73400+ entries in 1.41s
mircea_popescu: IF gpg doesn'
t put out full fingerprints for verified keys, then gpg is broken
mircea_popescu: davout but assbot won'
t respond unless he queries by fingerprints.
mircea_popescu: well apparently it just became required to verify cause otherwise it can'
t talk to assbot.
davout: lol, deedbot isn'
t supposed to verify sigs amirite
mircea_popescu: davout if you don';
t have the key you can'
t verify signatures, dork!
davout: if you don'
t have the key in your ring it won'
t know the fpr
davout: it does, it doesn'
t however return fingerprints
mircea_popescu: asciilifeform they don'
t have cleaning ladies in the classic sense, which is why conde nast is writing memos to the "journos" about keeping the place clean.
mircea_popescu: PeterL weren'
t you a biochemist by trade dabbling into code as a hobby recently ?
undata: because terrorists can'
t find an old copy of gpg?
gribble: Error: Something in there wasn'
t a valid number.
davout: that doesn'
t make much sense to me, how would a maliciously crafted pubkey even verify the signature?
davout: asciilifeform: yeah, that's what i was reading, it mentions user ids in the subpackets spec, but i'm unsure whether that includes an actual key fingerprint, i tend to understand that it doesn'
t ☟︎ undata: doesn'
t our agreement being public and with firm verification of identity bolster my claim among peers that you're a knucklehead?
undata: davout: because no one ever once was opped in a chan that shouldn'
t have been
davout: because the notary doesn'
t enforce or verify anything, just certifies that something existed at some point of time
davout: undata: the notary doesn'
t enforce the agreement so why bother verifying the signature at all
assbot: Logged on 30-08-2014 00:59:50; mircea_popescu: this way you don'
t have to keep updated keyrings locally or verify signatures in any wya
undata: davout: isn'
t the whole point of a notary verifying the identities of the parties involved then verifying that an agreement has taken place?
punkman: so I guess v4 sigs don'
t have fingerprints either
punkman: davout: you are right, doesn'
t work with clearsigned message
davout: kakobrekla: tbh if verifying the signature on notarized data is not considered necessary i don'
t think it's a big issue if the dump is unsigned
davout: the version 4 signature subpacket spec isn'
t that clear to me, maybe asciilifeform has some insight
Apocalyptic: davout, re "looks like this can'
t be verified correctly without either relying on a keyid as an actual key unique identifier OR keeping a synchronized keyring and actually verifying the signature" I suspect there actually is, playing with the source atm
davout: undata: "the wot is an excellent tool for making good decisions about establishing those" <<< sure, but i'm not sure why the notarization *tool* would enforce that, i defo don'
t feel strongly enough about it to argue the point either way
davout: undata: it doesn'
t burn the bitcoins
davout: what *is* specified is that the bot must verify that the signer has L1/L2 assbot trust, looks like this can'
t be verified correctly without either relying on a keyid as an actual key unique identifier OR keeping a synchronized keyring and actually verifying the signature
assbot: Logged on 30-08-2014 00:59:50; mircea_popescu: this way you don'
t have to keep updated keyrings locally or verify signatures in any wya
davout: Apocalyptic: "you have to validate the sig" <<< no i don'
t think so
davout: if i don'
t have the key in my own keyring it doesn'
t seem possible to extract the fingerprint from a signed message
davout: that would work when listing keys, i can'
t seem to get it work when piping a clearsigned msg to "gpg -v -v --fingerprint"
davout: yea, i was reading gpg's rfc yesterday and found out that they aren'
t supposed to be relied upon for unicity
ben_vulpes: as someone somewhere once said "i don'
t hire developers who spell well, i hire developers who mispell consistently."
ben_vulpes: "pushed by" not "initiated by". furthermore, doesn'
t make the usage somehow acceptable.
ben_vulpes: if you don'
t know the gender, say "his or her"
davout: ben_vulpes: wasn'
t sure about that, I assumed a weakness in my own english since no one brought that up, but it did sound slightly weird, thanks for clearing it up!
danielpbarron: this is for deedbot right? don'
t you already know what the last pubkey was?
ben_vulpes: i don'
t know that a bitcoind would be able to verify a transaction without access to the full inputs
ben_vulpes: while this isn'
t *strictly* necessary, it's how things work now.
ben_vulpes: i don'
t really know how the transmission of btc is supposed to work for the thing
fluffypony: don'
t worry guize, Gavin will save err'one
PeterL: so, if somebody has < 1 L2 rating, they don'
t get voice? or it just has to be > 0?
mircea_popescu: heck, the us scammer office (previously marshall's office) doesn'
t have to answer foia if it doesn'
t feel like it, and can even lie in public statements.
mircea_popescu: decimation: there's a deep hypocrisy here somewhere. apparently the usg entities who are involved with foreign surveillance couldn'
t possibly do their jobs if they were subject to 'regulation', but of course regular people trying to say, transact bitcoin, have no such reprieve << well, usg entities that deal in bitcoin do have such reprieve currently ?
mircea_popescu: no, there shouldn'
t be a way to compel an answer. wtf ?!
