log
273 entries in 0.415s
anniez: uh so i registered with my keybase public gpg key. should i remove and redo ?
a111: Logged on 2018-06-22 14:31 asciilifeform: KimuSan^: how , precisely , does keybase differ from the key escrow db clinton tried to make mandatory ?
anniez: seems majority dislike keybase
a111: 268 results for "keybase", http://btcbase.org/log-search?q=keybase
danielpbarron: !#s keybase
anniez: do you guys use keybase at all ?
asciilifeform: 'Found vulnerable keys on Keybase.io, Github.com and Gitlab.com!' etc etc
mircea_popescu: http://phuctor.nosuchlabs.com/search?q=bitcoin << very probably some "platform" or other, keybase ?
mircea_popescu: alright, this is perfectly reasonable. but is this hygiene to be implemented as "mentions keybase, dead" sorta "has fleas, firing squad" ?
phf: mircea_popescu: keybase can also be used to store private keys, it's my understanding that the person in question put his private key on keybase http://btcbase.org/log/2018-06-22#1828688 ☝︎
asciilifeform: 'fellow geeks', 'anonymity', 'keybase', 3 kilometres of js in 3 empty blogs...
mircea_popescu: if i feel like it i can put your pubkey on keybase, asciilifeform ; what then ?
asciilifeform: lol 'baby steps' where keybase dossiers the plaintexts
asciilifeform: KimuSan^: how , precisely , does keybase differ from the key escrow db clinton tried to make mandatory ?
KimuSan^: Well don't know about you, but I prefer my communication to be private if needed. Telling that to my old father is close to impossible. Getting him on keybase actually thaught him a lot about why and how. These days we encrypt all communication - even if it is just via a key he uploaded to keybase.
asciilifeform: why would you host even pubkey on keybase.
KimuSan^: Actually my privkey is in my hardware key on my body. What I have I keybase is what I need in order to communicate with others. I see keybase as a good gateway drug to actually get people to start encrypting and signing coo. S
KimuSan^: Already using keybase
a111: 253 results for "keybase", http://btcbase.org/log-search?q=keybase
asciilifeform: !#s keybase
asciilifeform: 'You can always get my key via keybase.io (I can highly recommend this)'
a111: Logged on 2017-11-03 18:16 asciilifeform: 'Bram Cohen, famously invented BitTorrent' 'proofs of space and time' [many squigglies] 'decentralized, and more secure' 'Install and setup Keybase' etc.
BingoBoingo: <danielpbarron> http://wotpaste.cascadianhacker.com/pastes/XsZ36/?raw=true << email sent to me from keybase says i should remove PGP from my profile << This is blog fodder. Perfect material for exercise of organizing the thoughts by examining how anti-informed the Keybase position is.
mircea_popescu: asciilifeform, why else all the pretense, you know. bitpay exists to "please stop using bitcoin", keybase exists to "please stop using rsa", the WHOLE point of the usg ersatzen is exactly this, to get the sort of retard who can't tell the difference between item and usg.fake to stop using item.
asciilifeform never was able to bring himself to make acct on 'keybase' even for entomological work
mircea_popescu: danielpbarron, you should remove keybase from your profile.
danielpbarron: http://wotpaste.cascadianhacker.com/pastes/XsZ36/?raw=true << email sent to me from keybase says i should remove PGP from my profile
asciilifeform: i suspect the thrust is to 'discourage, and push to shitogram' or whatever the latest keybase is called
a111: Logged on 2018-05-05 13:44 mother[m]: Going forward I wanted to pivot to Keybase Teams.
mother[m]: Going forward I wanted to pivot to Keybase Teams.
mother[m]: @mircea_popescu have one on Keybase I use, but primarily use Signal, Telegram for co-located team members as the interface gradually became more 'Slack-like'
asciilifeform: TomServo: lol, just how comically idiot was the parody-tmsr ? do they use dsa keys, kept in keybase ? their mp is bulgarian ? their linux -- rathead ?
mircea_popescu: epic contributions from "paul nakata" (hey, nobody on a stick but has a keybase key), some dork who "programs in cl every day" and the whole menagerie of "nobody told us to shut the fuck up like, ever"
mircea_popescu: pretty sure noone gives a shit about keybase anyway, so not much to verify.
mircea_popescu: that'd be... not your key your twitter advertises on... keybase (?!)
ben_vulpes: in other convergences, one of the 'keybase' faces nominally also 'built' the 'okcupid' thing mike_c now runs
mircea_popescu: this is like "keybase" except more offensive.
