Show Idle (>14 d.) Chans


← 2016-08-16 | 2016-08-18 →
trinque: http://www.cnet.com/news/snowden-nsa-hack-russia-warning-election-democratic-party/ << Snowden wrote the "circumstantial evidence and conventional wisdom" suggested Russia was behind the alleged hack.
trinque: wahahaha
trinque: that and the puppeteer's hand up his ass.
mircea_popescu: the more i'm thinking about it, the more it becomes obvious you're trying to split this wood ( http://btcbase.org/log/2016-08-16#1522843 ) in the right place alf.
a111: Logged on 2016-08-16 21:36 asciilifeform: mircea_popescu: i had two arguments. one is that it dramatically simplifies the design of the cryptotron. (essentially becomes a mildly scriptable bignum calculator.)
mircea_popescu: lol shinohai did you talk to her ?
mircea_popescu: o btw phf, you aware of http://btcbase.org/log/2016-07-22#1508571 ? you never said anything. more generally, do you see the value in a ticket set for a111 on mod6 's thing ?
a111: Logged on 2016-07-22 12:20 mircea_popescu: http://btcbase.org/log/2016-07-21#1508508 << how about it phf, see the merit of having a111 archive.is every link it sees, downloading the zip and then presenting a [cached] [saved] pair of links after the line ?
mircea_popescu: http://btcbase.org/log/2016-08-17#1522996 << yeah, i yield the point ; seems alf's theory prevails. at some point the guy was gutted, the skin made hand puppet.
a111: Logged on 2016-08-17 05:05 trinque: that and the puppeteer's hand up his ass.
mircea_popescu: oh also, old lulz is best lulz : https://archive.is/VuxeK
mircea_popescu: quora, a place for people to be lesswrong together.
mircea_popescu: as in "you're not even wrong, you're lesswrong."
BingoBoingo: ;;tslb
gribble: Time since last block: 49 minutes and 12 seconds
mircea_popescu: incidentally, what the fuck are people on about with "full blocks" ? past 8 hours average load is 900ish kb.
mircea_popescu: as there's not a single 0 tx block in there, seems the fee market has actually done a lot to fix various historical mining problems.
mircea_popescu: also, remember the pre-attacking mp days of f2pool + antpool ? back in march ?
mircea_popescu: lo and behold that by august those two barely hold on to a third ; and there's a dozen or so pools over 1%.
mircea_popescu: this experience should be informative for future braves.
a111: Logged on 2016-08-15 13:14 asciilifeform: http://btcbase.org/log/2016-08-15#1521780 << these take at worst a ~week of (a very modest) cpu, to generate.
Framedragger: "It takes 4 seconds to generate a colliding 32bit key id on a GPU (using scallion). Key servers do little verification of uploaded keys and allow keys with colliding 32bit ids. Further, GPG uses 32bit key ids throughout its interface and does not warn you when an operation might apply to multiple keys."
BingoBoingo: <mircea_popescu> also, remember the pre-attacking mp days of f2pool + antpool ? back in march ? << What? History and the future were ever different from now?
thestringpuller: no man's sky is what happens when you try to live off the hype
asciilifeform: ' Hasimir and the "corrupt keys" FUD raised semi-regularly by certain people in another bitcoin channel is just that; ill-informed FUD'
asciilifeform: $rated Hasimir
deedbot: asciilifeform has not rated Hasimir.
asciilifeform: trinque: odd, not all old rating were imported ?
asciilifeform: $key Hasimir
asciilifeform: $rate Hasimir -1 https://archive.is/hfEBt or inquire within.
asciilifeform: $v F2DCC16A07073BBF822F2A74E9DF01ACD5E4F588D52BCF0647B61BC16D8CB908
deedbot: asciilifeform rated Hasimir -1 << https://archive.is/hfEBt or inquire within.
Framedragger: asciilifeform: well, it is true that if you use (semi)sane software for dealing with openpgp, all the diddled keys won't cause a problem for ya.
Framedragger: (not that this makes phuctor any less worthy of a project)
Framedragger: ("random js pgp crap" does not belong in the "(semi)sane software for dealing with openpgp" set)
asciilifeform: Framedragger: i'm more interested in the 'fact of' somebody taking advantage of the js idiots, than in the item per se.
asciilifeform: ditto the null rng keys
Framedragger: asciilifeform: ok, fair enough, hm
asciilifeform: $up boolcrap1
deedbot: boolcrap1 voiced for 30 minutes.
asciilifeform: find yer key, boolcrap1
boolcrap1: i actually finally got a new motherboard
boolcrap1: that was the first step.
boolcrap1: its not lost, i just need to plug in that disk
boolcrap1: i really need to find my phone tho, is there a tool that can locate metal on the ground in a wide area?
asciilifeform: boolcrap1: the tool is called 'squad of duded with minesweepers'
asciilifeform: http://btcbase.org/log/2016-08-17#1523011 << afaik there is no fee market. there is folks slicing off underfee'd crapolade ad-hoc, but it is not same thing.
a111: Logged on 2016-08-17 07:13 mircea_popescu: as there's not a single 0 tx block in there, seems the fee market has actually done a lot to fix various historical mining problems.
asciilifeform: http://btcbase.org/log/2016-08-17#1523013 << public hashrate tables can be made to look like anything you like - it is kindergarten-level spamatronics
a111: Logged on 2016-08-17 07:16 mircea_popescu: lo and behold that by august those two barely hold on to a third ; and there's a dozen or so pools over 1%.
asciilifeform: any pool can, if it wishes, turn into 'smaller pool and N new pools of 1%' overnight.
asciilifeform: ^ in other noose.
asciilifeform: in yet other noose,
asciilifeform: <gribble> Sent 13 minutes ago: <Hasimir> a lot of allegations were made based on some corrupted data found on a single keyserver, yet none of the challenges or even queries from regular posters to gnupg-users were even responded to.
asciilifeform: <gribble> Sent 12 minutes ago: <Hasimir> Back it up with verifiable evidence, otherwise there's nothing but FUD. If you're serious about proving it, I'll go find the challenges in the archives; if not I guess I'll only see IRC ranting
mats: lol
mats: dear god
asciilifeform: https://archive.is/LlaNh << further völkischer beobachter lulz.
asciilifeform: '“Without a doubt, they’re the keys to the kingdom,” said one former TAO employee, who spoke on the condition of anonymity to discuss sensitive internal operations. “The stuff you’re talking about would undermine the security of a lot of major government and corporate networks both here and abroad.”'
a111: Logged on 2016-08-17 11:45 BingoBoingo: <mircea_popescu> also, remember the pre-attacking mp days of f2pool + antpool ? back in march ? << What? History and the future were ever different from now?
a111: Logged on 2016-08-17 12:54 asciilifeform: ' Hasimir and the "corrupt keys" FUD raised semi-regularly by certain people in another bitcoin channel is just that; ill-informed FUD'
trinque: $s from:asciilifeform !rate Hasimir
a111: -1 results for "from:asciilifeform !rate Hasimir", http://btcbase.org/log-search?q=from%3Aasciilifeform%20!rate%20Hasimir
mircea_popescu: -1 results ?!
mircea_popescu: ahahahah
mircea_popescu: this is one hell of a morning.
trinque: there! you see!?
trinque: ahaha
mircea_popescu: $rated hasimir
deedbot: mircea_popescu rated hasimir 1 at 2015/05/21 21:29:19 << Ben McGinnes, aparently the new treasurer of Pirate Party Australia
mircea_popescu: $rate hasimir -1 Ill informed idiot.
asciilifeform took the chance of trying to cure the schmuck, see linked heathen l0g. did not, of course, have any effect.
mircea_popescu: $v 58874FFB68E2C30BAAB111CE578ACFD4BD388435131A1ABE7EF454692B7C335F
deedbot: mircea_popescu updated rating of hasimir from 1 to -1 << Ill informed idiot.
mircea_popescu: asciilifeform by now there's a bunch of wanna-be this chan scattered around huh.
asciilifeform: evidently.
mircea_popescu: amusingly, they copy only the pretense with none of the substance.
mircea_popescu: aaaanyway.
asciilifeform: what else can cargocult do. you expected a working plane ?
mircea_popescu: http://btcbase.org/log/2016-08-17#1523032 << there is a major difference between scientific speech and political speech. i don't care about the stupid conclusions random nobody arrives at. the moment however he emits judgements of value that happen to contradict mine, i no longer care HOW he arrived at them, merely that he stated them.
a111: Logged on 2016-08-17 13:17 Framedragger: asciilifeform: well, it is true that if you use (semi)sane software for dealing with openpgp, all the diddled keys won't cause a problem for ya.
mircea_popescu: evidently, the socialist party does the exact same thing. for reasons of habit however, it doesn't irk you when they do it ; only when we do it.
mircea_popescu: it is not sufficient for this habit to be removed ; it actually has to be reversed.
mircea_popescu: when $empire$ does it, let it irk you ; when $republic$ does it, let you not notice.
asciilifeform: sorta like the loon in -otc thread, who brought up 'sipa's head' as an... argument
asciilifeform: heathen is not the least bit bothered by the heads usg removes each day.
mircea_popescu: i dun intend to read all that.
asciilifeform: mircea_popescu: you aint missing much
danielpbarron is banned from the linked channel, as well as -dev and -assets :D
mircea_popescu: why, you killed sipa ?
danielpbarron: not as good a pig wrestler as asciilifeform I guess
mircea_popescu: http://btcbase.org/log/2016-08-17#1523044 << a) not much metal in phone ; b) yes, treasure hunters keep going beachcombing etc with it.
a111: Logged on 2016-08-17 13:35 boolcrap1: i really need to find my phone tho, is there a tool that can locate metal on the ground in a wide area?
asciilifeform: mircea_popescu: ipnoje is a thick aluminum can.
mircea_popescu: there is that.
danielpbarron: asciilifeform, thanks but I mean i've had /mode +b set on me in all three channels at some point, not that I can't read the public log, or even re-join today. Although my IP does appear to be banned from accessing b-a public log
asciilifeform: danielpbarron: congrats?
asciilifeform: rare honour.
a111: Logged on 2016-08-17 14:05 asciilifeform: any pool can, if it wishes, turn into 'smaller pool and N new pools of 1%' overnight.
asciilifeform: ^ aha, and ergo public 'pool stats' are approx. as interesting as what 'snowden tweeted'
mircea_popescu: of course, the general point here being that we're seeing a lot of suboptimal allocation. why the fuck are you doing the job of sm gurlz, and poorly, alfie ?
mircea_popescu: they can't do the job of you.
asciilifeform: what's a sm gurl
danielpbarron: social media, /me guesses
danielpbarron: aka pig wrestling
asciilifeform: well i dun have a stable of gurlz, and so end up like the folks in the old german '1 man bands', with toe-operated drum, arse-operated trumpet, cock cymbal, etc.
mircea_popescu: lmao these fucking idiots.
mircea_popescu: "I doubt this will ever happen. Even he never cracked any PGP keys at all, the FUD he spread around was a nice way to get some free advertising. Look, people saying his name on gnupg and enigmail lists, which are quite popular I believe."
mircea_popescu: are these dudebros totally fucking deluded ? for gawker tards to imagine (wrongly) that gawker sees more traffic than trilema is one thing.
mircea_popescu: but really, obscure open sores neckbeards on a nowhere list ? what the FUCK is wrong with brains that makes them rot so.
mircea_popescu: asciilifeform question is why would you.
asciilifeform: normally i ignore the peanut gallery. on occasion it leaks in through the keyhole (the inmates take the effort to write to me) and so pig fuck visit.
