mircea_popescu: shinohai well... plenty of slack there naimean ?
mircea_popescu: thestringpuller here you go : http://wotpaste.cascadianhacker.com/pastes/b95199c7-65ad-4dfb-a299-64927df591ef/
thestringpuller: 2/2 - I'd be VERY interested to know the identify of anyone coordinating an effort to oppose a hardfork. PM me stephan@slock.it
thestringpuller: LOL: 1/2 "Thief" now probably coordinating an effort to oppose the hardfork that would see the DAO token holders getting their ETH back
mircea_popescu: other names for prosterity : griff green
mircea_popescu: this is vaguely reminiscent of the power rangers sucking themselves off on reddit about how great they were at testing some shitlibrary they wrote.
mircea_popescu: s to realise he wasn't mocking the inept mit shit but actually playing it straight.
mircea_popescu: "Stephan Tual is the Founder and COO of Slock.it. Previously CCO for the Ethereum project, Stephan has three startups under his belt and brings 20 years of enterprise IT experience to the Slock.it project. Before discovering the Blockchain, Stephan held CTO positions at leading data analytics companies in London with clients including VISA Europe and BP." <<< schmuck who wrote a blogpost so fucking dumb, it took me 10 minute
mircea_popescu: ah the internets have delivered this friday.
mircea_popescu: asciilifeform anyway, the beheading hurt something fierce, check out all the various research they're giving him to publish to prop him up. win-win lol.
mircea_popescu: ahahaha "one of the world's leading security audit companies, dejavu security"
BingoBoingo: hanno boeck is for shitgnomming GPG, other shitgnomes for this
mircea_popescu: lol conspicuously missing, the hanno boeck "i already had published this nowhere" angle.
BingoBoingo: In other news Trey Parker of South Park is starting to become transcartman https://pbs.twimg.com/media/Ck_XT3VWgAAW8aY.jpg
gribble: The operation succeeded.
thestringpuller: ;;later tell BingoBoingo I know. I know! It's like making sure to stand every hour from the computer. Or go to the gym everyday.
gribble: The operation succeeded.
BingoBoingo: ;;later tell thestringpuller Don't think that I don't see you missing days http://thestringpuller.com/ Gotta poast every day
BingoBoingo: shinohai: Further lulz added and published
asciilifeform: 'come and redeem old rubles for new rubles, but NOT YOU MOTHERFUCKER WITH THE MATTRESS'
mircea_popescu: aite then
shinohai: i did include the confiscation / immutability thing
mircea_popescu: cuz seriously, this is what they want to do, "we fucked up so let's confiscate everyone's stuff and start over"
mircea_popescu: does it say something like "nationalization of the whole scheme is regarded as the solution by the technologically challenged MIT troop" ?
mircea_popescu: shinohai did you write up the eth thing ?
mircea_popescu: apparently they went to a different kindergarten than yours.
mircea_popescu: "let us apply the experience of mit-genius rockheadboy. mongoloids have things to say about theatre! they learned a lot of valuable insights in the sanitarium!"
asciilifeform: thestringpuller: recall (this is in the logs) mit has a remote-updated-blacklist gavinatronic client ready to roll
thestringpuller: the regulation bitcoin needs-TM
mircea_popescu: yeah, they lost about 70% volume past months.
asciilifeform: i dun remember the 'fixers' ever leaving
mircea_popescu: asciilifeform next, watch the usg agents derping about how "cryptocurrency is dead because our shitscheme imploded" ; and once that goes nowhere, watch them come back to bitcoin to "fix" the "consensus problems" it "has".
asciilifeform: https://blog.slock.it/no-dao-funds-at-risk-following-the-ethereum-smart-contract-recursive-call-bug-discovery-29f482d348b#.mida5o6vz << 5 days ago
thestringpuller: lets just steal from everyone to pay for the nice thing!
thestringpuller: hey! inflation is good. because it pays for the miners!
thestringpuller: asciilifeform: yup. with buterin as the chairman!
asciilifeform: so they built a 'fed' ?!
thestringpuller: so they are going to now wind down teh dao?
