log☇︎
565700+ entries in 0.373s
asciilifeform: nanotube: he will have to go beyond passing the turing test, and into fabricating an interesting and invite-worthy personality each time.
nanotube: PeterL: that depends on assbot coder. :)
nanotube: and then waiting for a while
PeterL: would we need to pm assbot to get a challenge to decrypt, or could it be something like we just send assbot the signature of "auth <wot name> <current time>"?
nanotube: and what prevents squatter from doing that, from several different identities?
asciilifeform: they read kakobrekla's www log, see who to pm, make a brief case for being invited
decimation: if they wish to auth, they pm assbot
asciilifeform: if they wish to lurk.
asciilifeform: nanotube: except there wouldn't be one. people would be asked to read kakobrekla's www log.
nanotube: asciilifeform: yes... but then the squatter will just squat on the 'gateway' channel where people get forwarded when they are not invited
asciilifeform: nanotube: the only readily apparent way is '+i'
PeterL: so instead of authing with gribble, we send auth message to assbot? one step instead of 3, sounds good to me
decimation: assbot would them pm the list of interested parties?
nanotube: asciilifeform: hrm... that's a tough problem. how?
nanotube: PeterL: oh well, i guess auth can stay for that purpose. or you can just send a signed message to assbot directly, in theory.
asciilifeform: nanotube: we were contemplating ways to expel the ddos idler from the channel in a permanent and generic way.
PeterL: that helps with ratings, but does not help the current voicing model of #b-a
nanotube: asciilifeform: i'm hoping for a gradual transition, as people upgrade their ratings with signed packets. after a sunset period, all unsigned ratings may be ignored
asciilifeform: nanotube: everyone gets to re-send their collected ratings with signature ?
PeterL: we use it here to verify people are who they say they are
asciilifeform: nanotube: incidentally, what is to become of the present wot when a hypothetical 'everything is signed' wot is built ?
asciilifeform: isomorphic to mitm.
nanotube: asciilifeform: well, more like an anti "guy leaves, some other guy comes in on same ip, and gribble has no way of knowing about it, unless they share a channel and gribble can see quits"
asciilifeform: if i understand correctly, nanotube's explanation resolves to this being an anti-mitm mechanism
nanotube: it is being worked on. but have a lot of other stuff on my plate. once everything is signed, there will not even be a need for something like "auth".
PeterL: so the question for you: would it be possible to let people auth without being in a chan with gribble?
decimation: given how obvious this flaw is, one wonders why no one has undertaken to fix it
asciilifeform: ultimately the very need for 'cloaks' is a bizarre misfeature
asciilifeform: where the hooliganism can continue
asciilifeform: the channels-shared-by-gribble thing also means that ddos idler bot, if expelled from #b-a, can move to one of the other channels.
nanotube: yea i remember that too...
asciilifeform: it is not hard to guess who they are.
asciilifeform: there are, i surmise, parties which are actively trying to induce these error conditions en masse.
asciilifeform: nanotube: many new users log in without cloak. and occasionally cloaks fail for reasons which do not reduce to user error
nanotube: well, that's a reason for people here to be cloaked. i remember hearing about that
asciilifeform: nanotube: it points a ddosnet consisting of ntp and ssdp 'amplification' bots (misconfigured routers, typically) at the victim.
asciilifeform: nanotube: there is a ddos artist paid (apparently) to carry out an endless quest to interfere with #b-a and related projects. presently he has an idler parked here.
decimation: nanotube: there's a ddoser who spams anyone who joins #bitcoin-assets with a 'naked' ip with an ntp amplification attack
asciilifeform does not know if nanotube is aware of the reason for this thread
undata: asciilifeform: ty
nanotube: asciilifeform: sure, but not everyone who uses the wot is in this channel or is cloaked :)
mike_c: yes, but he knows the nick didn't switch.
asciilifeform: nanotube: afaik everyone who frequents this channel is now cloaked
BingoBoingo: namecoin has been shot in the head many times
BingoBoingo: asciilifeform: Or maybe you don't yet know you imply it. It's the only alt I know of with Satoshi commits
asciilifeform: (iirc namecoin was recently shot in the head)
nanotube: asciilifeform: it's a way to track a person by hostmask, to provide persistent auth sessions. once we move to 'everything must be signed' there would be no need for auth sessions, and thus no need for people to be in particular channels shared with gribble.