Framedragger: http://btcbase.org/log/2016-08-17#1523089 << point of frustration acknowledged; however, ftr it *does* irk me when $empire$ does it; i don't point fingers at *that* here because there's a point of exhaustion and tiredness re. the latter (*not* learned helplessness / acceptance, note), and it appears to be sufficiently covered by others here :)
a111: Logged on 2016-08-17 16:13 mircea_popescu: evidently, the socialist party does the exact same thing. for reasons of habit however, it doesn't irk you when they do it ; only when we do it.
mircea_popescu marks down august the 17th, that lulzy day when some idjit thought enigmail is "popular"
Framedragger: (also, ha, just saw the star wars parallel)
mircea_popescu: Framedragger so they win by exhaustion ?
asciilifeform: re the 'dudebros', it is part of the 'we control the vertical and the horizontal' disease. notice, if you read the heathen log, how... novel, how foreign the idea of ~downloading the keys~ and ~multiplying the factors~ seemed to these folks.
Framedragger: nono they do not win; but i don't feel like articulating their shit every time it happens
mircea_popescu: cuz it's kinda the principle, yes, empire is founded on the principle of "never argue with idiots" : they aim to exhaust everyone who knows better and then do their dumb shit.
Framedragger: (maybe it should be done; but again, it appears to be covered by others, incl. qntra)
asciilifeform: 'whaddayamean actually replicating. facts are enacted by pronouncement! and our pronouncement arse outranks yours! '
Framedragger: mircea_popescu: yeah there's a slippery slope there, i guess.
mircea_popescu: asciilifeform except it doesn't. it's almost exactly like random third world shithole, where random dude literally dying of hunger imagines "his pronouncement arse outranks mine". and then obv it's unfair when his daughter prefers to run away from home.
mircea_popescu: Framedragger more importantly though, do you see some goal here ? or trying to accomplish something ?
trinque: asciilifeform: they're a class of mimics; of course they don't know or care where facts originate.
mircea_popescu: political speech is going to be political speech ; you aim to change that ? or what is your investment exactly ?
asciilifeform: mircea_popescu: the rando pictures himself as 'playing on the team', like the fat ball game watcher described in mircea_popescu's article on subj
mircea_popescu: trinque yeah, sure, the equivalent of vampyr, the junior high vampire cca 1990. problem is, junior high vampire doesn't actually believe there's 85,7 mn people going to his highschool, nor that the population on campus grounds exceeds that of guangzou
asciilifeform: where was that greek gestapo quote...
Framedragger: mircea_popescu: i currently refuse to articulate explicit alignments. but, i contend that i should have interpreted that dood's speech on #bitcoin-otc as political speech
asciilifeform: the one where 'america is with us, you are a fool to resist'
Framedragger: mircea_popescu: and hence my remark was useless, +/-
mircea_popescu: Framedragger i dun care about all that ; i'm more interested about the philosophic angle to it.
mircea_popescu: so ... is it... wrong that some statements proceed from authority ?
mircea_popescu: asciilifeform was greek equiv, 1980s
a111: Logged on 2016-07-07 18:09 mircea_popescu: here's something for the historian in alf! there's ancient statement of the principle, recorded in 1970 milwaukee journal : "You make yourself ridiculous by thinking you can do anything. The word is divided in two. The Russians and the Americans, no one else. What are we? Americans. Behind me there is the government, behind the government is NATO, behind NATO is the US. You can't fight us, we are Americans."
mircea_popescu: asciilifeform only thing is, back then the us was run by reagan and i more or less liked it.
mircea_popescu: certainly liked it a shitload more than kruschev's su. which is the fucking point the idiot elides. the LEADER is ~the only concern.
mircea_popescu: who the fuck wants to be in the same room as "hrc"'s dead cooch.
asciilifeform: and american supermax prison feels like paradise to a fella who sat in a kazakh zindan.
asciilifeform: same idea.
mircea_popescu: im not entirely persuaded by this. i can't really say i had it all that bad in romania at any point.
Framedragger: mircea_popescu: hm. no. but i'm not mature enough for this discussion (you may say), e.g. i still harbour ideas about anarchism etc.
Framedragger: there is a danger of one presupposing the veracity of their own's truths, but this isn't exactly an original thought or anything; just, well, i *do* observe yourself and alf defending the power of phuctor's results almost a priori as it were;
mircea_popescu: Framedragger i wouldn't mind discussing this.
asciilifeform: Framedragger: if you have a factual criticism of whichever phuctor output, this here's the place.
Framedragger: as in, any claims to the contrary (of the power of those results) are attacked with such force that it hints at some kind of defensiveness; but perhaps this is precisely what it means to have a political position.
mircea_popescu: i perceive the following problem : in my (rightful) bashing of idiocies (allinged around "colored coins", "dao" etc, that jazz) i distinctly hear the crushed hopes of people who look at those as a refuge from something else, specifically. i suspect it's hwqat you call "anarchists"
mircea_popescu: there's two classes composing the support there. one, the wider, is plain idiots, of the us business major sort. the other, however, hopes to be saved from some darkness within or i dunno wtf.
mircea_popescu: (on the sub-subject of "defending the power of phuctor's results" << it is entirely reactive. just as doctor defending the power of sanitation. in some contexts it's the only thing a doctor can say - and he can be rendered "ridiculous" by insisting on presenting him in that context, but really, the joke's on the unwashed.)
mircea_popescu: (other than in a discussion with the sort of imbecile typified today by hasimir, i dunno either of us gives half a shit.)
Framedragger: asciilifeform: apologies if i am mistaken here, but iirc phuctor was reported to have cracked some pgp keys when at that point in time none of the keys cracked had valid self-sigs. the presentation from tmsr (trilema/phuctor) to me appeared to have overstated the results, so to speak. (but then later subkeys with valid selfsigs were found, iirc). this isn't a technical point, i suppose.
mircea_popescu: link to those reports then ?
mircea_popescu: because my recollection is, me/alf/phuctor made some very careful statements, pinoy restated them wronglyt and proceeded to win the war with the strawmen.
Framedragger: ah, hm
Framedragger: (funnily enough, as regards authority, i regard 'tptacek very highly)
Framedragger: (from that HN comment)
mircea_popescu: "may have" is the contention ? or ?
Framedragger: (i'm sorry for being slow here, multitasking with too many tabs)
mircea_popescu: no rush.
mircea_popescu: the one true advantage of irc as we have it is that well... nobody's hanging on this thread.
phf: Framedragger: i regarded ptacek very highly at some point, but can you point to something that ptacek/matasano did?
mircea_popescu: who is this ? (excuse me, i'm new!)
phf: for extra point, without doing a google search
phf: mircea_popescu: orcland coloured pants heroes
mircea_popescu: the... what ?!
Framedragger: mircea_popescu: http://trilema.com/2015/more-factored-rsa-keys-and-assorted-other-considerations/#selection-467.207-467.303 << with regards to "may have", can't see how that could be a problem - would be non sequitur masturbation on my part for sure; but the selected text - "Some are not signed at all - which notably means that yes gpg will import, and yes gpg will use." - does gpg actually
Framedragger: import subkeys with no valid self-sig? or am i misreading what is stated in the article? because to me those statements (in the broader context) are rendered into that meaning precisely.
mircea_popescu: maybe alf's mp-generator dun work too well, but lo and behold - my phf-parser dun work half as much!
phf: mircea_popescu: in orcland, we have game, we put colored pants on people, and let them be our heroes. their pants distinguish their status in hierarchy
asciilifeform: Framedragger: phuctor, today as in 2013, is strictly a 'transform T was applied to input I, which you can get here and here, and produced output O, downloadable here' affair.
mircea_popescu: Framedragger afaik it imports but warns, and you can run it in a context with warning supressed.
asciilifeform: mircea_popescu: phf's ref is to iconic su mega-film , http://www.imdb.com/title/tt0091341
mircea_popescu: oh oh oh.
asciilifeform: seen by ~all ru-speaking folk alive.
mircea_popescu: ok but can we be specifix plox!
Framedragger: asciilifeform: oh i won't argue with that! well, of course. but say i took your pubkey and generated a subkey for it and uploaded that subkey (it wouldn't import into gpg). would you truly care?
asciilifeform: 'yellow pants' is a byword, on ru-lang forumz, for 'ranking gentleman for no particular reason but shuddup and suck plebe'
mircea_popescu: Framedragger suppose i do that, and i get a message from a woman who thinks i'm him, and take her out to coffee and she brings me seven children over thirty years.
mircea_popescu: would he truly care then ?
