mircea_popescu: poor hanno boeck & assorted shitbag parade, they don't even run systems with native bignum support, wtf are they gonna do now! 6723834688378347131962599764946917095897099 dun fit in javascript calculator mang, wat do!
a111: Logged on 2016-05-02 23:56 asciilifeform: incidentally, didn't the derp already have a 'we did ALL the keyz' post LAST may ?
mircea_popescu: as little as a link to .... o wait, check it out... hacker news beleeted the comment pointing out he was caught lying last year. loller. anyway. as much as a link to <a href=http://trilema.com/2015/more-factored-rsa-keys-and-assorted-other-considerations/#selection-413.0-419.38>Hanno Böck caught lying.</a> will do
mircea_popescu: anyway, on the off chance anyone still has a twitter account at this point, feel free to bash his head in over https://twitter.com/hanno/status/727047168037642240
mircea_popescu: he even has a gavinesque retarded face, also. what's with all these mongoloid cheeks everywhere in the dumbass "computing co-manatee" ?
mircea_popescu: http://btcbase.org/log/2016-05-02#1461535 << lmao apparently somebody hasn't fully digested the lessons of history.
hanbot: not surprisingly the top referer is trilema at ~~1000, followed by qntra at ~~600 and phuctor at ~~80. << wait, qntra's doing 60% of trilema's load *without* tits? very impressive.
BingoBoingo: And no, the good fiber in the midwest is in exurbs. Usually connects to nearest urban center and a further urban center because
BingoBoingo: Turned out box rented back then was crap still running node at home and not advertising, programable version string for reason
ascii_deadfiber: the one mentioned back when
ascii_deadfiber: then why BingoBoingo's node not 24/7 ?
BingoBoingo: Seriously, you get fiber in the middle west, that connects to hubs in different directions. We discovered redundancy 3 years ago and nao everything is grand.
ascii_deadfiber: zoolag dead until further notice.
BingoBoingo: And ascii_deadfiber thinks the middle west is horribru
ascii_deadfiber: snow, in motherfucking may.
ben_vulpes: "you mean i don't have to think about the db!?!?"
ben_vulpes: > allows programmers to work directly with objects as if they were in memory while in fact the object data is always stored persistently << stinks of ORM shit-dippery
ben_vulpes: were i not desperately trying to eke my own living out i would most likely be camping outside of the cognitect offices until they took pity upon me and let me sweep the floor.
phf: Don't worry you can hire them to consult :)
ben_vulpes: it is the classic "db that looks good but needs tender loving care from its authors to work well" software trap.
phf: Basically the game becomes "how does query translate into PostgreSQL so I can index all the things"
phf: Needless to say it's nowhere near there. Be prepared to grok both datomic and the underlying store.
ben_vulpes: (and also as previously discussed in logs, the scraps on my table are rarely of "web scale" magnitude)
ben_vulpes: phf: i would like to hear about what kinds of misery you've found in datomic. not to doubt! never to doubt the misery of technology. but out of curiosity, and limits-finding by proxy.
ben_vulpes: mostly, i find rocks of various sharpness and heaviness and use them to beat my local reality into shape.
ben_vulpes: i wish i had the historical perspective to even know.
asciilifeform: phf: the perennial question re shitware, no ?
phf: Datomic is piece of shit for non-trivial datasets. I don't understand how they could steal so much old lisp tech and still manage to fuck it up
ben_vulpes: whatever it is that returns the JSON that sends mircea_popescu scrambling and screaming for the "programmer's view"
trinque: tbh I'm willing to consider that if you wrote too many layers of joins and views, you chose the wrong data structure in the beginning
ben_vulpes: simple an EAVT data store with a single threaded writer. caches recent images of the db in peer memory (yes, 'immutable' db).
ben_vulpes: the answer to 'ever play with symbolics *' is always 'no', dude.
ben_vulpes: effectively a distributed prolog-alike db, to the extent that i can be trusted to call something 'prolog-alike'
ben_vulpes: you could be fielding questions from clients past about why you billed them nine hundred grand for misc. support over the month.
asciilifeform: but they are useless
asciilifeform: finally the ancient prophecy coming true, a genuine merger of software and conventional voodoo !
asciilifeform doing what he does every single fucking day of the week, applying to jobz, and notices a 'christ-based software products!'
asciilifeform: others - less so.
asciilifeform: theeeeeeeere we go
asciilifeform: (and where are his posts on any other subject ?)