asciilifeform: BingoBoingo: there is precisely one worthwhile blockchain.
asciilifeform: and the formerly harmless softness and promise-based mechanisms will become serious holes in the armour.
asciilifeform: i dare to invoke the 'parachute theorem' and say now, that when wot is taken seriously by intelligent and resourceful enemies, it will be rather late. ☟︎
asciilifeform: and guess what state of the art here is
asciilifeform: even if you do, there is no guarantee that other readers see the same thing you see
kakobrekla: i go through it a few times a year but for that reason particularly
asciilifeform: to check for anything you don't remember having done (or done to you)
asciilifeform: re: wot: (question to all present) - how often do you re-read your own wot history?
BingoBoingo: With other less strict channels existing on the net
BingoBoingo: #b-a irc net seems the only long term solution
asciilifeform: or, at best, to mircea's suggestion of building a dedicated #b-a irc net.
asciilifeform: and back to the start.
asciilifeform: unless you move the whole thing to a dedicated box with own irc. but then you advertise its ip in public
asciilifeform: decimation: that's ugly
asciilifeform: with the signature encompassing the full text of said command
decimation: asciilifeform: another alternative: all chat is pm'ed to assbot, who posts it to the log
asciilifeform: nanotube's wot works, afaik, thus far, but a good chunk of it still lives in the old pre-cryptographic universe
asciilifeform: and likewise timestamps
asciilifeform: PeterL: you have to - yes. mr i-owned-fleanode nsa clerk - no.
PeterL: asciilifeform: but you have to auth before making an operation, so it is almost like being signed
decimation: ah I thought it was connection based
PeterL: decimation: there are a bunch of -1s which offset +1s
asciilifeform: whatever happened to notarybot?
decimation: I don't get how level 2 has 0 connections, but joecool, nanotube and pankakke are connected to him?
asciilifeform: one of the things that always gave me the willies about the classic (nanotube's) wot is that operations are not signed ☟︎
gribble: Currently authenticated from hostmask Luke-Jr!~luke-jr@unaffiliated/luke-jr. Trust relationship from user assbot to user luke-jr: Level 1: 0, Level 2: 0 via 6 connections. Graph: http://b-otc.com/stg?source=assbot&dest=luke-jr | WoT data: http://b-otc.com/vrd?nick=luke-jr | Rated since: Sat Feb 5 12:37:04 2011
asciilifeform: kakobrekla: what means 'move auth to assbot'
kakobrekla: option 2, move the auth to assbot and save another step (!up)
PeterL: in the proposed system, can people join if assbot is down?
asciilifeform: that being, that all the controls have manual emergency cranks
asciilifeform: just pointing out answer to 'can anything at all work when all bots are dead'
kakobrekla: yes, can and willing to is not interchangeable
asciilifeform: when they're awake
asciilifeform: ops can operate the whole thing in manually-cranked mode, afaik
PeterL: I think people can be voiced now manually if gribble is down but not if assbot is down?
asciilifeform: PeterL: just like today, if gribble or assbot are down, only ops have voice
PeterL: they would still be able to manually up people, right?
asciilifeform: if gribble is down today, kakobrekla (and mircea_popescu ?) are still stuck manually upping folks
PeterL: if gribble is afk, then nobody can get into this chan
PeterL: it's strange, you must be in chan, but you can auth in a pm, so why be in the chan?
asciilifeform: (i'd love to hear a rationale for it)
asciilifeform: or ask nanotube to remove the peculiar must-be-in-channel thing
PeterL: have assbot take over the WoT?
kakobrekla: among other things, it is out of my control.
PeterL: what happens if somebody tries to join the chan without auth/L2? do they get dumped into #bitcoin-assets-noobs?
assbot: Logged on 19-12-2014 01:44:12; BingoBoingo: Well, sometimes assbot has downtime too.
mike_c: kako is too easily swayed by a cookie or two.
asciilifeform: at any rate, the folks whose gadget this is, can decide
asciilifeform: we already have something quite like this system. just that it is being administered by an enemy.
asciilifeform: think of it this way:
PeterL: but really, you can learn alot more going over a few months of logs than trying to get lucky by finding something interesting happening right now at this moment
asciilifeform: PeterL: proposed change transfers the initiative to actual people, and takes away whatever piece of it the spammer had.
asciilifeform: PeterL: understand, it isn't as if they can freely idle here now. ddos bot takes care of this.