Show Idle (>14 d.) Chans


← 2016-06-15 | 2016-06-17 →
a111: Logged on 2016-06-16 02:17 thestringpuller: i built with stator
deedbot: [» Contravex: A blog by Pete Dushenski] A brief discourse on specification. - http://www.contravex.com/2016/06/15/a-brief-discourse-on-specification/
deedbot: [Recent Phuctorings.] Phuctored: 10976761628737 divides RSA Moduli belonging to 'Mirko Gmyrek | x-quture netservice UG (mbH) <m.gmyrek@x-quture.com>; ' - http://phuctor.nosuchlabs.com/gpgkey/B731C95FA850A5B27F1A5FC534AA85C6768AF95600A3F1DEC3A63E78F0AA48C9
BingoBoingo: ;;ticker --market all
gribble: Bitstamp BTCUSD last: 731.98, vol: 11178.94029119 | BTC-E BTCUSD last: 700.15, vol: 10421.63378 | Bitfinex BTCUSD last: 734.02, vol: 84201.08057663 | CampBX BTCUSD last: 675.0, vol: 3.6406797 | BTCChina BTCUSD last: 736.8669, vol: 61319.81620000 | Kraken BTCUSD last: 730.1, vol: 3164.44414108 | Volume-weighted last average: 732.764292434
deedbot: [Recent Phuctorings.] Phuctored: 1553809262733 divides RSA Moduli belonging to 'Cacho Page (Gmail cachov2) <cachov2@gmail.com>; ' - http://phuctor.nosuchlabs.com/gpgkey/40EC4D973DB7A02863E11105863DC26D14570BA0723C48152F81B25EBD59132E
deedbot: [Qntra] Acquihired Changetip Can't Unload Actual Changetip "Business" - http://qntra.net/2016/06/acquihired-changetip-cant-unload-actual-changetip-business/
thestringpuller: mod6: hmm. it looks like my chain b0rked after 405...
thestringpuller: i preserved the chain, and the bitcoind that built it. so what i'll do is get another disk, try to start from scratch with that build, and see if it wedges at the same place.
Framedragger: asciilifeform: is there a 'stable' algorithm / spec for deriving phuctor's hash / permalink? you'd mentioned before that it "includes the entire key - names, emails, ~all~ subkeys."
Framedragger: for example say i have some public key available. is there a way for me to derive phuctor's permalink for that key (acknowledging that the permalink may not be active yet, i.e. phuctor does not even know of the pubkey etc) ?
Framedragger: the latter would be quite useful - i may spin up some simple analysis thingie which shows info for those ssh keys, and it'd be nice to be able to link to corresponding phuctor entries
asciilifeform: Framedragger: there is not, currently, but i can clean up and post a script later. for the time being you can easily get the hash by submitting key to phuctor.
asciilifeform: ;;later tell phf log is deed
gribble: The operation succeeded.
asciilifeform: ;;later tell phf log is dead
gribble: The operation succeeded.
Framedragger: asciilifeform: kk, thanks, a script (or some description) would be useful!
mircea_popescu: yeah that's a good point Framedragger
Framedragger: not a big deal at all tho of course, useful for laters and for future exploitations and analysis infrastructure though
mircea_popescu: it is kind of a big deal. asciilifeform there must be a standard. this "submit key" thing doesn't work if for instance he's trying to dump 2mn static html pages into a website.
asciilifeform: mircea_popescu: about to post proggy, momentarily
mircea_popescu: Framedragger there's also nothing wrong with trying to package it for b2b and beat in the marketplace those derps mentioned in the log days ago. i don't personally think there's a market there, but maybe i'm missing a crease. teh republic'd support you in any case.
mircea_popescu: asciilifeform win.
mircea_popescu: (is it gonna be lisp ?)
Framedragger: mircea_popescu: yeah not the worst idea, i too think there may be not much of a market there though, but who knows.. good to know, if i ever come to consider b2b plans more seriously
mircea_popescu: generally, the fiat of the fiat state must be leached away from its crippled hands. very generally. what way one goes to accomplish this... well, that's why the one is one.
Framedragger: i guess right now i'm more curious to see general statistics / trends, e.g. distribution of ssh server versions per given geo region / AS etc., not that it may be too useful, but just genuinely curious
Framedragger: mircea_popescu: can't disagree with you there
Framedragger: that was fast :)
Framedragger: asciilifeform: cheers
asciilifeform: go,try.
asciilifeform: ~no error checking tho.
mircea_popescu: yeah, if you get imagemagik installed (lol!) there's a bunch of interesting visual stuff. quick way to jumpstart a blog, socialmedia exists ~out of this.
mircea_popescu: and a blog is a valuable and important asset for the adult man.
asciilifeform: also i left some of the pieces used by phuctor in, in case whoever wants to experiment.
mircea_popescu: asciilifeform an idea here would be to make a soft commitment to publish all cannonical code in lisp implementations.
mircea_popescu: not obligatory, just, something to strive to.
Framedragger: asciilifeform: ah wait lol: i'd be parsing ssh rsa keys, not pgp keys - different format - though also base64 etc. i'll check!
asciilifeform: mircea_popescu: would be. but i never finished my cl rewrite of phuctor.
asciilifeform: the whole rfc4880 parser has to be rewritten.
