tmsr - Search: pgp

mp_en_viaje: it provides me, for instance, the knowledge that among the things that need fixing in an "eventual pgp implementation" such as will never likely be, a typo finder'd be quite useful. i even know HOW useful, by practical, real, lived measure.

ossabot: Logged on 2020-02-04 01:39:30 mircea_popescu: there's a lenghty pile of disadvantages to the current mechanism we use, not least of these being that it actually imports koch-pgp. it also does suspect signature shenanigans of all sorts, which could potentially present security risks

mircea_popescu: there's a lenghty pile of disadvantages to the current mechanism we use, not least of these being that it actually imports koch-pgp. it also does suspect signature shenanigans of all sorts, which could potentially present security risks

dorion_road: http://logs.ossasepia.com/log/trilema/2019-12-06#1954419 << there are a couple layers to my thinking. the idea started from the basis that I'm compiling and installing the bios on whatever hardware I'm using using for a trb node, tmsr-pgp, etc.

asciilifeform: diana_coman: so far emailing the places can physically reach. returned 1 output. but if you're overwhelmed, pgp piece of victim list and what-do-demand and i'ma help.

ossabot: (ossasepia) 2019-09-27 asciilifeform: maxim_mivo: very good. i will open an account . my pgp public key is in http://www.loper-os.org/pgp.asc .

asciilifeform: from 'i lost mah keez!111 and pgp obsolete!' zimmerman, to this.

snsabot: Logged on 2019-08-17 14:51:34 asciilifeform: diana_alt: fella seems to have profound talent for reading text w/out ~actually~ reading. (for instance, escaped noticing that primary diff. b/w a vpatch and a heathen patch, isn't that it is pgp signed (heathens had pgp-signed patches 20y ago) but that it doesn't fuzzy-merge.

mp_en_viaje: oh look at that, ever-so-useful monkey-man "spellchecker" doesn't approve of sintering. because holy shit, psychopaths, using words outside of the outer realms of monkey-man knowledges

mp_en_viaje: but yes, this will need more talk ; looks like it's getting towards being mature enough where actual pgp usage is contemplatable.

asciilifeform: anyone still recall the 1990s-era 'reich pgp' where castrated key bitness ?

asciilifeform: for pgp-style rsaism, imho entirely plenty.

asciilifeform: stjohn_piano_2: at the risk of belabouring the obv., you gotta see to it that yer custom pgp wrapper actually has access to the priv that went with the pub you regged

asciilifeform: loox like stjohn_piano_2 built/attempted to build a 'display these pgp-signed .txt with html sugar' mechanism ?

asciilifeform: stjohn_piano_2: asciilifeform's 'stateless pgp' mechanism.

asciilifeform: ( iirc he was not only lawyer but licensed accountant also. bright fella. dunno why resistant to pgp. )

asciilifeform: a++ excavator. nao if he'd learn to pgp...

mp_en_viaje: i have no idea! conceivably tell him, "dood looky, this is entirely dependent on pgp". not get item you're not satisfied with, i dunno. complain at some point somewhere, so i don't find myself in this weird position where i'm asked about things i dunno about and dunno what to say ?

asciilifeform: fella won't pgp! what, i'm to buy plane ticket erry time ?

asciilifeform: ( also mp_en_viaje can pleez try an' convince fella to actually use pgp ? i tried in 3 languages, could not )

mircea_popescu: yeah he has a point. chonkin get yourself a pgp key, a blog, the works. gotta do things right yes.

asciilifeform: mircea_popescu: for bonus lulz, there is also the 'duct tape' hypothesis. iirc in zimmerman's orig. 'pgp', ~straight fermat~ ( carmichaelizable! ) was used as the sole litmus.

a111: Logged on 2019-01-15 20:08 asciilifeform: ( invited to pgp ssh key + any particular reqs to BingoBoingo & asciilifeform )

asciilifeform: good % of pgp use historically -- resembled the medieval 'plague amulets'. y'know, the one where scrap of leather with word 'arsenicum' (cuz buying actual arsenic costs tuppence, and scrap -- one )

asciilifeform: come to think of it, wtf did he even bother with pgp pub.

asciilifeform: ( come to think of it , i dun think i ever even saw a pgp sig of his coad turds.. )

asciilifeform: ( invited to pgp ssh key + any particular reqs to BingoBoingo & asciilifeform ) ☟︎

mircea_popescu: just note that eucrypt having rsa does in no manner hurt your serpent-only-phonecrypto putative app ; just like it having serpent dun hurt a "this is my pgp implementation" usecase, and so on.

asciilifeform: imho e.g. diddled pgp rng, is moar interesting than firefucks buffer overrun, the latter is used 9000/d but for whom is used the former i have nfi, it hasn't publicly leaked.

a111: Logged on 2018-12-19 19:30 asciilifeform: phf: if dump weighs TB and (apparently) after whole year phf still not eaten it, might make sense to pgp to asciilifeform . i'ma not post the raw docs and their yellowdots.

asciilifeform: phf: if dump weighs TB and (apparently) after whole year phf still not eaten it, might make sense to pgp to asciilifeform . i'ma not post the raw docs and their yellowdots. ☟︎

asciilifeform: phf: also feel free to pgp to asciilifeform , i dun even mind to promise that strictly the clone will end up on the net.

