tmsr - Search: from:mirc from:ascii gpg

1400+ entries in 0.512s

mircea_popescu: ok but then gpg --fingerprint | grep "keid" ?

mircea_popescu: what do you mean gpg doesn't return them ?!

asciilifeform: this is a considerably less-fantastic scenario than it would have appeared to be in the '90s, because of the 'nintendoization' of computing. gpg simply won't appear in the apple and microshit 'app stores' and thereby vanish

asciilifeform: undata: at some point it will be forbidden in usa to sell or even own a computer which can meaningfully run classic gpg

mircea_popescu: 2.2. Bot makes a request to assbot via pm, of the format ;;gpg info --key <key currently

mircea_popescu: kakobrekla 2.1. Bot extracts the signature keyid through a process homologuous to gpg -v -v

asciilifeform: mircea_popescu: do you find it interesting that, despite the legend of snowden having used gpg, we have no signatures from him pertaining to any of the material ?

mircea_popescu: anyway, the point is that gpg was widely used for the snowden leaks. this indicates that a major player trusted it, and was right in so doing ; and suggests a major target for that reason alone.

mircea_popescu: people can go curl http://w.b-a.link/otps/kakobrekla/ | curl | gpg

asciilifeform: don't want to discourage people - but also can't see wtf is wrong with using same environment gpg was written and built in.

asciilifeform: the original rfc also mentioned specifically use of gpg cryptoroutines

asciilifeform: speaking of which, did artifexd follow mircea_popescu's prescription and use a hacked gpg for 'gossip' ?

mircea_popescu: 35 weeks of development (245 days) since Monero was inherited by the Core Team 594 separate commits << inherited by whom ? how ? if that inherited had linked to a gpg signed testament...

mircea_popescu: hey ivan chesnokov : apply will you. all you need is a gpg sig, you can sit behind 7 proxies for all i care.

mircea_popescu: ben_vulpes exactly. one is supposed to be using gpg instead of 2fa. not a matter of money. a matter of not bering the retarded son of a stupid mother.

asciilifeform: artifexd: the signature itself will almost certainly start life as a gpg output.

asciilifeform: ben_vulpes: resync your gpg

mircea_popescu: after all "self-signed" cert can be edged into proper gpg signed matter, and it's all good.

mircea_popescu: technically, anyone can make a gpg key and name it Mircea Popescu

mircea_popescu: how does that work ? you know my ip and his gpg pubkey.

ascii_modem: there would be no phishing if everyone used GPG correctly. << 'brainwave' by poul anderson.

mircea_popescu: they do a typically fiat thing whereby they act like gpg is sorta like you know, this soft toy thing. they get an address like it were a social media profile.

mircea_popescu: davout: who decided, and why, that the contents should be gpg signed ? << oh for cryssakes it was in the log like 20 times. ☟︎

mircea_popescu: "For additional information about the attack, please monitor the ICANN website." "we're still not using gpg tho, so you'll never know."

mircea_popescu: if only they had gpg

asciilifeform: PeterL: simply define a canonical wot as consisting of gpg-signed 'rate' commands

mircea_popescu: i hope he comes here to tell us how "gpg is not user friendly and too hard".

mircea_popescu: i'm sure anyone who cares enough could as well have folloed the gpg sig ?

mircea_popescu: gpg: Good signature from "Jonathan Bahr ayup

mircea_popescu: fluffypony asciilifeform made a gpg key tester

mircea_popescu: kanzure generally the way i use it is hit a curl http://bitcoin-otc.com/otps/8A736F0E2FB7B452|gpg and feed it my pw

mircea_popescu: actually, someone should make a backup service, exactly identical to tarsnap except it only accepts material gpg-encrypted to your key.

mircea_popescu: my idea of a pokemon is roughly speaking a beanie baby. what's to gpg there ?

