log☇︎
252100+ entries in 0.104s
asciilifeform: 'we're all out of death, gonna have to be cake'
asciilifeform: just boggles me mind that people swallow this shit.
asciilifeform: (see log)
asciilifeform: note that yubi is braindamaged even if there is no obvious flaw in the hardware
asciilifeform: artifexd: sadly, i'm otherwise occupied. but you are encouraged to do it yourself
asciilifeform: mircea_popescu: looks like it only mentions the server-end crap
asciilifeform: anyone here own 'yubikey' ? got it to cough up its fw?
asciilifeform: lul
asciilifeform: may as well say that it beats being dragged behind a truck until nothing remains on the rope but a tattered thread of skin.
asciilifeform: somehow this concept is 'rocket surgery' to people.
asciilifeform: mircea_popescu: not only this, but they write the key. ergo, they have the key.
asciilifeform: basenji - that looks quite like the dogs i saw in Timis.
asciilifeform: diametric: something that i was hoping to avoid
asciilifeform: diametric: had to switch to 4-layer.
asciilifeform: fly manul to argentina, breed with colocolo -> double thickness
asciilifeform: jurov: this notion is not original to me, visit the literature
asciilifeform: ;;google nonlinear keyspace
asciilifeform: ;;later tell mircea_popescu my hunch is that all known block ciphers have non-linear keyspaces.
asciilifeform: yubi, by all indications, is designed to resist any attempt to determine whether it leaks key. therefore i must assume that it does.
asciilifeform: fact is, any secret key generated outside of your home should be assumed to be in enemy hands at birth.
asciilifeform: all of the traditional crapola is present. enforced and perpetual dependence on the vendor, for example.
asciilifeform: in that respect, it is exactly like other seekoority snake oil products.
asciilifeform: you don't need an army and navy to pwn yubi users. just a little bit of cooperation from the vendor.
asciilifeform: etc
asciilifeform: likewise, given closed design, user has no way of knowing if yubi tosses a few bits of key into each signature nonce
asciilifeform: does he need to? the way it is designed - yes
asciilifeform: vendor has the key.
asciilifeform: extraction of yubi internal key by the postman isn't the only interesting scenario
asciilifeform: since no one groks, looks like i'll have to 'draw a picture.'
asciilifeform: even if a con artist has fooled him into thinking otherwise
asciilifeform: Naphex: what i'm trying to get across is that a fellow with yubikey in his pocket is, in fact, 'holding a secret'
asciilifeform: benkay: it promises that a private key can be sent in the post, left plugged in at wiring closet, etc. without danger.
asciilifeform: ed felten's words, 'try to make a safe that can be left in burglar's living room' sums up the issue
asciilifeform: Naphex: 'cardano' could in principle be used as 'token.' but you gotta understand the difference between what yubi promises and what honest people can actually physically achieve
asciilifeform: take minute to think, what is yubi hiding, when refusing to publish the design ?
asciilifeform: you gotta transport the secret to the user << did i wake up today in a parallel universe where public-key crypto was never invented ?
asciilifeform: that is decorated with alchemical symbols, in order to seem impenetrable to naive buyer
asciilifeform: just in a box
asciilifeform: you're still handling private keys
asciilifeform: *closed
asciilifeform: and undertakes to solve a problem to which there can be no solution
asciilifeform: i.e. - close,
asciilifeform: the device comes with not one but two gestures of bad faith
asciilifeform: nothing to do with trojans
asciilifeform: that's a response?
asciilifeform: interesting lack of detail about vendor's response.
asciilifeform: there we go.
asciilifeform: a closed gadget suggests that there is something to be gained from learning what has been kept closed.
asciilifeform: Naphex: for instance.
asciilifeform: the closed aspect suggests, 'none'
asciilifeform: for instance, what measures, if any, against 'differential power analysis' in yubikey?
asciilifeform: it's never a question of 'maxtrust'
asciilifeform: we cannot see if the promise is kept
asciilifeform: the hardware makes a promise.
asciilifeform: they're not.
asciilifeform: correct
asciilifeform: i see no description of the internals.
asciilifeform: Naphex: what can we tell from this marketing brochure?
asciilifeform: afaik - as closed as it gets
asciilifeform: the hardware.
asciilifeform: gotta ask, what's the basis for trusting 'yubikey' ?
asciilifeform: i.e. how are you to convert the light into usable thrust.
asciilifeform: let's imagine unbreakable fiber, spherical horse. what's on the other end?
asciilifeform: (note what shape the world's talles buildings were prior to structural steel.)
asciilifeform: the only elevator scheme described to date, afaik, that stands a chance of working, is... 'tower of babel.'
asciilifeform: (ignoring, for a moment, the purpose of suspending 100km of fiber, sans payload)
asciilifeform: then, pesky problem of thrust.
asciilifeform: then, wind on cross-section of 1km * 0.1mm (or whatever thickness)
asciilifeform: 'my wire is a dielectric', you say, but to what voltage.
asciilifeform: other nuances. calculate electric potential difference between top and bottom.
asciilifeform: jurov: calculate what 100km of... anything. weighs
asciilifeform: problem is materials strength.
asciilifeform: jurov: classical idea, 'space elevator'
asciilifeform: artifex: ask fuhrer, not me
asciilifeform: artifex: the proverbial 'upload the goods to usg every night' perl script.
asciilifeform: lol
asciilifeform: 'successful' -> never needs dental work ?
asciilifeform: ('спасение утопающих дело рук самих утопающих')
asciilifeform: 'the salvation of the drowning is work for the hands of the drowning.' (russian orthodox proverb)
asciilifeform: in usa, on the other hand!
asciilifeform: not as such. but the occasional misfit tried to make some sort of legalistic case, to the laughter of the judges.
asciilifeform: let's sue the kgb, sure. and don't forget to include a 1700s obscure tort case in argument. etc
asciilifeform: like the 'sovereign citizen' crackpots mp had an essay about
asciilifeform: but point being, people who imagine 'hacking the legal system' tend to end up pathetic cases
asciilifeform: i must now confess that this is not a subject that i've any serious direct expertise in
asciilifeform: and, naturally, the 'legal' crap doesn't contain delta-9 or any other thc, said substance being on the ban list
asciilifeform: benkay: no actual baths involved. it appears to be the spam brand under which a thousand things are sold.
asciilifeform: aka 'bath salt'
asciilifeform: the folks who flock to 'new! legal!' u.s. btc exchanges, remind me of the ones who buy and smoke the 'legal marijuana substitute' stuff
asciilifeform: didn't help... madrid.
asciilifeform: us one of the richest countries << the automobilist term of art is, i believe, 'running on fumes'
asciilifeform: everyone made his peace with being a candidate for the wagen
asciilifeform: but granted, the psychology is very reminiscent of '90s russia, when it had no formal tax code
asciilifeform: folks i work with.
asciilifeform: these are usians
asciilifeform: tell them about autosnitch, etc. - 'ok, we're condemned, what can we do'
asciilifeform: i can confirm. a number of people i know in person seem to use it.
asciilifeform: reminds me of russian madman v. pelevin's story 'Пространство Фридмана' ('Friedman-space.') where somebody tests this hypothesis experimentally.
asciilifeform: so, 'critical mass' of coin opens black hole?
asciilifeform: 'antonov 225'