asciilifeform: https://github.com/hannob/pgpmoduli << and he's got the obligatory 'we did it first, move along!' thing going. 7h ago.
asciilifeform: 'if it's a bug it's most likely in the keyservers. if you look at those keys they usually have a lot of bytes replaced by ff values'
gribble: The operation succeeded.
asciilifeform: gentlement please welcome the all-new 8ball.
deedbot: [Trilema] The mathematics of scamming - http://trilema.com/2016/the-mathematics-of-scamming/
mircea_popescu: o.O check out the tits!
phf: the-phuctoring is second top ref from trilema, losing out by a large margin to top ref ill-pay-for-your-tits
phf: (the last three values are totals)
phf: since today is a looking at stats day, btcbase is at modest 3500 hits right now, which has been the average since about april 6th, but note that the day is not over and system has been down for almost 8 hours. the number of hits brought by referer has spiked though to ~~500, and looking at graph roughly correlates to trilema posts. not surprisingly the top referer is trilema at ~~1000, followed by qntra at ~~600 and phuctor at ~~80.
asciilifeform: mircea_popescu: there is always the 1 reader in a million who says something applicable.
asciilifeform: farts in the wind.
asciilifeform: so... looks like the reddit thing is done, huh.
gribble: The operation succeeded.
asciilifeform: and the million kludges it needs to do basic things
asciilifeform: for folks trying to understand the format, it is worth a read
mircea_popescu: you're asking me who you talked to ? what am i, the omniphone ?
asciilifeform: i can't wait to listen to the tape of 'my' talk.
asciilifeform: was there really..?
fromphuctor___: will the submit page tell me my key is malformed if i made a mistake?
fromphuctor___: sounds like i'll be busy then!
fromphuctor___: thanks... would the phuctor checker work with non PGP keys, if i correctly converted an RSA key to the required format?
jurov: ssh-keyscan and the github trove are completely independent things (former scans for server keys, latter are users' keys)
asciilifeform: sorta lulzy, how much mileage one can get by taking all the shit these muppets claim to have done, and actually ~doing~ it
mircea_popescu: of course, others. "published".
asciilifeform: what the hell happened to the last time folks collected ssh pubkeys and bernsteined'em
mircea_popescu: iiuc jurov already has a more or less complete package of github keys, working to turn them into proper format.
fromphuctor__: you could collect many millions keys from SSH server using the ssh-keyscan utility included in OpenSSH
mircea_popescu: yeah ; a lot of eulora players also. seems to be the most accessible for "people in general"
steffen: which incidentally is also a software package vetted by the BSI (german ministry for informational security or something like that)
steffen: at least so far I can see that my key is not malformed. I'll certainly check that result page periodically in the future.
mircea_popescu: steffen the golden standard re such verifications in tmsr is V.
mircea_popescu: steffen we've been trying to get people with exposed keys to post the software they used.
steffen: I lack the skill to verify my software package
mircea_popescu: many rsa implementations, especially for the closed source walled gardens, are miserable indeed.
steffen: now my next question would be which software was used to generate the flawed keys and if those were software packages with malicious intent
asciilifeform: so that was where the ferret cannon was aimed.
steffen: being a german myself, yes, and that's where I thought pgp added a nice sense of privacy to interested parties no matter the government
mircea_popescu: but no, it's entirely out of the question any sort of natural event is at work here. usg.nsa been diddling not merely angela merkel's phone,
asciilifeform: (neutron background pretty much everywhere on planet3 is same, with the exception of fukkupppies)
asciilifeform: would be ++lulzy if we had the neutronograph
anotheryou: thanks for all the work :)
anotheryou: So my uninformed conclusion would be that something went especially wrong in germany or the pirates cryptoparties got a lot of people using pgp in the first place.
mircea_popescu: (the keys are not processed one at a time. this used to be the case, but not anymore. now, all done simultaneously)
mircea_popescu: nah, no selection. it's the whole sks dump
anotheryou: So many german pirate-party members on the list. How where the tested keys selected? I assume you had to start somewhere...
mircea_popescu: he has a point, too. can just be here for the feeds.
mircea_popescu: i kinda gave up autovoicing the default nick folken.
anotheryou: sorry, just ment to lurk :) don't mind me. Maybe most don't need the up.
mircea_popescu: quite the accomplishment yeah.
asciilifeform: jurov: i needed a way to uniquely identify ~keys~ rather than ~moduli~
asciilifeform: plox do not attempt to use for anything other than indexing on phuctor.
