tmsr - Search: " T"

239100+ entries in 0.156s

trinque: signing is the cryptographic act of observation

asciilifeform: (absolutely mandatory reading for this thread imho, and it is unfortunate that the piece was lost in the cacophony of the bbet disaster)

trinque: asciilifeform: aha, wherever this data exists it is not implied by a sig

trinque: if I say "I love my wife" in it, then I do; signing "wife exists" doesn't mean I love her

trinque: I see this as the meaning of a rating already. "This exists"

trinque: ended up with disclaimer at top saying "I do not love these; I merely state that they exist"

asciilifeform: folx will throw any thought of indirect costs out of their heads, when 'talisman worx!1111'

trinque: this was the problem mod6 had with signing the dependency turds thrown into deedbot

asciilifeform: not many more dangerous power tools than a... working talisman.

asciilifeform: penicillin at one point was also 'talisman that worked'

asciilifeform: and then there are the compulsives who wash 50x day, etc.

asciilifeform: phf: talismans are problematic not only when they do not work, but especially when they ~do~. e.g., washing hands -- worx

phf: a magic talisman against badmen

asciilifeform: but it is not clear to me that this wins more than it costs.

asciilifeform: danielpbarron , i think, also believes in mechanized shunning, but takes it further yet, and would like to deny enemy access to ratings also

asciilifeform: all of asciilifeform's tech, v, yet-unreleased items, resolve ultimately to it.

asciilifeform: weaponized shunning is the only effective weapon.

phf: i think it's entirely petty and pointless to use wot as a weaponized shunning

trinque: there's all this theatrical "I rated X in public" and it's written with finger in sand

asciilifeform: i would like to hear some kind of logical counter to this statement. and still have not.

trinque: phf: I understood, and it would make more sense then to have a way of querying phf for his notebook

asciilifeform: phf: if pubkey is preserved, and privkey of dead man -- well-destroyed, suddenly the 'donation of constantine' problem evaporates. ☟︎

asciilifeform wasn't there.

asciilifeform: but fuhrer wisely replied, 'it is true, we must think about how to leave good ruins, no one lives forever.'

phf: asciilifeform: i understood your take and i think that wot is a poor defense against "good looking corpse" problem

asciilifeform: during dinner with hitler et al, speer (among other things, reichsminister of architecture) made a comment about 'one problem, our concrete houses will leave very poor ruins' ☟︎

asciilifeform: reminds me of tale from albert speer's book about ruins

asciilifeform: not one of you is taking seriously the 'how to leave a good looking and proper corpse' problem, are you.

phf: yes, but i understand you, and you don't understand me, there's really no point in sparing until there's a mutual disagreement over shared understanding. this is like sparring 101

phf: it's a metaphor, you can find all kinds of ways to invalidate it, i was hoping it might clarify understanding

danielpbarron: trinque, also because fuck anyone who wants my ratings. anyone who has business in seeing them already has means to

trinque: if so, I say fine, I choose the tool called cryptography to do so

trinque: because it is upon me to keep the integrity of the db?

danielpbarron: i agree the ratings should be signed when sent over wire (to preserve the text) but there is no reason the sigs need to be around each individual rating

trinque: and I already know, "because then people can grab an item from the trail and say that's HEAD"

trinque: that is a purpose. "so that I do not have an audit trail"

phf: trinque: he doesn't want an audit trail of ratings.

trinque: so give me your perspective from the other direction.

trinque: you are arguing *from* a conclusion rather than towards one

danielpbarron: ok. so then let eulora dump and sign its ratings periodically. i don't see why you shouldn't trust it to give you the correct data

trinque: says rates and deeds in-game there

danielpbarron: so i assumed people would still have to resister their actual key with the bot prior to getting their eulora account ☟︎

a111: Logged on 2016-12-02 19:21 trinque: http://btcbase.org/log/2016-12-02#1576279 << I'm certainly open to discussing this. I'll give it some thought and then raise the thread.

trinque: http://btcbase.org/log/2016-12-02#1576492 << twas the very beginning of the discussin. ☝︎

danielpbarron: the eulora rsa isn't the same as WoT is it?

phf: i missed the part where wot was going to be integrated into eulora? i know that deedbot was mentioned

trinque: I'm not going to provide Eulora infrastructure with a standard of "if something fucks up, eh, we'll go back and fix it later"

danielpbarron: i agree with that conclusion

phf: that was the conclusion of the thread last time we had this conversation, yes ☟︎

danielpbarron: it was my understanding that we specifically don't want such an audit trail

phf: the proposed alternative provides a verifiable audit trail of all the ratings made by everyone, without necessary solving mitm problems

phf: the architecture ~right now~ is as secure as your setup. there's no way to mitm wot ratings. if there's an error in wot, there's not even a point to start a stink. you go and fix the rating if you changed it drunk, or you let trinque know that there's some serious issue. we unroll last week's signed wot and proceed from there

danielpbarron: the fork happened in the channel. we all read about it. whereas a hack would have no context to back the rating up

jurov: was that the argiument?

