98000+ entries in 0.059s
trinque: mod6: contracts often have a cure period, eh? suppose it's "negrated party has $time
to fix his reputation"
esthlos: to butt in: should only patches with good seals show in
the flow?
☟︎ trinque: if douchebag wants
to appeal
to me directly, he can.
mod6: it's not found in
the flow because something is either wrong with
the signature of
the vpatch, or
the signatory is not in
the current wot.
mod6: that's fine
trinque --
the extra 'v' is for 'verbose' mode.
trinque: douchebag: since I can read, I can see a spurious "v" in
that command
☟︎☟︎ trinque: (this is not even
to mention
that either he or
the other guy was contacting me as
tittynicks asking when
their money will be sent, lol)
mod6: This is fine, my
thinking is
that he will be removed. If
the rating changes at some point,
then we will reconsider allowing him
to be a customer.
trinque: mod6: if I
tell you, I'm giving someone I'm already punishing for weaselbehavior a defined mechanism
to weasel further
☟︎ mod6: This is what mircea_popescu wanted it
to be, regardles.
trinque: I
think "nobody does business with any L1-negrated party" is a bit strict. folks need
to be able
to beat someone over
the head with disapproval without removing
their ability
to
take part in society by having done so.
☟︎ mod6: trinque: I only asked you, not as an appeal process, personally I couldn't care less. However, just wondering if you are going
to remove
that rating should
the man do whatever in
the next say day or
two, whatever.
douchebag: I already have a webserver running on my pizarro box. I just don't know how I'm supposed
to unpack mpwp
mod6: mircea_popescu: how should Pizarro handle
this, in your opinion, given
the last conversation about
this?
☟︎ trinque: if you press me on
terms I'll remove
the -1, you risk creating a mommyprocess anyone with a negrate can appeal
to.
☟︎ trinque: if you follow
the log lines I referenced back, you'll see exactly why I did it.
douchebag: I just need
to set up an mpwp blog and post
the work I already have done
mod6: This is not a negotiation. Just asking what
the deal is. Cause Pizarro is going
to end up removing him from
the hardware.
trinque: I really don't like
the idea of negotiating with anyone on what my ratings shall be
mod6: Is
this a 'forever -1'?
trinque: what do you mean by "going
to stand" ?
mod6: mircea_popescu:
thoughts?
mod6: sooo...
trinque, is
the neg-rating on douchebag going
to stand? because mircea_popescu has rented him a rockchip (right?) and according
to
the rules we laid out, I
think we said
that douchebag would be removed from access
to
the hardware.
trinque: woof. so it was
trying $home/tmp/whatever ?
esthlos: in case anyone missed
these lulz: if you pass --no-default-keyring
to gpg but don't supply another keyring, gpg... uses
the default keyring. and if you pass a keyring, it assumes it's in
the home directory
trinque: I really like how
this
thing is coming
together, ftr, and can't wait
to start using it with portage.
trinque: just driving at using
the logs in a particular manner, so
threads build
towards more coherence. working in isolation, v-in-my-head disjoins from v-in-yours.
trinque: esthlos: I'd rather let you perform whatever changes
to
this
thing, so I can keep working with gentoo entrails.
esthlos: oh wow,
the gpg behaivor is...special
trinque: and yes, your approach is inadequate. gotta read all
the logs since your last visit.
☟︎ esthlos: asciilifeform: yep, just did it,
thanks.
a111: Logged on 2018-05-20 15:23 mircea_popescu: asciilifeform, (and i guess apeloyee, if
tuned in) : i'll be most interested in
theoretical attacks of
the proposed scheme.
a111: Logged on 2018-05-20 03:04
trinque: since I haven't heard from you, I'm proceeding with
these changes myself
esthlos: now for your comments: getting rid of
the defpackage was a bad oversight, no real reason. My guess why gpg is failing is because I'm using 2.2.4 while I
think most of you guys use 1.x . Moving
to 1.x is on my backlog, but it was deprioritized becasue I didn't want
to spend
the
time converting my keys. Another oversight, I suppose
☟︎ esthlos: but you should know
that, new as I am, it
takes me a long
time
to even get
through one day of log while understanding what is going on
esthlos: if I need
to be able
to respond within a day
to work with you guys, I will do my best
to change
things around
☟︎ a111: Logged on 2018-05-18 03:51
trinque is peeling back
the layers
trying
to see what gpg is cranky about. meanwhile, why'd
the (defpackage :v ...) go away?
esthlos: trinque: my current plan has been
this: I digest
the logs in batches every few days, but search for my nick at least once a day. since my nick wasn't referred
to in
http://btcbase.org/log/2018-05-18#1815256 , I missed it. my approach may be inadequate, since
trilema is
the first
time I've used irc and I don't really know what I'm doing. but it's a reality of my schedule
that sometimes I won't be able
to respond for
two days or so
☝︎ mircea_popescu: asciilifeform, (and i guess apeloyee, if
tuned in) : i'll be most interested in
theoretical attacks of
the proposed scheme.
☟︎ mircea_popescu: im also changing
the structure
to lists, at reader suggestion.
