log☇︎
292000+ entries in 0.168s
shinohai: ;;later tell mod6 also worked on Deb http://dpaste.com/0S4VX30
Framedragger: asciilifeform: kthx, good to know.
asciilifeform wonders why BingoBoingo has not himself bought the warehouse
BingoBoingo: You know how the coastal property market works? Cairo is kinda the opposite. rural AND black! North of the Mason-Dixon line too!
asciilifeform: for instance, i know a fella who moved to a - perfectly tame little town in west virginia, and thought he was getting great deal, but it turned out that it is physically impossible to get decent net connection there (at least without paying for streets to be dug up, six figures)
asciilifeform: the missing ingredient HAS to be something that costs moar than the difference to add back in.
BingoBoingo: <asciilifeform> nothing in usa - that one could live in - costs this little, unless it is attached to onerous restoration mandate from the city, and/or surrounded by heavily armed and belligerent africa << AHA, the latter. You gotta supply your own walls!
asciilifeform: notice, the sig is not used for anything therein
asciilifeform: well, probably not as traditionally stated (e.g., if 'evil maid' borrows mircea_popescu's key, she can launch the rockets)
Framedragger: asciilifeform: btw would phuctor (as it currently works) be able to import an otherwise normal openpgp / rfc4880 key either (1) no self-sig or (2) a somehow borked (nulled? haven't looked at rfc4880 data structures yet) self-sig? as i see it lotsa info is actually contained *within* the signed part, in that format..
Framedragger: re evil maid, sure, that's a prob.
asciilifeform: ^ this may actually be practical with pgp
asciilifeform: (or more general variant where enemy can take something you signed and turn THAT into a subkey that is in turn accepted somewhere!!)
asciilifeform: the one where 'key can squirt out a signature for a new key but this can leave no permanent mark on the original,' ergo auto-acceptance of subkeys is invitation for 'evil maid attack' etc.
asciilifeform: there was a very good thread where mircea_popescu explained this, but i can't seem to find it
a111: Logged on 2016-06-16 23:17 mircea_popescu: more importantly : i don't want to outsource the management of my trust chains. if i trust you, i trust one key, not all keys in all derivations you may one day come up with.
asciilifeform: ;;later tell mircea_popescu http://qntra.net/2016/06/clinton-and-major-socialist-party-data-released-by-hero/#comment-61788
a111: Logged on 2016-06-16 22:45 gernika: Something I built that may be of interest to Z80 fans: http://www.exusiae.com/blog/thortron.html
asciilifeform: ;;later tell gernika http://btcbase.org/log/2016-06-16#1483690 << neato ☝︎
a111: Logged on 2016-06-16 23:09 mircea_popescu: i don't know hpa. any item purporting to be hpa's key is fake, and this can not be fixed by hpa or anyone on his behalf through technological means of any sort.
asciilifeform: http://btcbase.org/log/2016-06-16#1483707 << neither moar nor less fake than linux kernel, neh ? ☝︎
asciilifeform: nothing in usa - that one could live in - costs this little, unless it is attached to onerous restoration mandate from the city, and/or surrounded by heavily armed and belligerent africa
asciilifeform: http://btcbase.org/log/2016-06-16#1483689 << this HAS to be a scam. ☝︎
Valfor: Well let me know if you do - don't want to be inadvertently breaking the rules :)
trinque: just discussing teh bot mr feelings!
mircea_popescu: Valfor more like auditing the mechanism than anything.
Valfor: I'm happy to do so
Valfor: My nick has been the same :P ☟︎
trinque: weird. deedbot tracks nick changes at least
mircea_popescu: Valfor well lol, consider getting in the wot eh.
Valfor: you're ripping me to shreds
mircea_popescu: trinque i think he got voice a whole back and deedbot forgot about it.
Valfor: not really something I can take for myself :P
mircea_popescu: wtf is this wonder.
mircea_popescu: and why should the process be streamlined ? the decision to "move your key to storage" has some costs, for them. why should you be insulated from this ? you wanna do X, pay up.
mircea_popescu: Framedragger why should it scale ? dunbar number is a thing. there's no need for you to be trusted, or even known, by more than a few dozen people.
gernika: Whales are spouting off the coast today. Beautiful thing.