jurov: and good luck for someone comingoutside to determine from ratings wtf happened with bitbet

danielpbarron: i've been reading the log for years. i'd very much like to see someone hack the bot and change ratings. let enemy make a fool of himself

phf: trinque: i ~understood~ what he said, and it's an additional point unrelated to his previous argumnt

trinque: where does it fit in the model of the discussion so far ?

trinque: phf: how the fuck do I parse a statement like that ^

danielpbarron: signed ratings, to me, seems like it mostly benifits random newcomer/evesdropper with little to no benefit for actual users

phf: you don't want to even hear the opposing side so resort to constructing strawmen

trinque: this is emphatically "I just want to" use it the way it is

trinque: "meh, data integrity is your job :^)" << >> "alright, I want fucking signed material then"

phf: you're redefining the meaning of wot "for sekuriti!!1"

asciilifeform bbl, the lattices are here!!

asciilifeform: without these 'stones', there is no one who is talking.

danielpbarron: i think it's even dangerous to use sigs to preserve things in stone like that. shouldn't be more than a tool to ensure we're talking about the same text. tge signed material doesn't enforce itself. otherwise we're off into smart contract territory

asciilifeform: granted i can easily see how danielpbarron might have come upon his position, given as he practices a religion based on stuffing words into the mouth of long-dead fella

trinque: I am only interested in the hardening of the former

asciilifeform: and these --- matter.

asciilifeform: phf: forget the number. there are only 3 numbers that matter, -1,0,1.

trinque: if you put something in the signed material that gives when, that, also

phf: asciilifeform: no no that's sort of like the "what's the wot" article. the "number is meaningless without asking the creator" part

trinque: the fact is preserved that he who had this key said X ☟︎

danielpbarron: i don't see how that's useful in the WoT

phf: ratings are meaningless though without the creator

asciilifeform: one reason why signatures are a uniquely useful things is that they can outlive creator.

a111: Logged on 2016-12-02 19:55 danielpbarron: that's what sigs are for, one-off "maje sure you get this text unmolested" ; ~not~ here is a public record of official signed things

asciilifeform: danielpbarron: please paint a picture for us, of the danger

danielpbarron: my argument isn't "not needed" ; it's that it's dangerous

asciilifeform: when i sign phf's patch, i have 'posrated' the patch.

trinque: I didn't hear a position other than "not needed"

asciilifeform: a signed rating is a correct use of the robot. in fact vtronics consists entirely of this type of thing

phf: he's arguing a position against yours. he's not getting in your way. perhaps he's trying to say that he's not particularly eager to have dozens of his own signatures floating around with some opaque digital data in there directed at machine?

asciilifeform: mircea_popescu's original 'gossiptronic' argument -- and i suppose he can elaborate when he wakes up -- was that a signature is a kind of autonomous and indestructible truth-telling robot, that can be of use to the enemy if one is not careful about when you create it and out of what

trinque: in advance, rather than once upon a fuckup

trinque: so then why is danielpbarron getting in the way of me trying "better next time"

trinque: phf: we agree there.

phf: trinque: why not? my responsibility, the log, failed as a combination of things inside of my control and outside of my control. i apologized and tried better next time. it's not a bad system.

asciilifeform: and if you are dumb enough not to notice that you are in the cave, and relied on unsigned ratings, he can now also show you wholly-fictitious ones.

trinque: because we all know the system has always worked

trinque: perhaps danielpbarron thinks we should prune our blockchains of all blocks without unspent outputs too

trinque: I'd have thought so.

asciilifeform: trinque: ratings are one of the very few things for which the case for signature is screamingly clear

trinque: phf: yeah I'm not taking responsibility for the next exploit in all this garbage tyvm

trinque: so we've found the "sweet spot" where we have removed enough untrustworthy components and might as well settle down and have kids / get fat here?

phf: trinque: we trust you, it's in the wot. and if you break the wot we'll rate you negatively using the wot :)

trinque: I am aware of how the bot works; answer my actual question

danielpbarron: trinque, not; at least in current model only the bot is the iffy part. my decryption of the string proves tothe bot that i am me

trinque: I am still waiting to hear why I shouldn't just rely on freenode's auth system to process ratings ☟︎