637200+ entries in 0.381s
mircea_popescu: asciilifeform why is
the pgp corp named
twice in
the rfc ?
decimation: re: infantilism, charity <<
http://hopelesslysane.blogspot.com/2014/08/gratitude.html " I watched one brave/stupid older woman approach a very large woman with six kids hanging off her cart ($420+ of free stuff), and
tell her "I know gratitude is beyond you,
the least you could do is be polite."
The oldest of
the boys, about 12ish, menaced her, got in her face and said, "Fuck you, bitch! You owe us!", while momma smirked in approval.
mircea_popescu: what one woman
takes as violence another
takes as courtship, a point
the state is desperate
to hide from
the more unfortunate of youze.
decimation: MolokoDesk: I disagree, "monopoly on violence" is a refrain of modern apologists for
the state
assbot: You are right, but if Bitcoin ever goes mainstream
that kind of regulation
that ... | Hacker News
mircea_popescu: all
the politics of infantilism, where one makes demands of god, are suddenly exposed
to reality, because in either of
these degenerate systems of governmance (really, sides of same coin) one actualy may entertain
the delusion of it.
MolokoDesk: one of
the many defiitions of "government" is "that faction
that has a monopoly on
the use of force in a geographic area"
decimation: for example, "I demand
that
the
the group give me a "gun free" life" becomes "give us your gun or go
to
the gulag" for
the neighbor
decimation: mircea_popescu:
thinking about your definitions of socialism v. fascism, it occurs
to me
that one quickly leads
to another
mircea_popescu: welcome
to philosophically sound software design (tm). i hope
to see a lot more of it in
the future.
MolokoDesk: ok. if
this is easier
than what I've done so be it.
MolokoDesk: and it's provable
that
the contract hasn't been altered since signed and
timelogged
to
the blockchain.
mircea_popescu: the verification of identity relies on acts by
they who know who you are.
mircea_popescu: MolokoDesk
the signature of someone you don't know is worthless
to you.
MolokoDesk: ok. is
the rationale here
that if counterparties signed a document,
they usually know who
they are and since
the contract is not enforceable by an external party, only by
their cooperation, it doesn't matter who actually signed it if
they all know
they did.
MolokoDesk: heh. I haven't
tested
this with documents signed by anyone else yet. sec.
MolokoDesk: I did, which is why I resorted
to using wot's key registry.
MolokoDesk: I didn't see any obvious way
to do
that.
mircea_popescu: MolokoDeck it can extract a keyid from
the signature block.
MolokoDesk: ok. can GPG extract
the public key from a cryptosignature without knowing which public key was used
to make
the cryptosignature?
mircea_popescu: if a matter of repudiation arises,
then
that is dealt with by
testing
the sig.
mircea_popescu: just like irl,
the registrar of deeds does not verify your signature, merely looks
that
this shitwas signed
ben_vulpes: in
that
there is a signature and a keyid.
mircea_popescu: ben_vulpes all it determines is
that
the document formally looks like one signed by
that guy.
MolokoDesk: sure,
that's what I wanted
to do initially, get
the public key from
the signature.
ben_vulpes: but in
the case of an unknown key, pgp cannot determine if a signature is valid.
MolokoDesk: including
the public keys in
the document
then signing it with
those public keys would lock
this in.
mircea_popescu: simply do
this : separate
the pastebin into individual signed bits, put each
through gpg,
take
the apparent, unverified signer id, put it
through grible
to verify wot id, put it
through gribble again
to verify assbot linkage and you're done.
mircea_popescu: it compares
the pubkey it has stored (and which you hopefully signed)
to
the shit in
the hash of
the signed document
to establish it was not merely signed but actually signed by x.
ben_vulpes: in
the latter case it compares
the known pubkey
to
the sig
mircea_popescu: so having a "signature apparently by 8A736F0E2FB7B452, could not verify" is one
thing. "good signature from user MP 8A736F0E2FB7B452" is another
thing.
ben_vulpes: and gpg verifies
that
the keyid is valid for
the sig?
ben_vulpes: hash == keyid, right? where does gpg get
the hash? from
the signature itself?
mircea_popescu: nsa reads like a
third of
their "secure" comms on
this basis.
ben_vulpes: what is "x" in
this case - hash or name + email fields?
mircea_popescu: a point so fucking readily lost on derpjournos you wouldn't begin
to believe.
mircea_popescu: ben_vulpes gpg saying "signed by x" means nothing if you don't have x's pubkey
to check.
ben_vulpes: or
that
the signature is valid for hash "x" but
that
there may be collisions?
ben_vulpes: so signed by "x" does not imply
that
the signature is valid?
mircea_popescu: no ppl i r not insane
tyvm stop pming me. i am aware
that
through
the process as described signatures never get in fact verified and one could create a colision and sign for someone else.
this is not a bug, it's a fucking feature. you ARE supposed
to check YOURSELF
the fucking sigs if you intend
to rely on
the signed documents. it's
the only way
to implement
this correctly.
MolokoDeck: I
think
that use of "now" requires a comma in
the first sentence, since it's used as a colloquialism or interjection.
