log☇︎
438 entries in 0.917s
asciilifeform presently contemplating the fact that sks appears to contain virtually no gurlz
asciilifeform: (recall, there is no 'changing' on sks, only repeat upload)
asciilifeform: decimation: sks as presently running -does- check
decimation: asciilifeform: why do the sks keyservers take the position that all crypto checks are 'up to the user'? would you expect your router to check ip/tcp headers?
assbot: Logged on 22-05-2015 14:29:20; asciilifeform: incidentally, now more than ever is the time to set up an sks server under our control. because sks is our ultimate 'backup'
asciilifeform: incidentally, now is a good time to mention the fact that sks also contains a great many keys which were too malformed to even attempt phuctoring
asciilifeform: (the sks mass-submit, that is)
asciilifeform: and the pressure on sks server keepers to start removing things will be turned on, yes.
asciilifeform: incidentally, now more than ever is the time to set up an sks server under our control. because sks is our ultimate 'backup' ☟︎
BingoBoingo: Also in USia Nagant, SKS, and other curios with bayonets already mounted ++
BingoBoingo: C&R Yugo SKS has a lot of pluses
asciilifeform: mircea_popescu: the original suggestion, as i read it, was bug in -sks-
BingoBoingo: Well with factors message signing shouldn't be too much CPU mathing, but I guess if at this rate ~98 keys sign "lol I suck cocks" at the end of sks dump processing makes better Trilema post
asciilifeform: btw, all keys on sks having pub-e of 281479271743489 are 'magical.'
ascii_field: for all we know, it is possible that on some pgp client the faux keys could replace the genuine ones if user ever 'synced' from sks
ascii_field: incidentally, i just walked the totality of sks db looking for -all- rsa keys with pub-exponents equal to 281479271743489.
ascii_field: << example of someone for whom only breakable key is on sks
Hasimir: though probably better than the sks solution
mircea_popescu: you can create a key for obama and sks will list "obama's" key.
ascii_field: hanbot: if it isn't on sks, it isn't really public is it
asciilifeform: before long, herr böck will claim that he tipped us off to the mess of diddled keys on sks.
assbot: Logged on 20-05-2015 12:54:33; asciilifeform: until i saw the auto-updater crud, my most parsimonious hypothesis re: the matter treated in last section of mircea_popescu's article was that the buggers built a straight chumpmagnet, where lusers would search sks for email addr. of someone or other, and end up with latest key (try it) displayed being one of the 'magic' ones
asciilifeform: i presently suspect that there are versions of sks (and/or other pgptronics) which will stupidly display a legit fp for the magical keys.
asciilifeform: until i saw the auto-updater crud, my most parsimonious hypothesis re: the matter treated in last section of mircea_popescu's article was that the buggers built a straight chumpmagnet, where lusers would search sks for email addr. of someone or other, and end up with latest key (try it) displayed being one of the 'magic' ones ☟︎
mike_c: it was discussed on hacker news. looks like there are a handful of invalid subkeys on the sks servers
mircea_popescu: with a correctly working pgp implementation, the user connects ot a sks server, discards the wrong key and proceeds as expected.
asciilifeform: worth considering - where are they likely to come into play (as fetched from sks)
asciilifeform: BingoBoingo: a few folks appear to have bit-corrupted keys on sks
mircea_popescu: what i don't get is, how exactly you reproduce this ? i can't seem to make sks server to accept extra, unsigned subkeys from anyone.
mircea_popescu: which would neatly explain why it HAS TO stay on sks servers.
mircea_popescu: i mean, if the claims is accurate, what's to keep me from making anyone's sks profile 1 gb long ?
decimation: doesn't the sks server check before shitting public key?
decimation: asciilifeform: so did the sks server at one point accept anvin's key and then later bitrotted it?
asciilifeform: incidentally, anybody want to take the time to walk the sks set and check for 'skipped...' ?
mircea_popescu: even from a purely operational standpoint - it'd seem sks servers have all the interest in the world to reject such broken keys rather than publish them, carry them in db etc
mircea_popescu: asciilifeform i wonder if this is reproducible, make sks servers display random data as people's subkeys.