thestringpuller: The rollback is scandalous
asciilifeform: 'So there is a recursive payout 'problem'? No there isn't. It was all in the specification. When the DAO was fund raising, it was explicit that the only thing that mattered was the DAO's contract code. Nothing else should be taken as being reliable. Well, the contract code is still operating exactly as it was specified. A 'hacker' is merely using the code in ways that were there to see, should anyone have looked. How can they be stea
a111: Logged on 2016-06-07 00:03 mircea_popescu: so looking at the shitcoins, "ethereum" switched with "ripple" YoY. hurr durr.
thestringpuller: its slightly terrifying the amount of people willing to sign a contract before reading it.
thestringpuller: So the ponzi came full circle?
mircea_popescu: if it makes you feel better, the word pretty much exclusively means "circuit breaker" in romanian.
asciilifeform: the ro gestapo
asciilifeform: the nazi one, naturally, that i was regaled with tales of as a boy
mircea_popescu: asciilifeform which siguranta is the reaction to ?
asciilifeform: they still 'know'
mircea_popescu: hey, they all knew better than mp and shit like that.
asciilifeform: lul, the eth thing is finally burning down, https://www.reddit.com/r/ethereum/comments/4oif2x/dao_attack_exchanges_please_pause_eth_and_dao and buterin nailed the exists shut
asciilifeform: btw asciilifeform has a sort of hindbrain reaction to 'seguranca', hearing it woke me up with a sweat on the airplane that one time...
deedbot: [Trilema] Sometime in the 1880s, somewhere in the Danube valley - http://trilema.com/2016/sometime-in-the-1880s-somewhere-in-the-danube-valley/
thestringpuller: yea. but order didn't go through via coinbr. jurov i think the proxy you're using is down.
felipelalli: etherscam.io
gribble: The operation succeeded.
shinohai: "Vitalik tries to switch ethereum to PoV (proof-of-vitalik) in an attempt to save a sinking DAO"
a111: Logged on 2016-06-17 10:16 mircea_popescu: in other pokemon/ethereum/andreas poponautikos/mit shit labs/us democratic party/usg news, http://66.media.tumblr.com/ba9127e8cfc8b70a3ad1f32205a028df/tumblr_o46s3qwJ271sd8n5oo1_500.gif
shinohai: http://btcbase.org/log/2016-06-17#1483865 <<< I do believe this accurately portrays the state of ethereum and the dao this morning.
mircea_popescu: in other pokemon/ethereum/andreas poponautikos/mit shit labs/us democratic party/usg news, http://66.media.tumblr.com/ba9127e8cfc8b70a3ad1f32205a028df/tumblr_o46s3qwJ271sd8n5oo1_500.gif
Valfor: I just found myself looking through a list of goetic demons via wiki-page jumping at the time I happened tob e looking for a new nick
Valfor: which is a "Duke of Hell" from the Goetic Demons
a111: Logged on 2016-06-16 23:58 Valfor: My nick has been the same :P
asciilifeform: by no means accident. a thick part of the rfc is specifically devoted to it, one way or another
mircea_popescu: now, the ad-interim solution is to a) sign the key ; b) only encrypt to signed key. but... dun help noobs.
mircea_popescu: it entirely subverts pgp. and i don't believe it to be accidental either.
mircea_popescu: kinda why i don't like the "auto trust" bs.
asciilifeform: (as valid, both for folks with mircea_popescu's genuine pubkey, and for those with the magic one)
asciilifeform: because ~sigs~ made with the magic sub will pass.
a111: Logged on 2016-06-17 01:27 mod6: and yah, as far as I can tell asciilifeform, the only #b-a links there (three of them) are pointing at wiki.bitcoin-assets.com
shinohai: All are there except mebbe 2-3 articles I haven't finished formatting
trinque: the thing's fine to be linked to, but I don't think shinohai finished transferring pages
mod6: or did you see others?
mod6: and yah, as far as I can tell asciilifeform, the only #b-a links there (three of them) are pointing at wiki.bitcoin-assets.com
mod6: i haven't updated the links because i wasn't sure that the deedbot wiki page is fully baked yet.
mod6: <asciilifeform> http://thebitcoin.foundation still contains a buncha #b-a links ? << yeah, shinohai did a project where he transfered over the stuff there like the wiki to the deedbot page.
gribble: The operation succeeded.
asciilifeform wonders why BingoBoingo has not himself bought the warehouse
BingoBoingo: You know how the coastal property market works? Cairo is kinda the opposite. rural AND black! North of the Mason-Dixon line too!
asciilifeform: for instance, i know a fella who moved to a - perfectly tame little town in west virginia, and thought he was getting great deal, but it turned out that it is physically impossible to get decent net connection there (at least without paying for streets to be dug up, six figures)
asciilifeform: the missing ingredient HAS to be something that costs moar than the difference to add back in.
