log☇︎
263700+ entries in 0.173s
asciilifeform: the mere fact of the absence of the slave ship does not tell us why.
asciilifeform: then again, lawyers or stock traders are likewise not yet on the ship.
asciilifeform: that this was not yet done to programmers illustrates the 'nobody needs 'software industry' for very much, it would not cover the diesel' hypothesis.
mircea_popescu: this is plowing with chickens. they work for a year at a time not for a two hour stretch ; then you got a business.
mircea_popescu: review the problems of running mines in the us cca 1800. dumbass minersd want to work a week and visit a brothel.
asciilifeform: i suppose on the boat they cannot go to the pub etc.
asciilifeform: and on land they can leave ?
mircea_popescu: asciilifeform they can't leave.
mircea_popescu: it's entirely a social-media thing. boys "program" exactly like the girls "are popular"
asciilifeform: vs only the shoes
asciilifeform: what's the win from hosting the shoemakers on the ship per se ?
mircea_popescu: the reason they're not programmers is that there's no useful value in programming.
mircea_popescu: there's MANY flotillas of sad shoe makers / tailors etc.
mircea_popescu: but that's because living on the sea sucks, not because the ships suck.
asciilifeform: where are the sad flotillas full of captive programmers etc.
mircea_popescu: flour also keeps ; esp at sea. ten tons will still only cost you a few thousand dollars, who cares.
asciilifeform: incidentally, if this is a thing, how come nobody afaik uses old cargo ship as office space.
mircea_popescu: it works better if you have half a dozen slavegirls with you ; buy ten tons of flour, have them make bread each day
mircea_popescu: they'll deliver. you just buy your sprat by the pellet rather than by the box as now. it keeps./
mircea_popescu: hey, i had them deliver 2 tons of water by hand ; the whole purchase was a few hundred bux.
asciilifeform: i suppose when you're mircea_popescu, you can just moore your dirigible to it.
mircea_popescu: you got a crane or two. get people to bring you supplies by boat.
asciilifeform: let's run with this concept. say i buy. where to park it ?
mircea_popescu: how long do you think you got, a century ?
mircea_popescu: if you buy a newish one at a fire sale/bankruptcy proceeding today ; you will die before it dies.
asciilifeform: until the day when no new ones are available at any price.
mircea_popescu: too expensive to drydock. cheaper to melt and make new one than "fix".
mircea_popescu: mean time between hull failures is about a century.
asciilifeform: what's the mtbf on these things ?
mircea_popescu: unlike the kickstarter lolrlov nonsense. they exist, and they float. nobody asks you to go from vancouver to huangzhou.
asciilifeform: these ships have exactly all of the appeal of driving a ww2 panther tank around town.
asciilifeform: 'folks charging $1000 per container could not afford the diesel. i know great idea! i'll buy one and carry 0 containers, charging $0 !'
mircea_popescu: time to buy your ship if you're serious. this unique circumstance in human history will never repeat.
asciilifeform: ntainers because there were no guarantees that tugboat pilots or stevedores would be paid.'
asciilifeform: 'The bankruptcy of the Hanjin shipping line has thrown ports and retailers around the world into confusion, with giant container ships marooned and merchants worrying whether tons of goods will reach their shelves. The South Korean giant filed for bankruptcy protection on Wednesday and stopped accepting new cargo. With its assets being frozen, ships from China to Canada found themselves refused permission to offload or take aboard co
mircea_popescu: "And honesty's against all common sense: men must be knaves, 'tis in their own defence. Mankind's dishonest; if you think it fair among known cheats to play upon the square you'll be undone. Nor can weak truth your reputation save: the knaves will all agree to call you knave."
mircea_popescu: asciilifeform so basically they took the windows pill.
trinque: so NSA is favoring Trump or what?
shinohai: "An unknown individual using the encrypted privacy tool Tor to hide their tracks accessed an email account on a Clinton family server, the FBI revealed Friday." <<<< bwahahaha
asciilifeform: mircea_popescu: idea was that only gpg2 knows how to talk to the 'wks' crapolade.
mircea_popescu: asciilifeform no i mean, i nthe context of keys. they're still the same damned thing, what "2"
asciilifeform: the abortion discussed in the recent rng thread.
asciilifeform: (i can only assume, as this is where he was)
asciilifeform: unveiled at the 'pgp conference', no less.
asciilifeform: he is pushing a new, gpg2-only thing.
asciilifeform: that was the whole lul in subj link.
asciilifeform: mircea_popescu: https://gnupg.org/blog/20160830-web-key-service.html << koch grunts again to push folks to gpg2. this time, by 'obsoleting' sks.
asciilifeform: when did these folks ever have shame.
mircea_popescu: is this what they call the police arresting the key people of their child porn ring ? "attacked by terrorists" ?
asciilifeform: 'Yesterday, we announced HONR 378Q, and many of you are interested in the course. Unfortunately, as you may already know, AUAF was attacked by terrorists 10 days ago and they are in the process of recover. So we are unable to offer the course this semester; but we are hopeful that we will be able to offer it in the future.'