a111: Logged on 2016-08-19 13:51 asciilifeform: https://pad.riseup.net/p/87Mazw3Jsdfe_pm/timeslider#11 << multistory lul tower. for instance, i had no idea what is 'riseup' until its pgp keys began to pop.

a111: Logged on 2018-11-14 20:50 asciilifeform: but for general-purpose pgp replacement, conceivably could use something 'hungrier' but with 0 fixed structural bits. i'ma invite mircea_popescu et al to consider the subj.

asciilifeform: but for general-purpose pgp replacement, conceivably could use something 'hungrier' but with 0 fixed structural bits. i'ma invite mircea_popescu et al to consider the subj. ☟︎

asciilifeform: i dun have any cuntoo boxes here yet. all of my dev machines run vintage gentoo, where the gpg that python-gnupg sees is gpg2 (cuz idjit portage pulled it in, long ago). asciilifeform's actual pgp-ing happens on diff machine, naturally, with 1.4.10 . but apparently phf's hack for subkeyism breaks the thing in this combo.

asciilifeform: pgp each acct holder's bitz, to him.

asciilifeform: mircea_popescu: ours, i think, is moar of a case of 'this is nice rifle, let's take it fishing', pgp offers temptation to 'cipher and then see later', i agree that it is dangerous.

asciilifeform: mircea_popescu: thing does contain 'launch codes' presently. it needs some actual disentanglement, after which i expect pgp-turd traffic will be minimal ( just how often we change launch codes ?? ) and 99+% of the thing is to be posted in realtime.

asciilifeform: BingoBoingo, mod6 : i'd like to make as much of that massive txt turd we've been pgp'ing back and forth, public asap -- it is unseemly imho that simple factoids like ' today BingoBoingo was cured of yellow fewer and took delivery of 5 hdds' are 'classified', wtf

asciilifeform: orig. msdos 'pgp' was , what, '92 ? and the mit-istic bastardizations, shortly after

asciilifeform: billymg: prolly this is obvious, but i'ma remind for the record : whatever you do, dun lose yer pgp key. it's your only connection to the wallet, pizarro, wot . nothing can be done for folx who lose key.

mod6: Since we were getting a bit desperate to get some fiat purchased, I offered to him to send the coins first, and he could mitigate that FX risk. We worked out the details in a PGP.

asciilifeform: BingoBoingo: plox at your earliest convenience to pgp to asciilifeform your notes re how pizarro exit router was configged... asciilifeform is baking a pilot replacement for subj

asciilifeform: mircea_popescu: observe that i was able to index 9.3 mil pgp comment strings somehao, on 1 iron, and with <1s lookup

asciilifeform: ng), and is offered with pgp-verified record of changes [phf's patch viewer], .... etc '

mircea_popescu: but yes, as far as anyone knows 2048 bit keys perfectly safe, now and for the foreseable future (this isn't a comment on koch faux-pgp, which unsafe at any length as well documented in logs qntra and so on).

mod6: I had started on a ada vtron last year, but I got hung up with some of the string handling, and the fact that I had to use shell-outs for pgp. I'd like to get back to it at some point. I would love to dispense with the shell outs - and can probably do so, but not until 'peh' is finished.

asciilifeform: ( i dun think it took me > half hr to bake pgp key )

asciilifeform: verisimilitude: also highly recommend to make yourself a pgp key, and reg with deedbot,

asciilifeform: 'no social engineering, lose yer pgp key, lose yer acct'

asciilifeform: today mircea_popescu pumps 100,000 litres of ocean water and finds 1-2 chix that can pgp. but what if had to pump 10,000,000 litres, and got 1 chix, and she looked like emmy noether, what then.

asciilifeform: tests pgp detached sigs, attachments, all exists in mpwp already ?

mod6: Whomever the user is, must also be in the wot as part of the script requires that the executor to enter in a password for the user, then PGP encrypting that temporary password to the user in the WoT.

a111: Logged on 2018-08-18 19:25 xdeller: tbh standalone armored data more likely to be served with application/pgp or pgp-xxx instead of text/plain, if somebody on other end would care enough to set proper mimetype for .asc

mircea_popescu: http://btcbase.org/log/2018-08-18#1842776 < no. a) there is no such thing as proper, nor is there such a thing as "mimetype" nor is "pgp" a thing. serve text/plain always and everywhere. ☝︎

xdeller: tbh standalone armored data more likely to be served with application/pgp or pgp-xxx instead of text/plain, if somebody on other end would care enough to set proper mimetype for .asc ☟︎

mod6: Alright all, the TRB vtree was updated with asciilifeform's ascii-armored pgp sig.

