tmsr - Search: a

98800+ entries in 0.835s

danielpbarron: do you believe there is a hell?

Valfor: which is a "Duke of Hell" from the Goetic Demons

Valfor: that was my nick a loooong time ago

asciilifeform: by no means accident. a thick part of the rfc is specifically devoted to it, one way or another

mircea_popescu: now, the ad-interim solution is to a) sign the key ; b) only encrypt to signed key. but... dun help noobs.

a111: Logged on 2016-06-17 01:27 mod6: and yah, as far as I can tell asciilifeform, the only #b-a links there (three of them) are pointing at wiki.bitcoin-assets.com

asciilifeform: btw does mircea_popescu know what would happen if a pgp key with his main key but new magical subkey were generated and posted to sks ? ☟︎

asciilifeform: (every time a sig is published, this job gets slightly easier...)

asciilifeform: mircea_popescu: all it'd take is a sha1 collision

mod6: and yah, as far as I can tell asciilifeform, the only #b-a links there (three of them) are pointing at wiki.bitcoin-assets.com ☟︎

mod6: <asciilifeform> http://thebitcoin.foundation still contains a buncha #b-a links ? << yeah, shinohai did a project where he transfered over the stuff there like the wiki to the deedbot page.

asciilifeform: for instance, i know a fella who moved to a - perfectly tame little town in west virginia, and thought he was getting great deal, but it turned out that it is physically impossible to get decent net connection there (at least without paying for streets to be dug up, six figures)

BingoBoingo: Well, also in Cairo, Illinois. A very special nowhere.

asciilifeform: Framedragger: would happily eat such a key

Framedragger: asciilifeform: btw would phuctor (as it currently works) be able to import an otherwise normal openpgp / rfc4880 key either (1) no self-sig or (2) a somehow borked (nulled? haven't looked at rfc4880 data structures yet) self-sig? as i see it lotsa info is actually contained *within* the signed part, in that format..

Framedragger: re evil maid, sure, that's a prob.

asciilifeform: (or more general variant where enemy can take something you signed and turn THAT into a subkey that is in turn accepted somewhere!!)

asciilifeform: the one where 'key can squirt out a signature for a new key but this can leave no permanent mark on the original,' ergo auto-acceptance of subkeys is invitation for 'evil maid attack' etc.

asciilifeform: there was a very good thread where mircea_popescu explained this, but i can't seem to find it

asciilifeform: http://btcbase.org/log/2016-06-16#1483689 << this HAS to be a scam. ☝︎

Valfor: If you all want a collective devoice

mircea_popescu: trinque i think he got voice a whole back and deedbot forgot about it.

mircea_popescu: Framedragger why should it scale ? dunbar number is a thing. there's no need for you to be trusted, or even known, by more than a few dozen people.

Framedragger: jurov: but probably nvm actually 'cause your tool i expect does not generate things like self-sigs out of nowhere, etc. (need by current instance of phuctor). would still like to take a look if it's around tho!

Framedragger: jurov: i heard you have a converter from tmsr format (e,N,comment) to openpgp, if that's true can you link to it perchance please? would save time / redundancy :)

Framedragger: one practical consideration re you signing my subkeys: what if you really trusted my main key but then i later decided to move that key to offline storage for security, and derive a subkey - one may argue that gpg provides just this kind of means of streamlining the process - i sign my new subkey or whatever, and there's that, no need for you to meet me in person again. otherwise doesn't scale at all, if 1000 people wanted to trust my su

mircea_popescu: so in a sense i made a design decision post-implementation, because these cojoined twins had to be cut somehow. this is improper, sure, but unavoidable.

mircea_popescu: if gpg was intended as a sort of otr, "user creates subkeys forever", it's shockingly poorly implemented.

Framedragger: depends on matter of scale. if you zoom out and look at gpg as a whole then you just want to burn everything to the ground, sure. and if you zoom out further you want to rewrite more and more things. but sometimes it is worthwhile to consider relative differences of worth, too, so to speak.

mircea_popescu: and if you want a subkey, I do the signing, not you.