BingoBoingo: <asciilifeform> nothing in usa - that one could live in - costs this little, unless it is attached to onerous restoration mandate from the city, and/or surrounded by heavily armed and belligerent africa << AHA, the latter. You gotta supply your own walls!
asciilifeform: well, probably not as traditionally stated (e.g., if 'evil maid' borrows mircea_popescu's key, she can launch the rockets)
Framedragger: asciilifeform: btw would phuctor (as it currently works) be able to import an otherwise normal openpgp / rfc4880 key either (1) no self-sig or (2) a somehow borked (nulled? haven't looked at rfc4880 data structures yet) self-sig? as i see it lotsa info is actually contained *within* the signed part, in that format..
asciilifeform: the one where 'key can squirt out a signature for a new key but this can leave no permanent mark on the original,' ergo auto-acceptance of subkeys is invitation for 'evil maid attack' etc.
asciilifeform: there was a very good thread where mircea_popescu explained this, but i can't seem to find it
a111: Logged on 2016-06-16 23:17 mircea_popescu: more importantly : i don't want to outsource the management of my trust chains. if i trust you, i trust one key, not all keys in all derivations you may one day come up with.
gribble: The operation succeeded.
gribble: The operation succeeded.
asciilifeform: http://btcbase.org/log/2016-06-16#1483707 << neither moar nor less fake than linux kernel, neh ?
asciilifeform: nothing in usa - that one could live in - costs this little, unless it is attached to onerous restoration mandate from the city, and/or surrounded by heavily armed and belligerent africa
Valfor: Well let me know if you do - don't want to be inadvertently breaking the rules :)
mircea_popescu: Valfor more like auditing the mechanism than anything.
Valfor: My nick has been the same :P
mircea_popescu: Valfor well lol, consider getting in the wot eh.
Framedragger: mircea_popescu: yeah k, i mean, i may disagree re. dunbar's number being directly applicable here, maybe i'm some l33t package maintainer, but fair enough, won't argue further here
mircea_popescu: and why should the process be streamlined ? the decision to "move your key to storage" has some costs, for them. why should you be insulated from this ? you wanna do X, pay up.
mircea_popescu: Framedragger why should it scale ? dunbar number is a thing. there's no need for you to be trusted, or even known, by more than a few dozen people.
gernika: Whales are spouting off the coast today. Beautiful thing.
Framedragger: otherwise doesn't scale at all, if 1000 people wanted to trust my subkey. i guess *you* could argue that fuck scale and fuck "lots of people", etc.
Framedragger: one practical consideration re you signing my subkeys: what if you really trusted my main key but then i later decided to move that key to offline storage for security, and derive a subkey - one may argue that gpg provides just this kind of means of streamlining the process - i sign my new subkey or whatever, and there's that, no need for you to meet me in person again. otherwise doesn't scale at all, if 1000 people wanted to trust my su
mircea_popescu: so in a sense i made a design decision post-implementation, because these cojoined twins had to be cut somehow. this is improper, sure, but unavoidable.
mircea_popescu: if it's intended to work as what it works, then really there's no use or need for that nonsense.
mircea_popescu: sure, but the "who is in charge" point is important.
Framedragger: depends on matter of scale. if you zoom out and look at gpg as a whole then you just want to burn everything to the ground, sure. and if you zoom out further you want to rewrite more and more things. but sometimes it is worthwhile to consider relative differences of worth, too, so to speak.
mircea_popescu: and if you want a subkey, I do the signing, not you.
mircea_popescu: more importantly : i don't want to outsource the management of my trust chains. if i trust you, i trust one key, not all keys in all derivations you may one day come up with.