asciilifeform: in epic spam noose, 'HONR378Q Honors Seminar: Islamic Radicalization Drivers of Youth in the United States and Afghanistan Omar Samad, former Afghanistan Ambassador to France. This is a Global Classroom seminar: Using teleconferencing technology UMD Honors students will be conducting research with their Afghan peers at the American University of Afghanistan in Kabul.' --- then, 24 hrs later,
asciilifeform: it is quite conceivable, given the popping rate, that some large fraction of extant rsa keys have somewhere between 24 and 64 bits of actual entropy.
mircea_popescu: asciilifeform just making it plain for teh log readership.
mircea_popescu: because if we discover that say "thisfunction is used on 64 bits of input of which the first 44 are known" ; then we run the other 20, add the resulting nextprime etc add those into the 8ball and it's goodnight. ☟︎
mircea_popescu: considering we have millions of keys, and considering the sort of shenanigans we've seen currently, including werner koch's gpg subversion most recently ; it would not be inconceivable at this point if a good chunk - thousands, hundreds of thousands of keys can actually be factored once we figure out which exact 20, 30, whatever bits are actual entropy , and how the nextprime is chosen on the basis of that.
mircea_popescu: to be clear here : if the keys are generated out of 16 bits of entropy ; and if there are 65537 keys ; then necessarily there will be at least one weak pair, and in practice more than half ; all of which will be cheaply hacked apart by phuctor's method.
asciilifeform: soooo, turns out that the 'publickey' thing is displayed whether or not it is actually enabled.
trinque: people do the strangest things.
mircea_popescu: but at this point it wouldn't be much surprise if there were, honestly.
mircea_popescu: trinque his idea was that it's worth checking if there were ; not necessarily that there are.
asciilifeform: trinque: well that was the q. didja try it ?
asciilifeform: and the tube is only seeing a microscopic fraction of the photons.
trinque: but it does not immediately follow that there are any authorized_keys set or determine where they were generated if so
asciilifeform: yes, there IS some nonzero probability of it happening 'at random', but chances are that someone was served polonium tea.
trinque: asciilifeform: yes I know what that means.
asciilifeform: think of it as a geiger that rattled all day long at 1000x the familiar background for the room.
mircea_popescu: yes, the people with shitty opsec are never a tiny fraction of any group ; even if we don't meet them often
asciilifeform: well other working hypothesis is that it is ~not~ tiny fraction, but a tip of the 'birthday theorem' iceberg. ☟︎
mircea_popescu: trinque depends on setup ; sometimes nat people do this. gotta remember we're talking of a tiny fraction of the space here.
asciilifeform: do you still see a 'debug1: Authentications that can continue: publickey,password' ?
asciilifeform: trinque: try a ssh -v ipaddrgoeshere -l root on one of these
trinque: all the networking gear I've seen didn't ship with any authorized_keys filled in
trinque: I am on a terribly laggy connection, but people there can be understood as "manufacturers"
asciilifeform: (as typical router/modem/etc.)
asciilifeform: but instead shipped with a script that generates keys on first boot
asciilifeform: trinque: current working hypothesis is that ~none of the affected boxes are operated by 'people'
trinque: asciilifeform: people generate their ssh privkey on the box *to which* they're connecting? ☟︎
mircea_popescu: hey, let the reader benefit, what.
asciilifeform: mircea_popescu: typically the key used for actually logging in is generated on same box. with same braindamaged rng. hopefully i dun need to draw a picture, it makes sense
asciilifeform: mircea_popescu: didja ever notice that ~all of the Framedragger boxes support publickey auth on ssh ?
asciilifeform: 'Last week, a defense lawyer argued that the FBI drastically improved the performance of a dark web child pornography site in the process of investigating it. On Thursday, the Department of Justice responded, denying those claims.'
asciilifeform: meanwhile, in the monkey house, https://archive.is/0Afgw
mircea_popescu: but they are derps because impotent, not because "mp hates them"
mircea_popescu: yes, it could have, at any point during the past year, been a significant way for the derps to contribute ; and very cheap for them.
mircea_popescu: hence why "ask them".
mircea_popescu: anyway. none of this is a good use of your time atm.
mircea_popescu: asciilifeform emulating them, same diff.
asciilifeform: but to take one of the routers discussed in the netcat thread and actually see how it shits out key
mircea_popescu: and you can ask / say whatever you want, idiot runs on own code and ain't taking outside input.
asciilifeform: eh i wasn't suggesting ~asking~ them.
mircea_popescu: meaningless flailing about what "we haven't proven" however, ie, the ONLY thing they may not do in their situation, that they come up with qs.
mircea_popescu: somehow the "here is the code i compiled to run to obtain that result" is not obviously the ONLY thing they may do in their situation.
mircea_popescu: NONE of them produced the fucking software. all of them produced various versions of "oh, you owe us things"
mircea_popescu: something like that.
mircea_popescu: what's that "pirate party" derp again ?
mircea_popescu: asciilifeform that's much iffier because as you've seen in the field, the idiots who are idiots once are going to be idiots forever
mircea_popescu: ie, if paul biggar weren't a total idiot, he'd be here doing this.
asciilifeform: or even to take 1 known pair of key and what-made-it, and work backwards.
mircea_popescu: get a "cloud" of likely primes, much in the way "artificial intelligence" works.
mircea_popescu: and then apply that to zero field, timestamps, etc.