asciilifeform: at the moment it looks like sks bit rot is responsible
mircea_popescu: so this is a manufactured subkey that was somehow uploaded to sks and merged into the guy's key but not necessarily used or even issued by him ?
asciilifeform: or corrupt sks
mircea_popescu: yeah, sks cuts comments.
asciilifeform: jurov: actually sks does
BingoBoingo: <mircea_popescu> https://media.8ch.net/cuteboys/src/1430738295625.jpg << that is his rifle, that is his gun. << Nice SKS
ascii_field: whoever he is - sks is silent
scoopbot_revived: Phuctor Begins Processing SKS Keyserver Dump http://qntra.net/2015/05/phuctor-begins-processing-sks-keyserver-dump/
asciilifeform: aha, wanted to 'combine the pleasurable with the useful' and get fresh sks dump 1st
ascii_field: ;;later tell mircea_popescu ERROR: certificate common name “keys.mattrude.com” doesn’t match requested host name “keyserver.mattrude.com” << when fetching fresh sks from dulap ☟︎
mircea_popescu: i suppose "make a sane fucking export model" will be part of the ba sks server job.
ascii_field: sks is retarded, so i gotta write a slicer that parses the gpg blobs and reassociates the email/selfsig/pubkey fragments into usable key packets
ascii_field: mircea_popescu: THE DAMNED GPG KEYS!111 << dealing with sks retardation; see log
ascii_field: that is, the other folks - who probably all eat lunch together - got sks running
ascii_field: # sks cleandb Fatal error: exception Not_found
asciilifeform: <decimation> asciilifeform: is there a gpg keyserver that just holds pubkeys, dumps on request? << the sks servs dump, but in this mega-blob format where you get ~25MB of continuous gpg binary packet
decimation: mircea_popescu: my understanding is that the sks servers aggressively share keys
asciilifeform: because, it seems that in the course of this opera, we are setting up one sks key server
mircea_popescu: sks build /var/lib/sks/dump/*.pgp -n 10 -cache 100 <<
assbot: List all GPG/PGP keys of a local SKS key server - Unix & Linux Stack Exchange ... ( http://bit.ly/1GSCWb8 )
asciilifeform: http://unix.stackexchange.com/questions/110110/list-all-gpg-pgp-keys-of-a-local-sks-key-server << other folks also pissed
asciilifeform is floored by the sheer retardation of the sks thing
assbot: sks_build.sh - google-sks-keyserver-hl1 - Works for me - Google Project Hosting ... ( http://bit.ly/1GSCDgJ )
asciilifeform: http://code.google.com/r/google-sks-keyserver-hl1/source/browse/sks_build.sh?name=1.1.1&r=7f1cc4b1637ef119ba1f81afee0496c232bc2e10 << no such luck
mircea_popescu: /usr/local/bin/sks_build.sh << it has a script btw, to allow you to autoload in a db
asciilifeform: not that it matters, really, if sks lies about some random derp's key. it is a typical 'shakespeare's works were not written by shakespeare but by another man of the same name' non-problem.
decimation: the problem with the sks server is that it aggressively shares keys
mircea_popescu: well, curl http://pool.sks-keyservers.net:11371/pks/lookup?op=get&search=0x$key | curl post to phcktor.
mircea_popescu: from the example he gave : http://nosuchlabs.com/gpgfp/8680FD3C9D20B92FBEF3D058FD5A63B9EAC2A55E translates directly to http://pool.sks-keyservers.net:11371/pks/lookup?op=get&search=0xFD5A63B9EAC2A55E
asciilifeform: because there is no physically possible way to determine what subkey ought to be asked from sks et al, for that particular pubkeyblock hash
mike_c: Ideally? It's a fingerprint search. So if it misses, I would have it search sks for the fingerprint and show a page asking if you'd like to add that key.
mircea_popescu: ideally no misses, seeing how everyone in wot also had their key in the sks db
assbot: Logged on 30-04-2015 22:20:33; ascii_field: unrelated: that sks key mega-dump is in a ludicrous format - .gpg binary turds with 10,000s of pubkeys in each
ascii_field: unrelated: that sks key mega-dump is in a ludicrous format - .gpg binary turds with 10,000s of pubkeys in each ☟︎
assbot: SKS Keyservers: History of number of OpenPGP keys ... ( http://bit.ly/1GJcVuM )
ascii_field: https://sks-keyservers.net/status/key_development.php << check out the spikes.