Framedragger: jurov: but probably nvm actually 'cause your tool i expect does not generate things like self-sigs out of nowhere, etc. (need by current instance of phuctor). would still like to take a look if it's around tho!
Framedragger: jurov: i heard you have a converter from tmsr format (e,N,comment) to openpgp, if that's true can you link to it perchance please? would save time / redundancy :)
Framedragger: ^ i'll re-think and converse better next time, bed time
Framedragger: otherwise doesn't scale at all, if 1000 people wanted to trust my subkey. i guess *you* could argue that fuck scale and fuck "lots of people", etc.
Framedragger: one practical consideration re you signing my subkeys: what if you really trusted my main key but then i later decided to move that key to offline storage for security, and derive a subkey - one may argue that gpg provides just this kind of means of streamlining the process - i sign my new subkey or whatever, and there's that, no need for you to meet me in person again. otherwise doesn't scale at all, if 1000 people wanted to trust my su
mircea_popescu: so in a sense i made a design decision post-implementation, because these cojoined twins had to be cut somehow. this is improper, sure, but unavoidable.
mircea_popescu: if it's intended to work as what it works, then really there's no use or need for that nonsense.
Framedragger: yeah i agree here, i do see that point
mircea_popescu: sure, but the "who is in charge" point is important.
Framedragger: depends on matter of scale. if you zoom out and look at gpg as a whole then you just want to burn everything to the ground, sure. and if you zoom out further you want to rewrite more and more things. but sometimes it is worthwhile to consider relative differences of worth, too, so to speak.
mircea_popescu: and if you want a subkey, I do the signing, not you.
mircea_popescu: more importantly : i don't want to outsource the management of my trust chains. if i trust you, i trust one key, not all keys in all derivations you may one day come up with. ☟︎
Framedragger: i suppose that's what i wanted to state originally, yeah. i know it's not a strong case; but it's not utter bullshit, either.
mircea_popescu: nevertheless, it seems to my eyes to be of the kind of "there's a difference between burnned out barn with door open and burned out barn with door closed".
mircea_popescu: but anyway, sure, there's a difference between "random subkey" and "subkey signed by main key".
Framedragger: maybe i'm jumping too much. apologies - sleepy; and i get the point.
mircea_popescu: i don't think it can ever be said "x phenomena shows only y abstraction".
Framedragger: i.e. they show only that.
Framedragger: right, sure. but then you'd agree that all phuctorings (save for one, apparently) are interesting insofar as one is interested in how broken this scheme is?
mircea_popescu: "subkeys" are ~equivalent to "domain names" and various attempts to weaken bitcoin that were quashed historically. "wouldn't you like some wool over your eyes ???"
mircea_popescu: Framedragger i don't see much merit in the whole scheme. gpg does something stupid and then maybe salvages some edge of it. mmkay.
mircea_popescu: anyway. the only way in which the scheme you discuss worked was to prevent effectual use of symmetric key crypto, and it's altogether doubtful people needed help for that.
Framedragger: i agree. but what if there was some trust path from you to hpa's parent key; and there were no paths at all to the diddled child key. surely that's something, even if not enough for you to mark hpa's key (any key) as "trusted"
mircea_popescu: if another knows hpa, and signs his key, then that one knows the key he signed to be not fake, but the key he signed. this, again, has little to do with hpa per se.
mircea_popescu: the only solution is for us to become acquainted.
Framedragger: whether it truly worked well, whether some gpg clients are shit, whether keyservers should preemptively dismiss such keys - all worthy points of discussion, but separate.
mircea_popescu: i don't know hpa. any item purporting to be hpa's key is fake, and this can not be fixed by hpa or anyone on his behalf through technological means of any sort. ☟︎
Framedragger: let's particularize: hpa's parent key was embedded in the pgp wot (whether the latter is worth anything is a *separate* point) which people trusted. then, hpa's child key appears, and it's not properly signed by hpa's parent key, the latter being trusted prior. maybe the sig is not there, maybe the sig is invalid, whatever. child key gets rejected. this scheme in itself is not circular, and it *worked*.
mircea_popescu: a self-signature establishes nothing. if YOU signed the key then ~you~ would know it's not fake in the specific sense that it's the same one you signed.
