tmsr - Search: " T"

337500+ entries in 0.202s

maqp: If you're passionate about the project, I hope you dive into it, write a paper on this and prove us wrong.

maqp: It's just that this type of nihilistic reasoning and security t-bones with the standard infosec discourse so badly I can't offer advice.

BingoBoingo: Ah, there's always someone trying to find an easier, softer, way.

maqp: Okay. I really hope you end up creating somethign cool. Just be sure to get someone elses opinion too

mircea_popescu: sure. i've been hoping to do some snuff videos of "operatives" caught with gear for years now. ☟︎

mircea_popescu: well, there's no "we". but i have no interest in adding layers of sheet metal to my limo when everyone shot got shot getting in or getting out of the limo.

maqp: The range with illuminated retro reflectors is up to 10 miles. You going to shoot anybody within that range?

mircea_popescu: other than by shooting on sight anyone caught doing that.

maqp: There is no way your system can defeat targeted SIGINT monitoring attack, where government drives within a few hundred meters and collects signals emitted by your keyboard cable. ☟︎

mircea_popescu: as far as i see that's pseudosecurity. security is and always has been about being secure.

maqp: Security is, and has always been about adding layers, enough layers to make attack unbeneficial to attacker

BingoBoingo: <ben_vulpes> heh anyways i just cracked xotika, picked a random feed and whaddaya know the last frame of the bloomberg video that autoplayed itself is superimposed on this poor girl's face << Known bug on Chromium using OS X and Nvidia

maqp: Yeah, I'm afraid there's really no situation this could be used in

mircea_popescu: the only assurance to be had here comes from a gossipd model. where anyone could have written the plaintext, and for all anyone POORLY CONNECTED knows, they probably did. ☟︎

mircea_popescu: think about it. can i be assured ? maybe the person saves it in plaintext and loses the laptop

mircea_popescu: but i do not wish to be assured this ; moreover this "assurance" you provide is false, in substantially the same manner your idea of "infosec" misses security.

maqp: so you get secrecy without affecting the anonymity

maqp: and you can be assured that only the recipient will read what you sent

mircea_popescu: this is a good thing.

maqp: The point is, unless you encrypt the message, anyone might have created the plaintext ☟︎

maqp: Why not? To have even a tiny bit of integrity you need trustworthy peer network

maqp: then when you want to send a message to contact, you encrypt the message with the public key and ask users to pass along the ciphertext

mircea_popescu: because why would i gift upon a would-be atacker that;s really a lame ass kid unable to on hios own merit secure the cost of a proper burial

maqp: Why not instead have a public repository of all public keys similar to Tor

mircea_popescu: as far as anyone who wasn't there is concerned, this may as well be a fabrication altogether. and so on.

mircea_popescu: consider what happened in gossipd when i said the line above : "<mircea_popescu> you don't know who he has in his contacts.". buncha nodes that i know went "we heard mp say so" to their downlist

maqp: and evetually it will reach them

maqp: Okay, so basically I tell my peer that this message should at some point reach my contact

maqp: Why couldn't this work on OTR. I have a OTR messaging with my friend and I ask them to relay a message for me to someone peer has on their contacts?

mircea_popescu: complete anonimity between peers more than one node removed ; complete secrecy outside of the node group ; no integrity or authenticity outside of the wot trust. ☟︎☟︎

maqp: so a secure communication system with no anonymity between peers, no secrecy, no integrity and no authenticity unless all peers are trustworthy ☟︎

mircea_popescu: the power of the system is exactly this : that an attacker doesn't know NOR CAN KNOW if he';s being sybilled to death or not.

mircea_popescu: moreover, they should.

mircea_popescu: the information you receive is only as good as the trustworthyness of your peers.

maqp: So are you signing the plaintext before you send it to the peer?

mircea_popescu: basically the whole system is an implementation of "have you heard what X said", but with computers.

mircea_popescu: X, Y and Z see this, and if they like me enough, and if they have your pubkey, pass along the Hi to you.

mircea_popescu: i wish to say "Hi" to you. my peers are X, Y and Z. i encrypt "please say Hi for me to maqp" with X, Y, Z pubkeys.

mircea_popescu: let's walk through this maqp

phf: maqp: in case of gossip there's no propagation. it's a p2p where each node, explicitly your peer, makes claims about what was said or heard elsewhere. не веришь, прими за сказку

maqp: Can you give a tldr on how ciphertexts propagate in the network?

assbot: ..::[ The Bitcoin Foundation ]::.. ... ( http://bit.ly/1JZPY9X )

assbot: V-tronics 101: A gentle introduction to The Most Serene Republic of Bitcoin's cryptographically-backed version control system ... ( http://bit.ly/1nWQIFF )

mircea_popescu: http://cascadianhacker.com/blog/2016/02/07_v-tronics-101-a-gentle-introduction-to-the-most-serene-republic-of-bitcoins-cryptographically-backed-version-control-system.html << there's a discussion. or if you prefer to see code,

phf: ben_vulpes: ty

mircea_popescu: anyway, the model gossipd is supposed to use is, you pass along traffic to your peers, if you're satisfied that it comes from either youself or a peer. it's a sort of messaging-over-wot. exactly like v works.