Framedragger: i suppose that's what i wanted to state originally, yeah. i know it's not a strong case; but it's not utter bullshit, either.

mircea_popescu: nevertheless, it seems to my eyes to be of the kind of "there's a difference between burnned out barn with door open and burned out barn with door closed".

mircea_popescu: but anyway, sure, there's a difference between "random subkey" and "subkey signed by main key".

Framedragger: let's particularize: hpa's parent key was embedded in the pgp wot (whether the latter is worth anything is a *separate* point) which people trusted. then, hpa's child key appears, and it's not properly signed by hpa's parent key, the latter being trusted prior. maybe the sig is not there, maybe the sig is invalid, whatever. child key gets rejected. this scheme in itself is not circular, and it *worked*.

mircea_popescu: a self-signature establishes nothing. if YOU signed the key then ~you~ would know it's not fake in the specific sense that it's the same one you signed.

Framedragger: don't see a contradiction

Framedragger: i agree that it's a property of relations. a signature establishes a relation

mircea_popescu: your notion of fake is broken. you think fake is a property of objects. fake is a property of relations.

Framedragger: http://btcbase.org/log/2016-06-16#1483669 << it does, however, show that a coherent account "fakeness" (from the query by yourself ("what makes a subkey fake ?")) is possible. ☝︎

trinque just picked up a g5 imac as a non-intel curio

trinque sends asciilifeform a grumpy emoji

asciilifeform: if the alternative weren't microshit, nobody would even conceive of buying such a thing.

asciilifeform: ben_vulpes: the crapple currently in business is a sad thing. i have a brand-new $3k box here, for instance, that periodically forgets it has wifi.

phf: i'm just so rarely exposed to agitprop that this was a fascinating experience. it's like watching men in suits get on all fours and earnestly eat shit from the floor.

mircea_popescu: next year they can give him a kardashian ass and he could launch a music album.

phf: you guys, i really enjoyed the main guy, because he was like a steve jobs zombie, down to a gaunt cancer look. he existed in this uncanny valley with all the manerisms and presentation ticks.

mircea_popescu: asciilifeform buncha recovering 2000s fanbois, whadda ya want. anyone's a teenager sometime.

mircea_popescu: trinque the apple you're thinking of got pancreatic cancer, they got a replacement from central casting.

a111: Logged on 2016-06-16 17:04 mircea_popescu: except in the case as seen of hpa's key, where they just attached a valid sig to an invalid key.

trinque: somebody decided they needed to be more inclusive with their presenters, and they included a bunch of duds

trinque: I do not recall a worse keynote ever given by "apple"

mircea_popescu: either choice has a bunch of onlookers mocking her for choosing wrong.

shinohai: mebbe the 3rd time of seen that with a different woman charged with said crime.

mircea_popescu: guy needs a better family.

asciilifeform: ;;later tell mod6 http://thebitcoin.foundation still contains a buncha #b-a links ?

asciilifeform: mircea_popescu: yeah but that ain't a 'valid sig'

mircea_popescu: asciilifeform you recall, they pasted the sig packet off the actual key to a random concoction, verbatim

BingoBoingo: <mircea_popescu> and here's a two stroke engine to get the day started in gear. http://67.media.tumblr.com/c4a6298582c76943b282e9b85b59de44/tumblr_nukg7cFcjI1tvvddjo1_500.gif << ty

asciilifeform: wtf is a 'valid sig to an invalid key'

mircea_popescu: except in the case as seen of hpa's key, where they just attached a valid sig to an invalid key. ☟︎

Framedragger: mircea_popescu: whether signature by $key to which the key in question is a sub of is valid?

mircea_popescu: "i took mercury and it brought the syphilis to a halt". mmmkay.

mircea_popescu: "i don't personally know her, she's therefore not a woman but meat".

mircea_popescu: to be specific : is this http://67.media.tumblr.com/91a7527fbf8fbbe3ee9f4f93a87ab6c0/tumblr_npzgb9CdVS1tceoigo1_500.gif a fake woman, or a real woman ?

asciilifeform: 'brought to an immediate halt the country's European Union referendum campaign just a week before the vote.' << that was apparently easy.

mircea_popescu: Framedragger your concept of "fake subkey" is broken. what makes a subkey fake ?

asciilifeform: incidentally i devised a way to make the thing grow ~100x faster, but still not implemented.

