log☇︎
857200+ entries in 0.588s
nubbins`: but given the lack of alternatives
nubbins`: now, i mean, obviously sweeping isn't the best way to conduct ALL transactions
mircea_popescu: kakobrekla atms are designed to work offline on a reconciliatory basis, it's a complex thing
kakobrekla: they arent but still net access is not the issue there
nubbins`: or the purchaser could just generate a ton of throwaway addresses, load each with some BTC, and hand over a private key whenever he makes a purchase
kakobrekla: and everyone fuckin uses them
nubbins`: signing the tx requires the purchaser to have net access
kakobrekla: or qrcode the singed tx which then the pos checks against blockchain and sends out
mircea_popescu: nubbins` is the office running windows ?
nubbins`: no need to increase attack surface
nubbins`: no need to plug it into POS
nubbins`: now, suppose the trezor instead just displayed private keys
asciilifeform: all you need to know for the HID trick is what keyboard commands the victim's box responds to.
nubbins`: allowing free access to usb ports exponentially increases the attack surface
asciilifeform: the HID stick, on the other hand, works everywhere.
ozbot: Introducing the USB Stick of Death | j00ru//vx tech blog
nubbins`: and then see how they react
nubbins`: if you work in an office, tell the help desk that you plugged a usb stick into your computer and now it's acting strangely
nubbins`: plugging a trezor into a computer = plugging a keyboard/mouse into a computer
nubbins`: problem is, how does the OS know whether "send all BTC to xyz" is coming from the actual keyboard or the fake trezor?
mircea_popescu: in saneworld it's equally trivial.
nubbins`: non-trivial to restrict HID devices
mircea_popescu: trivial to restrict any acces eh ?!
nubbins`: trivial to restrict net access
mircea_popescu: be it a stick, the net card or some hid, a data feed is a data feed.
mircea_popescu: well so inasmuch as it's some datafeed i fail to see the problem.
mircea_popescu: nubbins` is this some sort of windows specific thing ?
ClivePalmer: how long till am div data comes in?
mircea_popescu: i dont know much about trezor, never used it, never considered it.
nubbins`: inserting tremor = unlimited physical access
nubbins`: obviously you're going to
nubbins`: are you going to use that physical access, or not?
nubbins`: for example: i'd like you to compromise the computer i'm currently using. you have unlimited physical access.
mircea_popescu: this isn't true, they're the same exact thing.
mircea_popescu: it makes you physically insert something, this is psychologically big
mircea_popescu: you only perceive higher risk because it's more visible to you.
mircea_popescu: you're just protecting against something that's more visible to you, hence the shamanism.
mircea_popescu: understand. as long as you're on the internet it's already thus tattooed.
nubbins`: but your chances of getting a disease are WAY higher if you get a tattoo on your ass that says "open for business"
mircea_popescu: seems out of place, we'd think your resistance is inside, or else you wouldn't be doing the deepthroating.
mircea_popescu: your concern however comes while you've got a number of dicks down your throat already
mircea_popescu: this is exactly true
nubbins`: letting someone plug a device into your computer is the same as letting someone stick their dick in you without a condom
mircea_popescu: the internet IS the public. wtf.
nubbins`: you airgap them from the public, yes
mircea_popescu: is this shamanic securitah ?
nubbins`: tremor provides a bridge for a foreign army to walk over
jurov: then it's up to vendor to not get doublespended
jurov: we can't really get better than transferring the transaction to vendor by NFC, QR code or however
nubbins`: it boggles me that you think plugging in a strange USB device is no more dangerous than being connected to the internet
mircea_popescu: anyway, for samoans that didn't get the bridget reference : http://knowyourmeme.com/memes/bridget
mircea_popescu: it boggles me that you think plugging in a hotwallet is substantially different from plugging in a net card.
nubbins`: well, how the fuck else is it giving change to people?
mircea_popescu: jcpham|twrk is that your twerking nick ?
mircea_popescu: how is the pos holding your private keys ?!
mircea_popescu: but seriously, what's the big deal ? you trying to ALSO run all this on windows or something ?
nubbins`: if i mail you a USB stick, will you plug it into a machine that holds all your private keys?
nubbins`: thestringpuller: that's exactly what it is
mircea_popescu: nubbins` what's the big deal with letting your pos make sweet sweet machine love to random sticks ?
kakobrekla: not trezor
thestringpuller: nubbins`: so isn't this essentially just paper wallets in the form of bills?
kakobrekla: i said trezor like
nubbins`: it's the height of retardedness
jurov: why we can't have both? tits *and* dick, i mean?
nubbins`: kakobrekla: if you were a vendor, and you accepted BTC, why the FUCK would you let people plug foreign USB devices into your POS?
mircea_popescu: kakobrekla you're confusing me. which is the boy again ? the one with the tits ?
kakobrekla: or trezor like device
thestringpuller: nubbins`: would yo have a qr code for private key, then qr code for public?
Scrat: nubbins`: maybe apple should stop sucking cock. in the meantime html5 app webwallets will do
nubbins`: doesn't even need to be connected to the internet
nubbins`: hell, you could make a low-cost e-ink device that you can load with QR codes
jurov: oh there are? i saw only ukrainians so far
kakobrekla: you mean a turkish boy
thestringpuller: don't turkish girls do that anyway?
nubbins`: Scrat: the other side is that ANY smartphone can display QR codes. some smartphones (*cough* apple) don't want you to run bitcoin wallets
mircea_popescu: jurov or buy a turkish girl that makes coffee
thestringpuller: nah jazz is more american than apple pie
kakobrekla: and buy the coffee company
thestringpuller: I don't think you could have made that sound any more communists...
Scrat: nubbins`: giving a privkey is the same as sending a tx when it comes to double spending
mircea_popescu: i still think for coffee etc the method described on trilema last year is best, ie, buy company scrip monthly.
kakobrekla: then they should use a well connected 3rd party
nubbins`: "Bob visits his first store and purchases a pair of sunglasses for 0.15 BTC. He provides the cashier with a QR code for 0.2 BTC, which is swept; he then provides the QR code for his change address, to which the cashier sends his change, 0.05 BTC."
mircea_popescu: nubbins` if they know aforehand how much the coffee will be.
jurov: there were some complaints from vendors that the tx sometimes takes long time to arrive, what if the internet is not working, etc..
nubbins`: or you can just hand them a private key and walk away
nubbins`: so then you have to fire up your smartphone app, scan their QR, send the coins, wait for confirmation
nubbins`: well, currently, you walk into a cafe and they say "wanna pay with bitcoin? send your BTC to this address!"
kakobrekla: why would you show your privates to anyone
mircea_popescu: i've never done one of these.
mircea_popescu: im not even sure how either these perfectly functional methods differ from what's currently done ?
nubbins`: anyway, the exact implementation isn't important
nubbins`: nothing wrong, but why not just show them a QR code?
mircea_popescu: what is wrong with going there with a blockchain wallet loaded with the exact sum and giving them the url ?
nubbins`: you then provide them a public address for them to send your change to
nubbins`: mircea_popescu: essentially, the only sensible way to conduct a face-to-face transaction is to hand the vendor a private key, which they sweep
mircea_popescu: props to you for writing it in forum prose, which is a good thing.
mircea_popescu: nubbins` you're going to have to supply anexecutive summary, im not reading all that
nubbins`: half of which goes to the retard operating the ipo, half of which goes to the guy selling the shares
mircea_popescu: ThickAsThieves it is an offense, and they're not going tgo heaven.