dulapbot: Logged on 2021-07-03 13:14:52 asciilifeform: gold standard would obv. be rsa signatures. but these aint practical at line-rate on pc sadly.
asciilifeform: gotta have a means for actually suffixing e.g. bozo-1, bozo-2, when receiving l2+ hearsays.
asciilifeform: ... suppose, for instance, that the msg having ~lower min bounce~ is considered (in absence of immediate msgs from $speaker) to represent the troo branch of a fork.
asciilifeform: i.e. not clear that you'd want to process in-wot hearsay at all.
asciilifeform: orthogonally, asciilifeform still considering variant of this, but corrected -- the idea is, one ought not to process an in-wot hearsay if the speaker corresponds to a 'warm' peer. (you'll either defo get the immed. copy, eventually, or oughta prod him then getdata for it until you do)
thimbronion: asciilifeform: let's say the peer via which first hearsay message from alice goes offline. Now we receive a message from alice that breaks the chain. Alice is permaforked?
jonsykkel: msg, green records and relays to red and yellow. red autoresolves cuz considers blue(a) the genuine blue chain. yellow rejects cuz in-wot hearsay. is this correct understanding? wat happens next, how does anyone know theres a collision?
dulapbot: Logged on 2022-01-23 23:55:51 asciilifeform: thimbronion, jonsykkel , et al : had possibly interesting idea for auto-resolution of forks. record the first l1 peer via whom you received a hearsay bearing that speaker. the chain of the fork received via that peer is to be considered genuine.
jonsykkel: http://logs.nosuchlabs.com/log/asciilifeform/2022-01-23#1075817 << say u have following net: http://zzz.st/up/vFniopMQ/20220124_081722.png where square=pestron, color=handle, line=peering. noone has ever sent any msg, then blue(a) broadcasts a msg. yellow guy records msg and relays to red and green. red records msg. green rejects msg cuz in-wot hearsay (draft 4.3.1 step8). now blue(b) broadcasts
dulapbot: Logged on 2022-01-23 23:55:51 asciilifeform: thimbronion, jonsykkel , et al : had possibly interesting idea for auto-resolution of forks. record the first l1 peer via whom you received a hearsay bearing that speaker. the chain of the fork received via that peer is to be considered genuine.
asciilifeform: thimbronion, jonsykkel , et al : had possibly interesting idea for auto-resolution of forks. record the first l1 peer via whom you received a hearsay bearing that speaker. the chain of the fork received via that peer is to be considered genuine.
dulapbot: Logged on 2022-01-21 20:47:44 asciilifeform: given addr cast, all peers oughta be able to connect directly at all times. (hence wai asciilifeform removed 'in-wot hearsay' section; tho fughot to specify that station simply should not route a hearsay purporting to come from an in-wot handle...)
asciilifeform: given addr cast, all peers oughta be able to connect directly at all times. (hence wai asciilifeform removed 'in-wot hearsay' section; tho fughot to specify that station simply should not route a hearsay purporting to come from an in-wot handle...)
asciilifeform: ( also recall that forkage msgs only appear from hearsays )
asciilifeform: ( to rephrase above -- no hearsay packet should ever result in disk access )
asciilifeform: the chains become the operative mechanism , however, when yer getting l2+ hearsays with identical speaker
asciilifeform: i.e. if you get a hearsay where ' asciilifeform : i eat bugs ' but then a prod from asciilifeform where selfchain aint h('i eat bugs') you know the hearsay is on a bogofork
asciilifeform was only able to come up w/ 1 algo, the 1 given above, for enforcing this while still permitting hearsay.
asciilifeform: chains to begin with were asciilifeform's notion of how to give ~some~ measure of authenticity for l2+ hearsays
verisimilitude: I noticed bitbot and dulapbot have different views of the conversation codes.
verisimilitude: People argue octets representing characters are universal. Bits are more universal. As I've written, being universal isn't equivalent to being good for use.
dulapbot: Logged on 2022-01-18 16:28:13 verisimilitude: For these and other reasons, I've never been too interested in writing networked programs. The adversarial issues prevent them from being nice and crystalline to me.
asciilifeform: this is appropriate in some situations (vpatch), and not in others (the electrical equiv. of 'conversation on crowded train with stranger'), is all
verisimilitude: For these and other reasons, I've never been too interested in writing networked programs. The adversarial issues prevent them from being nice and crystalline to me.
asciilifeform: a e.g. chat where erry ln is rsa-signed (i.e. 'opposably') makes the stoolie's work over9000x easier, in this respect.
asciilifeform: let's outline the field basics, because apparently not universally known
asciilifeform: thimbronion: well, suppose pest were built on rsa.
d4: >I'm sorry, I've missed most of the conversation here. What is this about?
d4: asciilifeform: jonsykkel: PeterL: I'm sorry, I've missed most of the conversation here. What is this about? Nicknames length? What should be the minimum in your opinion?
asciilifeform: i.e. the automagick 'knocking out' of hearsays when immed. copy of msg is received is now simple logical consequence of the latter going straight into the longbuffer
dulapbot: (trilema) 2018-05-22 asciilifeform: the 'they hire somebody to make proper rsa card', it's a 'fried ice' hypothetical, tho. because the cc 'fraud' is a required element of maintaining the konsoomer 'purchasing' circulation the system needs in order to live.
