819500+ entries in 0.539s
nubbins`: so really you're just paying a bunch of strippers
to do a shitty job of cleaning your house.
nubbins`: KRS|gotyawallet: my understanding is
that you're not allowed
to
touch
them
oleganza: okay, i'll rephrase. It's a convenient way
to strongly protect your stash even against yourself (getting a malware, forgetting password etc.)
mircea_popescu: consider
the problem in its proper generality, as
the byzantine problem.
ozbot: HotHouse Cleaners -
Topless cleaners, lingerie cleaners, escort directory
mircea_popescu: yes, but you are
thinking about it in a very narrow manner.
oleganza: i'm
talking about my idea of a wallet app
that allows
to keep your stash safe even if you or someone's computer is badly compromised later
mircea_popescu: oleganza understand, i;m not saying
this is bad. i am merely saying
that "idiot proofing" is not its selling point.
pankkake: UIs cannot be enough, users need
to understand what
they are doing or
they will fail as always
Apocalyptic: oleganza, are you
talking about
that bitrated site ?
oleganza: mircea_popescu:
the minimum assumption is
that user is not idiot
to share his password.
Then
the UI will guide hi
through
the process.
pankkake: at least
this gives bitcoin-central some volume
nubbins`: asciilifeform:
trudeau is as close as canada got
to a fuhrer
mircea_popescu: asciilifeform perhaps difficult
to distinguish
the man (who makes his
time) from
the
time.
gribble: MtGox BTCUSD
ticker | Best bid: 994.5, Best ask: 1000.0, Bid-ask spread: 5.50000, Last
trade: 994.5, 24 hour volume: 22039.35832478, 24 hour low: 994.5, 24 hour high: 1155.0, 24 hour vwap: 1071.32021
nubbins`: the idiot doesn't need
to comprehend anything beyond "keep
this safe", but if he doesn't comprehend it, it's just as likely
to grow wings and fly away
mircea_popescu: your scheme relies on
the idiot comprehending m-of-n, which is a higher bar
than comprehending "this is your wallet file, keep it safe"
mircea_popescu: oleganza
that
the idiot is going
to share all
the keys with
the same friend.
ozbot: Generous Military Sends $800 In Disability
To Man Who Wakes Up Screaming Every Night |
The Onion - A
nubbins`: honestly kinda forgot about
the onion
mircea_popescu: you know,
the one guy who perhaps could claim
the first on
that score.
nubbins`: maybe
the only canadian politician i've ever had respect for
nubbins`: “Today we lost not only an international hero and a symbol of
the resilient human spirit, but also
the very first political figure ever who people actively wish was still alive and affecting world affairs,” said political historian Wallace M. Delaney
KRS|gotyawallet: what
the fuck are
these people saying on #bitcoin-pricetalk "its all over"
ozbot: Nelson Mandela Becomes First Politician
To Be Missed |
The Onion - America's Finest News Source
mircea_popescu: this may offer w/e ui benefits, i can't discuss
that in
the abstract.
mircea_popescu: that may be, but we were discussing idiot proofing
the wallet by a share
to friends scheme.
oleganza: so if you are not an expert, you don't need
to go
to ask one for help
oleganza: in fact,
they are. Where git allows you
to fuck up
things, my UI prevents
these issues
oleganza: i know a lot of mac people who couldn't use git or any UI on
top of git until I created Gitbox
nubbins`: oleg just stands up and walks out of
the office
mircea_popescu: this is not something
that can be changed by
technology.
oleganza: conjecture: people are not idiots,
they simply not experts and real experts did not give
them proper
tools and methodology yet
mircea_popescu: oleganza idiot sends his pw and his backup
to
the same frined
oleganza: mircea_popescu: what's
the problem here? How my mom recovers forgotten password?