mircea_popescu: curl http://bitcoin-otc.com/otps/8A736F0E2FB7B452|gpg

mircea_popescu: <xanthyos> if someone's gpg key is on a computer that is being held captive by an angry muslim ex boyfriend and they make a new wot account and then later recover the old key, can the ratings of those two accounts be merged? << how would an observer distinguish this situation from "angry muslim ex boyfriend finally manages to break into gpg key on ex gf's computer he hedl" ?

mircea_popescu: Adlai: is this gpgadlai or btcadlai? only gribble knows... << nanotube you know, he brings a very good point. how would i go to check that he is in fact and specifically gpg authed ?

asciilifeform: http://oddlinuxstrings.wordpress.com/2010/01/27/gpg-binarys-strings

asciilifeform: it even, iirc, comes with a gpg signing gizmo

mircea_popescu: anwyay : you'll also notice we quite strictly use 4kb rsa sigs in our gpg

mircea_popescu: Adlai http://wiki.bitcoin-otc.com/wiki/GPG_authentication#Helper_scripts like that ?

mircea_popescu: jurov: gpg: BAD signature from "Adlai Chandrasekhar <<< wait his real name is actually adlai ?!

mircea_popescu: (of deadbeef v3 gpg sigs attack)

mircea_popescu: https://github.com/coruus/cooperpair/blob/master/saneprefs/gpg.conf << not bad!

mircea_popescu: <saifedean> this is the point when i must confront the brotherhood with my inadequacies... I still use windows and have no fucking clue what this GPG business is. << seriously, but an old laptop, put linux on it. it's like that time when you kissed a girl tho it seemed kinda stupid.

mircea_popescu: omg wtf gpg doesn't veriufy its own clearsigned output

mircea_popescu: punkbot asciilifeform stop you two. we are NOT reimplementing gpg before bitcoind is done.

asciilifeform: we had quite a number here who figured out gpg, no?

mircea_popescu: incidentally, in a decade or two once gpg ios the only basis of commerce, identity and general life, that's going to be the #1 scam : here's this document. it's signed. just by me.

mircea_popescu: but canonical form is gpg --encrypt --armor -r bitch "get on plane" | curl --post http://bitcherrarium.net

mircea_popescu: asciilifeform if mail is used correctly (send/received armored gpg blobs) this yields no further information than already available.

mircea_popescu: gpg: Good signature from "BingoBoingo

mircea_popescu: gpg: Signature made Sun 02 Nov 2014 11:29:39 PM EET using RSA key ID F3251143

mircea_popescu: gpg: Good signature Primary key fingerprint: ADD7 A9A2 8F85 E5EF 1F51 904F 309B B8D7 F325 1143

mircea_popescu: gpg: BAD signature from "BingoBoingo

mircea_popescu: it stays with gpg in about the same reason bitcoin stands with the derpitude coming out of the scamdation.

mircea_popescu: generally tho, the concept of "line" should not exist for gpg.

mircea_popescu: jurov what i meant on this instance was that pasting dos text in linux gpg results in double line breaks and an unprocessable inpuit.

mircea_popescu: <nubbins`> it should replace \r\n with \n << it's cant, gpg sig'd

mircea_popescu: uh you telling me gpg takes "STATJSON" and "STATJSON " as validly signed by the same signature ?

asciilifeform: punkman: gpg has a –not-dash-escaped option pretty much made for signing patches << it's broken.

mircea_popescu: decimation: why would anyone think it would be a good idea to escape chars below 7 bits? << gpg escapes the dash because it uses a dash-cvomposite as a special char.

asciilifeform: decimation: gpg 'escapes' minus signs.

asciilifeform: discussion of why jurov's turdatron is stuck using detached gpg signatures

asciilifeform: because if not, why even bother with ascii, use gpg binary format

asciilifeform: till we have a gpg that clearsigns without escape char mutilation - we got this.

asciilifeform: pgp/gpg mandatory mutilation of clearsigned text makes me retch

asciilifeform: jurov: how are you handling detached gpg sigs in mailman ?