Framedragger: mircea_popescu: okay, fair point, then. i should have checked. (maybe i will, out of curiosity / concern). not that i have *too* much faith in gpg, sure
phf: "could've checked" is the moto of reddit generation
mircea_popescu: yes, we're adjusting the meaning of rsa-crypto to explicitly not care, as discussed yest. but this is novel.
a111: Logged on 2016-08-16 21:27 asciilifeform: mircea_popescu: you take an inch from enemy, but give him many more:
asciilifeform: Framedragger: see also phuctor faq, recently updated with findings of several rubbish pgptrons which NEVER check selfsig.
Framedragger: mircea_popescu: this then is a critique of sks keyservers, strictly. there was a thread on their ML, they rejected the idea of rejecting such subkeys (...)
mircea_popescu: except from my pov i dun actually care to distinguish the cockroaches to the point of naming them
phf: mircea_popescu: ptacek is a "security expert" and founder of a security company matasano. he posts a lot to hackernews, and is regarded as authority. a simple question "what did ptacek actually did" usually doesn't produce any answers though
mircea_popescu: this disregard of the cockroach births register can't possibly be a criticism of me.
Framedragger: asciilifeform: yeah that is fair, too, though i maintain that anyone using any such implementation is an irrevocable shithead and phuctor won't do them much good anyway - but maybe it will, i don't know; and phuctor is a needed public service anyway (so i'm not arguing against that, ftr)
mircea_popescu: phf in fairness, digging too deep into english space "authority" is never well advised. trump turns into "guy who ~squandered inheritance" for eg.
mircea_popescu: i suppose i should say "colorfully squandered", makes it go full circle.
asciilifeform: Framedragger: phuctor has very little to do with curing particular lepers.
Framedragger: phf: matasano crypto challenges and the new crypto ctf thing he and others did (i didn't try it) are a great public service; i mean the challenges start simple in the beginning but if one followed them to the end, actual reading of recent crypto papers would be required etc.; surely that counts as something? he didn't pioneer anything in crypto, sure.
mircea_popescu: oh oh they're the people with the crypto challenges ?
Framedragger: phf: but he did produce a valuable corpus of comments on HN, incl. decisive critique of cryptocat, etc etc
Framedragger: mircea_popescu: yeah, i mean, the dude thomas p tacek is, at least
asciilifeform: i would even say that the bulk of the real win from phuctor existing is the exposure of the actual allegiances of the so-called 'security experts'.
phf: so in other words he posts to hackernews a lot
mircea_popescu: alright.
Framedragger: "mp posts on his blog a lot"
mircea_popescu: phf as long as he's not wrong...
phf: Framedragger: that's not the only thing mp does though
Framedragger: phf: bashing and critique of shitty crypto projects, calling out their authors (see discussions between tptacek and kaepora or however the other dood's nick is spelled) - they're a valuable public service
mircea_popescu: sounds a lot like mpoe-pr by now.
mircea_popescu: phf and if it were ?
Framedragger: phf: yes, true, i know, but for some mp is "person who wrote lots of important text"
asciilifeform: and hanno boeck also posts all day long to mailing list, with 'bug reports' (burned usg vulns)
asciilifeform: also 'public service' ?
Framedragger: asciilifeform: slippery slope fallacy
mircea_popescu: damn. poor Framedragger , that "pure world, biaseless, untainted by rooting in authority" is crumbling so fast ;/
Framedragger: asciilifeform: i claim that one can post actually valuable stuff, seen by other people; and one can post shit, and these categories can be distinguished.
mircea_popescu: Framedragger ie, there is absolute value, IN words ?
mircea_popescu: shall i quote voltaire to you ?
asciilifeform: all i solidly know of the tptacek fella is his reaction to phuctor.
Framedragger: mircea_popescu: god damn it, no.. i'm anti-essentialist anyway
asciilifeform: which is quite the same as that of the rest of the 'seeek0000rity komyoonity'.
asciilifeform: 'it never happened, and, oh, incidentally, hanno boeck! and hey craigwright is satoshi, and hey, big blox! and it never happened.'
Framedragger: asciilifeform: look i won't fault you for pre-forming an opinion on tptacek and not spending your valuable time re-evaluating it. but such heuristic lumping of people into two camps is rather crude indeed. i know someone may reply "this serves tmsr's purposes well anyway, so what of it" - well, okay..
asciilifeform: Framedragger: i went to visit the -otc heathen folk specifically to test my working hypothesis, of phuctor as an unfailing political litmus strip.
asciilifeform: it did not fail.
asciilifeform: found exactly what i expected to find.
Framedragger: asciilifeform: ... "everyone who disagrees is usg stooge" is the vibe i'm getting; impossible to have an actual conversation then
asciilifeform: 'disagree' is not the word.
mircea_popescu: "Il est à remarquer que l'once d'argent ne vaut pas cent de nos sous valeur intrinsèque, comme le dit l'Histoire de la Chine; car il n'y a point de valeur intrinsèque numéraire; mais à prendre le marc de notre argent à 50 de nos livres de compte, cette somme revient à 1250 millions de notre monnaie en 1740" <<< he knows. in 1700!
asciilifeform: 'there was no finding. and oh incidentally hanno boeck found the finding. and hey there was no finding.'
asciilifeform: this is not 'disagree.' it has another name.
mircea_popescu: Framedragger the reply isn't "this serves tmsr's purposes", but moreover, the reply is that he's in charge of his own household, and if he is making a mistake it'll hurt... him. and if the other made a mistake, evidently it'll hurt... the other.
Framedragger: asciilifeform: one *could* maintain that there was no interesting finding for someone who trusts gpg import policy. and yes, a fool is he who trusts gpg; but a charitable interpretation of such an opinion is possible
asciilifeform: Framedragger: observe the 'neverhappening' of the ssh key pops, which have 0 to do with gpg policy.
asciilifeform: the latest derp pretended, quite vigorously, to have never seen it.
mircea_popescu: "everyone who disagrees is usg stooge" <<< this is not the criterion. everyone who dresses his "position", which they don't even call disagreeing, IN THE SAME COLORED PANTS, evidently shops at the same shop. you see ?
Framedragger: mircea_popescu: agree re no intrinsic value, incidentally. this does not nullify there being possible to distinguish valuable writing from shit writing, *within a framework of meaning* that we can all agree on.
phf: mircea_popescu speaks from experience, of things that he have practiced. even mpoe-pr's rants were using internal mpoe practices as a model for argument. it's not clear that ptacek has any kind of similar standing, because we don't know what he did. he argues for best practices, which he could've as easily picked up from reading others. compare to, say, djb, who, when speaks about security, uses his extensive qmail (etc.) experience as
phf: a foundation.
Framedragger: asciilifeform: yes, okay, that... is bullshit, lol.
mircea_popescu: on one hand you have people with the fixed part "disagreeing", who dress it up as they dress it ; on the other, you have the people with the fixed dress, who call "their position" as they may call it. these are very different, and the latter's easily disqualified.
phf: just because he happens to say right words, doesn't mean that he's right.
mircea_popescu: phf point taken.
mircea_popescu: "i could be mp, i read all he wrote" "and if tomorrow mizdra lands with an alien submarine, what will you say as mp ? this hasn't happened in the past ALREADY, for you to life the quote"
mircea_popescu: copies work well for the past, but who can copy the future...
Framedragger: phf: so you don't regard matasano crypto challenges as anything worthy, then?
phf: right, it's sort of a more sophisticated version of alice bot
Framedragger: i need a longer conversation-thread-stack in my mind.
mircea_popescu: #trilema, will rape your mind into a new shape.
asciilifeform: Framedragger: ever see the sequel to bruce schneier's crypto encyclopaedia ?
asciilifeform: Framedragger: the original was written when he was still something like an honest man.
Framedragger: asciilifeform: no - interesting
asciilifeform: the sequel - was almost wholly free of mathematics, and replete with 'best practice because my arse thusly spoke' crapolade.
Framedragger: asciilifeform: (just ftr i don't think too much of bruce, either)
mircea_popescu: this is a "business model", and in the shit the us is these days, it's actually a "premium" business model : establish "authority" of the purely wordy sort, then pivot.
asciilifeform: it worked great, perhaps most recently - for yudkowsky.
asciilifeform: and hell knows how many other charlatans.
Framedragger: mircea_popescu: i mean.. i agree; i just don't agree that tptacek fits the category. sure, there are analogies, but then there exist analogies with mircea_popescu, too.
mircea_popescu: on one hand there's the mfas, a number game, based on brute force. like say http://btcbase.org/log/2016-07-25#1509965 (showaround). on the othe rhand there's "authority blogs", like say gawker.
a111: Logged on 2016-07-25 21:41 mircea_popescu: basic "paid dating app" scam.
Framedragger: asciilifeform: "the sequel - was almost wholly free of mathematics, and replete with 'best practice because my arse thusly spoke' crapolade." << okay, that's sad, and an educational case
mircea_popescu: Framedragger im just saying in general, i myself have nfi who he is.
Framedragger: right, right.
mircea_popescu: understgand that the a/b split-scam scheme there discussed can do this with ~identities~ too. just create a tree of them.
mircea_popescu: people generally misunderstand the extreme power of the fuzzing attack.
Framedragger: phf: i'm curious, what was it that made you to originally regard tptacek highly? was it his words/discussions (and then later you decided that it's the only stuff that the man has actually produced - a fair point i guess, if you dismiss the crypto challenges, for example)?
Framedragger: mircea_popescu: hm, yeah. it can become more serious, i suppose
Framedragger: (need to re-read.)
Framedragger: (ah no i haven't read it before - cool)
mircea_popescu: consider the proper model for this : let there be an unknown endless list of binary questions. you create an endless list of identities, which you publish, 2^(n+1)-1 for the nth question. unknown to anyone but you, they are linked in a tree (ie, you know in advance identity 10111010101 will answer "yes" to q1 no to q2 yes to q 3-5 etc).
mircea_popescu: for an observer, these being unlinked, there's "genius" identity 10111010001 which answered correctly to that many binary questions in a row.
mircea_popescu: in point of fact, there is nothing there.
mircea_popescu: what we ALSO know for a fact is that the count of people actually active on facebook last year (~10mn) is deeply dwarfed by the number of facebook accounts (>1bn).
mircea_popescu: where's the difference from ? and if it were this, who'd know ?
mircea_popescu: and this is just the first step. nothing forces your identities to keep playing ; you can retire them at any point you wish, and now you have a stable of "never wrong over n binary questions" respectables.