Framedragger: yeah i'm not certain how representative that figure is of whatever, honestly. with all metaphor removed, it literally is "the number of ipv4 hosts which respond to a TCP SYN to port 22 with TCP ACK [packet with ACK flag set]". i'm fairly confident that i haven't missed many hosts of this kind, but too should be replicated and tested.

asciilifeform: such as when rsa-signing a small string.

asciilifeform: every time you hash, you make a bet that it will never be practical to find'em.

mircea_popescu: this seems ~the only true use of a hash function, "give me some bits to compare with his bits make sure the file made it"

mircea_popescu: sort of passive crc. not clear that a) if you want it you shouldn't have it purpose built and b) if it's "just there" it should be necessarily preserved.

mircea_popescu: course, ending up with half the shit suspended because one guy's diesel modem croaked is also not such a good state of affairs.

mircea_popescu: worth a shot. in any case protectionism should be a concern, much rather support people with than items without a wot.

phf: this "later" functionality is kind of useless on a bounced connection

asciilifeform: 8ball would take about a billion years to get to sqrt(2048)

asciilifeform: this incidentally is why phuctor had been a depressing thing for me. the thing i set out to find, i never found (evidence of diddled rng on pgp users' boxes.) ☟︎

mircea_popescu: there's 10x to 100x more ssh-rsa than gpg-rsa. it's a moot point.

mircea_popescu: the only one thing a datastore never does is "drop"

mircea_popescu: the notion of joining at the hip a permanent store and a cache is so idiotic as to make me certain the guy had no sort of formal education

asciilifeform: the tx in wallet thing is monumentally annoying but afaik no one has invented a practical alternative to the O(N) 'how much coin do i have'

mircea_popescu: i do not have use for as much as a rotten end of a thread from usg. you follow this concept ?

mircea_popescu: if you store as a csv, add more fields. if you store in any other format, a mechanical equivalent for "add more fields" exists. what is the problem ?

mircea_popescu: a nice then. so put it in.

mircea_popescu: asciilifeform so write it a convertor. it's strategically stupid to make "a new gadget".

asciilifeform: does phf host it on a dial-up or what.

asciilifeform: mircea_popescu: phuctor is, originally, ~specifically~ about pgp keys, ~verbatim~, as found in the wild forest. any other thing will have to be a new gadget.

mircea_popescu: phuctor gotta move to tmsr format not teh other way round. give the guy a moment,

Framedragger: asciilifeform: do you think it's a sensible idea to try and convert ssh public keys into rfc4880, and then submit them to phuctor (possibly in bulk)? or is that something i should leave to you?

mircea_popescu: asciilifeform that's basically saying "can't get a proper meal assembled without getting a bacteria in there. if it's clean it's an industrial product nobody wants to eat, if it's made properly, well!". this is true, but also irrelevant, the bacteria are everywhere but they aren't specifically dedicated to a cause through being bacteria. they're not typhus specifically.

asciilifeform: sterling had point tho - can't get 20 people in a room without a stool pigeon

mircea_popescu: check out the inept agitprop bullshit. NOBODY wants to be "a spook", and for most people, including cashiers and waitresses, this move isn't an upgrade.

mircea_popescu: you want to buy a "genre fiction" novel, buy fifty cans of campbell soup and read the labels in succession. same shit.

mircea_popescu: fucking copywriters a) aren't writers and b) aren't people.

asciilifeform: mircea_popescu: fella is a well-known dead tree sf author on this side of the ocean.

mircea_popescu: no wonder he's being promoted. by now, the moment i see lamestream going "X is a Y" the ~only thing i think about is that if Y = bitcoin, they'd be saying x=gavin.

Framedragger: asciilifeform: gotcha. i have thing which converts ssh pubkey format to e,N,IP. i'll probably have a thing which generates rfc4880 (inserting ip address as comment field, say) from e,N,IP. thanks!

mircea_popescu: asciilifeform a look, global warming idiot. /me moves on.

mircea_popescu: guy has a solid point. there's nothing new in this world except for hte history you didn't know etc.