asciilifeform: jurov's gadget, if he follows this suggestion, will be such that patch can be mailed to it, and if signature (must be detached, because gpg mutilates the plaintext otherwise...) passes, includes patch in a build process

asciilifeform: mats_cd03, mircea_popescu, et. al: here's a little project i've procrastinated for, ~1 year now, that perhaps someone would like to pick up: read gpg pubkeys (from wherever - wot, keyservs, etc) through tor.

mircea_popescu: davout yes. gpg existed before bitcoin.

asciilifeform: mircea_popescu: but i kinda hope that i can put this down for a while after jurov proclaims a mailing list box that works to gpg spec

asciilifeform: i was hoping to rationally convince people that the totality of the project ought to be the mailing list, the totality of the mailing list ought to consist of gpg-signed ascii text, and that this includes patch sets - which, collectively, add up to the product.

asciilifeform: that the entirety of everything submitted by a contributor must be signed, every time, with his gpg key, and this fact be visible to the naked eye at all times

asciilifeform: sign (gpg, yes) a plain ascii patch set.

asciilifeform: only really need stock gpg to verify.

asciilifeform: static www hosting latest stable result of composition of gpg-signed patches from mailing list - yes, more yoga, but ultimately the Right Thing.

mircea_popescu: bounce i do not use an "email client" that's gpg able

mircea_popescu: jurov it can just be wrapped in gpg --clearsign you know ?

asciilifeform: gpg commits << yay! somebody Gets It

mircea_popescu: gpg commits!

mircea_popescu: othernubs`> let others extend. i don't want gpg to incorporate curl libs so it can automatically grab otps from gribs << EXACTLY. do one thing, do it well.

mircea_popescu: hire people like eulora hires people, on gpg contract.

mircea_popescu: draft a charter, then it gets gpg signed and that's it ? i'd donate

mircea_popescu: pete_dushenski: anthony di iorio, very memorably (because i've never seen this before), replied to my gpg-gram... in plaintext. and it included my original email. in plaintext. <<< ahahahh.this is like, what, built from the ground up with derpidity in mind ?

mircea_popescu: bounce bot is supy anyway, proly best run a python back-end and interface with gpg in it

mircea_popescu: well, just like with every one so far. the ability to roll a bot, the ability to handle gpg logins, produce webpages and maintain a database.

mircea_popescu: http://trilema.com/2014/a-complete-theory-of-economics/ http://trilema.com/2012/gpg-contracts/ undata << there, coupla articles to save you from trying to shoot in the dark

mircea_popescu: sorta like i'm going "oh, you're just the sec lawyer ? get a gpg we'll talk"

mircea_popescu: somebody send him the gpg contracts article, and perhaps read it to him too.

mircea_popescu: kakobrekla .de, .fr, early version of gpg keys. hope they can't decode ? :D

mircea_popescu: btw, cazalla bingoboingo and everyone else in the same situation : if the blob gpg spits out when you sign contains a SHA1 you are using the older, and perhaps not all that secure digest algo. you should move on to sha512 either with --digest-algo SHA512 or else edit gpg.conf to insert personal-digest-preferences SHA512 SHA384 SHA256 ☟︎☟︎

mircea_popescu: TheBroker put that text blob in gpg to decode it

mircea_popescu: i know. but i mean, issue it in his name/gpg key, and require that in order for a third party to benefit, there must be a deeds registered, signed assignation

mircea_popescu: G________ put it into gpg.

mircea_popescu: they'll make copies of the gpg'd blobs at the most

mircea_popescu: bounce no but i mean, people like shrem or ulbricht or w/e ? that's the right move in their position. hire lawyer, make it conditional upon all communication going through gpg

asciilifeform: gpg.. yachtful << nope. they'd rather buy pwndildoes from 'crypto ag.' it's a 'technolordosis' signal to their master.

mircea_popescu: "gpg support" in clients is for the birds.

mircea_popescu: easiest sell for "bitch, use gpg" i ever had to make.

mircea_popescu: yeah i think peterl has it. and do yourself a favour and use your gpg sig