asciilifeform: jurov: it is a hash of the moduli
mircea_popescu: ie how he derives it from the keys ? nfi. i always assumed it's arbitrary index from db
deedbot: anotheryou voiced for 30 minutes.
mircea_popescu: $up anotheryou
mircea_popescu: anyway, yet another thing bitcoin corrupts irretrievably. "wtf this secret job has no public log ? a fie upon you!"
asciilifeform: (where i refuse to take holy orders, and they stop calling)
asciilifeform: phf: pretty much all of my conversations ended the same way
asciilifeform foiled in yet another escape attempt from butugychag.
asciilifeform: the one above is correct.
jurov: so even the 40char one is short?
asciilifeform: phf: not only this, but i strongly suspect that winblowz pgp eats them all...
jurov: then i noticed you use yet longer fingerprints
phf: so i did a simple exercise, since there were some claims that "none of the keys import", of grabbing phuctored data. the 223 moduli represent 156 keys, importing which results in 133 "no valid user IDs" and 23 successful imports listed here http://paste.lisp.org/display/315214
mircea_popescu: always nice to see kernel.org in there.
mircea_popescu: are they influencing and community-whatever-ing ?
mircea_popescu: i'll rate you and you'll beable to self voice in the future
cyco1: it'll take some time to find the key in my backups
asciilifeform: and this key appears to be one of them.
asciilifeform: it may be a spurious version, someone has been making them for years.
asciilifeform: cyco: and before getting alarmed, download the key and compare to yours
Apocalyptic: the important thing is k/2 prime enables to distinguish between the 2, a k/4 prime doesn't, as it would occur in both cases
asciilifeform: mircea_popescu: prime number theorm
Apocalyptic: yeah but why the 4 specifically ? for all you know you can have a k/3 prime as well
mircea_popescu: i don't recall right off how you calc the probability, but it is indeed tiny.
mircea_popescu: Apocalyptic p and q randomly generated can still produce a prime factor somewhere in there, perhaps as large as 1/4 of the length of the key.
mircea_popescu: as with all failing empires in history a) the better commentary happens among people who do not have the empire's language as native language ; b) the hassle of obtaining official seal of whatever exceeds the benefits.
Apocalyptic: mircea_popescu: why k/4 ? my argument was if the whole modulus is random, then we can expect a k/2-bit prime factor, if modulus is random p times random q, then we can't unless p or q is actually prime (assuming p and q same size), which is quite unlikely if truly random
mircea_popescu: one is that they pay fails to compensate the risks (trivially verified : find insurer who will indemnify you for any and all responsabilities in exchange of fraction of extra salary)
mircea_popescu: asciilifeform ftr, there are VERY MANY people refusing to top secret for very many good reasons.
asciilifeform: mircea_popescu: lel, yet another firm wasted hours of my time only to barf when told that i refuse to 'top secret'
asciilifeform: the 32-bit mirrored ones are a fairly transparent ploy
Apocalyptic: so far I also see the two categories
asciilifeform: and it stands to reason that they were born in separate places for distinct reasons.
Apocalyptic: including the 32-bit mirrored ones ?
asciilifeform: there appear to be at least two types of phucked moduli
asciilifeform: Apocalyptic: there are reasons why someone might generate wholly unusable modulus and post to sks.
Apocalyptic: asciilifeform: re earlier thread I was considering either random p and q then multiplied, or whole modulus is random. Obviously the latter could not occur since the software couldn't compute phi(N), hence doing anything usefull with it.
mircea_popescu: "i know how to make widgets. i also think the loch ness monster found the cvadrature of the ellipsis."
mircea_popescu: "pgp was broken ayear ago i recall defcon talk"... it's kinda shocking in the despairing sense of the term, exactly what sort of monster a specialised society creates.
mircea_popescu: lol reddit one behind the curve ?
asciilifeform: (of them, that is)
asciilifeform: though funnily enough i mentioned phuctor when i was hired there, as a 'litmus test'
asciilifeform: the journawhores dun seem to notice that one.
asciilifeform: i am still disappointed with the shitstack.
asciilifeform: it had to be reset correctly so the fix took.
asciilifeform: i prolly oughta have massaged it further, e.g., pages
mircea_popescu: the braindamage page is like 1mb
BingoBoingo: davout: If the weather's just right you can prolly pick up KMOX's 10,000 watts... maybe
BingoBoingo: <davout> for some reason this hoaxtoshi stuff seems very interesting to journos << Heartbleed and the bash vulnerability made radio
mircea_popescu: davout finally something about bitcoin with no maffs in it. they've been waiting patiently a long long time.
mircea_popescu: in other non-news, omfg all the famished camhos posing as online dommes. they are the masters of your wallet dontchakno.