Framedragger: mircea_popescu: good advice, thanks
mircea_popescu: asciilifeform yeah, just saying as a horizon thing.
asciilifeform: Framedragger: phuctor only eats rfc4880 keys. strictly.
mircea_popescu: (you can write two pages of cannonical implementation in lisp even if your actual implementation that you use is in py/c/whatever. make it a sort of official lingua franca of coding, is my idea.)
asciilifeform: mircea_popescu: realize that the routine posted earlier uses all of rfc4880.
asciilifeform: which is definitely not two pages of anything.
mircea_popescu: i just did looking at it.
mircea_popescu: could mock it out!
mircea_popescu: aaaanyway. just a stray thought.
mircea_popescu: omfg log is dead
asciilifeform: for umpteenth time..
asciilifeform: 'he blackhat scene is always riddled with informants. The only thing a Darknet guy likes better than darknetting is ratting somebody else out. All hackers aspire to an upgrade to spook. Hackers have no shut-your-mouth “omerta,” so whenever they get arrested they’ll brag to the authorities for 72 hours straight. They’ll even draw helpful little flowcharts for the cops.'
shinohai: so10K causes the BitGold pyramid to collapse under weight.
mircea_popescu: guy has a solid point. there's nothing new in this world except for hte history you didn't know etc.
asciilifeform: whole thing lulzy
mircea_popescu: asciilifeform a look, global warming idiot. /me moves on.
asciilifeform: '... bitcoin is for suckers ... mtgox'
Framedragger: asciilifeform: gotcha. i have thing which converts ssh pubkey format to e,N,IP. i'll probably have a thing which generates rfc4880 (inserting ip address as comment field, say) from e,N,IP. thanks!
mircea_popescu: no wonder he's being promoted. by now, the moment i see lamestream going "X is a Y" the ~only thing i think about is that if Y = bitcoin, they'd be saying x=gavin.
asciilifeform: mircea_popescu: fella is a well-known dead tree sf author on this side of the ocean.
mircea_popescu: asciilifeform because you people have ~no taste and read shit spread on paper.
asciilifeform doesn't buy him
asciilifeform: but yes
mircea_popescu: psa : genre fiction is not fiction, it's those merchandise tags and labels that ran long for the space.
mircea_popescu: fucking copywriters a) aren't writers and b) aren't people.
mircea_popescu: you want to buy a "genre fiction" novel, buy fifty cans of campbell soup and read the labels in succession. same shit.
mircea_popescu: plus you get some delicious canned soup out of the deal.
asciilifeform: hey '50s american sf was readable
asciilifeform: e.g., sheckley.
asciilifeform: asimov, et al.
mircea_popescu: it ain't the 50s anymore, dorothyform.
Framedragger likes greg egan (hard scifi)
Framedragger: australian d00d
asciilifeform: Framedragger: i have his complete worx here.
Framedragger: niiice.
asciilifeform: 'I know what militant leftist political correctness actually does in reality. It’s got nothing to do with SJW’s sobbing over transgender rights and everything to do with having your door kicked in with KGB jackboots at four in the morning.'
Framedragger still hasn't read schild's ladder. prolly need accompanying graph theory textbook
mircea_popescu: " All hackers aspire to an upgrade to spook." <<< ahahaha. "all barbarian lords aspire to colonus status". fucking bs. foederati had superior legal status to "colonus servusque". much like black dudes in the us have superior status to white office drones.
asciilifeform: bears in the woods, superior still !
mircea_popescu: check out the inept agitprop bullshit. NOBODY wants to be "a spook", and for most people, including cashiers and waitresses, this move isn't an upgrade.
asciilifeform: the ticks on the bears - even moar.
mircea_popescu: less money, shittier work.
mircea_popescu: asciilifeform mno, not in that vein at all.
mircea_popescu: the roman "citizen" is the basis of the european slave class.
mircea_popescu: the barbarian is the basis of the european minor nobility.
mircea_popescu: as late empire turned to medieval times, colonus -> peasantry and foederatus -> yeomanry.
mircea_popescu: (with any luck, slave's kid could become knave, ie, 4th rank in the army, below yeoman, squire and knights in that order.)
asciilifeform: sterling had point tho - can't get 20 people in a room without a stool pigeon
mircea_popescu: for anyone and anything.
mircea_popescu: asciilifeform that's basically saying "can't get a proper meal assembled without getting a bacteria in there. if it's clean it's an industrial product nobody wants to eat, if it's made properly, well!". this is true, but also irrelevant, the bacteria are everywhere but they aren't specifically dedicated to a cause through being bacteria. they're not typhus specifically.
mircea_popescu: now, man beset with lots of typhus may end up thinking so, "they're all the same", etc. but this is not exactly thinking in the proper sense, more like emotional lashing out.
mircea_popescu: BingoBoingo " since it's sale to Airbnb" << its.
Framedragger: asciilifeform: script worx, much thanks!
asciilifeform: Framedragger: yw
Framedragger: asciilifeform: do you think it's a sensible idea to try and convert ssh public keys into rfc4880, and then submit them to phuctor (possibly in bulk)? or is that something i should leave to you?
mircea_popescu: phuctor gotta move to tmsr format not teh other way round. give the guy a moment,
Framedragger: yeh i'll be patient and will meanwhile muck around with what i've collected
asciilifeform: mircea_popescu: phuctor is, originally, ~specifically~ about pgp keys, ~verbatim~, as found in the wild forest. any other thing will have to be a new gadget.
asciilifeform: they are stored as-found. so they can be shat back out and compared to extant key elsewhere etc.
asciilifeform: log still dead, incidentally.
asciilifeform: does phf host it on a dial-up or what.
asciilifeform: Framedragger: fundamentally anybody should feel free to submit whatever to phuctor.
asciilifeform: it will go ~slightly~ faster if i dump'em in, in bulk, but understand - i do not have the time presently to write any serious adjunct to phuctor
mircea_popescu: asciilifeform so write it a convertor. it's strategically stupid to make "a new gadget".
