log☇︎
714800+ entries in 0.368s
moiety: unfortunately not. i tried to frankenstein the usb bit on the end with a non frayed one. i ended up with more bits than i started with D;
moiety: i tried to rewire a mouse today, didnt go so well
asciilifeform: diametric: something that i was hoping to avoid
asciilifeform: diametric: had to switch to 4-layer.
asciilifeform: fly manul to argentina, breed with colocolo -> double thickness
BingoBoingo: fluffypony: Do you worry that maybe your wife might begin to suspect you might be spending all of this time online trying to cheat on her with a Manul?
moiety: alongside moiety... so im unsure which triggered smuxi to flash
fluffypony: have to show my wife that
moiety: ;; later tell mircea_popescu even the doges are at it now http://s3-ec.buzzfed.com/static/2014-04/enhanced/webdr04/25/10/enhanced-buzz-22480-1398437911-8.jpg must be for cinco de mayo
jurov: oh i misunderstood... easy to use system for an issuer, not for the user
fluffypony: I'd hazard it's easier to list there than on MasterCoin
fluffypony: except say "I want to list"
jurov: so you have to log in every 3 days if you want to maintain standing order
fluffypony: jurov: well you also don't have to do anything to list
jurov: lulzbourse is easy to use????
fluffypony: well that's the end of that
fluffypony: "Due to popular demand, now available to trade on an easier to use system. Available here https://bitcoinbourse.eu/ ticker DUN"
BingoBoingo: mike_c: Well, the monthly reports will include exact balances, but I'm not yet sure about the wisdom of offering balances in real time. That might leak things like when exactly trades executed and where I had orders sitting on the orderbook.
mike_c: it would be feasible to have a webpage showing your balances. that is perhaps not a good idea for a market maker though.
BingoBoingo: mike_c: It will be harder to track my part of MPIF, but the monthly statements will still exist, and there's the part where at least at the start of this the operation I am running is smaller than the other portions.
midnightmagic: history of past bad keyspace means attackers try that first always
jurov: because it was never proven otherwise? i can see that
asciilifeform: jurov: this notion is not original to me, visit the literature
gribble: Weak key - Wikipedia, the free encyclopedia: <http://en.wikipedia.org/wiki/Weak_key>; hybrid message-embedded cipher using logistic map - arXiv: <http://arxiv.org/pdf/1209.2582>; State convergence and keyspace reduction of the Mixer stream cipher: <http://eprint.iacr.org/2010/628.pdf>
jurov: asciilifeform: care to elaborate?
asciilifeform: ;;later tell mircea_popescu my hunch is that all known block ciphers have non-linear keyspaces.
jurov: guess the dividend plans are guarded with utmost secrecy :D
jurov: SFI unit holders are entitled to receive dividends indirectly from the Fund's startups which have a
fluffypony: investors should just throw money at it
mike_c: they got their mistakes out of the way with SF1. You need to jump on SF2, it's going to the moon.
thestringpuller: HOW THEY RUN IT INTO THE GROUND
thestringpuller: they are gonna show us howt hey run this show
jurov: so not one of their startups is profitable yet.nice
dR3: Greets all. Appreciate this chan. That is all =)
gribble: Major Tom | The Venture Bros. | Adult Swim - YouTube: <http://www.youtube.com/watch?v=-aqvIU1dkD8>; Major Tom - The Venture Bros. Wiki - The People's Republic of ...: <http://venturefans.org/vbwiki/Major_Tom>; Ghosts of the Sargasso - The Venture Bros. Wiki - The People's ...: <http://venturefans.org/vbwiki/Ghosts_of_the_Sargasso>
thestringpuller: ;;google major tom venture bros.
Naphex: nah, the rest look like bull
fluffypony: have you seen TagPesa's pitch deck?
fluffypony: Naphex: that's the exception to the rule
mike_c: there are so many good companies for them to invest in! they need more funds.
ozbot: btcXchange.ro - The first Bitcoin exchange in Romania
Naphex: https://www.btcxchange.ro/order - its meant to have some easyability in it, remember it's an exchange and we will be having a transaction fee at some point
Naphex: so there's that
Naphex: and doing some tutorial video for setting up, for noobs
Naphex: not just the crypto community
Naphex: thestringpuller: i am, i will be adding GPG auth. but thats it
thestringpuller: why not consolidate all 4 to gpg
Naphex: sure. if you get all 4 the only thing that can save you is hope you don't hit any short-circuits or be enough in the hot wallet
thestringpuller: Naphex: i can get all three by putting a gun to the customer's head
benkay: the comparison is not made on the basis of openness, rather by asking professionals and the experienced what their opinions are and why they are that.