asciilifeform: unless, again, i misread , what's contemplated is to somehow make 'fetlife female morons' who won't pgp and won't drop winblowz etc use an authenticated piece of soft, somehow ( something that e.g. banks have not been able to accomplish )

asciilifeform: folx who are so 'confusable' that they cannot be persuaded, by carrot or stick, to at the very least check a pgp sig , are beyond redemption

asciilifeform: mod6: my original disagreement in $thread wasn't re 'sometimes gotta try to limit distribution to l1' -- it is very easy to think of cases where this is the obvious Right Thing -- but in re eulora client in particular, i still dun see what the eulora folx have to keep seekrit in the client ( i.e. what problem do 'heathens produce shoddy client' create, that ordinary pgp signature doesn't solve )

ave1: phf, link was wrong should have been: http://ave1.org/tarpit/tmsr-pgp-genesis.vpatch.ave1.sig. I updated the link in the post.

brazilish: how can i switch a pgp key keeping the history? everyone that sent a rating need to send it again to the new pgp key?

brazilish: btw, I want to ask if there is some reference here about how correctly doing safe computing, because i feel that if I create a pgp private key on my current setup, USG would already have it pre-seeded

mircea_popescu: it's just shocking to me how ~perdurant~ certain thought patterns are. in continuation of http://btcbase.org/log/2018-06-26#1829978 ; because ~how the fuck~ is it the case i'd find the same stupidity implemented by some orc kids in some video game engine wanna-be as usg's own brahmin german put in the post-zimmermann pgp massacre ? ☝︎

a111: Logged on 2018-06-20 15:41 FundsAreSafuh: The thrill of buying 60 BTC, and spending it all on cannabis. The exhilaration of learning PGP for the first time. The realization that FeedZeBirds was a scam.

FundsAreSafuh: The thrill of buying 60 BTC, and spending it all on cannabis. The exhilaration of learning PGP for the first time. The realization that FeedZeBirds was a scam. ☟︎

asciilifeform: cnomad: please consider registering a pgp key with deedbot :

a111: Logged on 2018-06-11 22:32 asciilifeform: it'd be one thing if, say, google dev showed up and 'yes i'ma pgp to mircea_popescu the magic key', or even 'here's the schem'. but nooo, instead they come to 'explain' to us how 'tpm can be used to benefit you' .

asciilifeform: it'd be one thing if, say, google dev showed up and 'yes i'ma pgp to mircea_popescu the magic key', or even 'here's the schem'. but nooo, instead they come to 'explain' to us how 'tpm can be used to benefit you' . ☟︎

asciilifeform: http://btcbase.org/log/2018-06-10#1822006 << amstan you can post those asus schems any time you feel like being useful; i will publish them. if you want to do it anon, pgp mircea_popescu or asciilifeform ☝︎

douchebag: ben_vulpes: I use MacOS as my main OS because it's actually pretty nice for work. However, all of my sensitive stuff (PGP) happens in Linux VM's

asciilifeform: fwiw this is not a valid pgp key. you gotta convert'em, douchebag .

mod6: fettiffany: read http://deedbot.org/help.html and get yourself a PGP key, and register it with deedbot per help page.

BingoBoingo: <danielpbarron> http://wotpaste.cascadianhacker.com/pastes/XsZ36/?raw=true << email sent to me from keybase says i should remove PGP from my profile << This is blog fodder. Perfect material for exercise of organizing the thoughts by examining how anti-informed the Keybase position is.

asciilifeform: danielpbarron: seems like it might be high time to walk it for pgp keys, for refresh, if it is not already too late

danielpbarron: http://wotpaste.cascadianhacker.com/pastes/XsZ36/?raw=true << email sent to me from keybase says i should remove PGP from my profile

a111: Logged on 2018-05-14 13:30 asciilifeform: ^ pretty lulzy prehistory -- usg is burning the vuln in the most traditional way, complete with 'responsible disclosure'ism and a boeck-style 'researcher' ; nao spinning in every propaganda organ in unison as 'pgp broken!'

mircea_popescu: http://btcbase.org/log/2018-05-14#1813139 << pretty much all they're good for. honestly, if they discourage the few remainign morons from sending "pgp-encrypted" email like retards because "thunderbird" i'll be quite happy. ☝︎

asciilifeform: the footnotes of the 'paper', also lulzy, full of marlinspike, boeck, etc. 'why pgp is dead' articles

BingoBoingo: <asciilifeform> ^ pretty lulzy prehistory -- usg is burning the vuln in the most traditional way, complete with 'responsible disclosure'ism and a boeck-style 'researcher' ; nao spinning in every propaganda organ in unison as 'pgp broken!' << Apparently @hanno has a take on this too that sums to the rest of the party line "who could be using this with hygeine?"

asciilifeform: interesting lulgem from the paper, 'An email client receiving a PGP-signed message may try to automatically download the corresponding public key.' << i never used 'pgp for lusers' emailtrons and had nfi. would explain one obvious modality for the 'mirrorolade' item

asciilifeform: ^ pretty lulzy prehistory -- usg is burning the vuln in the most traditional way, complete with 'responsible disclosure'ism and a boeck-style 'researcher' ; nao spinning in every propaganda organ in unison as 'pgp broken!' ☟︎

a111: Logged on 2014-08-16 02:27 mircea_popescu: by now i can sorta distinguish the noobs from the veterans because the noobs send me gpg blobs with "Content-Type: multipart/mixed;" mixed in, whereas the veterans just neatly paste the pgp in the email body.