log☇︎
881400+ entries in 0.668s
mircea_popescu: "they have no representation of failure and consequently will only take 100% losses or massive gains"
San1ty_: lol and that SDSTM stock is still at 0.009, I wonder if bots are keeping it up?
mircea_popescu: <ThickAsThieves> I think it's also because all of AM is a buyer's market right now << that is so lulzy.
ThickAsThieves: I think it's also because all of AM is a buyer's market right now
San1ty_: Guess it's because of the smaller userbase on havelock
ThickAsThieves: mp, I tried creating a template according to the S.MG heraldry specs noted, and it didn't center properly, but I assume you already saw my post
mircea_popescu: ok this is odd
thestringpuller: mircea_popescu: i have a designer who wants to speak with you :P
davout: mircea_popescu: i got some email in russian today about this
mircea_popescu: we still discussing the lady's cake ?
kakobreklaa: wasnt all that short
davout: i shall escort myself out, as we say in france "the shortest jokes are the least long"
davout: it would indeed be gay if your peas touched my potatoes
mircea_popescu: you know those kids that whine if their peas and their potatoes touch ?
davout: i'd rather have them separately
kakobreklaa: id have that.
mircea_popescu: i do not have diabetes if that's what you're implying.
davout: i do not want to hear about your icing
davout: cunt-cake, looks like the romanian enjoy nowadays the french pleasures from the middle-ages
kakobreklaa: grats, will there be caek
mircea_popescu: so it turns out that next week i'll be two years old.
gribble: Total bids: 12123309 USD. Total asks: 107769 BTC. Ratio: 112.49303 USD/BTC. | Data vintage: 0.0077 seconds
gribble: MtGox BTCUSD ticker | Best bid: 97.00088, Best ask: 97.49999, Bid-ask spread: 0.49911, Last trade: 97.00088, 24 hour volume: 22436.49544265, 24 hour low: 92.86000, 24 hour high: 101.00000, 24 hour vwap: 97.19512
zebedee_: Why the bitcoin bounce? Europe blowing up again?
dub: butthurt because some dude didnt keep his domain until the end of time
thestringpuller: reward time: http://www.cosmicadventuresquad.com/projects/planetration/
thestringpuller: good stuff. thanks ;)
thestringpuller: but when you replace the beginning of the url with trilema.com it works just fine
thestringpuller: so when I clicked them the paywall arose
thestringpuller: the links here: http://trilema.com/category/smg/ go to polimedia.us still
thestringpuller: mircea_popescu: there is a glitch in your site, php related
Namworld: Not sure where you're going on with this, but I get the general idea.
Namworld: "[19:11] <jurov> i'd rather suggest to have two pgp keys. one for trading only and other that would allow to PUSH and WITHDRAW"
Namworld: But just to come back to what jurov said
Namworld: No, 2FA is strictly about adding the need for access to an extra device to do sensitive operations.
mircea_popescu: there's no antivirus for linux, both because the antivirus doesn't do anything and because the problem is to be solved elsewhere.
mircea_popescu: it's a half baked solution to a structural problem
mircea_popescu: 2fa is the equivalent of the "antivirus"
Bunnyh: 02:58 <Scrat> plus it relies on a 3rd party (ie. google) <-- i think the name "Google Authenticator" has somehow bred the misconception that 2FA required a third party
Namworld: Plus with physical access to the device, they might as well just take the keys on it, they don't need to perform the side channel attack at all.
mircea_popescu: fancy_pants was talkin' to him but kk :)
fancy_pants: thanks mircea_popescu - yes I can dead drop just fine. the comment about mpex.co was a heads up in case it helped troubleshoot. We're good.
Namworld: Because the 2FA device does not need to be online at all, thus not give out the location of the gpg device at all. Thus it wouldn't really help at all to perform a side channel attack.
mircea_popescu: Namworld it's not far fetched at all. security is security, not some random facet of it you happened to latch onto.
Namworld: Just a question... are you implying that the 2FA device might give out your location, thus location of the other machine with the gpg key, thus possible access to conduct a side channel attack? That's kind of far fetched.
fancy_pants: much - thanks!
fancy_pants: mircea_popescu, can you look at that response please?
Scrat: too tired to debate
Scrat: in that case you're right
dub: if i have your keys I can probably have your phone too
Namworld: No, any phone can do that inherently...
dub: not to derail yet another famous Namworld debate but I think the point is that if your pgp keys have bolted it is probably too late to shut the gate
Namworld: It doesn't require to be connected at all.