weevlos: !!register https://keybase.io/weev/pgp_keys.asc?fingerprint=b9185b95152960a319100120740941791782b3cd
asciilifeform: shill for keybase, red-, black-, and possibly other 'coloured' -phones, and several other varieties of usgolade which escape my memory
asciilifeform: 'Bram Cohen, famously invented BitTorrent' 'proofs of space and time' [many squigglies] 'decentralized, and more secure' 'Install and setup Keybase' etc.
mircea_popescu: http://btcbase.org/log/2017-08-04#1693840 << i didn't fucking know. explain plox! starting with https://keybase.io/images/tracking/maria_twitter.jpg perhaps. so what was it, mircea_popescu = m1rcea_p0pescu ? and what else, 6160E1CAC8A3C52966FD76998A736F0E2FB7B452 = 2FB7B452 = ae1be204f735a3ff19160b68dcf5b06d2FB7B452 ? ☝︎
mircea_popescu: keying, without ever trusting Keybase's servers."
mircea_popescu: " Our goal: smack-dab in the middle of a public Reddit or HackerNews or Twitter conversation, you should be able to say "Hey, I threw those gifs/libraries/whatever in our encrypted keybase folder" without ever asking for more identifying info. If that person hasn't installed Keybase yet, your human work is still done. They can join and access the data within seconds, and your device will quietly handle the verification and re
ben_vulpes: WHAT ARE YOU DOING ABOUT THE PHORKS, KEYBASE?
ben_vulpes: missed this gem: https://keybase.io/docs/server_security/merkle_root_in_bitcoin_blockchain
ben_vulpes: eldritch reactor rod automation and complexity-layering: https://keybase.io/docs/kbfs
asciilifeform: erlehmann: pretty sure debian nao 100% keybase powered
erlehmann: i am glad such stuff exists, because association with it shows stupid. if i remember correctly, debian response to keybase fuckery was: we consider stuff showing up on keybase compromised, any keys showing up will be shot on sight.
mircea_popescu: keybase delivers.
erlehmann: asciilifeform crypto cranks need no proofs. take https://keybase.io/triplesec/ – money quote: “We don't have any exact proof of security for a cascade of block ciphers in CTR mode. But we're pretty sure”
mircea_popescu: to be honest, back when the fucktards were like "o hi guise, i am 12 and expert, never heard of wot but i made this keybase", i was all pissy because of the whole "i have never heard". now that they do the "oh i know tmsr is my true and proper sovereign, but might i not talk my way out of it ? i'm really clever like, plus i use words i can't define borrowed from an old copy of wikimedica" i'm pissy because of the whole clever
asciilifeform: let's say, e.g., the privkeys of 'keybase' idiots
asciilifeform: aka 'pgp is OBSOLETE!111 use keybase etc'
asciilifeform: 'Crypto-Nerd who is allergic to bad crypto.' and uses keybase?!
BenBE: mircea_popescu: No only PHP, but also C/C++, Java, web stuff, ASM (mostly x86/x64), Haskell, shell scripting, ... Also, as we are at WoTs: https://keybase.io/benbe
mircea_popescu: asciilifeform linked a dump at some point, check the logs. the principal parts are a sks+trims (keybase, whatnot) dump that might be still available, though 2 years back in logs, and Framedragger 's ssh scan results, which he might share with you.
asciilifeform: ( speaking of which, https://archive.is/p1EJN >> Run Moar Keybase )
asciilifeform: why didja link to this, ben_vulpes ? looks like another 'keybase'
phf: i think the solution is to give up. switch to windows 10, connect through web irc client, put gpg key into keybase, the works
a111: Logged on 2017-02-09 02:03 mircea_popescu: http://btcbase.org/log/2017-02-08#1612504 << o noes, and i thought keybase is srs bzns of crypto, doesn't try to scam privkeys out of users.
asciilifeform: http://btcbase.org/log/2017-02-09#1612539 << i am unaware of 'keybase' in any ~other~ context but 'ploy for scamming privkeys out of idiots' ☝︎
shinohai: them = keybase
mircea_popescu: http://btcbase.org/log/2017-02-08#1612504 << o noes, and i thought keybase is srs bzns of crypto, doesn't try to scam privkeys out of users. ☝︎
shinohai: but, keybase
ben_vulpes: https://keybase.io/blog/keybase-chat
a111: Logged on 2016-12-18 00:38 asciilifeform: https://medium.com/@thegrugq/the-great-cyber-game-commentary-3-a1ae9a70e399 << lulzy, yet another Great World-Famous Seek000000rity Researcher with a ...keybase
asciilifeform: https://medium.com/@thegrugq/the-great-cyber-game-commentary-3-a1ae9a70e399 << lulzy, yet another Great World-Famous Seek000000rity Researcher with a ...keybase
shinohai: (keybase allows signing of zcash scam addys)
Framedragger: (but for clarity, keybase works perfectly well without being supplied with privkey, no?) ("i'm just sayin'" - not defending keybase.)