Framedragger: mircea_popescu: the point is that whether the difference is from this kind of tree ordering, this is unknowable..
mircea_popescu: this is ~half of the usg "national security" plan, except they suck at both modelling and implementation.
Framedragger: mircea_popescu: uh that was a question, more like
Framedragger: right.
Framedragger: good stuff
mircea_popescu: Framedragger yes, it is unknowable. but the naive defense of the person first contemplating this issue is "oh, this is too noise, i'd hear about it"
Framedragger: nice formal model
mircea_popescu: that works, EXCEPT you already tune things out because... IT IS TOO NOISY
mircea_popescu: so no sort of argument.
mircea_popescu: which is all i mean by that.
phf: Framedragger: i was young and a bum, i recognized all these people because my entertainment machine would reinforce their presence for me. "oh jwz is talking. oh now it's ptacek. oh it's paul graham! squee". but they were always in a different category from say norvig or knuth or naggum. once i started doing and learning (i.e. painfully read knuth, rather than just have him on my shelf) i finally was able to grok the difference.
mircea_popescu: now, to be perfectly clear, i'm not either accusing or suspecting x guy of this, chiefly because i don't imagine he has the resources. nevertheless, phf's objection is much harder to reject than superficially appears.
asciilifeform: a good chunk of what the 'genius splitters' are kept around for is to be blown on annoyances like phuctor.
asciilifeform: (consider how boeck was grown. and used.)
mircea_popescu: more like, a good chunk of what this stable of uselessness tries to argue its usefulness from, is their utter failure to do anything about things like phuctor, misrepresented.
asciilifeform: the particular flavour of tptacek's dismissal of phuctor suggests that it was his 'now do your duty' moment.
mircea_popescu: ironically, people in the contemporary, anglo sense of that term WANT to be these empty identities. no idea why or how; but imo much more serious a threat to anarchism than any kind of authority.
mircea_popescu: gets lulziest when they encounter people who do not want to exchange their life for a fetish, and then explode into "putin doesn't understand how the world works!!1"
asciilifeform: mircea_popescu: this is almost literally what played out in the heathen pit today.
Framedragger: phf: ha, nice. well, fair. (it made me warm inside to recall that i *never* took paul graham for much; anyone who reads only a bit by him on stuff that they know something about will realize this; e.g. http://idlewords.com/2005/04/dabblers_and_blowhards.htm (this is the "website obesity" guy))
mircea_popescu: asciilifeform so it is.
Framedragger: mircea_popescu: just to me, any dreams of "global anarchist revolt" *are* lost on me (i'm terribly naive but not *that* naive). personal responsibility and individualism (vague word, i know) are necessary conditions. and.. yeah, i don't have much hope for humanity, given that...
Framedragger: s/just to me/just ftr/
mircea_popescu: which is how people end up with the notion of butchering most of the extant walkers.
mircea_popescu: not that it's a novel, or worthy idea.
asciilifeform: 'no scripts are new' (tm) (r)
phf: Framedragger: when did you first encounter paul graham?
Framedragger: phf: probably ~7 years ago, give or take; i predict what you're going to say: in 2009, he was already spewing too much nonsense
Framedragger: before, he would try to keep his focus on lisp
Framedragger: and he wrote that book, quite earlier than that
asciilifeform: Framedragger: the man had two - entirely acceptable - school textbooks on common lisp, in 1990s.
Framedragger: so it makes sense for someone who got acquainted with him earlier to regard him more highly
asciilifeform: i have them here.
Framedragger: (i may be mistaken about the actual number of years)
Framedragger: asciilifeform: aha, right.
Framedragger: s/to regard him/to have had regarded him/
phf: i don't really think his message changed, it's just that he started talking about different things. there's the lisper period and then the hackernew/yc/startupschool period. i knew of him, because of the excellent On Lisp book, so i read hackers and painters when it came out, and read that dabblers and blowhards article when it came out, possibly because i thought that hackers and painters was awful (the book literally has low
phf: fractional snr, and only because there's a few paragraphs about how they used clisp at yahoo stores)
Framedragger: http://btcbase.org/log/2016-08-17#1523161 << you know, that's an apt characterization, and i think you're right re that second group of wanna-be anarchists; true, probably. and i am aware that tmsr regards bitcoin *quite* differently indeed, which manifests in the block size discussion etc. yeah.
a111: Logged on 2016-08-17 16:31 mircea_popescu: i perceive the following problem : in my (rightful) bashing of idiocies (allinged around "colored coins", "dao" etc, that jazz) i distinctly hear the crushed hopes of people who look at those as a refuge from something else, specifically. i suspect it's hwqat you call "anarchists"
Framedragger: phf: ha - nice.
phf: but when i made it to the first startup school, my reaction was "nerds trying to be businessmen, stick to doing nerd things". it took me many years to understand how their fundamental views made them not only suck at life, but also fucked up the computing.
asciilifeform: 'After the European Central Bank's most recent rate cut in March, private-sector banks are paying what amounts to an annual levy of 0.4 per cent on most of the funds they keep at the eurozone's 19 national central banks. ... but private bankers and insurers are already thinking of creative ways to avoid those charges altogether. One way is by turning the electronic money they keep at central banks into cold, hard cash. Munich Re has
asciilifeform: experimented successfully with storing a double-digit million sum of euros in cash at what the insurer describes as a manageable cost. A few other German banks, including Commerzbank, the country's second-biggest lender, have also considered taking the step. But when a Swiss pension fund attempted to withdraw a large sum of money from its bank in order to store it in a vault, the bank refused to provide the cash, according to local m
asciilifeform: edia...'
mircea_popescu: http://btcbase.org/log/2016-08-17#1523127 << wasn't a star wars reference ; it was a concordat of worms reference. you know, with the guelphs ghibelines et all
a111: Logged on 2016-08-17 16:23 Framedragger: (also, ha, just saw the star wars parallel)
a111: Logged on 2016-08-17 17:00 phf: right, it's sort of a more sophisticated version of alice bot
phf: yes
mircea_popescu: http://btcbase.org/log/2016-08-17#1523186 << btw speaking of this, you know about stephen the great's pants ?
a111: Logged on 2016-08-17 16:43 phf: mircea_popescu: in orcland, we have game, we put colored pants on people, and let them be our heroes. their pants distinguish their status in hierarchy
phf: no, but i suspect it's a holly relic now
mircea_popescu: this guy, legendary ro leader, fought something like 50 encounters with the turks, won over 90%. including you know, crazy shit with 1.x mn men on opposing side.
mircea_popescu: so joke is, vornic comes to stephen, my lord, the turks are coming. "a lot ?" well... there's the vidin pasha with maybe 100k jannisary + etc
mircea_popescu: "get my my red pants"
mircea_popescu: but why the red ones majesty ? well... if i get hurt, the troops won't see the blood and won't lose heart.
mircea_popescu: so they go, beat the turks back over danube, take trophies, build monastery, rape the nuns etc.
phf: ahaha, sorry i got it
mircea_popescu: next year, my lord, the turks are coming ? "a lot ?" well... suleiman himself, 1mn infantry, more horse than previously known to exist in the world, etc
mircea_popescu: "bring my my brown pants"
trinque: l0l!!
phf: :D
phf: proper voievod like, knows when to bleed and when to shit his pants
asciilifeform: sequel: ... the general puts on brown pants, epic battle, he shits pants, loses half of army, but - just barely - wins. but next years... 'sir, whole army of the turk is here.' .... 'bring my miniskirt.'
mircea_popescu: actually, this guy died sovereign, over a rather enlarged moldavia (took mostly from poles, lithuanians etc). he left testamentarily that "listen to your old shepherd, deal with the turks ; unlike the russians, the turks keep their word"
mircea_popescu: http://btcbase.org/log/2016-08-17#1523334 << the memory hole effect. un-fucking-washable, for some god forsaken reason.
a111: Logged on 2016-08-17 17:33 phf: but when i made it to the first startup school, my reaction was "nerds trying to be businessmen, stick to doing nerd things". it took me many years to understand how their fundamental views made them not only suck at life, but also fucked up the computing.
mircea_popescu: http://btcbase.org/log/2016-08-17#1523293 << by the way, i don't think the implication of that discussion can't possibly be understated. for instance, it is a common etatist criticism of "what they call bitcoin" so really, tmsr, that "everyone running a business has an incentive to eventually run so eventually will" sort of thing.
a111: Logged on 2016-08-17 17:12 mircea_popescu: this is ~half of the usg "national security" plan, except they suck at both modelling and implementation.
mircea_popescu: this point is valid, the only problem is that it mostly discusses THE STATE. yes, every fiat entity has the incentive to eventually pivot ; and they all do. the derps are currently insulated from this by the momentary happenstance that the thieves are in a compact, called "the state", and everyone left outside is well... not someone you'll hear about. because exactly of http://btcbase.org/log/2016-08-17#1523303 "entertainment
a111: Logged on 2016-08-17 17:13 phf: Framedragger: i was young and a bum, i recognized all these people because my entertainment machine would reinforce their presence for me. "oh jwz is talking. oh now it's ptacek. oh it's paul graham! squee". but they were always in a different category from say norvig or knuth or naggum. once i started doing and learning (i.e. painfully read knuth, rather than just have him on my shelf) i finally was able to grok the difference.
mircea_popescu: machine".
mircea_popescu: historically, it was ensured by exactly the same process that ensures you can find your goat in http://trilema.com/2012/anonimity-or-the-urban-versus-rural-dispute/ - which is to say low pop density and the necessary orcishness therein produced will "protect" you in the sense not having lasers protects you from shining them in your eyes.
mircea_popescu: nobody in the time of voltaire had retina burns from laser watching.
mircea_popescu: which brings us full circle to why exactly it is that universal butchery http://btcbase.org/log/2016-08-17#1523317 : by making fewer people you DO make the problem "go away" ; but you resolve naught.
a111: Logged on 2016-08-17 17:21 mircea_popescu: not that it's a novel, or worthy idea.