Namworld: If your device is at the correct time, it will generate the correct code that is currently valid.
Scrat: last i checked you couldnt query the google 2fa with a timestamp in the past
Namworld: It doesn't need an internet connection. It's time based. The device can be completly offline.
Scrat: I think the problem is that the 2FA validator needs an internet connection
Namworld: I'm just curious as to how using a device to get a 2 FA code allows for the analyzis of the encryption process that occurs on another machine. That's not really a physical possibility.
Namworld: Well that's not what it is about for the side channel attack. That's true for the server side handling where extra complexity can introduce bugs.
ThickAsThieves: can it be summed up as, a machine with more parts, has more parts that can break
mircea_popescu: you're making the newbish mistake on focusing of a part of the entire thing. suppose it gives away your position.
Namworld: 2FA would not yield any extra data about the gpg encryption process that would allow for a side channel attack. It is a completly external process which provide no insight/data as to what is occuring during the encryption, which would allow you to make any kind of deduction needed... It would just baffles me too much. I'm quite curious as to how that would be even remotely possible.
Namworld: and I'm pretty positive on that matter....
mircea_popescu: security is a professional field. it is not opened to guesswork and opining. moreso than surgery
mircea_popescu: im definitely certain you're clueless. there are three types of attacks against encryption. brute force, analysis and side channel.
Namworld: I'm definitly certain side channel is not the term you meant.
ThickAsThieves: so THIS is why you are making S.MG!
Namworld: or perhaps you're thinking of something else than side channel...
mircea_popescu: all posturing to the contrary aside, that's pretty much set in stone.
mircea_popescu: yeah but i mean... bitcoin is still not issued by anyone. nobody has any title to any bitcoin still. nothing has changed, nothing can reasonably change.
Namworld: I'm not sure where you get the idea the 2FA device offers an attack vector. Especially a side channel attack.
ThickAsThieves: either on your end through your counsel's work, or in legal precedents since
mircea_popescu: ThickAsThieves how would things evolve ?
mircea_popescu: i don't think you're ready for this convo yet Namworld. take my word for it or don't, what can i say.
ThickAsThieves: mp, is this still your core argument against the SEC, or would you say the developments have evolved? http://trilema.com/2012/the-reasons-why-bitcoin-securities-cant-be-regulated-by-the-sec/
Namworld: Such that if one device is compromised, the account isn't, as it requires to authing method. One alone is not sufficient, such that it requires access to 2 devices to effectively gain access to an account.
Namworld: It does not offer any attack vector on the gpg signature required nor bypass the need for it.
Namworld: The phone doesn't allow you to do any input or decrypt/sign gpg.
mircea_popescu: irrelevant. the phone is a side channel.
Namworld: It uses the phone, plus a computer. The phone only provide you a random number based on an extra secret key.
mircea_popescu: if you don't use your phone for it you're just doing nonsense to already encrypted stuff. value = 0.
Namworld: Well it would introduce further complexity on the server-side handling, which could introduce vulnerabilities. But that's not really a side channel.
Namworld: It's a random number that would be included within the gpg encrypted message. It doesn't provide an attack vector.
mircea_popescu: that's why you don't go around slapping random things upon a security scheme
mircea_popescu: why is this ?
Namworld: I'm not... I don't quite see how that would offer a side channel attack.
jurov: in any case you don't need fancy hardware to protect mpex acct. just airgapped machine, and you can pepare commands in advance and just scan them in as needed
jurov: i'd rather suggest to have two pgp keys. one for trading only and other that would allow to PUSH and WITHDRAW
Namworld: How would that affect gpg security in any way?
mircea_popescu: Namworld it's neither effective nor is the website model actually secure-able.
Namworld: Requires access to an external device, not just the appropriate password/gpg signature/etc
Namworld: But still, gpg key theft remains a possibility.
Namworld: I was thinking about going offline key only.
Namworld: It would certainly help against gpg key theft.
Namworld: Which reminds me... is it possible to get your MPEx key changed?
ThickAsThieves: Automating this process has the side benefit that we'll be able to make resets free of charge going forward. (each reset used to be 0.5 BTC)"
ThickAsThieves: We apologize for the long wait period on doing these resets, but it is important to give an owner of a compromised email account plenty of time to realize they are compromised and recover their account before we hand over their entire account contents.
ThickAsThieves: After 30 days we process the request.
ThickAsThieves: During the 30 days the request detail and status appears at the top of the portfolio page, including a cancel button to cancel the request.
ThickAsThieves: The request then sits in our queue for 30 days.