asciilifeform: jurov wrote one.
asciilifeform: posted last week iirc.
mircea_popescu: he wrote it TO tmsr format iirc.
mircea_popescu: a nice then. so put it in.
asciilifeform: thing is, pgp key includes more info than simply 'modulus, email'
asciilifeform: it also has self-sigs.
asciilifeform: where am i to get these ?
mircea_popescu: leave blank.
asciilifeform: understand, if i were to switch phuctor to storing IN this format, NO key it spits out will ever be eatable by gpg.
asciilifeform: which is dumb.
mircea_popescu: we're back to this ?
asciilifeform: apparently?
mircea_popescu: it is the height of ridiculous for you to tell me that "my program is so fucking stupid if it has to handle two items it can only pick one and pretend the other doesn't exist". you understand this ?
asciilifeform: mircea_popescu: does it not make sense to you that having two classes of object, whereas previously there was no need to distinguish classes, is at least 2x complexity ?
mircea_popescu: if you store as a csv, add more fields. if you store in any other format, a mechanical equivalent for "add more fields" exists. what is the problem ?
mircea_popescu: there ARE NOT two classes of object. rsa is the class of object.
asciilifeform bangs head on desk
mircea_popescu: different packagings of THIS SAME OBJECT are not to be entertained. we control ther fucking horizontal, not "gpg" or "opensshit".
asciilifeform: rfc4880 key is the fundamental object !
asciilifeform: as it was written.
mircea_popescu: fuck that shit.
asciilifeform: iirc mircea_popescu even ~read~ the thing.
mircea_popescu: i am not importing "tinyscheme" or "rfc" or anything else.
mircea_popescu: let them all fucking burn.
asciilifeform: did i ever say the pgp format shouldn't burn ?
mircea_popescu: i do not have use for as much as a rotten end of a thread from usg. you follow this concept ?
mircea_popescu: so then stop being jurov-y about burning it.
asciilifeform: phuctor is, among other things, specifically machine for illustrating the defects in gpg format
mircea_popescu: illustrate them by storing rsa in the rsa format and adding the illustration on the side
mircea_popescu: not by centering on the non-rsa formats and adding tms on the side.
asciilifeform: fundamentally this is good idea. but i can work either on this or on other things.
mircea_popescu: there is exactly ONE rsa format, for all time, past as well as future, and it goes like this : N, e, comment.
asciilifeform: mircea_popescu dun believe in self-sigs ?
mircea_popescu: well, work on your own time. but work the way we're going not orthogonally.
mircea_popescu: asciilifeform can be part of comment.
asciilifeform: if you're structuring the 'comment' field, before long you end up with rfc4880 et al if not careful.
mircea_popescu: (but in generally, no, it's as fucking stupid to have the sig cert in the sig as it's stupid to have the bitcoin transactions in the bitcoin wallet.
mircea_popescu: these belong somewhere else.)
asciilifeform: the tx in wallet thing is monumentally annoying but afaik no one has invented a practical alternative to the O(N) 'how much coin do i have'
asciilifeform: and N is getting pretty fat.
mircea_popescu: yeah well. so make two files.
asciilifeform: understand, getting the balance of an addr is O(N) ~unless~ you've been watching it as the blocks splat in.
mircea_popescu: make wallet.dat and pending_transactions.dat. so if i want to flush pending txn i just delete that.
asciilifeform: yeah that'd work
mircea_popescu: doh if i may say so myself.
mircea_popescu: the notion of joining at the hip a permanent store and a cache is so idiotic as to make me certain the guy had no sort of formal education
asciilifeform: eh american education would do it also.
mircea_popescu: i don't mean, in cs. i mean, at all. fucking baker's notions of the world.
mircea_popescu: the most basic, elementary, fundamental, first fucking function of any cache implementation is flush ffs.
mircea_popescu: the only one thing a datastore never does is "drop"
mircea_popescu: who ever thought of this omfg it gives me hives on the brain just thinking about it.
asciilifeform: hey here in the lande of the phreeeee they combined toilet and washroom
asciilifeform: (why not and also kitchen, everyone fresh off the boat always asks)
asciilifeform: why not cache and store also.
mircea_popescu: sigh. anyway. "selfsigs" are not particularly well thought out, not to the degree but in the same manner.
asciilifeform: selfsig is how you know you have an rsa pubkey vs dogvomit.
mircea_popescu: there's 10x to 100x more ssh-rsa than gpg-rsa. it's a moot point.
asciilifeform: there is!
asciilifeform: prolly more than 100x moar.
asciilifeform: and we already know that they have large-factor collisions
asciilifeform: (from, elementarily, machines with ~no~ rng)
mircea_popescu: well, going by Framedragger 's 20mn figure. aha.
asciilifeform: this incidentally is why phuctor had been a depressing thing for me. the thing i set out to find, i never found (evidence of diddled rng on pgp users' boxes.)
asciilifeform: we found exactly ONE large-factor collision, and it was some troll
mircea_popescu: give it some time.
mircea_popescu: what's the 8ball at yet, 100mn ?
asciilifeform: 8ball is not relevant to this
asciilifeform: i was speaking of LARGE FACTOR collisions
asciilifeform: as in, between keys
mircea_popescu: woosh :p
asciilifeform: 8ball would take about a billion years to get to sqrt(2048)
mircea_popescu: hence the humour!
asciilifeform: (at which point it would factor ALL 2048b keyz!11111111111)
asciilifeform was laughing in other terminal and forgot here.
asciilifeform: 2**2048 damn
asciilifeform: http://btcbase.org/log entirely dead apparently
mircea_popescu: i see it ?