mircea_popescu: so now back to the issue : we have some semblance of defense against what is in fact a universal problem ; they don't, and are in denial. as per the cannonical expression of this situation, http://trilema.com/2015/why-representative-democracy-doesnt-work-and-doesnt-make-sense/#selection-147.267-153.105
asciilifeform: mircea_popescu: the 'split fuzzing', note, is how lizard folk approach virtually ~every~ problem - even the production of 'musicians' by disney, etc.
asciilifeform: mass of chumps is modelled as idiot machine, that dun care that you had previously tried 999,999,999 wrong passwords, etc.
a111: Logged on 2016-08-04 19:59 mircea_popescu: but it's certainly quite deep. the vermin doesn't merely aim to a comfortable existence, but more importantly to a memory-less situation.
asciilifeform: in other not-quite-noose, https://archive.is/gsdsL << summary of nsa turd. accurate per my own read.
mircea_popescu: asciilifeform quite, yeah.
mircea_popescu: river of meat fishin'.
mircea_popescu: for my sins i ended up with split log situation
mircea_popescu: asciilifeform need i quote at you btw ? "i will believe it when crown jewels leak" ? do you believe now ?
asciilifeform: cisco garbage is not 'crown jewel' to asciilifeform .
asciilifeform: this position has never changed.
asciilifeform: 'crown jewel' is, at the very least, something nontrivial from cryptodirectorate.
mircea_popescu: you will never believe.
asciilifeform: i'll believe, when, e.g., the recipe for taking 100MB of aes ciphertext and distilling out the key, is posted.
asciilifeform: or similar.
asciilifeform: i even believe in the authenticity of the cisco crud, it is simply not esp. interesting
asciilifeform: (and certainly not interesting enough to disclaim 'hangout' hypothesis.)
mircea_popescu: a) there is no dispute from you that this was actually their shit ; b) apparently so much is available some of actually their shit can be freely distributed, in gb sized portions.
asciilifeform: ~none of the affected systems are in use today outside of the most godforsaken orclands.
mircea_popescu: these you somehow transform into i have nfi what, but the fact remains : whether the cock went through the cervix into the uter or not,
mircea_popescu: this is no virgin.
asciilifeform: none of it is even 'heartbleed'-grade.
mircea_popescu: "i'm gonna rape you" "i dun believe" *rapes her* "tee hee, my filling is stil lattached to this cavity"
asciilifeform: if boeck had posted same pile, mircea_popescu would immediately recognize it as 'burning old holes'
asciilifeform: which - imho - it very likely is.
mircea_popescu: anyway, operation SHITTYNAMES
mircea_popescu: asciilifeform lol, what, you mean they moved from py ? to what, ada ?
asciilifeform: who/where
mircea_popescu: their exploit library was also "burned" in the pyre.
asciilifeform: well, the ciscolade etc. is particular to 7+ y.o. fw.
mircea_popescu: asciilifeform people stopped buying new cisco cca 2012 anyway.
asciilifeform: in most of the samples, the actual exploit used to get control of the box is not stated, quite likely it consisted of 'interdict the parcel'.
mircea_popescu: what, cookie overflow, ifconfig bug, plenty in there.
asciilifeform: there were a few.
mircea_popescu: funny shit where the files usg stole from sr are supposedly being sold for x unless they were actually stolen first by freelancing agents etc ; whereas the files ? stole from usg are being sold for 100x.
asciilifeform: ( the thing that is not clear to me is what part of this leak prevents even a single parcel from being intercepted, with old ~or~ new cisco rubbish in it, and patched to admit the cock, supposing any of these devices even ~need~ such treatment, given that the master keys are escrowed already )
asciilifeform: mircea_popescu: dunno that 'send a non-refundable bid, and oh also price is 1 MIL BTC' counts as 'for sale', more of elaborate gag
asciilifeform: ;;balance 19BY2XCgbDe6WtTVbTyzM9eR3LYr6VitWK
gribble: 1.64237
mircea_popescu: right. not how hanno bock'd do it.
asciilifeform: more how wright would do it.
mircea_popescu: possibru.
asciilifeform: (not quite relatedly, why was gribble able to answer the 'balance' question so quickly ?)
mircea_popescu: how long should it take ?
mircea_popescu: asciilifeform pretty lulzy how butthurt they are at the fact bitcoin raped them, though.
mircea_popescu: The auction “is a joke,” Weaver said. “It’s designed to distract. It’s total nonsense.” He said that “bitcoin is so traceable that a Doctor Evil scheme of laundering $1 million, let alone $500 million, is frankly lunacy.”
mircea_popescu: “The stuff they have there is super-duper interesting, but it is by far not the most interesting stuff in the tool set,” he said. “If you had the rest of it, you’d be leading off with that, because you’d be commanding a much higher rate.” << yeah... and then... SELL ADVERTISING.
mircea_popescu: empire not doin' so hawt these days.
PeterL: http://btcbase.org/log/2016-08-17#1523211 << seeing phuctor breaking things caused me to get off my ass and take the couple minutes to generate a bigger key
a111: Logged on 2016-08-17 16:50 asciilifeform: Framedragger: phuctor has very little to do with curing particular lepers.
mircea_popescu: self-cure.
asciilifeform: not to raid on the parade, but must point out, phuctor is not a collection of peculiarly-small keyz...
trinque: hail mary, full of grace...
PeterL: what was the biggest it did so far?
a111: Logged on 2016-08-11 16:07 asciilifeform: champ : 126044733741731328742413066718552314382419228167112456334027928884317367999330241024168451126326383475145520025295451544372438227070210798265767098934250820341305937931860061514790268968891523470454082874208728274680634763462042122485524526243688604432591998753006364684812749745538152702859571396997177876337
mircea_popescu: largest factor iirc 300ish digits ~ 1k bits.
PeterL: my old key was 1024, I think
asciilifeform: mircea_popescu: correct. as seen above.
asciilifeform: incidentally it is the khadeer & co. modulus.
asciilifeform: the one where (NextPrime(2^1023))^2.
asciilifeform: not to be confused with 'longest modulus for which we have a factor'
asciilifeform: which, iirc, was 16384-bit.
asciilifeform: ('flipolade' can contain arbitrarily short, or long, factors, in any quantity)
Framedragger: asciilifeform: obtw, did the breaking of that khadeer modulus come from you implementing the "check (NextPrime(2^1023))^2" heuristic? 'cause that's bound to yield some new results!
asciilifeform: Framedragger: we have fermat test.
asciilifeform: which picks up any mod where the factors are obscenely close together.
asciilifeform: (e.g., the degenerate case, perfect square, as above.)
asciilifeform: will also pick up q == nextprime(p), say.
asciilifeform: some time next we will have pollard's test.
asciilifeform: betcha it will pop a few moar.
asciilifeform: theoretically any ~inexpensive~ attack, such that i can do it against the whole collection of mods, is fair game.
asciilifeform: if a new one is discovered tomorrow - i will consider it, also.
asciilifeform: the cockroaches assumed, lived entire life, that no one will ever turn over the rocks.
asciilifeform: we - turn them over.
asciilifeform: expect to see moar butthurt scampering a la boeck et al.
a111: Logged on 2016-08-17 19:24 asciilifeform: incidentally it is the khadeer & co. modulus.
asciilifeform: it is not the khadeer modulus, but the 'xss attack' one.
asciilifeform: found on same day.
asciilifeform: via fermat probe.
a111: Logged on 2016-08-17 18:59 mircea_popescu: how long should it take ?
asciilifeform: ;;bc,stats
gribble: Current Blocks: 425627 | Current Difficulty: 2.1737548275723764E11 | Next Difficulty At Block: 427391 | Next Difficulty In: 1764 blocks | Next Difficulty In About: 2 weeks, 1 day, 1 hour, 50 minutes, and 46 seconds | Next Difficulty Estimate: None | Estimated Percent Change: None
Framedragger: asciilifeform: ahh, ok. much thanks for elucidation
asciilifeform: there are ~100+G of blocks now.
asciilifeform: how long to walk 100G ?
asciilifeform: (anyone have link to gribble src ? does it keep the 100+G in ram?!)
Framedragger: (..ssd would probably speed things up, just to reiterate..)
asciilifeform: Framedragger: how long does it take to grep a 100G file on your system ?
asciilifeform: or even to simply load it into ram
Framedragger: asciilifeform: grep is amazingly fast because it does it in a smart way (you prolly know). i can give some number but i expect the q is rhetorical (i.e.: it's fast) :)
Framedragger: so yeah, fair enough, it's fast
phf: it's the same technique that log uses to search entries, but i lose becase individual chunks of text are not necessarily sequential or localized by page. asciilifeform's for question though is about the fact that simply picking up 100G, page by page, from disk into ram, is expensive
Framedragger: phf: (nice re log search) aha ok.
phf: (of course log wins over grep in total time, because message are already all in ram)
Framedragger: asciilifeform: (14.3s to grep thru 3gb file fwiw)
asciilifeform: sooo either gribble (or whatever service is cribs from) did not actually chug through 100G, or the number is approximate ('in last n blocks...'), or.
asciilifeform: *it cribs
asciilifeform: ;;balance 1XPTgDRhN8RFnzniWCddobD9iKZatrvH4
gribble: 0.0001
asciilifeform: ^ maybe bad example, it is also famous addr
asciilifeform: so potentially cached.
asciilifeform: anyone got an obscure one that last saw tx years ago ?
PeterL: ;;balance 12c6DSiU4Rq3P4ZxziKxzrL5LmMBrzjrJX
gribble: 50.039475
PeterL: or does that not count as obscure?
asciilifeform: anyone know from where gribble pipes ?
asciilifeform: ..mircea_popescu ?
danielpbarron guesses it's some bc.info api
asciilifeform: it isn't, granted, impossible to optimize this lookup with pre-index
asciilifeform: but it would be interesting to learn how it was done.
asciilifeform: ^ possibly for mircea_popescu et al.
asciilifeform: actually nm.
asciilifeform: http://esamultimedia.esa.int/docs/esa-x-1819eng.pdf << actual detailed account, unfortunately scanned n-th generation xerox in pdf.
asciilifeform: ;;balance 1DskTjGvWh5KVbiqnb3vvRFyEmCen1UNzL
asciilifeform: that was certainly quick.
asciilifeform: ( probably there is a 'last seen' addr-to-blockidx hash table, so we get something like O(n log n) lookup. )
asciilifeform: this would be a handy (optional) item to have in trb.
asciilifeform: would readily abolish the idiocy with 'wallet watch' mechanism etc.
asciilifeform: multi-GB data structure though, you would not want it on every node.