Framedragger: i suppose that's what i wanted to state originally, yeah. i know it's not a strong case; but it's not utter bullshit, either.
mircea_popescu: nevertheless, it seems to my eyes to be of the kind of "there's a difference between burnned out barn with door open and burned out barn with door closed".
mircea_popescu: but anyway, sure, there's a difference between "random subkey" and "subkey signed by main key".
Framedragger: maybe i'm jumping too much. apologies - sleepy; and i get the point.
Framedragger: i.e. they show only that.
Framedragger: right, sure. but then you'd agree that all phuctorings (save for one, apparently) are interesting insofar as one is interested in how broken this scheme is?
mircea_popescu: Framedragger i don't see much merit in the whole scheme. gpg does something stupid and then maybe salvages some edge of it. mmkay.
mircea_popescu: anyway. the only way in which the scheme you discuss worked was to prevent effectual use of symmetric key crypto, and it's altogether doubtful people needed help for that.
Framedragger: i agree. but what if there was some trust path from you to hpa's parent key; and there were no paths at all to the diddled child key. surely that's something, even if not enough for you to mark hpa's key (any key) as "trusted"
mircea_popescu: if another knows hpa, and signs his key, then that one knows the key he signed to be not fake, but the key he signed. this, again, has little to do with hpa per se.
mircea_popescu: the only solution is for us to become acquainted.
Framedragger: whether it truly worked well, whether some gpg clients are shit, whether keyservers should preemptively dismiss such keys - all worthy points of discussion, but separate.
Framedragger: let's particularize: hpa's parent key was embedded in the pgp wot (whether the latter is worth anything is a *separate* point) which people trusted. then, hpa's child key appears, and it's not properly signed by hpa's parent key, the latter being trusted prior. maybe the sig is not there, maybe the sig is invalid, whatever. child key gets rejected. this scheme in itself is not circular, and it *worked*.
mircea_popescu: a self-signature establishes nothing. if YOU signed the key then ~you~ would know it's not fake in the specific sense that it's the same one you signed.
Framedragger: maybe bad wording: not "self-signature" in this case, but rather one (parent) key signing another (child) key.
Framedragger: non sequitur, even though the example is cute
mircea_popescu: Framedragger as exemplified by the woman in the picture. she's "not fake". in what sense ? she could call you and swear for herself ? so ?
Framedragger: hence self-sigs do provide value here; this is not to say that the notion of "subkey" shouldn't be razed from the earth, eventually.
Framedragger: i.e., the "fake subkey" case *can* be handled correctly.
a111: Logged on 2016-06-16 21:23 mircea_popescu: Framedragger so some clients handle it correctly. this isn't much of an argument that it belongs there.
Framedragger: http://btcbase.org/log/2016-06-16#1483669 << it does, however, show that a coherent account "fakeness" (from the query by yourself ("what makes a subkey fake ?")) is possible.
asciilifeform: if the alternative weren't microshit, nobody would even conceive of buying such a thing.
asciilifeform: ben_vulpes: the crapple currently in business is a sad thing. i have a brand-new $3k box here, for instance, that periodically forgets it has wifi.
phf: i'm just so rarely exposed to agitprop that this was a fascinating experience. it's like watching men in suits get on all fours and earnestly eat shit from the floor.
mircea_popescu: next year they can give him a kardashian ass and he could launch a music album.
phf: you guys, i really enjoyed the main guy, because he was like a steve jobs zombie, down to a gaunt cancer look. he existed in this uncanny valley with all the manerisms and presentation ticks.
mircea_popescu: Framedragger so some clients handle it correctly. this isn't much of an argument that it belongs there.
mircea_popescu: trinque the apple you're thinking of got pancreatic cancer, they got a replacement from central casting.
