the folx with 'acres of crays' will butthurt that their oh-so-precious special-purpose silicon is bricked)
mircea_popescu: because nobody made it, because everyone spent all their time fucking with xcode and unity.
asciilifeform: or, the other obvious mega-question, why there is no STRETCHABLE (a la keccak) block cipher
asciilifeform: especially transpositions as we know them. i'm still waiting to hear why s-boxes are fixed, rather than entirely configured by the key, ever.
asciilifeform: mircea_popescu: more dire, even, than this, we aren't dealing with 20 years of disinfo artistry, but ~70 ! hagelin, crypto-ag, etc. and the entire poppycock of transposition ciphers surviving into computer age
mircea_popescu: which is why the republican strategy in sociopolitical cryptography is to isolate the nsa assets - the kochs and dreppers and schneiers + a bevy of small fry boecks etc. let them sit on hacker news and upvote each other to death, but otherwise, outside of the usg reservation, they may not opine and they may not be used as reference.
mircea_popescu: also about 2/3 of the nsa strength in practice, because outside of getting idiots to do idiotic things - they ain't got nuttin.
a111: Logged on 2015-07-12 03:47 mircea_popescu: in any case : i don't like aes for purely political reasons. it became an apparent schelling point out of absolutely nowhere for no discernible reason. these situations always stink.
asciilifeform: http://btcbase.org/log/2015-07-12#1198070 << old thread re aes ☝︎
mircea_popescu: clearly the security helped.
phf: in other security "Child uses sleeping mom's thumbprint to buy $250 worth of Pokémon toys (cnet.com)"
asciilifeform: the thing executes in constant-ticks, looks like.
Framedragger: hut that actually sounds nice..
asciilifeform: pipeline doesn't leak timing either, because - if implemented correctly - you never branch on a secret (key or plaintext) bit.
asciilifeform: in particular: no tables. ☟︎
asciilifeform: BUT it is in several ways, apparent to the naked eye, less retarded than aes ☟︎
asciilifeform: now i will remind readers that 'serpent' is not, afaik, on any kind of scientific foundation. it was made using voodoo doll, just like every other block cipher. (what kind of doll, is described in the paper.)
mircea_popescu: there's certainly worse options than serpent.
davout: "some terrorists found it controversial"
asciilifeform: davout: it was a loud, public wank, ~impossible to 'unhappen' to any reasonable degree
davout: doit être abaissé à au moins 9 tours pour fournir un niveau identique d'exploitation."
davout: "Une controverse existe, selon laquelle Serpent n'aurait pas été choisi comme AES, car casser ses clés aurait été beaucoup trop complexe pour les services de renseignement civils et militaires. De plus, même dans une version simplifiée il reste robuste. Par exemple Rijndael est très souvent implémenté dans TLS en version simplifiée sur 14 de ses 16 tours pour des raisons de rapidité, mais aussi d'analyses de données. Alors que Serpent
deedbot: http://trilema.com/2016/how-to-fix-global-warming/ << Trilema - How to fix global warming ?
asciilifeform: the political history is also rather interesting (it was on track to winning the 'aes competition', received fewest thumbs-down votes from the panelists, but mysteriously torpedoed by usg and did not win) ☟︎
asciilifeform: for instance, there are no tables.
asciilifeform since release of FUCKGOATS, spent much time studying 'serpent' block cipher. ☟︎
asciilifeform: Framedragger: this also. but -- slow.
Framedragger: also, as you noted earlier, there's a good chance a bunch of ssh *client* keys were generated on those machines, too, so also possible to try to bruteforce-login with generated keys (to servers which have broken rngs)
asciilifeform: whereas this is elementarily reasonable.
asciilifeform: one of the hidden evils of 'of course generating key takes 10 minutes!' traditional entropy starvation -- is that nobody expects to be able to do the test where you generate 10 billion keys and make sure that the resulting keys have gcd of 1
asciilifeform: the other interesting experiment, yet undone, is to generate ssh, ssl, pgp, etc. keys on some of the other os with known-broken rng -- e.g., freebsd 2010-2014 (or when was it), possibly other
asciilifeform: http://www.loper-os.org/?p=1733 << as seen here, good chunk of the first N ssh keys to pop were tropos boxen.
asciilifeform: the interesting bit re tropos is that it is not a konsoomer box, but infrastructural (isp, public wifi, gsm, utility sensors) and for some reason popular in orc world
mircea_popescu: pretty sure multiple do this.
asciilifeform: (it displays unremarkable ssh hello, the litmus for it uses the ssl cert that the boxes also display on 443)
asciilifeform: mircea_popescu: tropos , i recall now, was the other big one.
a111: Logged on 2016-12-28 10:37 jurov: http://btcbase.org/log/2016-12-28#1591566 << not a good idea, because if you pass something clearsigned/encrypted, gpg will decrypt it to stdout, so you end up parsing dangerous user input