294400+ entries in 0.102s
mircea_popescu: i'd be so curious to fuck the imaginary daughter of knuth and buffett.
mircea_popescu: decimation at no point are keys examined in this process at all.
mircea_popescu: mp service philosophy : "make small, absolute promises"
mircea_popescu: * asciilifeform sees 'golang' as a mild misbehaviour, but won't try to convince people << be fgucking thankful it's not ruby.
mircea_popescu: <decimation> ought these pubkeys be cached by the bot or grabbed from the keyserver per request ? << ?
mircea_popescu: of interest is the signature packet: algo 1, keyid 35D2E1A0457E6498 line
mircea_popescu: we're not getting too far here, lemme write it out as a formal spec.
mircea_popescu: asciilifeform why is the pgp corp named twice in the rfc ?
mircea_popescu: what one woman takes as violence another takes as courtship, a point the state is desperate to hide from the more unfortunate of youze.
mircea_popescu: first off, violence is a subjective psychogenic construct.
mircea_popescu: no state ever had or ever actually used any sort of "monopoly" on "violence"
mircea_popescu: all the politics of infantilism, where one makes demands of god, are suddenly exposed to reality, because in either of these degenerate systems of governmance (really, sides of same coin) one actualy may entertain the delusion of it.
mircea_popescu: welcome to philosophically sound software design (tm). i hope to see a lot more of it in the future.
mircea_popescu: the verification of identity relies on acts by they who know who you are.
mircea_popescu: MolokoDesk the signature of someone you don't know is worthless to you.
mircea_popescu: MolokoDeck it can extract a keyid from the signature block.
mircea_popescu: if a matter of repudiation arises, then that is dealt with by testing the sig.
mircea_popescu: just like irl, the registrar of deeds does not verify your signature, merely looks that this shitwas signed
mircea_popescu: ben_vulpes all it determines is that the document formally looks like one signed by that guy.
mircea_popescu: simply do this : separate the pastebin into individual signed bits, put each through gpg, take the apparent, unverified signer id, put it through grible to verify wot id, put it through gribble again to verify assbot linkage and you're done.
mircea_popescu: it compares the pubkey it has stored (and which you hopefully signed) to the shit in the hash of the signed document to establish it was not merely signed but actually signed by x.
mircea_popescu: so having a "signature apparently by 8A736F0E2FB7B452, could not verify" is one thing. "good signature from user MP 8A736F0E2FB7B452" is another thing.
mircea_popescu: nsa reads like a third of their "secure" comms on this basis.
mircea_popescu: a point so fucking readily lost on derpjournos you wouldn't begin to believe.
mircea_popescu: ben_vulpes gpg saying "signed by x" means nothing if you don't have x's pubkey to check.
mircea_popescu: no ppl i r not insane tyvm stop pming me. i am aware that through the process as described signatures never get in fact verified and one could create a colision and sign for someone else. this is not a bug, it's a fucking feature. you ARE supposed to check YOURSELF the fucking sigs if you intend to rely on the signed documents. it's the only way to implement this correctly.
mircea_popescu: MolokoDeck it's included in the signature block of the signed thing.
mircea_popescu: BingoBoingo "Now this wasn't particularly notable at all. Now a lot of mining companies are crawling" << you are not allowed to use now as the first word in two consecutive sentences
mircea_popescu: this warning we squarely ignore, because if gribble knows who x is so do we
mircea_popescu: when you feed a string to gpg you either get a "nonsense" complaint or a "signed by X" response, with a warning that "we can't know who x is "
mircea_popescu: RagnarDanneskjol nah i want it to always send from the same address.
mircea_popescu: i need more coffee, amphetamines and cuntjuice over here.
mircea_popescu: it does not verify the signatures. it merely extracts w/e signature gpg sees in the document.
mircea_popescu: ok, so say what the thing is again, let's see if i say yes this time.
mircea_popescu: if someone breaks in and steals the bitcent, hey, more power to them.
mircea_popescu: MolokoDeck it's never going to own more than a bitcent or w/e
mircea_popescu: all these fucking successful derps for crying out loud.
mircea_popescu: so i figure why no give clueless noobs a chance. send an order "
http://mediaparty.info/2014/ << find the afterparty". half hour later, "i can't find anything. nobody is sayinga word on sm, there's ONE picture of a guy and some wine on twitter without enough background to find where it is or anything".
mircea_popescu: this way you don't have to keep updated keyrings locally or verify signatures in any wya
☟︎☟︎ mircea_popescu: MolokoDeck so basically, bot reads each document, extracts declared sig, puts it to gribble
mircea_popescu: ;;gpg info --key 6160E1CAC8A3C52966FD76998A736F0E2FB7B452