log☇︎
753000+ entries in 0.507s
Duffer1: ah, i have indeed heard of people drowning fighting their rescuers
ninjashogun: When I had been coming in here it was following an experience over a similar channel (related to doge) on a loan. As someone here (asciilifeform?) explained, I should have 'no problem' getting a loan of $20K. In fact I did have "no problem" on it, but in the end I couldn't collect it, and had come in here over a few days to see if anyone were interested in the same.
bitcoinpete: ThickAsThieves good call. deleted that one and did a text one instead: https://news.ycombinator.com/item?id=7419618
ninjashogun: I stopped coming here and returned due to ughlol mentioning it. I think you guys are mostly trolling in here (which is fine).
ninjashogun: I'm Robert, as I mentioned. I hadn't talked to you guys before. ☟︎
BingoBoingo: ThickAsThieves: Prolly Thermos
ThickAsThieves: i cant believe you guys are still so weak to trolling
ninjashogun: Duffer1 - it' snot 'mine'. It's a feature suggestion for the cardano v2 or v3. it's still the cardano. 95% would be the same, including the basic invention that they described.
Duffer1: ninja but why would i buy yours over the cardano?
ninjashogun: or tablet
ninjashogun: anyway I'd think there's a market for in-between, people (like me) who don't care that much, but would rather not keep a key on a PC
dignork: ninjashogun, let's say it's a complicated attack, and it costs 1M$, which you don't have, then you can safely assume you shouldn't care :)
ninjashogun: I'm currently developing a wireless version of my prototype, and it is true that I am still learning it.
ninjashogun: I'm trying to invest in some 2.4 ghz wireless equipment (spectrum analyzer among other things) and would be the first time I use one.
ninjashogun: it's just that a CPU does so much, you know? it's 2 or 4 cores at 4 ghz with megabytes of just CPU cache and then hundreds of megabytes of active ram and programs
ninjashogun: I guess I could radically underestimate how much CPU state a wifi transmission can carry away.
ninjashogun: I tend to go from first principles.
mircea_popescu: you're in a very poor position to evaluate any of these contingencies.
ninjashogun: or c) this is tinfoil hat nonsense :) :)
dignork: ninjashogun, c) they're idiots
dignork: ninjashogun, that's because a) people store useless trash on their systems and don't care/ b) they calculate the risks and live with it
ninjashogun: nobody is this paranoid :)
ninjashogun: dignork - if what you are saying is true than there should be a huge market for a USB wifi stick that is just 8 feet of shielded USB cable with a power conditioner on either end, so that your wifi transmission happens the fuck away from your CPU.
dignork: ninjashogun, so you keep your key off your computer, to avoid exactly that
ninjashogun: dignork - because all computers obviously already leak some information through faint EM
ninjashogun: dignork - but above and beyond what the computer leaks anyway by itself?
dignork: ninjashogun, as simple as possible, wifi transmitter on key-storage device will leak cpu state of key-handling process, game over.
BingoBoingo: ninjashogun: Maybe you are the wrong audience as you aren't concerned very far
ninjashogun: personally anyone who could bruteforce all that, while breaking wireless encyrption and your whole network stack, can see the damn document as far as I'm concerned. and they still wouldn't have my private key.
ninjashogun: asciilifeform, I don't even mena to "sign" a single document. Just to transmit it. And receive back hte signed version.
mircea_popescu: lmao this reminds me of the original tucker max wage fixing story.
ninjashogun: asciilifeform, further, as a practical matter you are not being asked to transmit a real key. You are just transmitting a stupid session key that is used to sign a single document. And if that session key is used in javascript, which is VERY far from the metal (it's a VM, running in interpreter, JS running in a C++ program, firefox, running on Windows) you would have to have insnae precision on learning exact CPU state.
ozbot: The Techtopus: How Silicon Valley’s most celebrated CEOs conspired to drive down 100,000 tech engi
ninjashogun: asciilifeform, anything that leaked one bit, could be repeated until you have them all. It only works if you can't learn any of them, except by brute-forcing all of them together.
mircea_popescu: diametric i love it too hehe
ninjashogun: asciilifeform, I get your point but obviously if you can learn a single bit of a key, you can learn them all. Not one bit should be leaked, ever.
diametric: Login to see how many imaginary coins you had
asciilifeform wanders off to play with pet redhead
ninjashogun: asciilifeform, I've done that :)
asciilifeform: ninjashogun: your second homework is to play ussr national anthem using a pc, c or cpp program, and a shortwave radio.
diametric: mircea_popescu: that picture is fantastic, i was literally just having a conversation about redheads with someone moments ago.
asciilifeform: ninjashogun: your homework is to prove, given K bit rsa key with factors P,Q, there exists N, where N is number of bits you need to learn to factor into P,Q in polynomial time.
ninjashogun: BingoBoingo: I hate to be the one to break it to you. I thought you heard. /. had a stroke and is in a nurinsg home :(
mircea_popescu: one or the other
BingoBoingo: bitcoinpete: sumbit it to /.
bitcoinpete: mircea_popescu cool. just submitted it to smokinggun. what's hn?
ninjashogun: asciilifeform, OK. If you think it is impossible to prevent WIFI from broadcasting the full contents of the CPU and RAM then you would have to design around it to make my suggestion possible, which may be too difficult.
asciilifeform: it's the one we use.
asciilifeform: there is a very simple mitigation strategy. you don't need to burgle ft. meade to learn it.