BingoBoingo: http://btcbase.org/log/2016-08-17#1523264 << Trilema the blog already epic self help cyclopedia.
a111: Logged on 2016-08-17 17:02 mircea_popescu: #trilema, will rape your mind into a new shape.
gribble: The operation succeeded.
asciilifeform: '...bug in the mixing functions of Libgcrypt's random number generator: An attacker who obtains 4640 bits from the RNG can trivially predict the next 160 bits of output. This bug exists since 1998 in all GnuPG and Libgcrypt versions.'
phf: i believe, that there's a man, somewhere in the bowels of meta-nsa, who can see the entire puzzle picture
phf: stuxnet propagation strategy style..
asciilifeform: phf: do you find it interesting that the particular patch is posted nowhere ?
asciilifeform: and koch wants people to download ~entire tarball~ of src and rebuild ?
asciilifeform: i find it interesting.
asciilifeform: https://security-tracker.debian.org/tracker/CVE-2016-6313 << ok, click on patches at the bottom, then 'diff', yields the diffs.
asciilifeform: who can tell me the author of the ORIGINAL routine ?
asciilifeform: 'exec summary' for mircea_popescu et al: all gpg keys ever generated have at most 2048 bits of effective entropy.
phf: 98, that must be the man himself?
asciilifeform: must be. unless there are authors not listed in https://www.gnupg.org/people/index.html .
BingoBoingo: asciilifeform: Please to qntra?
mircea_popescu: asciilifeform aha.
asciilifeform: during my audit of the rng routine, i barfed at the whitening and stopped reading.
asciilifeform: BingoBoingo: i will write it. brb.
mircea_popescu: good idea.
mircea_popescu: http://btcbase.org/log/2016-08-17#1523472 << afaik it just imports the blockchain.info version.
a111: Logged on 2016-08-17 19:40 asciilifeform: how long to walk 100G ?
mircea_popescu: http://btcbase.org/log/2016-08-17#1523477 << believe it or not the grep trick was dissected in logs at length!
a111: Logged on 2016-08-17 19:41 Framedragger: asciilifeform: grep is amazingly fast because it does it in a smart way (you prolly know). i can give some number but i expect the q is rhetorical (i.e.: it's fast) :)
mircea_popescu: http://btcbase.org/log/2016-08-17#1523509 << afaik trinque is making a wallet :)
a111: Logged on 2016-08-17 20:43 asciilifeform: would readily abolish the idiocy with 'wallet watch' mechanism etc.
a111: Logged on 2016-08-17 21:30 phf: i believe, that there's a man, somewhere in the bowels of meta-nsa, who can see the entire puzzle picture
phf: i know, i know, that's an ongoing mp vs ascii dialog
a111: Logged on 2016-08-17 21:39 asciilifeform: 'exec summary' for mircea_popescu et al: all gpg keys ever generated have at most 2048 bits of effective entropy.
asciilifeform: afaik koch didn't use zimmerman's code.
asciilifeform: at least, not admittedly.
mircea_popescu: i dunno about that.
trinque: mircea_popescu: yep, whole point of perfecting the botworks layer by layer
mircea_popescu: asciilifeform the incredible gall of the imbecile, to actually state it as "This bug does not affect the default generation of keys"
mircea_popescu: asciilifeform also ftr that loop is now how you'd do it.
a111: Logged on 2016-08-16 18:31 mircea_popescu pictures woman flying around with tip of boeing in her snatch, "YES! YES! HARDER!" for a visual.
asciilifeform: BingoBoingo: almost done
BingoBoingo: Qntra thanks you for your sexpertise in this matter.
shinohai: greetings #trilema
asciilifeform: $up judywatson
deedbot: judywatson voiced for 30 minutes.
asciilifeform: BingoBoingo: 'at time' ought to be 'at times'
judywatson: Exenmy
judywatson: hola mircea_popescu tengas tiempo para mis tetas?
asciilifeform: BingoBoingo: hold off on publication, i'ma revise a bit.
phf: hold the presses!
shinohai eagerly awaits asciilifeform publication
shinohai also eagerly awaits mircea_popescu for tonite's offering
BingoBoingo: Is that the revision?
asciilifeform: fire at will.
asciilifeform: there is a missing http:// in the phuctor link.
asciilifeform: everything else ok.
deedbot: http://qntra.net/2016/08/rng-whitening-bug-weakened-all-versions-of-gpg/ << Qntra - RNG Whitening Bug Weakened All Versions of GPG
shinohai: $up judywatson
deedbot: judywatson voiced for 30 minutes.
shinohai: sorry judywatson mircea_popescu must be out again
mircea_popescu: judywatson ok. b58fe7aa por favor.
mircea_popescu: asciilifeform wtf is that!
mircea_popescu: o i mean danielpbarron not asciilifeform
mircea_popescu: shinohai why is judy watson speaking spanish anyway
shinohai: stage name?
mod6: <@deedbot> http://qntra.net/2016/08/rng-whitening-bug-weakened-all-versions-of-gpg/ << Qntra - RNG Whitening Bug Weakened All Versions of GPG << f.
BingoBoingo: f. what mod6?
BingoBoingo: $up judywatson
deedbot: judywatson voiced for 30 minutes.
mod6: <+asciilifeform> https://security-tracker.debian.org/tracker/CVE-2016-6313 << ok, click on patches at the bottom, then 'diff', yields the diffs. << werd. thx. i had to resort to cloning the gnupg gitrepo and doing diffs.
mircea_popescu: BingoBoingo aww qntra ate my ol/li spacing in comment.
BingoBoingo: comment field eats lots of things and then shits.
BingoBoingo: fixing seems as though it would require mucking up phphhphphphp
mircea_popescu: you can specify what tags to allow in comments in settings.
mircea_popescu: at least in mp-wp :p
shinohai: mircea_popescu: she said does it count or can you see the letters?
mircea_popescu: works. addy ?
judywatson: 14Y8cfUZ56PvZC8R7u2QCNfojvRtxcdSff
mircea_popescu: aite a sec
shinohai: judywatson: dijo el solo un momento
judywatson: amor te agradezco por todo
judywatson: amor te agradezco por todo
judywatson: te doy las gracias por todo
shinohai: de nada
shinohai: thank you for choosing #trilema for your bits for tits needs.
mod6: <+shinohai> thank you for choosing #trilema for your bits for tits needs. << :D
mod6: <+mircea_popescu> asciilifeform the incredible gall of the imbecile, to actually state it as "This bug does not affect the default generation of keys" << i mean srsly. since 1998!?
shinohai: I could totally make a bidness out of this. Branding!
deedbot: http://www.contravex.com/2016/08/17/the-road-to-the-future-is-paved-with-gravel/ << » Contravex: A blog by Pete Dushenski - The road to the future is paved with gravel.
gribble: The operation succeeded.
mircea_popescu: incidentally, this is a point that should be reviewed. is it the case that EACH 600 bytes lose 20, or is it the case that ALL bytes past the 580th are gone ?
asciilifeform: BLOCKLEN==64. DIGESTLEN==20 (working length of the retarded 'patent-free!11111' ripemd hash).
mircea_popescu: yeah wtf ripemd
asciilifeform: ^ from mircea_popescu's vintage canned preserve pgp 1.4.10.
mircea_popescu: 30 blocks of 64
asciilifeform: 30 * 20.
asciilifeform: is the - derived via arse magic - fixed size of the pool.
asciilifeform: (why a pool? why whiten at all? ask koch.)
mod6: https://lists.gnupg.org/pipermail/gnupg-announce/2016q3/000395.html << wtf. this guy doesn't clearsign these emails
mod6: any one able to get their hands on: "URL: </pipermail/attachments/20160817/9a9f4612/attachment.sig>" ?
mod6: and SHA1 checksums? wtf is this, the 90s?
asciilifeform: mod6: all pgptrons live and die by sha1.
mod6: i had to hand crank mine up to 512
asciilifeform: this is one of the more egregious festering sores
asciilifeform: mod6: the fp calculation is not adjustable.
asciilifeform: and so all you need to forge a signature is a sha1 collision.
asciilifeform: (when generating ~key~ with which to sign)
mod6: well, that open-sore yeah.
asciilifeform: this is in the l0gz on several occasions
mod6: oh yeah
asciilifeform: most recently during the 'linus shortid' thread.
mod6: we've talked about that a bunch. shit, we even looked at trying to fix it at one time iirc.
asciilifeform: it isn't fixable while conforming to the rfc.
asciilifeform: granted this is not a 'real' forgery because folks with a copy of genuine key are untouchable by it.
asciilifeform: nevertheless.
asciilifeform: folks who only have mircea_popescu's business card - are.
asciilifeform: touchable.
mod6: <+asciilifeform> it isn't fixable while conforming to the rfc. << ah right. ugh.
deedbot: http://trilema.com/2016/werner-koch-confirmed-usg-stooge/ << Trilema - Werner Koch, confirmed USG stooge
mod6: <+asciilifeform> folks who only have mircea_popescu's business card - are. << ah, i see what you're sayin'
asciilifeform: know who else ?
asciilifeform: 'Bitcoin.org has reason to suspect that the binaries for the upcoming Bitcoin Core release will likely be targeted by state sponsored attackers. As a website, Bitcoin.org does not have the necessary technical resources to guarantee that we can defend ourselves ...blahblah... The hashes of Bitcoin Core binaries are cryptographically signed with this key. We strongly recommend that you download that key, which should have a fingerprint
asciilifeform: of 01EA5486DE18A882D4C2684590C8019E36C2E964.'
asciilifeform: mircea_popescu: 'the spirochetes are there waiting' << win.