thestringpuller: or atleast I have yet to encounter a keybase user in the wild who has done so...
thestringpuller: asciilifeform: I don't think keybase allows you to generate keys anymore...you have to supply them...
asciilifeform: thestringpuller: keybase etc were going strong year+ ago, snore.
mircea_popescu: so yes, for the people to whom "their" twitter's page is important, then "their" keybase key makes sense. and for the same money, for the people who breathe underwater, land respiratorial equipment is a must get. and for the people who are healed by collodial silver/prayer/psychic surgery etc, collodial silver/prayer/psychic surgery etc are useful.
Framedragger: look, obviously there are people for whom sociul media accountz are really important. some of them want to pretend they can use crypto, so they use keybase to help them "link" their accounts. while this is inane, this does not, in itself, pose a security risk, if done properly (with external program which handles your privkey.)
Framedragger: ugh, no i need to be an advocate of keybase.
Framedragger: anyway. i'm not using keybase. i'm just sayin'.
asciilifeform: Framedragger: why would a user who is able to 'paste signatures from external program' need a thing like keybase ?
Framedragger: i've stayed away from keybase as it had that creepy (and useless) hipsta vibe, but if true, then it's actively malicious.
Framedragger: (i don't think keybase gets to see your privkey tho.)
shinohai: I'm not entirely unsure this won't be the case in future, since last time I checked she had started using keybase.io
asciilifeform: 'secret tor market', keybase keys / plaintext, 'assassin service', all of the leprosies in one convenient leprosorium .
shinohai: mircea_popescu: this is nearly everyone besides a few which sed ate, but nearly all are keybase.io http://wotpaste.cascadianhacker.com/pastes/2gmzb/?raw=true
ben_vulpes: ahaha keybase
asciilifeform: alice_: if you generated it on keybase, they have your private.
a111: 163 results for "keybase", http://btcbase.org/log-search?q=keybase
asciilifeform: $s keybase
asciilifeform: lol keybase.
alice_: -----BEGIN PGP PUBLIC KEY BLOCK----- Version: Keybase OpenPGP v2.0.55 Comment: https://keybase.io/crypto xsFNBFevnesBEAC90aLfcq+wrWVKGcQWUd+NmB/0kK7OONd0Tg2OUgfHE2RtZSzG mqgsiAmyPsz+R6B3VwkMd3pBiuAZ8IN/jf0px+iikmo0vvWemsnVTUM0mtyoFecy /qyj1+mwjLrzR7UMDP8789JBwxecY+1fS6k4BQio3gGvmqzGr76sAjTZlIbkPs80 Nr502+QhvfOSjnjFTfQkXrzjrssjJp+jEH0OdkC/UT7H0lCWy957UPklwXlEPnu/ KQbcDoV2HWSEG0hW3Ig7+4qC03Bp0W9Z9lRTYZVIbTnDLJ+z4/J1fMu1EnmZkEKQ aH0SCtgI
asciilifeform: http://btcbase.org/log/2016-09-03#1533970 << hey we already had 'keybase'... ☝︎
shinohai: Maybe he should just switch to keybase.io too
a111: Logged on 2016-05-25 20:06 vc: https://keybase.io/hacker
vc: https://keybase.io/hacker
asciilifeform: (the keybase set was posted here and i shoveled it in directly)
mircea_popescu: asciilifeform how about we add a credits page, move bernstein there, also add phf for keybase spidering, jurov for github spidering, others as may be ? also theory prolly should be rewritten
mircea_popescu: asciilifeform anyway, seems you were right, keybase moduli aren't particularly rotten
mircea_popescu: asciilifeform so keybase set more or less done w/o incident ?
shinohai: https://www.reddit.com/r/KeybaseProofs/ <<< if signed objects are of any help re: keybase
phf: d280f38e56eb4b1a4f6477e18b110d8df3ae9a1545b49a05047f1deff2de94f6f011e2d005c8e1107c2ad11bbd5e589085c50e1305e1b5da832705dd29b515d0 keybase.tar.xz
phf: http://glyf.org/tmp/keybase.tar.xz
phf: a lot of keybase keys are "Keybase OpenPGP v2.0.47", "Keybase Go 1.0.11 (darwin)" and even some "Keybase OpenPGP JS 0.0.1"