BingoBoingo: <mircea_popescu> wtf, radio ? seriously ? << Yes in the generic CBS radio feed KMOX runs on the hour
mircea_popescu: asciilifeform i think a little bit of the whole spam strategy is at work. they WANT the smart folks to lose interest early.
asciilifeform: after the current wave of derp cools, i'll fiddle with it
mircea_popescu: also trivial. not like it doesn't have the juice.
mircea_popescu: asciilifeform more like, you know, run m-r on the cracked moduli
asciilifeform: Apocalyptic: so far very little is known for certain. but the presence of multiple tiny primes is heavily suggestive of random int.
Apocalyptic: asciilifeform: presence of small primes would happen either way, however if your modulus N has k bits and the biggest prime factor has k/2 bits, you could easily conclude that it wasn't generated the way mircea proposes
asciilifeform: Apocalyptic: the presence of small primes more or less clinches it
asciilifeform: my other hypothesis is that this was 'warmup' and current diddled pgptrons use somewhat more subtle magick
mircea_popescu: if you think about it : for any random number, the odds of being divisible by 3 are 1 in 3. and by 7, 1 in 7. and the sum of this converges etc.
asciilifeform: mircea_popescu: my conclusion 1y ago was that the enemy is pretty good at factoring wholly-random-int rsamods.
a111: Logged on 2016-05-02 13:28 mircea_popescu: almost all of these seem to be in some way connected to either winblows or crapple.
asciilifeform: http://btcbase.org/log/2016-05-02#1461051 << the ~100+ wholly shamatronic keys could've been made anywhere
a111: Logged on 2016-05-02 13:17 mircea_popescu: asciilifeform re guy on reddit : he seems to be having the exact same key ?
asciilifeform: http://btcbase.org/log/2016-05-02#1461046 << seems like the schmuck sat down on one of the helpfully prepared stakes - wrote 'apple' a bug report, which was duly read at ft meade on account of his using 'apple' key as appears on phuctor
mircea_popescu: see what's here, see what's there, live of www.tv
asciilifeform: srsly why these folk never speak.
mircea_popescu: phf i looked, everything seems to be there
phf: well, it did, but i have a backup always, so unless there's a complete breakdown, logs are retained. i need to add an autoreconnector, but as is usually the case with that sort of things, i'm limited on time
a111: Logged on 2016-05-02 04:40 asciilifeform: i will be disappointed if the new replacement for the phuctor story is not jp-toilet related.
mircea_popescu: http://btcbase.org/log/2016-05-02#1460660 << it turns out, it's yet another leah goodman story. kinda weaksauced.
mircea_popescu: phf did it lose most od the day's log ?
phf: so odd, connection is otherwise stable, i have ssh open to it, but bot simply pinging out
jurov: mkay, will analyze the pubkey
a111: Logged on 2016-05-02 13:11 mircea_popescu: asciilifeform ftr the .ru write-up is about 100x better than the anglo versions. wikipedia almost entirely to blame.
a111: Logged on 2016-05-02 14:24 jurov: if it requires self-signature, then testing ssh keys is out
mircea_popescu: maybe they should make special fatty hydrogen engine.
jurov: yea the py library i'm trying aptly reflects that
mircea_popescu: actually there is no script. which in itself is glaringly scandalous.
BingoBoingo: Right, It's being done the actual way as opposed to the query shithub for an existing script way.
a111: Logged on 2016-05-02 10:40 roxfan: i was hoping there's an easier way...
BingoBoingo: http://btcbase.org/log/2016-05-02#1460826 << Many people tried to find an easier softer way, but they could not. With all the earnestness at their command...
mircea_popescu: ah ssh keys aren't self-signed are they
jurov: if it requires self-signature, then testing ssh keys is out
mircea_popescu: http://blog.fefe.de/ << also pretty impressive. "proudly made without shit" line at the end ftw.
deedbot: [Recent Phuctorings.] Phuctored: 565455 divides RSA Moduli belonging to 'The Source <source@491362F1.info>; Lucian Solaris <LucianSolaris@gmail.com>; 7C492C5B491362F1 <491362F1@hackinfotech.org>; ' - http://phuctor.nosuchlabs.com/gpgkey/561245D928FF0843F5F346549A73B46C6836E3B2BE309DC7F6CCAFCF7F17795C
mircea_popescu: in other news of vague interest, i burned ~13GB on trilema today alone, of which at least half to be attributed to phuctor discussions (mostly not in english). it's been a while since any event actually visibly dented trilema stats. too lazy to check on phuctor, but i imagine it's headed into terrabytes, what with its endless single pages and whatnot.