asciilifeform: looks like he put moar petrol in the 2-cycle modem or what.
asciilifeform: but yes.
mircea_popescu: incl. your last line, aha
phf: this "later" functionality is kind of useless on a bounced connection
mircea_popescu: yeah i;ve been thinking on the correct spec for it.
mircea_popescu: in general the way it's supposed to work is that it pms you ONCE IT SEES YOU TALK
mircea_popescu: not once you show up at all.
asciilifeform: it actually works this way afaik.
mircea_popescu: sorta half-way i dunno.
phf: it's hosted on digitalocean fwiw, maybe i should try moving it to our friend's cockli server, see how well romanian diesel modems work
mircea_popescu: worth a shot. in any case protectionism should be a concern, much rather support people with than items without a wot.
deedbot: [Recent Phuctorings.] Phuctored: 429529 divides RSA Moduli belonging to 'Wilfred de Kok <wdk@protonmail.ch>; Wilfred de Kok <wilfred@thinkhuman.nl>; ' - http://phuctor.nosuchlabs.com/gpgkey/CB4E61E28FD9AFC202292274E2D73AD5AF5FEC567DCE5EDC52BFA34CB5B88F18
mircea_popescu: course, ending up with half the shit suspended because one guy's diesel modem croaked is also not such a good state of affairs.
mircea_popescu: but, well backuped services don't so much care about this.
mircea_popescu: omg new ?
asciilifeform: hey last one was new iirc
asciilifeform: this morning.
asciilifeform: btw both of the ones this morning were bitflips.
phf: i've almost rewritten the irc bot. i'm not going to festival for couple of weeks, so it's going to get done
mircea_popescu: is phucvtor down btw ?
asciilifeform: not afaik ?
mircea_popescu: lol is your life "code hard, festival harder" phf ?
asciilifeform: looks like it is under load tho
mircea_popescu: yeah timing out here.
mircea_popescu: put some gas in teh twocycle ? :D
asciilifeform goes to the tank
asciilifeform: mircea_popescu: try now
asciilifeform: bitflipolade btw
asciilifeform: just like last 2.
asciilifeform: incidentally, because self-sig exists, i could turn these into their correct versions if i had to.
asciilifeform: O(Nbits).
asciilifeform: elementarily.
mircea_popescu: sort of passive crc. not clear that a) if you want it you shouldn't have it purpose built and b) if it's "just there" it should be necessarily preserved.
asciilifeform: at least assuming 1-bit flip (which so far has been the case)
asciilifeform: you can't do this with crc.
asciilifeform: necessarily
mircea_popescu: but anyway, as far as formats go - it seems data integrity procedures should be separated from data.
asciilifeform: not certain how practical this is, because in order to work it has to be standardized.
mircea_popescu: works for the user.
asciilifeform: e.g. 'last K bits are ALWAYS sig'
mircea_popescu: seems on the contrary, an epic point of decentralization
asciilifeform: this is like decentralization of mains socket voltage.
asciilifeform: no thx.
mircea_popescu: no. data is data, formats are standard. data storage is your problem. encrypt it as you will. no standard encryption. backup it as you will. no standard backup.
mircea_popescu: it's one thing to have standardized mains. it's another to have standardized items that plug into them. no thx.
asciilifeform: but 'no standard checksum' is lunacy.
asciilifeform: mains plug is standard where i live.
mircea_popescu: asciilifeform the items, not the plug.
mircea_popescu: anyway, "standard checksum" appears to be emerging as sha.
mircea_popescu: at least it's what we mostly do.
asciilifeform: it is, and ew
asciilifeform: this is entirely optional when designing new rsa container tho
asciilifeform: can sign ~the modulus whole~
mircea_popescu: what's the ew ?
asciilifeform: just takes multiple shots to cover modulus, comment, etc.
mircea_popescu: yes but why
asciilifeform: because hashes are fundamentally poisonous.
asciilifeform: and ought to be abolished when practical.
asciilifeform: because many-to-one function.
asciilifeform: fundamentally.
mircea_popescu: this seems ~the only true use of a hash function, "give me some bits to compare with his bits make sure the file made it"
asciilifeform: collisions are certain to exist.
mircea_popescu: otherwise what, send everything in triplicate, like it's soviet union time ?
asciilifeform: every time you hash, you make a bet that it will never be practical to find'em.
mircea_popescu: collisions there, also.
asciilifeform: no hash - no collision.
mircea_popescu: asciilifeform some dirt is not actually dirt in the usual sense, but part of the fabric of reality.
asciilifeform: point was, in certain cases you don't actually win much by making this wager.
mircea_popescu: sometimes i suspect if you were my hammam master you'd steel mesh the freckles off the girls. possibly most of the smaller clits nad nipples too.
asciilifeform: such as when rsa-signing a small string.
mircea_popescu: ;;later tell pete_dushenski nice job adding references.
gribble: The operation succeeded.
Framedragger: > mircea_popescu: [15:40:33] well, going by Framedragger 's 20mn figure. aha.
Framedragger: yeah i'm not certain how representative that figure is of whatever, honestly. with all metaphor removed, it literally is "the number of ipv4 hosts which respond to a TCP SYN to port 22 with TCP ACK [packet with ACK flag set]". i'm fairly confident that i haven't missed many hosts of this kind, but too should be replicated and tested.
mircea_popescu: yeah, i know.
Framedragger: k, just making sure for the records, then
mircea_popescu: best figure so far is all.
