800+ entries in 0.247s
mircea_popescu: the only thing is that
gpg is already obsoleted becauyse of its inane fingerprinting scheme
mircea_popescu: asciilifeform stronger argument than it seems. leaving aside the static issue, it's not even a given
gpg compiles at all.
mircea_popescu: and
gpg is not very far off this ; neither are ALL usg produced programs you are running.
mircea_popescu: if you --import it
gpg will probably update trinque's key under your signature won't it.
mircea_popescu: asciilifeform o hey, consider this situation : 1. i know your fp, so i make fake key for that fp. 2. i know trinque 's fp, so i make fake key for that fp too. 3. i know you keep a signed copy of trinque's key on your keyring ; so : 4. i proceed to sign trinque's fake key with your fake key and 5. pretend to be a noob and give you my
gpg pubkey.
☟︎ mircea_popescu: o mention ancient strongholds of usgism such as kock-
gpg, tor or (again) openssl are being butchered left and right. the attempted anti-bitcoins failed to catch on.
mircea_popescu: in
gpg you mean ? nah, and i wouldn't trust it anyway. ok to wait, it waited for a year before masochist guy found the rake in grass to step on
mircea_popescu: you can literally come up with an idea for a thing while travelling ; go to internet cafe ; spin up
gpg to make you a new key while you bash it down ; then sign the patch with that key which you don't even bother taking from there.
mircea_popescu: and in general this exactly mirrors everything - we tried to work with
gpg turns out
gpg doesn't want to work, not WITH anyone, it actually does not want to work, at all. ditto for the ssh. ditto for everyone and everything.
mircea_popescu: thestringpuller the two evident avenues would be a) power differential analysis (ie, see how much electricity it eats, and parasite waveforms it induces). this is amply discussed on web re subverting
gpg (eventually they got it to work with mere microphone, but same principle)
mircea_popescu: shinohai ironically we're also giving up on
gpg, for the exactly opposite reason.
mircea_popescu: ah alf, remember the happy days a few years ago when we actually thought
gpg ~= pgp ?
mircea_popescu: ie, the reason koch-
gpg-clearsing worked ok for us for a long time is that while flawed as alf correctly (and repeatedly for a year now) points out, nevertheless its hole falls atop a hole of v, namely that it doesn't do "-----"
mircea_popescu: because thatg's the only way you're guaranteed to not have the current
gpg problem
mircea_popescu: asciilifeform the whole "ssh key made on debian recast as
gpg key" thing is pretty bizarre.
mircea_popescu:
gpg: Good signature from "Seclab Signing Key 2016 <seclab@airgapped.sec.t-labs.tu-berlin.de>"
mircea_popescu:
gpg: Good signature from "Seclab Signing Key 2016 <seclab@airgapped.sec.t-labs.tu-berlin.de>"
mircea_popescu: Framedragger note that i don't particularly see the value in restrictioning anything. in principle anyone should be able to register a domain for his bitcent - even if he puts no
gpg key in there. he just won't be able to admin it, big whoop./
☟︎ mircea_popescu: even the notion of "expire" as implemented in
gpg.koch is nonsense. should be replaced with "disused", as in, "i took it out of deedbot and am not using it anymore"
mircea_popescu: trinque any idea why it rejects ? i see
gpg: Good signature from "Mariono (Marionobitcointalk)
mircea_popescu: lol! review the history. the bar in 2016 is "make a bot" ; the bar in 2014 was "get a
gpg key".
☟︎ mircea_popescu: considering we have millions of keys, and considering the sort of shenanigans we've seen currently, including werner koch's
gpg subversion most recently ; it would not be inconceivable at this point if a good chunk - thousands, hundreds of thousands of keys can actually be factored once we figure out which exact 20, 30, whatever bits are actual entropy , and how the nextprime is chosen on the basis of that.
mircea_popescu: ok, fine. hereby is announced a 1 BTC prize for the best fanfic published on the blog of someone with a
gpg key deedbot knows about.
mircea_popescu: thestringpuller don't be the messenger. kid can
gpg like anyone else.
mircea_popescu: abrr i was talking to shinohai ; what you have to do is register your
gpg key with deedbot and get the game client running. you got either of these ?
mircea_popescu: so far the major problem is irc usage ; and
gpg/deedbot a very distant second.
mircea_popescu: nah, the retardation making it ~impossible to compile
gpg 2."current" has 0 to do with automake.
mircea_popescu: shinohai i need some noobs to labour for me in eulora. put a post up wherever it fits, jobs board if they have it ? saying that i'll pay 1 bitcent / 2 hours of work. first task is to get
gpg key made and registered with deedbot after which install game and ask for acct. once they're in they get the first bitcent, after which they'll get tasks.
mircea_popescu: first case of koch-
gpg / openshit-ssh keys sharing a factor. pity it's such a lulzy one, HOWEVER, it does make the "sks error" nonsense just a little more lulzy.
mircea_popescu: ;;later tell bingoboingo "Following the news of a serious RNG bug affecting all
GPG versions a low energy shitgnome campaign of apologetics and "not that bad" followed." << can i get a "The fact that hundreds of
GPG keys have been Phuctored in the past year has, of course, nothing to do with all this." added ?
mircea_popescu: asciilifeform no, no, looky : For GnuPG 2.1 things are different because there is a long running process (
gpg-agent) which creates all keys.
mircea_popescu: asciilifeform same people who check the
gpg rng unwhitened.