PeterL: too early, can'
t read yet
mircea_popescu: that way, it wouldn'
t have to do two steps, just directly gettrust to a keyid.
davout: you don'
t refer to yesterday's convo do you?
davout: well, you can'
t really build a good house without good bricks
decimation: there's a deep hypocrisy here somewhere. apparently the usg entities who are involved with foreign surveillance couldn'
t possibly do their jobs if they were subject to 'regulation', but of course regular people trying to say, transact bitcoin, have no such reprieve
mircea_popescu: but also why a certain attitude to ineptitude, from the "affirmative action", "wopmen in tech" "don'
t say nigger" all the way to stupidities like the equalitarism in freenode's policies is so very important. and why linus' "fuck you" is such a major thing.
mircea_popescu: in any case, the entire lennart gambit is that "actually smart people won'
t be able to find each other in our sea of lemmings"
mircea_popescu: giving inept infantrymen good horses doesn'
t create an elite cavalry regiment, it just creates a lot of injured horses. giving stupid people smart things doesn'
t make them smart. it'll just make a lot of broken smart things.
mircea_popescu: kinda why "adoption" is meaningless. i don'
t care for anyone to "adopt" anything i do. i might care if they change to fit to it. but otherwise, good fucking luck, there's no value in having a bunch of pacific islanders speak english as if it were the retarded language they spoke before.
mircea_popescu: anyway. there's nothing wrong with the people who didn'
t belong in foss in the first place finding their own way out, just like there's nothing wrong with the people who have no business in bitcoin finding their own way out.
mircea_popescu: "in the most superficial level, some used -h for help, and others ––help. It’s not uniform." << i can'
t name a tool that doesn'
t actually honor both.
undata: well that lays bare the abstractions rolling around in that gourd, doesn'
t it
undata: decimation: I wasn'
t aware of that particular detail
mircea_popescu: yes, much more than say the specialst pays (specialist doesn'
t pay). this is inconsequential.
decimation: if living off gov'
t checks anyway, wouldn'
t a trailer park somewhere stretch the bezzlars?
decimation: I just can'
t imagine a future in which I will need to learn 'go' for work or pleasure
decimation: I wouldn'
t call it 'hate' as much as 'utterly uninterested'
xiando: I know, but I don'
t have to like it. :)
xiando: I would prefer if they don'
t endorse that or anything and leave it alone.
thestringpuller: mircea_popescu: i couldn'
t find good example on top of head. but was jist of it received?
mircea_popescu: asciilifeform: (and that there is another one, where it wasn'
t. but i think we did this one before) << like 5 or 7 times.
danielpbarron: i don'
t think they are so rational; i suspect it has more to do with "going viral" like a clever youtube video, and having been in on it before it was trendy
thestringpuller: But isn'
t this like someone trying to power a water wheel by simply running up stream with buckets of water they collect downstream?
thestringpuller: isn'
t this classic dilemma of selling soul for some benefit/value
artifexd: I believe the point is that Snowden didn'
t say gpg was compromised. However it could have been compromised since he left. Only mircea_popescu knows mircea_popescu's motivation for that spec though.
mircea_popescu: can'
t hurt. leave all these for a 2nd version down the road.
mircea_popescu: i been looking for it magically can'
t find it. the one that had the rsa break in the last fascicle
artifexd: How could the crypto routines be compromised in a way that would matter? Weak key generation? gossipd doesn'
t generate keys. Weak rng during encryption? I pick the rng (and can offer an option for you to supply your own). Encrypting a message with an "extra" key so peet can read it? That should be easy to see in the code.
mircea_popescu: if i pick a barber i don'
t go by the straight razor brand.
mircea_popescu: dude you can'
t impeach people on the grounds that they ate with hitler.
mircea_popescu: listen, if you don'
t start fucking girls born after X at some point, you'll be stuck in wrinkle heaven.