shinohai: bwahahahaha
mod6: <@deedbot> http://trilema.com/2016/werner-koch-confirmed-usg-stooge/ << Trilema - Werner Koch, confirmed USG stooge << mod this shit up
mod6: just threw this out to the unwashed ^
mircea_popescu: only win because it's true.
mod6: :]
mircea_popescu: fuckign shithead, there he sits, going to himself "oh look, these kids are closing in on me, let me say publicly that it's "probably a software bug / cosmic ray".
mircea_popescu: no fucking integrity, no fucking shame, nothing, just zombified walkers.
mod6: "Some guy
mod6: downloaded most RSA keys from a keyserver and tried to factor 1.9
mod6: million moduli"
asciilifeform: nobody, of course, ever heard of any such preposterous thing ?
mircea_popescu: mod6 because whatever inept handler was passing them the talking points didn't even have the modicum of know-your-bizness to get the actual number.
mircea_popescu: then they mysteriously kept copy/pasting the wrong digits off each other and i'm supposed to what, look the other way ?
mircea_popescu: shitheads.
mod6: ^
mircea_popescu: asciilifeform no that was a mythical "some other guy" in "the past"
asciilifeform: evidently.
asciilifeform: 'lomg, long time ago, in galaxy far, far away'
mircea_popescu: it was all published in "i can't believe it's not a journal"
mod6: "the PGP team at Symantec" << lel!
asciilifeform: mod6: iirc they own the original zimmerman pgp.
asciilifeform: for some years.
asciilifeform: or what's left of it, anyway.
asciilifeform: their main function was, iirc, to curate the openpgp working group, to make sure rfc stays replete with braindamage.
mircea_popescu: more's the point here : does that pos actually work so as to get any entropy past the 600 bytes pool ?
asciilifeform: from my current reading, first 20 of every 600 is fixed, for the duration of entire run of process.
mircea_popescu: situation : you go to make key with stock gpg, set it to 4096, ie 512 bytes. it makes you the sign key with 512 entropy bytes, then makes you the encrypt key wirth the remainder 68, and that's it.
mircea_popescu: seems prepasterous in that such narrow space'd have been evident by now
mircea_popescu: asciilifeform also importantly, is it the first 20 or the last 20 ? he's claiming the last 20.
asciilifeform: mircea_popescu: it would not be evident.
mircea_popescu: whitening eh.
asciilifeform: mircea_popescu: remember, the ~initial~ contents of the pool are entropic (at least in as far as the os provides)
asciilifeform: the correlant is the FIRST key generated (i.e. primary key)
asciilifeform: (to the subkeys.)
mircea_popescu: anyway, seems proper tmsr-rsa will have to come sooner rather than later.
mod6: indeed. and thank goodness for that.
mircea_popescu: also, i had never read that dabblers and blowhards essay before, but good god is graham unfucking bearable AND ALSO remarkably undistinguishable from every other foss idiot, from o reilly to who have you, if distilled like that.
asciilifeform: mircea_popescu: upon reflection, there may exist also a mathematical relationship which allows BOTH mods to be broken.
mircea_popescu: oil painting replaced tempera in 1400 ? hoily shit what.
mircea_popescu: asciilifeform there is more to this yes/
mircea_popescu: this gotta be in the logs :
mircea_popescu: " In Paul Graham's world, as soon as oil paint was invented, painting techniques made a discontinuous jump from the fifteenth to the twentienth century, fortuitously allowing Renaissance painters to paint a lot like Paul Graham. And the difficult problems the new medium supposedly helped painters solve just happened to resemble the painting problems that confront an enthusiastic but not particularly talented art student. I ho
mircea_popescu: pe I am not the only to find this highly suspicious.
mircea_popescu: I blame Eric Raymond and to a lesser extent Dave Winer for bringing this kind of schlock writing onto the Internet. Raymond is the original perpetrator of the "what is a hacker?" essay, in which you quickly begin to understand that a hacker is someone who resembles Eric Raymond. Dave Winer has recently and mercifully moved his essays off to audio, but you can still hear him snorfling cashew nuts and talking at length about wh
mircea_popescu: at it means to be a blogger[7] . These essays and this writing style are tempting to people outside the subculture at hand because of their engaging personal tone and idiosyncratic, insider's view. But after a while, you begin to notice that all the essays are an elaborate set of mirrors set up to reflect different facets of the author, in a big distributed act of participatory narcissism. "
mircea_popescu: i couldn't have said it better myself.
asciilifeform is cooking up a little experiment.
mod6 is looking at mix_pool by hand
asciilifeform: aaah did i ever mention that gcc 5.x won't build gpg 1.4.x ??
asciilifeform: well now i did.
mod6: heh 'mix_poo'
asciilifeform: holy shit
asciilifeform: holy mother of shit.
asciilifeform: folks yer gonna have to take this road cone in, a few mm at a time.
asciilifeform: i promise, it will hurt.
asciilifeform: when it fully goes in.
asciilifeform: but slow is better, less tearing.
mircea_popescu: the things you're an expert on ...
asciilifeform: first, you will need mircea_popescu's gnupg-1.4.10.tar.gz.
asciilifeform: sha512==d037041d2e6882fd3b999500b5a7b42be2c224836afc358e1f8a2465c1b74473d518f185b7c324b2c8dec4ffb70e9e34a03c94d1a54cc55d297f40c9745f6e1b
asciilifeform: it is quicker to throw in the extra 'hexdump' line by hand, than to get the patch ducks in a row, imho.
BingoBoingo: Do we break pinky for anesthetic value now or later
asciilifeform: then, build.
asciilifeform: now folks get in some lube, you will need it:
asciilifeform: for 2048-bit key.
asciilifeform: do i need to keep going, draw a picture ?
mircea_popescu: ie, mostly 0s
asciilifeform: and this isn't even the koch scenario.
mircea_popescu: such entropy.
asciilifeform brb, phood
mod6 builds
mod6: much fail
mircea_popescu: im cooking it.
mircea_popescu: hm where the fuck does it spit the binary after all ?
mircea_popescu: "g10" mkay. sheesh.
mod6: into g10
mod6: yup
asciilifeform: see my paste.
asciilifeform: it has path.
mircea_popescu: aite, cooking a key.
mircea_popescu: asciilifeform plox to qntra.
mircea_popescu: asciilifeform actually - seems it's just slowly populating it ?
mircea_popescu: jesus mother of holy shit, two different problems.
asciilifeform: mircea_popescu: N problems.
mircea_popescu: asciilifeform http://trilema.com/2016/werner-koch-confirmed-usg-stooge/ << admire the FF FF pairs, among other things.
asciilifeform: if somebody wants to replicate on gpg 2.x, plox.
mircea_popescu: turns out EVERYTHING phuctor found comes straight from usg.koch
asciilifeform: more or less.
mircea_popescu: so basically... the best key produced by stock gpg is... wait for it... about 700 or so bits strong.
BingoBoingo: ;;later tell pete_dushenski everything a person needs to know about dating can be found on Trilema
gribble: The operation succeeded.
asciilifeform: no this is optimistic mircea_popescu .
asciilifeform: the more known bits in modulus, the easier to reconstruct whole thing.
mircea_popescu: i'm an optimistic kinda guy.
asciilifeform: at AT MOST 0.27 of the total, the rape is polynomial.
BingoBoingo: So is S.NSA going to have a line item expense for alf.dope this month?
asciilifeform: (the bound may conceivably be lower)
asciilifeform: dunno what kind of dope is even called on such occasion.
asciilifeform pictures boeck, poor idiot, waking up at 4 in the morning, called to do his dooooty
BingoBoingo: Cheap vodka will prolly be fine. You're on an accelerated schedule now. Prolly it bottom next week and begin rehabbing by Sept 1st.
asciilifeform: observe how primary key is always WEAKEST.
mircea_popescu: asciilifeform incidentally their dumbass "manual" https://gnupg.org/documentation/manuals/gcrypt/Prime_002dNumber_002dGenerator-Subsystem-Architecture.html references /cipher/ which is gone in 2.0 trunk
mircea_popescu: and you should see keygen.c THERE
asciilifeform: mircea_popescu: if you built it, post the dump plox.
mircea_popescu: i'm still untangling wtf it does to get primes.
mircea_popescu: entirely undocumented bullshit.
asciilifeform: gpg 2.x uses gcrypt lib.
asciilifeform: so the lunacy isn't even CONTAINED in it
mircea_popescu: "put the key into an S-expression"
asciilifeform: but in gcrypt.
mircea_popescu: ah that's what it was huh. standardization of diddling.
asciilifeform: in libgcrypt, the thing is in cipher/primegen.c
asciilifeform: put the hex dump RIGHT AFTER the 'mpi_set_bit(prime,0)' idiocy
asciilifeform: just like in gpg 1.4.10.
asciilifeform: gentlemen, start yer engines.
mircea_popescu: there is no cipher/primegen.c in 2.0 ?
asciilifeform: again it isn't in gpg !
asciilifeform: it is in libgcrypt
asciilifeform: the copy i happen to have pulled from my arse at this moment is 1.5.1.
mircea_popescu: 2.8mb holy fuck already
BingoBoingo: <asciilifeform> observe how primary key is always WEAKEST. << But pinoy insists opposite-day <asciilifeform> observe how primary key is always WEAKEST.
mircea_popescu: im going to try 1.7.3
BingoBoingo: ^ Where pinoy insists opposite
asciilifeform: BingoBoingo: i'm not even bothering with that crapolade nao.
BingoBoingo: asciilifeform: Good. You accepted Step 1. You are powerless over social media and all it does it eat your time.