benkay: hey, guys: which is less likely to leak? openssl or gpg?
benkay: this goes back to the problem of trust in the wot. openssl, pirate...ask anyone who knows things what they think of the two.
benkay: however being closed does make a thing impossible to trust.
artifexd: Open source compared to open source. The point is that being open doesn't make something trustworthy.
artifexd: Similar to the transparency of... openssl?
benkay: contrast with transparency of...gnu privacy guard.
benkay: it sounds weird and i don't trust it.
benkay: so yubi is a signing thing? what are these yubi servers an implementer talks to?
benkay: artifexd: i don't know enough about the thing. it pretends to be a keyboard, though? sounds like a lot of unexaminable dependencies.
Naphex: ah, i doubt it. unless their personalization tool phones home, but doubt that
artifexd: benkay suggested that the yubikey could phone home (or any attacker) with the new contents if it were reloaded. I was questioning that.
Naphex: artifexd: you touch the button, it types the OTP
artifexd: benkay If the yubikey registers as a keyboard, how can it access the network?
asciilifeform: yubi, by all indications, is designed to resist any attempt to determine whether it leaks key. therefore i must assume that it does.
benkay: not holding party's problem, though.
benkay: all of a sudden i'm struck by the notion that the only good withdrawal message is one gpg-signed by the withdrawing party.
asciilifeform: fact is, any secret key generated outside of your home should be assumed to be in enemy hands at birth.
Naphex: and gox had the keys
Naphex: but that attack needs to be targeted
kakobrekla: gox loaded yubis with their keys so the keys were locked to gox use only
asciilifeform: all of the traditional crapola is present. enforced and perpetual dependence on the vendor, for example.
artifexd: That may, or may not, invalidate the ability to use yubikey's servers though. I don't know.
Naphex: you don't have to go that deep
artifexd: The point was that, instead of reading the key, an attacker could put his own key in there since he supposedly has access to the device prior to the client getting it. Also, the client could generate and insert is own keys thus destroying the attacker's advantage.
Naphex: it still needs that stuff to do damage
asciilifeform: in that respect, it is exactly like other seekoority snake oil products.
Naphex: at least some 0 day or insider, or whatever breaches deep enough to issue withdrawal messages
asciilifeform: you don't need an army and navy to pwn yubi users. just a little bit of cooperation from the vendor.
Naphex: some risk reduction is worth it, even if not bulletproof in all theoretical/practical/NSA cases
benkay: can't vet the thing's behavior, artifexd. might as well be squirting things written to those slots back home.
asciilifeform: likewise, given closed design, user has no way of knowing if yubi tosses a few bits of key into each signature nonce
Naphex: true, but my risk is still reduced, that an attacker/breacher would have to have private keys leaked, have user secrets, and have user email, and penetrate hard within infrastructure without detection, to nab some satoshi from the hot wallet
asciilifeform: does he need to? the way it is designed - yes
asciilifeform: vendor has the key.
asciilifeform: extraction of yubi internal key by the postman isn't the only interesting scenario
asciilifeform: since no one groks, looks like i'll have to 'draw a picture.'
Naphex: so user gives me yubi pub key, and then shoots OTP
Naphex: asciilifeform: i'm talking from a server end point, i don't have to keep user secret. just public key
asciilifeform: even if a con artist has fooled him into thinking otherwise
Naphex: and OTP just removes the risk of insider/intrusion that can just spam hotwallet servers or trade messages with withdrawals
asciilifeform: Naphex: what i'm trying to get across is that a fellow with yubikey in his pocket is, in fact, 'holding a secret'
Naphex: for me it promises a OTP, from the user. which i can validate without holding a secret
diametric: me too
asciilifeform: benkay: it promises that a private key can be sent in the post, left plugged in at wiring closet, etc. without danger.
asciilifeform: ed felten's words, 'try to make a safe that can be left in burglar's living room' sums up the issue
asciilifeform: Naphex: 'cardano' could in principle be used as 'token.' but you gotta understand the difference between what yubi promises and what honest people can actually physically achieve
gribble: Rating entry successful. Your rating for user asciilifeform has changed from 1 to 1.
pankkake: ;;rate asciilifeform 1 makes the best tinfoil hats
kakobrekla: Naphex forget it, he is busy with the sub
Naphex: ;;rate asciilifeform 1 NSA Should make a open OTP Token