Framedragger: btw i'd choose self-sigs over "trust sks keyservers not to include fake subkeys" any time of the year. obvs the point is to disassemble this false dichotomy. but short-term, self-sigs are not useless at all.
asciilifeform: Framedragger: concept of 'subkey' is waiting to be shot in the head incidentally.
Framedragger: and that's great and all.
Framedragger: s/but too/but this too/ ^^
asciilifeform: incidentally, 8ball presently weighs 333.5MB.
Framedragger: 8ball contains exclusively moduli only, right? cool.
asciilifeform: 8ball has nothing to do with moduli
asciilifeform: it is an eternally growing primorial.
asciilifeform: that gets gcd'd with the rest.
Framedragger: an ever-growing bunch of primes, right!
asciilifeform: incidentally i devised a way to make the thing grow ~100x faster, but still not implemented.
asciilifeform: ars longa.
asciilifeform: (iirc this was mentioned in logz somewhere. presently it multiplies old_primorial * next_prime(old_prime), but this is wasteful, ought to happen in batches so that massive turd is multiplied only rarely)
asciilifeform: an unkillable vermin, dead ?!
mircea_popescu: Framedragger your concept of "fake subkey" is broken. what makes a subkey fake ?
asciilifeform: 'brought to an immediate halt the country's European Union referendum campaign just a week before the vote.' << that was apparently easy.
mircea_popescu: "i don't personally know her, she's therefore not a woman but meat".
mircea_popescu: asciilifeform it's also not partucularly true, but it is what they would like, so.
mircea_popescu: "i took mercury and it brought the syphilis to a halt". mmmkay.
Framedragger: mircea_popescu: whether signature by $key to which the key in question is a sub of is valid?
Framedragger: why does it have to be all abstract and difficult
mircea_popescu: except in the case as seen of hpa's key, where they just attached a valid sig to an invalid key.
mircea_popescu: the fact remains : unless i have your key from you, it's fake. no amount of holy water sprkinling on the key in question can alleviate this.
asciilifeform: wtf is a 'valid sig to an invalid key'
BingoBoingo: <mircea_popescu> and here's a two stroke engine to get the day started in gear. http://67.media.tumblr.com/c4a6298582c76943b282e9b85b59de44/tumblr_nukg7cFcjI1tvvddjo1_500.gif << ty
mircea_popescu: asciilifeform you recall, they pasted the sig packet off the actual key to a random concoction, verbatim
mircea_popescu: "bite error"
BingoBoingo: <mircea_popescu> BingoBoingo " since it's sale to Airbnb" << its. << ty fxd
BingoBoingo: <mircea_popescu> less money, shittier work. << Even if more money can't spend because blows cover, then die
asciilifeform: mircea_popescu: yeah but that ain't a 'valid sig'
asciilifeform: valid sig is valid ~for~ payload
asciilifeform: ;;later tell mod6 http://thebitcoin.foundation still contains a buncha #b-a links ?
gribble: The operation succeeded.
BingoBoingo: ;;ticker --market all
gribble: Bitstamp BTCUSD last: 747.86, vol: 14522.51117654 | BTC-E BTCUSD last: 714.997, vol: 12883.63577 | Bitfinex BTCUSD last: 748.22, vol: 102681.82802122 | CampBX BTCUSD last: 675.0, vol: 4.81007134 | BTCChina BTCUSD last: 749.918331, vol: 71268.07480000 | Kraken BTCUSD last: 748.298, vol: 4917.98036024 | Volume-weighted last average: 746.706548862
mircea_popescu: guy needs a better family.
shinohai: mebbe the 3rd time of seen that with a different woman charged with said crime.
mircea_popescu: and of course "the public" = the rest of the tatanyshas are worried she may get executed for this.
mircea_popescu: i have nfi how someone who waits for you to go to sleep, pours gasoline and lights up could possibly escape the hanging. it is about as cowardly premeditated as it gets, no need to encourage this sort of behaviour.
asciilifeform: in usa, no corpse --> no hanging
asciilifeform: weird, ikr
trinque: hang them both
trinque: phf: I'll get you postgresql user/pass this evening
asciilifeform: mircea_popescu: in usa it is not wholly unheard-of for wife to mutilate husband (blinding, decocking, etc) while he sleeps
asciilifeform: often the jury nullifies
phf: in the old tradition of samson and delilah
mircea_popescu: it's outrageous. married woman that hurts sleeping husband should be given the option of burning at the state / boiling in oil.
asciilifeform: curious - why option
mircea_popescu: optimal anguish.
mircea_popescu: either choice has a bunch of onlookers mocking her for choosing wrong.
mircea_popescu: incidentally this is an islamic mainstay afaik. punctually, fine example of why "civilised" us might well welcome the rule of the "barbarians". legal improvements.
asciilifeform: where in dar-al-islam is there this
asciilifeform: afaik it's head-chop for everybody.
asciilifeform: (aside from shia hangings)
mircea_popescu: i cant quote verse.
mircea_popescu: but i've yet to meet muslim married woman that'd even conceive such outrage.
asciilifeform: notagain
phf: nihil est perenne
phf: drink. campari.
trinque: I do not recall a worse keynote ever given by "apple"
trinque: somebody decided they needed to be more inclusive with their presenters, and they included a bunch of duds
BingoBoingo: And transfats
phf: i liked the black chick that was doing the whole blackface shtick
phf: "execu-super-mommy" i believe is that term she used, right before trying to get boomer audience to sing along to the sugarhill gang
phf: followed by half hour of two grownups earnestly demoing imessages features presumably targeted at 12 year old girls
asciilifeform: boggles my mind that any of you bothered to watch
Framedragger: http://btcbase.org/log/2016-06-16#1483611 << this does not make sense to me. granted, maybe i need to be elucidated. but gpg clients correctly handle hpa's key mess, viz. https://news.ycombinator.com/item?id=9561091 (link to particular comment about this particular case of diddling)
a111: Logged on 2016-06-16 17:04 mircea_popescu: except in the case as seen of hpa's key, where they just attached a valid sig to an invalid key.