Framedragger: (and also the tree of comments below, which are not properly visually formatted, in terms of identation)
a111: Logged on 2016-06-16 17:04 mircea_popescu: except in the case as seen of hpa's key, where they just attached a valid sig to an invalid key.
asciilifeform: boggles my mind that any of you bothered to watch
phf: "execu-super-mommy" i believe is that term she used, right before trying to get boomer audience to sing along to the sugarhill gang
trinque: somebody decided they needed to be more inclusive with their presenters, and they included a bunch of duds
asciilifeform: https://securelist.com/blog/research/75027/xdedic-the-shady-world-of-hacked-servers-for-sale << lulzy
asciilifeform: where in dar-al-islam is there this
mircea_popescu: incidentally this is an islamic mainstay afaik. punctually, fine example of why "civilised" us might well welcome the rule of the "barbarians". legal improvements.
mircea_popescu: either choice has a bunch of onlookers mocking her for choosing wrong.
mircea_popescu: it's outrageous. married woman that hurts sleeping husband should be given the option of burning at the state / boiling in oil.
phf: in the old tradition of samson and delilah
asciilifeform: often the jury nullifies
trinque: hang them both
mircea_popescu: i have nfi how someone who waits for you to go to sleep, pours gasoline and lights up could possibly escape the hanging. it is about as cowardly premeditated as it gets, no need to encourage this sort of behaviour.
mircea_popescu: and of course "the public" = the rest of the tatanyshas are worried she may get executed for this.
shinohai: mebbe the 3rd time of seen that with a different woman charged with said crime.
gribble: The operation succeeded.
asciilifeform: ;;later tell mod6 http://thebitcoin.foundation still contains a buncha #b-a links ?
BingoBoingo: <mircea_popescu> less money, shittier work. << Even if more money can't spend because blows cover, then die
mircea_popescu: asciilifeform you recall, they pasted the sig packet off the actual key to a random concoction, verbatim
BingoBoingo: <mircea_popescu> and here's a two stroke engine to get the day started in gear. http://67.media.tumblr.com/c4a6298582c76943b282e9b85b59de44/tumblr_nukg7cFcjI1tvvddjo1_500.gif << ty
mircea_popescu: the fact remains : unless i have your key from you, it's fake. no amount of holy water sprkinling on the key in question can alleviate this.
mircea_popescu: except in the case as seen of hpa's key, where they just attached a valid sig to an invalid key.
Framedragger: mircea_popescu: whether signature by $key to which the key in question is a sub of is valid?
mircea_popescu: "i took mercury and it brought the syphilis to a halt". mmmkay.
mircea_popescu: asciilifeform it's also not partucularly true, but it is what they would like, so.
mircea_popescu: "i don't personally know her, she's therefore not a woman but meat".
asciilifeform: 'brought to an immediate halt the country's European Union referendum campaign just a week before the vote.' << that was apparently easy.
asciilifeform: incidentally i devised a way to make the thing grow ~100x faster, but still not implemented.
asciilifeform: that gets gcd'd with the rest.
asciilifeform: Framedragger: concept of 'subkey' is waiting to be shot in the head incidentally.
Framedragger: btw i'd choose self-sigs over "trust sks keyservers not to include fake subkeys" any time of the year. obvs the point is to disassemble this false dichotomy. but short-term, self-sigs are not useless at all.
Framedragger: yeah i'm not certain how representative that figure is of whatever, honestly. with all metaphor removed, it literally is "the number of ipv4 hosts which respond to a TCP SYN to port 22 with TCP ACK [packet with ACK flag set]". i'm fairly confident that i haven't missed many hosts of this kind, but too should be replicated and tested.
gribble: The operation succeeded.
mircea_popescu: sometimes i suspect if you were my hammam master you'd steel mesh the freckles off the girls. possibly most of the smaller clits nad nipples too.
mircea_popescu: asciilifeform some dirt is not actually dirt in the usual sense, but part of the fabric of reality.
mircea_popescu: collisions there, also.
mircea_popescu: otherwise what, send everything in triplicate, like it's soviet union time ?
mircea_popescu: this seems ~the only true use of a hash function, "give me some bits to compare with his bits make sure the file made it"
mircea_popescu: what's the ew ?
asciilifeform: can sign ~the modulus whole~
mircea_popescu: it's one thing to have standardized mains. it's another to have standardized items that plug into them. no thx.
mircea_popescu: seems on the contrary, an epic point of decentralization
mircea_popescu: works for the user.
asciilifeform: at least assuming 1-bit flip (which so far has been the case)
mircea_popescu: sort of passive crc. not clear that a) if you want it you shouldn't have it purpose built and b) if it's "just there" it should be necessarily preserved.
asciilifeform: incidentally, because self-sig exists, i could turn these into their correct versions if i had to.
