500+ entries in 0.137s
artifexd: I'm comfortable calling it a review. Not just of what it is but what it was and how it got to where it is.
artifexd: I have not been keeping up with logs.
artifexd: I would prefer not to use the word "audit" as that implies I am qualified to do so.
artifexd: I have my own fork of the code that has signed commits.
artifexd: Bottom line, I expect to have something to share for testing in 4 weeks.
☟︎ artifexd: I have also been fleshing out internal organization.
artifexd: I'm reviewing golang's crypto code. I have about 5 commits left.
artifexd: The implementation isn't that hard. It is the education that is time consuming.
artifexd: Oh, actually that is complaining about one of the golang tools. And it would be dangerous if you had a MITM that could swap out code inflight and were importing external code directly.
artifexd: While interesting, that doesn't affect gossipd because I'm using lower level networking.
artifexd: But, I do get pinged if my name shows up and I don't want y'all to think it has been forgotten.
artifexd: I'm pretty heads down on it so 1) I am falling very behind on logs and 2) I'm not hanging out in here
artifexd: Current gossipd status: Education still in progress. Code to the point of loading keys and accepting connections.
artifexd: Yeah. I found the article through my own education. I wanted to see if it had already been discussed in here.
artifexd: That is what I'm looking at right now.
artifexd: I believe the point is that Snowden didn't say gpg was compromised. However it could have been compromised since he left. Only mircea_popescu knows mircea_popescu's motivation for that spec though.
artifexd: mircea_popescu: 1.4.13 is acceptable and 1.4.14 is not, correct?
artifexd: Snowden worked at the NSA until June 2013. GPG 1.4.13 was committed on 2012-12-20. GPG 1.4.14 was committed on 2013-07-25.d
artifexd: I will pause coding to read "Malicious Crypto" and finish the course. I'll report back when I'm done and made a decision re: golang's crypto libraries.
artifexd: Can you explain to me how *I* could do it?
artifexd: I'm talking about the identity keys.
artifexd: How could the crypto routines be compromised in a way that would matter? Weak key generation? gossipd doesn't generate keys. Weak rng during encryption? I pick the rng (and can offer an option for you to supply your own). Encrypting a message with an "extra" key so peet can read it? That should be easy to see in the code.
artifexd: go compiles on the big os's. Windows/Linux/OSX/BSD
artifexd: I have linux servers and vm's that I use for testing.
artifexd: My alternate dev machine is OSX.
artifexd: My daily dev machine is Windows.
artifexd: I could write it in C or C++ but cross compiling is an absolute nightmare that I choose not to put up with.
artifexd: He said "write it in whatever you want as long as it compiles on linux"
artifexd: I'm not going to write in lisp.
artifexd: read what again? davout is correct.
artifexd: The shell out will be slow. Yup.
artifexd: <asciilifeform> speaking of which, did artifexd follow mircea_popescu's prescription and use a hacked gpg for 'gossip' ? << No. I'm using go's openpgp code. However, I'm structuring the code so that I can later add the option do the crypto via a shell out to gpg. Then you can use whatever version of gpg your heart desires.
artifexd: <BingoBoingo> A gossipd-net of keyservers would be divine << I like it
artifexd: Oh. I thought you were discussing a bet about mpif.
artifexd: what bet are you talking about?
artifexd: Imma be pissed if it drops below 200 before the next block confirms
artifexd: <ben_vulpes> so that's two exported versions of the same function that are "polymorphic" as i understand the term on argument types? << The proper term is "overloaded"
artifexd: If I can replace them for 1.35BTC each (or less), I will.
artifexd: ;;later tell nubbins` Do you have an common casascius coins you want to sell? I sold a dozen and would like to replace them.
artifexd: Have we already passed the point of separation? Is it possible that I have bitcoins that are actually gavincoins?
artifexd: One more question: Any objection to adding a timestamp to the trust ratings in gossipd?
artifexd: Tip to future copy/pasters: Don't include << in the text or everything after it will get routed to /dev/null
artifexd: I am currently using pointers to exported key files instead of trying to shoehorn keys into config files.
artifexd: What is the format of said document?
artifexd: All the words make sense but when you put them in that order...
artifexd: I don't understand what you mean
artifexd: mircea_popescu: can you elaborate on "a pgp-signed document by the for key certifying the validity of the IPs public key with an expiration unixtimev in case the for field differs and a nickname"?
artifexd: The simple solution would be to alter the table to change the column type from TEXT to LONGTEXT. That will give you 2**32 characters of space
artifexd: My woman keeps the place in excellent order.
artifexd: Binary would mean shorter messages because fingerprint a would only take up 20 bytes (instead of 40) and keys would not have to be armored. Text would make the flow easier to read/debug but the data would necessarily take up more space.
artifexd: mircea_popescu: Regarding gossipd, do you have any preference for the data flowing over the wire as binary or text?
artifexd: If you want a back and forth connection, you end up duplicating tcp yourself.
artifexd: upd is trivial for sending information if you don't care if they received it
artifexd: We have to both agree to trust each other.
artifexd: If you and I are online, unless we are both in each other's list, we will never direct-connect.
artifexd: This pretty much prevents one-way relationships, right?
artifexd: "How many times do I have to explain this shit!"