Framedragger: (and also the tree of comments below, which are not properly visually formatted, in terms of identation)
Framedragger: (schoen et al)
mircea_popescu: trinque the apple you're thinking of got pancreatic cancer, they got a replacement from central casting.
mircea_popescu: asciilifeform buncha recovering 2000s fanbois, whadda ya want. anyone's a teenager sometime.
mircea_popescu: Framedragger so some clients handle it correctly. this isn't much of an argument that it belongs there.
ben_vulpes: the pathetic "omg these cool features!" from current fanboys is endlessly entertaining.
phf: you guys, i really enjoyed the main guy, because he was like a steve jobs zombie, down to a gaunt cancer look. he existed in this uncanny valley with all the manerisms and presentation ticks.
mircea_popescu: next year they can give him a kardashian ass and he could launch a music album.
phf: i'm just so rarely exposed to agitprop that this was a fascinating experience. it's like watching men in suits get on all fours and earnestly eat shit from the floor.
BingoBoingo: Wait you didn't see that part?
trinque: l0l
asciilifeform: ben_vulpes: the crapple currently in business is a sad thing. i have a brand-new $3k box here, for instance, that periodically forgets it has wifi.
phf: no need to spread! boom, it's that easy!
asciilifeform: if the alternative weren't microshit, nobody would even conceive of buying such a thing.
trinque sends asciilifeform a grumpy emoji
trinque just picked up a g5 imac as a non-intel curio
trinque: 25 bucks on craigslist
asciilifeform: i remember them costing their weight in silver.
asciilifeform: it was an interesting arch
asciilifeform: but my understanding is, nsa wanted standardization on x86, and got it.
deedbot: [Recent Phuctorings.] Phuctored: 4579563035892572414441 divides RSA Moduli belonging to 'Cyber-Tom <cyber-tom@mailcity.com>; ' - http://phuctor.nosuchlabs.com/gpgkey/AD4C57403CECBEB77262D7BE6F1E4F9925E7A673AA8AA1A5971A1555B67C20AD
phf: boom
asciilifeform: flipolade btw.
gernika: Something I built that may be of interest to Z80 fans: http://www.exusiae.com/blog/thortron.html
BingoBoingo: interesting
Framedragger: http://btcbase.org/log/2016-06-16#1483669 << it does, however, show that a coherent account "fakeness" (from the query by yourself ("what makes a subkey fake ?")) is possible.
a111: Logged on 2016-06-16 21:23 mircea_popescu: Framedragger so some clients handle it correctly. this isn't much of an argument that it belongs there.
Framedragger: account of*
Framedragger: i.e., the "fake subkey" case *can* be handled correctly.
Framedragger: hence self-sigs do provide value here; this is not to say that the notion of "subkey" shouldn't be razed from the earth, eventually.
mircea_popescu: Framedragger as exemplified by the woman in the picture. she's "not fake". in what sense ? she could call you and swear for herself ? so ?
mircea_popescu: your notion of fake is broken. you think fake is a property of objects. fake is a property of relations.
Framedragger: non sequitur, even though the example is cute
mircea_popescu: it follows very much, what.
Framedragger: i agree that it's a property of relations. a signature establishes a relation
Framedragger: don't see a contradiction
Framedragger: maybe bad wording: not "self-signature" in this case, but rather one (parent) key signing another (child) key.
mircea_popescu: a self-signature establishes nothing. if YOU signed the key then ~you~ would know it's not fake in the specific sense that it's the same one you signed.
mircea_popescu: that it signs itself shows ~nothing.
Framedragger: let's particularize: hpa's parent key was embedded in the pgp wot (whether the latter is worth anything is a *separate* point) which people trusted. then, hpa's child key appears, and it's not properly signed by hpa's parent key, the latter being trusted prior. maybe the sig is not there, maybe the sig is invalid, whatever. child key gets rejected. this scheme in itself is not circular, and it *worked*.
mircea_popescu: i don't know hpa. any item purporting to be hpa's key is fake, and this can not be fixed by hpa or anyone on his behalf through technological means of any sort.
Framedragger: whether it truly worked well, whether some gpg clients are shit, whether keyservers should preemptively dismiss such keys - all worthy points of discussion, but separate.
mircea_popescu: the only solution is for us to become acquainted.
mircea_popescu: if another knows hpa, and signs his key, then that one knows the key he signed to be not fake, but the key he signed. this, again, has little to do with hpa per se.
Framedragger: i agree. but what if there was some trust path from you to hpa's parent key; and there were no paths at all to the diddled child key. surely that's something, even if not enough for you to mark hpa's key (any key) as "trusted"
mircea_popescu: anyway. the only way in which the scheme you discuss worked was to prevent effectual use of symmetric key crypto, and it's altogether doubtful people needed help for that.
mircea_popescu: Framedragger i don't see much merit in the whole scheme. gpg does something stupid and then maybe salvages some edge of it. mmkay.
mircea_popescu: "subkeys" are ~equivalent to "domain names" and various attempts to weaken bitcoin that were quashed historically. "wouldn't you like some wool over your eyes ???"
Framedragger: right, sure. but then you'd agree that all phuctorings (save for one, apparently) are interesting insofar as one is interested in how broken this scheme is?