Mocky: re: "int64(4 byte)" should
that be 8 byte? and "object (size of 80 bits : int64 followed by int16 followed by int16)" should
that be 'size of 96 bits' ?
trinque: I don't have a defined expiration
time for
them. If bot operators are interested in ^ maybe we'll go ahead and say it's 3 months, or whatever's sensible.
spyked: if
that's
the case,
then
this semi-automated approach is pretty neat, actually.
spyked: hm. so
trinque, OTPs don't have any sort of expiration?
the scenario I'm
thinking of is
that eventually my (for example) home ISP would do some stupid
thing
that would lead
to
the
TCP connection going down. but
that could happen in a week, a month or six from now, so I'd want
that OTP
to be valid whenever
that happens.
trinque: spyked: one could make many voicing OTPs, and put
them in a hopper for
the bot.
☟︎ spyked: (I suspect
there is no way
to separate privkey storage from bot operation *and* automatically perform e.g. deedbot self-voicing; but I might be wrong)
spyked: lobbes, I am curious: how do you have lobbesbot self-voice
then? do you do it manually?
☟︎ lobbes: but yeah, "could
talk", bleh
lobbes: (lobbesbot privkey, also, does not reside on
that box, but you know)
lobbes: douchebag:
The 'social engineering' in my statement refers
to leveraging
the RCE
to (painfully, because lobbesbot privkey does not control any deedbot funds, so you'd need -my- privkey, which does not reside on public
toilet box you RCE'd into) use deedbot -normally- by becoming lobbes
through key
theft
mircea_popescu: but anyway, yes,
the social engineering part is
trying
to downgrade
the look at
the bot (ie, ANY one key)
to look at randos (ie, a CERTAIN key).
Mocky: couldn't be arsed sounds worse
to me
than couldn't find
douchebag: I just don't
think social engineering would be
the right word
to use for remote command execution
douchebag: I could have got a reverse shell on
the box
though, is
the gpg privkey for
the bot not sitting on
the vulnerable machine?
lobbes: so, in
theory, sure. But in practice you'd have
to expend quite a bit of effort
to find
the gpg privkey in order
to decrypt deedbot's challenge
to determine
the balance of
that one deedbot wallet, which still isn't finding a flaw in deedbot, just good social engineering attack (e.g. picking a key off someone's person does not mean
the lock
the key belongs
to is flawed)
a111: Logged on 2018-05-20 03:52 douchebag:
trinque: also in
theory, since I got RCE on lobbes bot, in
theory I could have determined
the balance of
the bot if I decided
to comprimise
the system rather
than proof of concept :^)
trinque: much later and less interesting stuff, I
think. she relates
the experience as an expensive waste of
time.
trinque: ah yeah, she gets cruel estimates of what her pizza money would be worth
today all
the
time.
mircea_popescu: i wonder how many unemplyable grads are filling online job applications while
thinking "if only i had gotten 20k/50k/100k worth of bitcoin in 2010/2011/2012 instead of
this stinking education
toilet paper..."
trinque: she went
to religious school, got an english lit degree and a huge pile o' debt
trinque: (her reaction ftr was something like "computers are shit,
that will never work")
trinque: douchebag: you know, in
theory my girlfriend could be fabulously rich, given she heard about bitcoin first in 2010. and yet.
Mocky: yeah i've seen crazy shit like
that, most of it in flordia. once saw a dude riding a wheelie on
the interstate opposite direction. never saw his front
tire on
the ground
douchebag: The wager was
to determine balance of any other user
trinque: what does his bot have
to do with mine?
douchebag: trinque: also in
theory, since I got RCE on lobbes bot, in
theory I could have determined
the balance of
the bot if I decided
to comprimise
the system rather
than proof of concept :^)
☟︎ trinque: I was driving on
the highway once,
tight
traffic, and a guy comes by on a crotch rocket laying like superman on
the seat, feet out behind him, weaves
through
the cars at close
to 100mph
Mocky has skin in
the game
Mocky: damn, I had a soccer mom in a mini van
try
to lane change on me without looking first just yesterday while riding
mircea_popescu: and
there's
these foot+ ditches on either side,
there's no surviving as a bike.
trinque: heh damn. lucky his ass is still attached
to
the rest of him.
mircea_popescu: so girl goes around it,
therefgore also on wrong way, and
the next
thing
there's a fucking motorcycle coming downhill.
douchebag: Alright, I can have
that done in
the next week or so. I'm currently using
the rockchip box
to host a webpage
to
troll someone, so I want
the lulz
there
to continue
to it's full potential
☟︎ mircea_popescu: so get a load of
this : i'm going uphill in
the pitch darkness, you know,
these complete hairpin curves, and WHAM!
there's a fucking police
truck, parked, searchlights etc, on
THE WRONG WAY
trinque: you latest crop of socially damaged derps will learn
to communicate, and
that's all.
☟︎ douchebag: Well, it's not complete so I didn't get
that done yet.
a111: Logged on 2018-03-29 00:21
trinque: great. I'd like you
to review
the dependencies of
trb (which were frozen at particular versions) for known public exploits, and
to publish a report of
this on your own mpwp blog.
douchebag: Not all of
them, but a decent amount
trinque will start ragging on
the guy. good work, but needs
to develop out of
the solipsist phase of
the republican encounter
trinque: btw see how I'm having a
thread with myself and getting somewhere? imagine if ya joined in!
trinque: since I haven't heard from you, I'm proceeding with
these changes myself
☟︎