maqp: So the urban vs rural talks about anonymity being a "rat in a sewer"

maqp: But I fail to see the rat in the sewer, when you're giving the government a finger by bouncing traffic across the globe

maqp: Well, we must depend on those who are able to do something then given their current social and societal situation

assbot: Logged on 23-01-2016 03:40:38; mircea_popescu: the people who don't care if they life or die either live or die. the people who do care - end up paying rent to the ones that live.

mircea_popescu: http://log.bitcoin-assets.com//?date=23-01-2016#1382256 << something like that. ☝︎

mircea_popescu: no amount of "infosec" is going to change the fact that for any discussion on these lines, you go with the sucker herd.

mircea_popescu: if you are the sort of person who cares, you are the sort of person who cares.

mircea_popescu: what's this game of everythingsies, i wanna be tanned but also untanned and sit in the sun and the moon at the same time bla bla.

maqp: It doesn't have to be a family, it might be a parent, friend, someone we look up to

mircea_popescu: no, they philosophically have no business there. once you've decided to settle down and reproduce, you've by that token accepted the world as is, declared your own submission to it and all that.

maqp: it depends on how well they can weigh the threat and what track record the tools of their OPSEC have

maqp: I think we need both

maqp: There's nothing bad being a Moose. It can be hard to be a moose when your family is being tortured in another room when you chose not to use anonymity to hide participation in dissidence movement

maqp: The article steers away from infosec discourse faster than CRC32 collision. I skipped to the end--

assbot: Anonimity, or the urban versus rural dispute. on Trilema - A blog by Mircea Popescu. ... ( http://bit.ly/1nWP4nr )

mircea_popescu: you'll probably get overloaded with reading material, but anyway, the general idea is that only children could possibly imagine anonimity is a sufficient substitute for lack of sovereignity. a reasona . a discussion in more detail is in http://trilema.com/2012/anonimity-or-the-urban-versus-rural-dispute/

maqp: Have you discussed the threat model?

maqp: So it's a secure chat with track record?

mircea_popescu: maqp neither of these are of any interest here.

phf: maqp: that was the original proposal, that outlines some principles, but there's been a lot of discussion in the logs about it

hanbot: kakobrekla vspace isn't too horrid, aside from the voice stuff...which i guess makes it an unfortunate choice. at least it's not a heh.

assbot: [Artifexd] A better ircd [RFC] on Trilema - A blog by Mircea Popescu. ... ( http://bit.ly/1nRGplr )

maqp: Is there a memo on that design?

kakobrekla: on that matter, how are you going to search for 'v'?

mircea_popescu: hanbot iirc that one's dead.

hanbot: http://log.bitcoin-assets.com//?date=21-09-2015#1280954 << mircea_popescu, care to better dub the poor thing? ☝︎

maqp: are you referring to this? https://github.com/JosephSWilliams/urcd

hanbot: http://wiki.bitcoin-assets.com/the_real_bitcoin/nodes << dude srsly who named their node "mine", how the fuck'm i gonna search logs for it.

mircea_popescu: we've not really got around to doing much practically with it.

mircea_popescu: it's this secure communication thing dreamed up by b-a.

maqp: So breaking the anonymity won't reveal content of chat that could compromise their identity

mircea_popescu: you should prolly also look into the vaporware that still is gossipd.

maqp: Then TFC can really help since Tails and Pidgin only see TFC ciphertexts

maqp: But if you find Tor insecure and suspect someone is remotely breaching for example your Tails live session

maqp: I'd prefer secure by design approach any time

maqp: Sure it has it has it's problems. But the only alternative is secure-by-policy VPN

maqp: I'll have to read the article. Tor sucks slides indicate it puts up a fight even against FVEY agencies

assbot: Dear Guardian : stop being retarded. on Trilema - A blog by Mircea Popescu. ... ( http://bit.ly/1Te2i8l )

mircea_popescu: but anyway, tor has a miserable reputation here, publicly due to http://trilema.com/2013/dear-guardian-stop-being-retarded/ but otherwise ancient.

maqp: So Pidgin is just a way to transmit ciphertexts from dbus to XMPP server

mircea_popescu: that was my point : that if he was going to barf over tor, which doesn't actually matter or significantly touch the scheme, might as well pick any other random unrelated item

mircea_popescu: i think we understand that yeah.

maqp: However, the entire computer Pidgin is running on is not part of the trusted computing base.

maqp: I completely agree with ioerror on that "pidgin is a flock of zero-days flying in formation"

assbot: Logged on 07-02-2016 17:03:55; punkman: also uses dbus to talk to pidgin

mircea_popescu: link to the line in log for context ?

maqp: mircea_popescu: I looked at the backlog someone linked me and I wanted to address one thing about TFC using it

pussyfreak: mostly nodejs these days

mircea_popescu: i'm not exactly in the business of pushing people to do things.

mircea_popescu: uh i dun see it. guy was gonna do some things, then got sick, then came back, then never did the things. i dunno, lost interest or w/e.

ben_vulpes: the thing has like 4 girls online atm

ben_vulpes: mircea_popescu: hurt Naphex' feelings with the camho piece?

ben_vulpes: heh anyways i just cracked xotika, picked a random feed and whaddaya know the last frame of the bloomberg video that autoplayed itself is superimposed on this poor girl's face

mircea_popescu: guruvan> seems like people round here need bigger heads <<< i thought "the consensus" was b-a heads already too big