Framedragger: i.e. they show only that.
mircea_popescu: i don't think it can ever be said "x phenomena shows only y abstraction".
mircea_popescu: i dunno why it's interesting and what it shows exhaustively.
Framedragger: maybe i'm jumping too much. apologies - sleepy; and i get the point.
mircea_popescu: but anyway, sure, there's a difference between "random subkey" and "subkey signed by main key".
mircea_popescu: nevertheless, it seems to my eyes to be of the kind of "there's a difference between burnned out barn with door open and burned out barn with door closed".
Framedragger: i suppose that's what i wanted to state originally, yeah. i know it's not a strong case; but it's not utter bullshit, either.
mircea_popescu: more importantly : i don't want to outsource the management of my trust chains. if i trust you, i trust one key, not all keys in all derivations you may one day come up with.
mircea_popescu: and if you want a subkey, I do the signing, not you.
Framedragger: depends on matter of scale. if you zoom out and look at gpg as a whole then you just want to burn everything to the ground, sure. and if you zoom out further you want to rewrite more and more things. but sometimes it is worthwhile to consider relative differences of worth, too, so to speak.
mircea_popescu: sure, but the "who is in charge" point is important.
Framedragger: yeah i agree here, i do see that point
Framedragger: so, yeah.
mircea_popescu: if gpg was intended as a sort of otr, "user creates subkeys forever", it's shockingly poorly implemented.
mircea_popescu: if it's intended to work as what it works, then really there's no use or need for that nonsense.
mircea_popescu: so in a sense i made a design decision post-implementation, because these cojoined twins had to be cut somehow. this is improper, sure, but unavoidable.
Framedragger: one practical consideration re you signing my subkeys: what if you really trusted my main key but then i later decided to move that key to offline storage for security, and derive a subkey - one may argue that gpg provides just this kind of means of streamlining the process - i sign my new subkey or whatever, and there's that, no need for you to meet me in person again. otherwise doesn't scale at all, if 1000 people wanted to trust my su
hanbot: say Valfor, who're you?
Framedragger: otherwise doesn't scale at all, if 1000 people wanted to trust my subkey. i guess *you* could argue that fuck scale and fuck "lots of people", etc.
Framedragger: ^ i'll re-think and converse better next time, bed time
Framedragger: jurov: i heard you have a converter from tmsr format (e,N,comment) to openpgp, if that's true can you link to it perchance please? would save time / redundancy :)
Framedragger: jurov: but probably nvm actually 'cause your tool i expect does not generate things like self-sigs out of nowhere, etc. (need by current instance of phuctor). would still like to take a look if it's around tho!
Framedragger: needed*
gernika: Whales are spouting off the coast today. Beautiful thing.
mircea_popescu: Framedragger why should it scale ? dunbar number is a thing. there's no need for you to be trusted, or even known, by more than a few dozen people.
mircea_popescu: and why should the process be streamlined ? the decision to "move your key to storage" has some costs, for them. why should you be insulated from this ? you wanna do X, pay up.
mircea_popescu: $gettrust valfor
deedbot: L1: 0, L2: 0 by 0 connections.
Valfor: :/
mircea_popescu: wtf is this wonder.
mircea_popescu: $gettrust Valfor
deedbot: L1: 0, L2: 0 by 0 connections.
mircea_popescu: Valfor who're you and how did you get voice ?
Valfor: I presume I was given it?
Valfor: not really something I can take for myself :P
Framedragger: mircea_popescu: yeah k, i mean, i may disagree re. dunbar's number being directly applicable here, maybe i'm some l33t package maintainer, but fair enough, won't argue further here
trinque: wat
Framedragger: it's lisp's fault, i knew it
mircea_popescu: trinque i think he got voice a whole back and deedbot forgot about it.
Framedragger: valfor is some unclaimed garbage collected side effect
Valfor: :(
Valfor: my heart
mircea_popescu: May 02 18:10:34 <deedbot> Valfor voiced for 30 minutes.
Valfor: you're ripping me to shreds
mircea_popescu: Valfor well lol, consider getting in the wot eh.
trinque: weird. deedbot tracks nick changes at least
Valfor: My nick has been the same :P
Valfor: If you all want a collective devoice
Valfor: I'm happy to do so
mircea_popescu: Valfor more like auditing the mechanism than anything.
trinque: just discussing teh bot mr feelings!
Valfor: No worries
Valfor: Well let me know if you do - don't want to be inadvertently breaking the rules :)
a111: Logged on 2016-06-16 22:37 BingoBoingo: candidate for castle alfstein? https://carbondale.craigslist.org/reb/5624243887.html
asciilifeform: nothing in usa - that one could live in - costs this little, unless it is attached to onerous restoration mandate from the city, and/or surrounded by heavily armed and belligerent africa
asciilifeform: http://btcbase.org/log/2016-06-16#1483707 << neither moar nor less fake than linux kernel, neh ?
a111: Logged on 2016-06-16 23:09 mircea_popescu: i don't know hpa. any item purporting to be hpa's key is fake, and this can not be fixed by hpa or anyone on his behalf through technological means of any sort.
a111: Logged on 2016-06-16 22:45 gernika: Something I built that may be of interest to Z80 fans: http://www.exusiae.com/blog/thortron.html
gribble: The operation succeeded.
gribble: The operation succeeded.
a111: Logged on 2016-06-16 23:17 mircea_popescu: more importantly : i don't want to outsource the management of my trust chains. if i trust you, i trust one key, not all keys in all derivations you may one day come up with.
asciilifeform: there was a very good thread where mircea_popescu explained this, but i can't seem to find it
asciilifeform: the one where 'key can squirt out a signature for a new key but this can leave no permanent mark on the original,' ergo auto-acceptance of subkeys is invitation for 'evil maid attack' etc.
asciilifeform: (or more general variant where enemy can take something you signed and turn THAT into a subkey that is in turn accepted somewhere!!)
asciilifeform: ^ this may actually be practical with pgp
asciilifeform: ^ and may account for at least one phuctored modulus
asciilifeform: ^^ mircea_popescu et al ^^
Framedragger: re evil maid, sure, that's a prob.