mircea_popescu: there still exist unencrypted wallets in
the wiold ?!@
jcpham: i
think an unencrypted wallet.dat on your normal windows users' computer is like hanging a neon sign in your car asking people
to steal it
mircea_popescu: so basically
the moral here is, you can say exactly anything you wish
mircea_popescu: nubbins` basically if i
told
the guy "fuck you, you uninformed, intellectually lazy piece of scum" in response
to his first email
mircea_popescu: oleganza
this sounds like making it more idiot vulnerable.
mpexbot: pankkake: An error has occurred and has been logged. Please contact
this bot's administrator for more information.
pankkake: well
talking
to journalists is exactly like
talking
to cops
nubbins`: 's what you get for
talking
to reporters ;p
thestringpuller: On
top of all
that,
this isn't like
trading on
the New York Stock Exchange. Midday Wednesday, MPEx appeared
to shut down, and
the prices of
the contracts disappeared. I was
told
this happens a lot. As of early
Thursday,
the exchange still wasn't listing prices. What's more, after running
through my math of
the
trade with a Coinbr broker in a chat room, with
the conclusion
that basically
the
trade doesn't make sen
thestringpuller: ;;later
tell Bugpowder why are
they still calling it a bubble?
oleganza: NSA may listen every email, but less likely
to MITM you specifically
oleganza: addressbook chooses perfectly randomly some internal 4 bytes and asks you
to verify
them with your friend
nubbins`: pubkey posters on
telephone poles
oleganza: and your p2sh script is a list of pubkeys from all your N friends.
This better be kept secret from
them so
they don't know where's your money
nubbins`: sorry man, it's
too early for me
to be wrapping my head around
this
oleganza: then it's in my wallet addressbook and app can automatically do
the rest
through my server, or p2p, or whatever
oleganza: e.g.
the guy sends me his key and on
the phone verifies half of
the bytes
oleganza: and
then signing all interacting with
that key
oleganza: nubbins`: so
the problem ends with establishing authentication pubkey in
the first place
oleganza: so i don't want
too much p2p headache
oleganza: and
the wallet apps are sitting behind awful firewalls and all
this shit
nubbins`: slim odds
that someone would MITM your email and modify your attachment maliciously in such a way
that
the beginning and end 3-4 chars of
the md5 hash were
the same
oleganza: simplest way is
to go
through my server (me == developer of
the app), but
the backup needs
to be authenticated at least
oleganza: now your wallet must send
to all
these people partial backup of
this
transaction.
nubbins`: ah, would be curious
to see
that
pankkake: I
think some attacks were demonstrated
nubbins`: realistically you can rattle
the whole
thing off
oleganza: then inside
the app you create a multisig
transaction and choose people and
their keys.
pankkake: everyone's checking only
the start and end
nubbins`: "hey bro do an md5 on
that par i sent you, should start with abc and end with xyz"
oleganza: you add
those in your addressbook (built-in
the app)
nubbins`: PARs would be
tiny for something like
this, a few
tens of kb max
oleganza: you can verify
that
the key is good by checking on phone (to ensure against man in
the middle attack)
oleganza: people can generate keys in
their apps like yours
nubbins`: delete 3,
then you need 3 friends
nubbins`: delete 1,
then any 1 friend can complete it
nubbins`: so you create a 5-part rar and 4 pars, distribute 1 par
to each of 4 friends,
then delete 1 or more rars from your collection
nubbins`: well, should be
trivial
to create rars and pars
oleganza: so it's easy
to use and always works
oleganza: the big problem is how
to send all
this stuff from
the app
nubbins`: ah, nm, don't
think i fully read what you guys were discussing
nubbins`: at
the risk of sounding silly, why not just make a multi-part rar, create some .par files, and distribute
those
to friends?
oleganza: with a proper UI (which is
the whole point), my mom can have some shitty password on her wallet and move money like
that
to 5 of her children. She can't be robbed and her privacy is good enough
davout: oleganza: if you manage
to find
the holy grail of perfect security and perfect usability you're my new god
oleganza: and still, i can get
these portions from m-of-n people and get my original script, even if I lose all backups myself