ninjashogun: asciilifeform, the paper that proved that also suggested mitigation strategies...
ninjashogun: asciilifeform, are you saying that the presence of WIFI will leak the CPU?
asciilifeform: am i speaking chinese? what part of this isn't clear
ninjashogun: dignork - are you saying that hte presence of WIFI will leak the CPU state?
asciilifeform: not merely the wires connected to the radio, carrying payload. nearby.
ninjashogun: asciilifeform, the way a tunnelled layer works, is it's OK to give a copy of every bit to an Evesdropper, they still can't make out the plain text.
dignork: ninjashogun, you missed the point, transmission creates side-channel leak
asciilifeform: radio carries bits from nearby wires. do i have to draw a picture, or what ?
ninjashogun: asciilifeform, I told you? You can consider the link totally insecure and still use it....?
asciilifeform: ninjashogun: you were told about 'nonstop' and continue to suggest radio transmitters. inattention, or willful ignorance ? ☟︎
ninjashogun: dignork, after selling thousands of this one :)
ninjashogun: dignork, but for the next version.
mircea_popescu: bitcoinpete now the work of submitting to hn and the smokinggun and so on begins :D
asciilifeform: but if you take raspi, or pc on your desk, or whatnot, and remove the diseased meat, you will have... an empty crate.
ninjashogun: dignork - further I don't have any problem with it in the current form. I think asciilifeform should patent it. I also suggest he work on just one layer of the solution, which is the physical transport layer, and consider bluetooth or wifi.
asciilifeform: if you could take raspi or whatever, remove the mystery meat, add analogue rng - you would not need cardano.
ozbot: Loper OS » Don’t Blame the Mice.
ninjashogun: dignork - you misinterpret my tone if you think I'm arguing. I like the idea of the Cardano very much, I think it's a genuine, useful, good, and non-obvious innovation, and I encourage asciilifeform in building it and getting it to market.
dignork: ninjashogun, take RasPI, hook up wifi dongle and build one, maybe someone will buy, why arguing?
asciilifeform: it's the key ingredient in hydrogen bomb, for instance.
ninjashogun: asciilifeform, but they do love to use other people's innovations.
asciilifeform: there is an engineering term, 'ullage'
ninjashogun: asciilifeform, that's not true. They don't like to innovate.
ninjashogun: BingoBoingo - in the eventual wifi version, no one would have to know that you even use it. if being surveilled by site, it wouldn't be obvious that it's on your person. (or whether it is).
mircea_popescu: "it made me so miserable that life seemed worthless" and so on
BingoBoingo: Generally that distrust is the sort that comes from an abundance rather than a dearth of knowledge
BingoBoingo: ninjashogun: I think the point of the Cardano is it serves people who can not even entirely trust the security of *nix systems
ninjashogun: maybe 20 years is too long for a patent to be valid - then consider donating it after 3 years or 7 years. You can assign it to a protective Open Source patent fund.
ninjashogun: asciilifeform, if you have to compete with Kingston copying your idea then you are dead in the water. You can't even make it to market.
mircea_popescu: a major cultural shock, that.
mircea_popescu: when otherwise nice, smart guys realised that they had literally killed hundreds of women
mircea_popescu: asciilifeform actually dr semmelweis is a major moment in the cultural history of medicine
ninjashogun: asciilifeform, the fact is, if you want to get this into millions of people's hands you will have to invest half a million in research and manufacturing. it could be the only secure device in their whole household (if they run windows.)
BingoBoingo: It's probably not too late for that
ninjashogun: asciilifeform - how could it be kept from the public? Wouldn't every electrical engineer with a scope see it?
ninjashogun: the basic thing that you came up with is an escrowed key service embodied in a physical device that does not disclose the key, but uses it and discloses the result. This is a very good invention.
asciilifeform: this was a carefully kept secret for decades (if only from american public) so there is no shame in not knowing
asciilifeform: ninjashogun: if you did not know the fact that a radio transmitter radiates not only what you want, but the state of nearby circuit, you know now.
ninjashogun: asciilifeform, by the way don't let the haters take anyting away. All of my suggestoin are at a single layer - and do not in ANY way impact the basic idea you've come up with with mircea_popescu --- which is a VERY good one. I don't really add anything in my suggestoins - it is the same design. You should patent it.
BingoBoingo: ninjashogun: Or just blast the area with cheap crt tv's playing reality shows, sound off.
BingoBoingo: asciilifeform: That's fine.
ninjashogun: also the EM radiation might be similar when coming off of several similar computers.
asciilifeform: BingoBoingo: still gotta yank cables before rsa rom receives power though.
ninjashogun: on http://trilema.com/2013/how-to-airgap-a-practical-guide/ - I would also suggest running several copies of hte same hardware next to each other. If they're all doing something, how is someone going to know which is the one that is of interest. This can even subvert someone physically ocming in and using it in your absence.
BingoBoingo: I have a reason to get another SE/30
asciilifeform: BingoBoingo: you'll be happy to learn that the box has rs232 now. (ttl level voltage)
asciilifeform: ok i'm back, because this is just too precious.
BingoBoingo: It isn't just about the definition of an airgap, but of the motivations behind it as well that make radio the wrong medium for connecting to such boxes
ozbot: How to airgap. A practical guide. pe Trilema - Un blog de Mircea Popescu.
ninjashogun: BingoBoingo, Yes, I am. I realize this is not an airgap.
BingoBoingo: ninjashogun: Are you familiar with the actual concept of an airgap.