Framedragger: asciilifeform: btw would phuctor (as it currently works) be able to import an otherwise normal openpgp / rfc4880 key either (1) no self-sig or (2) a somehow borked (nulled? haven't looked at rfc4880 data structures yet) self-sig? as i see it lotsa info is actually contained *within* the signed part, in that format..
asciilifeform: well, probably not as traditionally stated (e.g., if 'evil maid' borrows mircea_popescu's key, she can launch the rockets)
asciilifeform: Framedragger: would happily eat such a key
asciilifeform: notice, the sig is not used for anything therein
BingoBoingo: <asciilifeform> nothing in usa - that one could live in - costs this little, unless it is attached to onerous restoration mandate from the city, and/or surrounded by heavily armed and belligerent africa << AHA, the latter. You gotta supply your own walls!
asciilifeform: BingoBoingo: if walls were enough, place would cost $mil
asciilifeform: not 13k.
asciilifeform: elementarily.
BingoBoingo: Well, also in Cairo, Illinois. A very special nowhere.
asciilifeform: the missing ingredient HAS to be something that costs moar than the difference to add back in.
asciilifeform: thinkaboutit.
asciilifeform: for instance, i know a fella who moved to a - perfectly tame little town in west virginia, and thought he was getting great deal, but it turned out that it is physically impossible to get decent net connection there (at least without paying for streets to be dug up, six figures)
BingoBoingo: You know how the coastal property market works? Cairo is kinda the opposite. rural AND black! North of the Mason-Dixon line too!
asciilifeform: BingoBoingo: with same logic, why not zimbabwe
asciilifeform: even cheaper
asciilifeform: and blacker
BingoBoingo: But roads out are less nice. Also Cairo has city (flood) walls
BingoBoingo: And big interstate meeting points.
asciilifeform wonders why BingoBoingo has not himself bought the warehouse
BingoBoingo: Too far removed from hobby venue
BingoBoingo: And BingoBoingo already lives in paler region of middle west
Framedragger: asciilifeform: kthx, good to know.
shinohai: ;;later tell mod6 also worked on Deb http://dpaste.com/0S4VX30
gribble: The operation succeeded.
mod6: shinohai: nice!
mod6: <asciilifeform> http://thebitcoin.foundation still contains a buncha #b-a links ? << yeah, shinohai did a project where he transfered over the stuff there like the wiki to the deedbot page.
mod6: i haven't updated the links because i wasn't sure that the deedbot wiki page is fully baked yet.
mod6: the content is baked, not sure about the infrastructure/container itself.
mod6: trinque?
mod6: is this stuff ready?
mod6: and yah, as far as I can tell asciilifeform, the only #b-a links there (three of them) are pointing at wiki.bitcoin-assets.com
mod6: or did you see others?
trinque: the thing's fine to be linked to, but I don't think shinohai finished transferring pages
shinohai: All are there except mebbe 2-3 articles I haven't finished formatting
mircea_popescu: asciilifeform not afaik.
asciilifeform: mircea_popescu: all it'd take is a sha1 collision
mircea_popescu: i meant re hangout
asciilifeform: with ANY of the sha1 from the total set of signatures publicly known for key K
asciilifeform: (every time a sig is published, this job gets slightly easier...)
asciilifeform: btw does mircea_popescu know what would happen if a pgp key with his main key but new magical subkey were generated and posted to sks ?
asciilifeform: ... it would be displayed as latest; folks who -receive-key longfp would end up with it; all known pgp clients - happily encipher to it; etc.
asciilifeform: but i think we may have already done this thread
asciilifeform: (though for some reason it refuses to turn up)
a111: Logged on 2016-06-17 01:27 mod6: and yah, as far as I can tell asciilifeform, the only #b-a links there (three of them) are pointing at wiki.bitcoin-assets.com
mod6: cool thx alf
asciilifeform: incidentally 'all my chums get my key only from my hands' dun help.
asciilifeform: because ~sigs~ made with the magic sub will pass.
asciilifeform: (as valid, both for folks with mircea_popescu's genuine pubkey, and for those with the magic one)
mircea_popescu: kinda why i don't like the "auto trust" bs.
asciilifeform: hence 'subkey must die!'
mircea_popescu: it entirely subverts pgp. and i don't believe it to be accidental either.
mircea_popescu: now, the ad-interim solution is to a) sign the key ; b) only encrypt to signed key. but... dun help noobs.
asciilifeform: by no means accident. a thick part of the rfc is specifically devoted to it, one way or another
asciilifeform: mircea_popescu: enemy can just as easily sign ~his~ variant
asciilifeform: and ditto.
asciilifeform: munchausen could fly by pulling own boots
asciilifeform: but we - cannot.
deedbot: [Recent Phuctorings.] Phuctored: 94161167995487098188563131 divides RSA Moduli belonging to 'Carl Christoph Leimbrock <christoph.leimbrock@gmx.de>; ' - http://phuctor.nosuchlabs.com/gpgkey/41CE4AD52DCCD849DEFF2F8EF2F59A5563DEF92184DA02E60743A44F38C9BDE4
← 2016-06-15 | 2016-06-17 →