Framedragger: maybe bad wording: not "self-signature" in this case, but rather one (parent) key signing another (child) key.
Framedragger: i agree that it's a property of relations. a signature establishes a relation
Framedragger: non sequitur, even though the example is cute
mircea_popescu: your notion of fake is broken. you think fake is a property of objects. fake is a property of relations.
mircea_popescu: Framedragger as exemplified by the woman in the picture. she's "not fake". in what sense ? she could call you and swear for herself ? so ?
Framedragger: hence self-sigs do provide value here; this is not to say that the notion of "subkey" shouldn't be razed from the earth, eventually.
Framedragger: i.e., the "fake subkey" case *can* be handled correctly.
a111: Logged on 2016-06-16 21:23 mircea_popescu: Framedragger so some clients handle it correctly. this isn't much of an argument that it belongs there.
Framedragger: http://btcbase.org/log/2016-06-16#1483669 << it does, however, show that a coherent account "fakeness" (from the query by yourself ("what makes a subkey fake ?")) is possible. ☝︎
gernika: Something I built that may be of interest to Z80 fans: http://www.exusiae.com/blog/thortron.html ☟︎
deedbot: [Recent Phuctorings.] Phuctored: 4579563035892572414441 divides RSA Moduli belonging to 'Cyber-Tom <cyber-tom@mailcity.com>; ' - http://phuctor.nosuchlabs.com/gpgkey/AD4C57403CECBEB77262D7BE6F1E4F9925E7A673AA8AA1A5971A1555B67C20AD
asciilifeform: i remember them costing their weight in silver.
asciilifeform: if the alternative weren't microshit, nobody would even conceive of buying such a thing.
phf: no need to spread! boom, it's that easy!
asciilifeform: ben_vulpes: the crapple currently in business is a sad thing. i have a brand-new $3k box here, for instance, that periodically forgets it has wifi.
BingoBoingo: Wait you didn't see that part?
phf: i'm just so rarely exposed to agitprop that this was a fascinating experience. it's like watching men in suits get on all fours and earnestly eat shit from the floor.
mircea_popescu: next year they can give him a kardashian ass and he could launch a music album.
phf: you guys, i really enjoyed the main guy, because he was like a steve jobs zombie, down to a gaunt cancer look. he existed in this uncanny valley with all the manerisms and presentation ticks.
ben_vulpes: the pathetic "omg these cool features!" from current fanboys is endlessly entertaining.
mircea_popescu: Framedragger so some clients handle it correctly. this isn't much of an argument that it belongs there. ☟︎
mircea_popescu: asciilifeform buncha recovering 2000s fanbois, whadda ya want. anyone's a teenager sometime.
mircea_popescu: trinque the apple you're thinking of got pancreatic cancer, they got a replacement from central casting.
Framedragger: (and also the tree of comments below, which are not properly visually formatted, in terms of identation)
a111: Logged on 2016-06-16 17:04 mircea_popescu: except in the case as seen of hpa's key, where they just attached a valid sig to an invalid key.
Framedragger: http://btcbase.org/log/2016-06-16#1483611 << this does not make sense to me. granted, maybe i need to be elucidated. but gpg clients correctly handle hpa's key mess, viz. https://news.ycombinator.com/item?id=9561091 (link to particular comment about this particular case of diddling) ☝︎
asciilifeform: boggles my mind that any of you bothered to watch
phf: followed by half hour of two grownups earnestly demoing imessages features presumably targeted at 12 year old girls
phf: "execu-super-mommy" i believe is that term she used, right before trying to get boomer audience to sing along to the sugarhill gang
phf: i liked the black chick that was doing the whole blackface shtick
BingoBoingo: And transfats
trinque: somebody decided they needed to be more inclusive with their presenters, and they included a bunch of duds
mircea_popescu: but i've yet to meet muslim married woman that'd even conceive such outrage.
asciilifeform: where in dar-al-islam is there this