BingoBoingo: And makes your life unmanageable etc...
asciilifeform: approx.
mircea_popescu: asciilifeform does building gpg build libgcrypt auto ?
asciilifeform: you gotta build libgcrypt and then tell gpg's ./configure where to find it
asciilifeform: ./configure --with-libgcrypt-prefix /where/you/put/it
asciilifeform: (grep 'configure' for 'with-libgcrypt', see how many other crud libs it demands...)
mircea_popescu: ~/gpg-2.0.30/libgcrypt-1.7.3$ make
mircea_popescu: make: *** No targets specified and no makefile found. Stop.
mircea_popescu: yet the makefile is right there ?!
asciilifeform: didja ./configure it ?
asciilifeform: libgcrypt, i mean
mircea_popescu: oh shit. configure: error: libgpg-error is needed.
mircea_popescu: what the fuck is wrong with these people!
asciilifeform: if no makefile, it didn't get ./configure'd.
mircea_popescu: is it going to walk me one by one through the entire list of loserdom, lib"assuan" and whatnot ?
asciilifeform: fastest way to get all the deps is to simply grab a sacrificial (e.g., 'african') box and let it install gpg2
asciilifeform: then build the new gpg2 as described here.
asciilifeform: it will pull the deps you didn't tell ./configure about from the various pestholes they normally end up in.
mircea_popescu: fucking nightmare. so the lib-error shit compiled, but obviously ./configure --with-libgpg-error-prefix="/home/mircea/gpg-2.0.30/libgpg-error-1.24/" does nothing, with or without quotes
asciilifeform: nonononono
asciilifeform: you want this only when building gpg.
mircea_popescu: how do i build libgcrypt then ?
asciilifeform: and it'll look like ./configure --with-libgpg-error-prefix="/home/mircea/libgcrypt-something
asciilifeform: build gcrypt normally other than the added hexdump line.
asciilifeform: ./configure
mircea_popescu: it dies becausde needs lib-error
mircea_popescu: you don't properly appreciate the chain of braindamage.
mircea_popescu: they made dependencies like 1->2->3
asciilifeform: which is why 'let heathen box pull the binary deps'
mircea_popescu: do you mind ?
asciilifeform: well if you want to do this the gentoo way, actually gotta build libgpgerror
asciilifeform: lessee, it built ?
asciilifeform: post output of failed ./configure .
mircea_popescu: from autogen : "--with-gpg-error-prefix=@SYSROOT@" << what format does that take if not fucking path
mircea_popescu: asciilifeform :checking for GPG Error - version >= 1.13... no
mircea_popescu: configure: error: libgpg-error is needed.
mircea_popescu: See ftp://ftp.gnupg.org/gcrypt/libgpg-error/ .
mircea_popescu: what's it looking for, something like libgpg-error.a ?
asciilifeform: when you built gpg-error, it shat out a binary, gpg-error-config
asciilifeform: find it and run gpg-error-config --prefix.
asciilifeform: that's the prefix the gpg2 abortion wants.
mircea_popescu: holy shit .a is in /src/
mircea_popescu: AND it returns "/usr/local"
mircea_popescu: fuck me sideways what.
asciilifeform: hey there was a reason i did not start with gpg2.
mircea_popescu: this is so broken. srsly, nuts.
mircea_popescu: ~/gpg-2.0.30/libgpg-error-1.24/src$ ./gpg-error-config --prefix
mircea_popescu: /usr/local
mircea_popescu: ARE THEY MAD???
asciilifeform: perhaps just sad.
mircea_popescu: so now, if i put the path in autogen.rc, nothing happens.
asciilifeform: oh and on top of this,
asciilifeform: there's no log_hexdump in libgcrypt.
asciilifeform: _gcry_log_printhex instead.
asciilifeform: presently testing on a box that had the deps crapolade
asciilifeform: now for the magic moment.
asciilifeform: gpg-2.0.22 and libgcrypt 1.5.1
mircea_popescu: so 2.0.22 can't generate a key and 2.0.30 can't compile.
asciilifeform: apparently.
asciilifeform: not, at least, without some strange heathen magic, which i apparently lack here.
mircea_popescu: ftr thee test is : if test "x$GPG_ERROR_LIBS" = "x"; then
mircea_popescu: i figure i just go "x/path" lessee.
mod6: i can'gnupg-2.0.30 to build either
mod6: *can't
mircea_popescu: mod6 same symptoms ?
mod6: yup
mircea_popescu: mod6 edit configure, the test above with your path.
mod6: hm, ok
mircea_popescu: it just passes the test but dies on make nm
mircea_popescu: for bonus lulz ftp://ftp.gnupg.org/gcrypt/libgpg-error/x
mircea_popescu: you don't understand how the x works.
mod6: ok got close
mod6: ./.libs/libgcrypt.so: undefined reference to `log_hexdump'
mircea_popescu: o you got it. what did you do ?
asciilifeform: mod6: see earlier in log
asciilifeform: <asciilifeform> _gcry_log_printhex instead.
mircea_popescu: mod6 _gcry_log_printhex instead of it.
mod6: mircea_popescu: so, instead of doing all the things with --prefix, i just started straight out building all the deps and installing them.
mircea_popescu: oh. im not fucking insalling his bs.
mircea_popescu: what the fuck is this.
mod6: yah, this is just a test box.
mircea_popescu: fuck him.
mod6: no doubt.
asciilifeform: this is, i warned, quite laborious.
mircea_popescu: dude the sheer insanity...
asciilifeform: i built it, refuses to run without 'gpg-agent'
asciilifeform: which does ???.
asciilifeform: funnily enough, testing on a box that, long ago, used to have gpg2 working...
asciilifeform: (since rooted out)
mircea_popescu: eulora builds ~500 times easier than this dumb shit.
mircea_popescu: arguably it's a lot more useful, too.
mod6: 2.x is such a pile of dung
asciilifeform: $up boolcrap1
deedbot: boolcrap1 voiced for 30 minutes.
boolcrap1: what is good
asciilifeform: boolcrap1: consider reading the channel log
boolcrap1: I'm not sure im that dedicated to trilema yet
asciilifeform: boolcrap1: i promise, you'll like this one.
mircea_popescu: nope, export ld path dun do it either.
asciilifeform: soooooo literature survey is in
mircea_popescu: anyway, i'm giving up on this bs. gnupg 2.0 doesn't even exist, contrary to nonsense noise on social media.
mircea_popescu: let them figure out how to release software first.
asciilifeform: sarkar and maitra give us a bang if we know 0.266N consecutive shared bits.
asciilifeform: (anywhere in the mod pair)
asciilifeform: this may be enough to blow away a good fraction of extant gpg pubkeys.
mircea_popescu: asciilifeform if you look at the 4kb thing i published : there's no actual contiguity. just fields of double FFs
asciilifeform: contiguity of ~shared string~
asciilifeform: between two public mods.
asciilifeform: e.g. primkey and subkey.
asciilifeform: hmm, 0.21 'in practice.'
mod6: ok mine is going...
asciilifeform: that's ~26 bytes of a 1024-bit prime.
asciilifeform: and this is not a hard bound, either
asciilifeform: just that when you dance off its edge, required horsepower grows exponentially
mircea_popescu: im guessing phuctor is getting some new shit stuck on either side.
asciilifeform: quite likely.
mircea_popescu: asciilifeform FF FF still there.
mircea_popescu: and look at all the bonus zero fields
mircea_popescu: mod6 do a ocupla more ?
mod6: i can sure.
mod6: give me a few here...
asciilifeform: btw mircea_popescu ....
asciilifeform: my runs have upper 32 BYTES in common.
asciilifeform: (linked earlier)
asciilifeform: this is a headshot.
mircea_popescu: ima run a bunch and we can see
mircea_popescu: in other lulz : when generating a new key, name NEEDS to be at least 5 chars long. password however - can be 4.
asciilifeform: soooo the subkey idiocy is apparently the 2nd half of a bipartite poison.
asciilifeform: the diddled rng being the first.
asciilifeform: this is promising to be a very awkward occasion.
asciilifeform: does mircea_popescu fully apprehend where this train is going ?
mircea_popescu: to the lulz mine ?
asciilifeform: got n1, b9 4e de 87 7a....
asciilifeform: and n2, bf ce 64 f1 43 f2 ...
asciilifeform: generated one after another while process ran.
asciilifeform: ^ hopefully not surprising
mircea_popescu: you mean, they start with same 4 bits ?
asciilifeform: these are moduli
asciilifeform: p and q have already been multiplied.
asciilifeform: nothing odd, of course, to the naked aye.
mircea_popescu: so then what'd be surprising or wut ?
asciilifeform: but chances are that p1 and q1 share top 32 bit
asciilifeform: ditto p2, q2.
asciilifeform: and all of p1,q1,p2,q2 share at least top 20 bit.
mod6: i'll do one more
mircea_popescu: asciilifeform trivial for me to dump these i just generated, let's see
asciilifeform: the other thing,
asciilifeform: sarkar et al promises (the recipe is quite gnarly) ANY substring
asciilifeform: not necessarily top, or bottom of prime.
asciilifeform: btw, here is a handy elementary proof of a certain thing,
asciilifeform: if we know B - k shared topmost bits, then the work required to break in comparison with work W, supposing we knew B bits, is at most W*(2^k).
asciilifeform: is this obvious or do i need to draw picture.
asciilifeform: note that this is an upper bound, it applies regardless of what kind of magic is used.
asciilifeform: so this thing parallelizes 'embarrasingly'.
mircea_popescu: this is weird... so this thing when told to dump priv key dumps THE SAME BLOCK irrespective of which user is indicated.
mircea_popescu: check it out... if you do ANYTHING but -a "username", ie no quotes, or fp or anything, it just dumps ALL PRIVKEYS IT KNOWS.
mircea_popescu: including if you try -r
mircea_popescu: asciilifeform what were you cutting these up with again ?
asciilifeform: pgpdump -i foo.asc
mircea_popescu: WARNING: The following packages cannot be authenticated!
mircea_popescu: Install these packages without verification [y/N]?
mircea_popescu: so much win.
asciilifeform: build it from src, it is small.
mircea_popescu: atm i can't takle the aggravation of bulding anything.
mircea_popescu: btw folks - wotpaste wipes shit daily. make sure you save what you want.
mircea_popescu: phf an auto-archive for links would be so cool right about now...
asciilifeform: mircea_popescu: this is useless
asciilifeform: you gave it a passphrase.
mircea_popescu: oh shit.
mod6: oh, i did the same. "asdf" iirc.
mod6: i can regen tho
asciilifeform: ^ from my original shot.
asciilifeform: ... it looks as if there is an extra layer of shuffle not accounted for by the dump?
mircea_popescu: ripemd ?
← 2016-08-16 | 2016-08-18 →