mircea_popescu: nor http://pool.sks-keyservers.net:11371/pks/lookup?op=get&search=0x59C93F63549036BD
mircea_popescu: http://pool.sks-keyservers.net:11371/pks/lookup?op=get&search=0x454B0FC0BC07B87E for instance.
funkenstein_: <mircea_popescu> and then $ gpg --keyserver sks-keyservers.net --send-key <KEYID> and $ gpg --keyserver pgp.mit.edu --send-key <KEYID> where keyid you just copy from the line above. <-- what about those three letters showing up here?
BingoBoingo would like girls with Yugo SKS, nato grenade combo
mircea_popescu: and then $ gpg --keyserver sks-keyservers.net --send-key <KEYID> and $ gpg --keyserver pgp.mit.edu --send-key <KEYID> where keyid you just copy from the line above. ☟︎
pete_dushenski: http://sks.pkqs.net/pks/lookup?op=get&search=0x4DB8A08821B7141F
assbot: -----BEGIN PGP PUBLIC KEY BLOCK----- Version: SKS 1.1.5 Comment: Hostname: pgp - Pastebin.com ... ( http://bit.ly/1HhwXMa )
mircea_popescu: better this way, the less the sks servers are involved the better.
mircea_popescu: more like a "tough as nails, swiss made SKS". like the mac10 maybe.
BingoBoingo: asciilifeform: Yes sks, you also get diminished charge behind bullet for no less cleaning
asciilifeform: 'sks' iirc takes modern (7,62x39) rounds
BingoBoingo: Bolt action so cleaning... More popular "deer" rifle is sks, still corrosive primers, much less range, still moar cleaning
ryan-c: BingoBoingo: My gpg keys are in pgp.mit.edu and sks-keyservers as well.
mircea_popescu: deedbot- add-key http://pool.sks-keyservers.net:11371/pks/lookup?op=get&search=0xEE2BDEF602DD2D91
mircea_popescu: "Worse, it turns out that nobody else found all this stuff to be fascinating. Even though GPG has been around for almost 20 years, there are only ~50,000 keys in the “strong set,” and less than 4 million keys have ever been published to the SKS keyserver pool ever. By today’s standards, that’s a shockingly small user base for a month of activity, much less 20 years."
mircea_popescu: (we, of course, which prolly means we're redoing the sks too)
assbot: Logged on 25-02-2015 14:34:59; mats: also deliberately misleading folks about widespread use with the quantity of keys on sks keyservers
mircea_popescu: http://log.bitcoin-assets.com/?date=25-02-2015#1033119 << that may not be exactly misleading, it may just be he spoke too early. maybe the plan is to pop the sks system, and if they put a little pressure who exactly is going to stand up to it ? ☝︎
mats: also deliberately misleading folks about widespread use with the quantity of keys on sks keyservers ☟︎
mircea_popescu: http://pool.sks-keyservers.net:11371/pks/lookup?op=vindex&search=0x6F227EFC5B577AE959E13138BACBCE400996EB88 it's valid alright
mircea_popescu: http://pool.sks-keyservers.net:11371/pks/lookup?op=vindex&search=0xE4A966FF04DD296A41F5AAD497C64494
BingoBoingo would rather see USian Mosin and SKS, but...
mircea_popescu: which i guess is not that bad, seeing how it also solves the problem of the untrustworthy pgp-sks etc
mircea_popescu: that's a good fucking question lmao. sks fired from the hip by teenage boys in rural texas ? no wonder people can't land fucking rockets.
asciilifeform: http://pool.sks-keyservers.net:11371/pks/lookup?op=vindex&search=0x17215D118B7239507FAFED98B98228A001ABFFC7 << appears
punkman: fetches from sks
Adlai: compare: http://bitcoin-otc.com/viewgpg.php?nick=adlai and http://pool.sks-keyservers.net:11371/pks/lookup?op=vindex&search=0xFCBC64EFDF1D6C1E4E964AEE4D88596A7CDA03F9
punkman: sks and mit