asciilifeform goes to the tank
phf: i've almost rewritten the irc bot. i'm not going to festival for couple of weeks, so it's going to get done
asciilifeform: btw both of the ones this morning were bitflips.
mircea_popescu: course, ending up with half the shit suspended because one guy's diesel modem croaked is also not such a good state of affairs.
mircea_popescu: worth a shot. in any case protectionism should be a concern, much rather support people with than items without a wot.
mircea_popescu: in general the way it's supposed to work is that it pms you ONCE IT SEES YOU TALK
mircea_popescu: yeah i;ve been thinking on the correct spec for it.
asciilifeform: looks like he put moar petrol in the 2-cycle modem or what.
asciilifeform was laughing in other terminal and forgot here.
mircea_popescu: hence the humour!
mircea_popescu: what's the 8ball at yet, 100mn ?
asciilifeform: this incidentally is why phuctor had been a depressing thing for me. the thing i set out to find, i never found (evidence of diddled rng on pgp users' boxes.)
asciilifeform: and we already know that they have large-factor collisions
asciilifeform: there is!
mircea_popescu: there's 10x to 100x more ssh-rsa than gpg-rsa. it's a moot point.
mircea_popescu: sigh. anyway. "selfsigs" are not particularly well thought out, not to the degree but in the same manner.
asciilifeform: (why not and also kitchen, everyone fresh off the boat always asks)
mircea_popescu: who ever thought of this omfg it gives me hives on the brain just thinking about it.
mircea_popescu: the only one thing a datastore never does is "drop"
mircea_popescu: the most basic, elementary, fundamental, first fucking function of any cache implementation is flush ffs.
mircea_popescu: i don't mean, in cs. i mean, at all. fucking baker's notions of the world.
mircea_popescu: the notion of joining at the hip a permanent store and a cache is so idiotic as to make me certain the guy had no sort of formal education
asciilifeform: understand, getting the balance of an addr is O(N) ~unless~ you've been watching it as the blocks splat in.
asciilifeform: the tx in wallet thing is monumentally annoying but afaik no one has invented a practical alternative to the O(N) 'how much coin do i have'
mircea_popescu: these belong somewhere else.)
mircea_popescu: (but in generally, no, it's as fucking stupid to have the sig cert in the sig as it's stupid to have the bitcoin transactions in the bitcoin wallet.
asciilifeform: if you're structuring the 'comment' field, before long you end up with rfc4880 et al if not careful.
mircea_popescu: well, work on your own time. but work the way we're going not orthogonally.
mircea_popescu: there is exactly ONE rsa format, for all time, past as well as future, and it goes like this : N, e, comment.
mircea_popescu: illustrate them by storing rsa in the rsa format and adding the illustration on the side
asciilifeform: phuctor is, among other things, specifically machine for illustrating the defects in gpg format
mircea_popescu: so then stop being jurov-y about burning it.
asciilifeform: did i ever say the pgp format shouldn't burn ?
mircea_popescu: let them all fucking burn.
asciilifeform: iirc mircea_popescu even ~read~ the thing.
asciilifeform: rfc4880 key is the fundamental object !
mircea_popescu: different packagings of THIS SAME OBJECT are not to be entertained. we control ther fucking horizontal, not "gpg" or "opensshit".
mircea_popescu: if you store as a csv, add more fields. if you store in any other format, a mechanical equivalent for "add more fields" exists. what is the problem ?
asciilifeform: mircea_popescu: does it not make sense to you that having two classes of object, whereas previously there was no need to distinguish classes, is at least 2x complexity ?
mircea_popescu: it is the height of ridiculous for you to tell me that "my program is so fucking stupid if it has to handle two items it can only pick one and pretend the other doesn't exist". you understand this ?
asciilifeform: where am i to get these ?
mircea_popescu: a nice then. so put it in.
asciilifeform: it will go ~slightly~ faster if i dump'em in, in bulk, but understand - i do not have the time presently to write any serious adjunct to phuctor
asciilifeform: they are stored as-found. so they can be shat back out and compared to extant key elsewhere etc.
asciilifeform: mircea_popescu: phuctor is, originally, ~specifically~ about pgp keys, ~verbatim~, as found in the wild forest. any other thing will have to be a new gadget.