mircea_popescu: apparently there's some sort of apple shenanigans at work here. you reclal, apple, the dedicated-to-privacy company that recently wouldn't do something or the other to some phone or somesuch, i forget.
mircea_popescu: asciilifeform re guy on reddit : he seems to be having the exact same key ?
mircea_popescu: bwhhahahaha these are epic. Лаврентий Августович Плюшкин, Герхард фон Пырохсповыдлом
gribble: The operation succeeded.
mircea_popescu: asciilifeform ftr the .ru write-up is about 100x better than the anglo versions. wikipedia almost entirely to blame.
a111: Logged on 2016-05-02 12:43 iceblox: Ok, according to the archives it should have been GnuPG-1.2.3
mircea_popescu: http://btcbase.org/log/2016-05-02#1461004 << the most useful thing would be an exact, verbatim copy of the software in question.
asciilifeform: https://www.reddit.com/r/programming/comments/4hcvvi/200_pgp_keys_and_counting_publicly_broken/d2paizt << l0l, poor fella actually stepped on one of the nsa mines
mircea_popescu: * asciilifeform takes off hat. << note that they were brewing it since two months ago, finally went live days after phuctor ; finally went on social media rampage hours after phuctor.
asciilifeform: iceblox: sks has the interesting 'feature' that it refuses to delete obsolete keys
iceblox: same, I only exported it from my machine instead of the one that was already on the website
iceblox: Interesting, my newly submitted pubkey has 3 fingerprints less, but the bad public exponents are still part of it
gribble: The operation succeeded.
iceblox: Ok, according to the archives it should have been GnuPG-1.2.3
iceblox: okay, I submitted my export for being checked... Let me try to find out what gpg version I used back then. At least it should be possible
gribble: The operation succeeded.
jurov: iceblox: try to export the pubkey from your local copy and add to phuctor
asciilifeform: best of all, if you can find a copy of the source.
asciilifeform: iceblox: if you are sure that the key is yours, actually yours, (there is a number of keys on sks maliciously corrupted in a way that they appear to have the legit fingerprint when viewed in certain pgp clients)
Valfor: Saw the contact mention this irc chan
punkman: danielpbarron: the redditards fail at reading, so thought the "worked example" in blogpost would be the secret signature presented to BBC et al
jurov: oops the ycombinator url is wrong, the excerpt is from https://twitter.com/petertoddbtc/status/727078284345917441
mircea_popescu: egorsmkv in fairness most merit goes to bernstein, with his work we do in 20 minutes what used to take ~10 years on the first estimation.
mircea_popescu: the specific sort of broken keys listed there (ie, with mirrored low 32bit modulus) is obviously an' very much designed just for this purpose.
mircea_popescu: the most effectual approach is to put a broken key of yours up on sks, and wait for alice to mistake it for yours.
piratsimon: anyhow, wont bother you any longer. ;) have a nice day. we got finally sunshine. bb
mircea_popescu: piratsimon you could ask that then, neh ? the pile of keys being worked on come from a dump of sks servers.
mircea_popescu: piratsimon you used a different key. http://phuctor.nosuchlabs.com/gpgkey/FC96CBFBF66B4E8996A0960C8B95EC5D1CD4B1A860719C7AEA00B3E06E41CE1B << these two are weak.
piratsimon: im just curious how long it does really take to break it. you know, theory is one thing, doin it another. :D
piratsimon: yes i do. but i bet you are right now deeper in the topic than me. ;)
piratsimon: so voilá there it is. :D
mircea_popescu: alrighty. in the meanwhile, you understand how rsa works ?
mircea_popescu: is there some sort of reward associated or just sportstmanship challenge ?
mircea_popescu: anyway. domain reg'd feb 16th, first post april 26th. teh boyz poured their sweat blood an' tears as the expression goes. too bad it won't work.
mircea_popescu: looks like it's done by the same "i fucking love science" ustard crew.
mircea_popescu: asciilifeform you'll have to add verbiage explaining to the goodfolk that rsa keys specifically and uniquely are at issue ; somehow it's not obvious dsa/ecc/elgamaletc dun work.
piratsimon: thats quite interesting. interested in testing it? im gonna encrypt something and you try to decrypt not knowing the phrase nor possessing the private key? ;)