RagnarDanneskjol: he likes
to keep
things quiet until
they're ready for primetime
ben_vulpes: (mircea_popescu: it's like "i find
this amusing, even
though nobody else probably does, or someone's
trolling me, but it's not quite lolworthy")
ben_vulpes: i have
two whole beers
to get
through before i knock off for
the long weekend i want
to read more unit
tests
mircea_popescu: MolokoDeck it's included in
the signature block of
the signed
thing.
MolokoDeck: I just sent you a link
to
the unit
tests.
MolokoDeck: rather
than keep signing up for more block.io addresses.
MolokoDeck: it's easy
to spiff a static address with a few satoshi.
MolokoDeck: at least
to do what I'm already doing with it. If
this is easier
than
that
then it's as good as done.
MolokoDeck: you need
the hash of
the public key ...
to get
that it seems you need
the public key.
the PGP cryptosignatures on a document are kind of opaque if you don't have
the public key already, apparently it uses
the public key
to determine whether
the signatures match
the unaltered document and are from
the person who owns
the private key matching
the public key.
mircea_popescu: BingoBoingo "Now
this wasn't particularly notable at all. Now a lot of mining companies are crawling" << you are not allowed
to use now as
the first word in
two consecutive sentences
mircea_popescu: when you feed a string
to gpg you either get a "nonsense" complaint or a "signed by X" response, with a warning
that "we can't know who x is "
MolokoDeck: ok. so it's presumed
the signatures are valid?
MolokoDeck: some sort of "give
the bot another wallet" IRC commandline function would work for
that.
mircea_popescu: RagnarDanneskjol nah i want it
to always send from
the same address.
MolokoDeck: searching and indexing
that blog sounds like a website backend function, not part of
the bot.
MolokoDeck: it also logs
the documents
to some kind of repostory or blog. Knowing
the preferred format and web address of
that ahead of
time may be good, but
that's like a quick mod
to make it do whatever wherever.
mircea_popescu: it does not verify
the signatures. it merely extracts w/e signature gpg sees in
the document.
MolokoDeck: bot sits in here. People point it at a cryptocontract with multiple signatories. it verifies
the signatures. if
they're good it creates an unspendable bitcoin
transaction with
the address encoding
the SHA256 hash of
the contract. When
that
transaction clears and is on
the blockchain, it notifies
the IRC channel and gives
the URL of a logged copy of
the document, it's associated hash, and a pointer
to
the blockchain
transac
RagnarDanneskjol: wanna run it down one more
time for clarity molo? what it does exactly
MolokoDeck: if security concerns are de minimus I'm ready
to finish it as planned.
MolokoDeck: so
the wallet just has
to have a few centiBTC in it at a
time.
mircea_popescu: ok, so say what
the
thing is again, let's see if i say yes
this
time.
MolokoDeck: yeah, it's like 5 cents a document, about
the cost of a xerox copy.
mircea_popescu: if someone breaks in and steals
the bitcent, hey, more power
to
them.
MolokoDeck: or if
the bot is started with a shell command
the parameters end up in
the process list.
mircea_popescu: MolokoDeck it's never going
to own more
than a bitcent or w/e
MolokoDeck: probably none, other
than
that
the software has
to store
the passphrase somewhere. like... on a server.
MolokoDeck: what is of concern is
that
to make a valid
transaction
to
the bitcoin blockchain one has
to manage a web wallet.
The first cut is going
to use block.io since
they have a simple API
that includes
the
testnet (which I'm using in such a rudimentary way it doesn't matter whether it's obsolete features exist or not.
the subset of features is common
to
the latest bitcoind)
ben_vulpes: regarding borrowing gold and refusing
to pay it back?
ben_vulpes: what's
the "no congress shall be held
to
the agreements of a previous congress" citation?
MolokoDeck: ok. not having
to sweat keyring security seems a good idea since everyone
trusts gribble.
mircea_popescu: all
these fucking successful derps for crying out loud.
mircea_popescu: so i figure why no give clueless noobs a chance. send an order "
http://mediaparty.info/2014/ << find
the afterparty". half hour later, "i can't find anything. nobody is sayinga word on sm,
there's ONE picture of a guy and some wine on
twitter without enough background
to find where it is or anything".
MolokoDeck: the way i've done it makes it somewhat stand-alone. if
the public key registry is replaced it would be general cryptocontracts.
MolokoDeck: ok. so you want
to use gribble as an open agent.
MolokoDeck: instead I'm using
the wot API and
the associated public key server, adding
the public key
to
the bot's keyring each
time a contract is validated,
then verifying
the signatures.
mircea_popescu: this way you don't have
to keep updated keyrings locally or verify signatures in any wya
☟︎☟︎ mircea_popescu: MolokoDeck so basically, bot reads each document, extracts declared sig, puts it
to gribble
MolokoDeck: actually, if one invites
Tao_Jones in here and voices
the bot some of
these functions already work.
MolokoDeck: not sure I want
the
test server's URL going into a channel log
though.
MolokoDeck: I can show you
the unit
tests doing
that.