asciilifeform: incl. clarifications of 'getdata', 'addrcast', and hearsay broadcast handling.
asciilifeform expects that after coupla bugfixes, the conversation will largely move to pestnet
dulapbot: Logged on 2022-01-09 20:29:25 verisimilitude: Oh say, I'd a persistent issue sending email, because Google burdens emails that pass through IPv6, and I couldn't figure out how to configure the email sender I used to prefer IPv4 universally. I solved the issue by figuring out how to disable IPv6 on the entire server.
verisimilitude: Oh say, I'd a persistent issue sending email, because Google burdens emails that pass through IPv6, and I couldn't figure out how to configure the email sender I used to prefer IPv4 universally. I solved the issue by figuring out how to disable IPv6 on the entire server.
verisimilitude: I've already envisioned examining the conversation as a data structure in Common Lisp, by INSPECT.
bitbot: (pest) 2021-12-01 billymg: i'm also wondering what to do in the logger with the hearsay annotations in the future. should log bots just peer with everyone in the net? should it just be stripped off, or maybe shown on hover? there's also the issue that [] are valid characters in IRC nicks
verisimilitude: I referred to the email conversations, adlai.
adlai: verisimilitude: the conversation didn't cease, it was "only resting"... I was even still connected to dulapnet, only parted from the channel.
verisimilitude: Also, hello adlai; I'd been wondering why our conversation abruptly stopped.
PeterL: thimbronion: bug report
scoopbot: New post on Thimbron: Blatta 9986: Rebroadcast simple hearsay, embargo simple hearsay, more...
dulapbot: Logged on 2021-11-28 20:06:31 scoopbot: New post on Thimbron: Blatta 9987: hearsay embargo
asciilifeform: so yea, per spec oughta embargo all hearsays
thimbronion: asciilifeform: currently indicates which peer (the first). I can change it to embargo simple hearsay messages as well.
asciilifeform: ( per spec tho oughta indicate via which peer(s) came the hearsay; 1 of the uses of the embargo buffer is to give an extended 'now' moment (given as in reality msgs cannot actually arrive simultaneously, on x86 not even if via multiple nics, given there's 1 bus..) to make this possible.
dulapbot: Logged on 2021-11-28 23:03:12 asciilifeform: the 'who gave copies' thing is there to deal with the case where e.g. thimbronion peers asciilifeform and bitbot , signpost peers asciilifeform and bitbot , asciilifeform not peered bitbot but gets a hearsay from same via thimbronion and signpost
thimbronion: http://logs.nosuchlabs.com/log/asciilifeform/2021-11-28#1068117 << as it stands blatta will just pass on the first message received as hearsay and drop any additional copies as dupes since there's no hope of receiving an immediate copy.
thimbronion: asciilifeform: yes simiple hearsay is not embargoed currently
asciilifeform: per spec oughta trigger on all hearsays if multiple peers relayed
asciilifeform: ( incidentally on asciilifeform's 1stpass reading of thimbronion's 9987 patch, currently the indicator only triggers if in-wot hearsay ? )
asciilifeform: imho useful to distinguish such case visually from plain hearsay
asciilifeform: the 'who gave copies' thing is there to deal with the case where e.g. thimbronion peers asciilifeform and bitbot , signpost peers asciilifeform and bitbot , asciilifeform not peered bitbot but gets a hearsay from same via thimbronion and signpost
asciilifeform: thimbronion et al : asciilifeform while rereading pest spec found a logical bug : in 4.2.3.3, station is asked to count distinct peers who sent duplicates of a hearsay msg ; but to simply count'em is flawed, as likely ~all~ the station's peers will send'em due to bounceback.
scoopbot: New post on Thimbron: Blatta 9987: hearsay embargo
asciilifeform: thimbronion: i suspect various extant irc clients will barf on 'too long' nicks which'll inevitably result from the hearsay format, for instance.
thimbronion: asciilifeform: Since commas are not valid characters in nicks, I propose separating source handles in hearsay messages with pipe: |
asciilifeform: http://logs.nosuchlabs.com/log/asciilifeform/2021-11-24#1067467 << only if there was buncha items direct-messaged or hearsayed only via ~that~ peer
dulapbot: Logged on 2021-11-24 17:06:08 jonsykkel: http://logs.nosuchlabs.com/log/asciilifeform/2021-11-24#1067407 << right, this is what i thouht at first, but then if pause peer you will still probably receive hearsay from said peer if someone else in net relays his messages
jonsykkel: (unless aforementioned hearsay messages get added to peers chain?)
jonsykkel: http://logs.nosuchlabs.com/log/asciilifeform/2021-11-24#1067407 << right, this is what i thouht at first, but then if pause peer you will still probably receive hearsay from said peer if someone else in net relays his messages
jonsykkel: in section 4.2.1 step 8 it says add to dedup baffer. but then later in 4.2.3.2.2: "...embargo interval elapses and the original packet is not received -- the hearsay packet will be processed (placed into the deduplication buffer..."
thimbronion: Meanwhile I've taken some steps to ensure messages are packed only once. Next up is hearsay message embargoing.
dulapbot: Logged on 2021-11-21 13:26:14 asciilifeform: jonsykkel: dunno if you were here for the ancient threads re p2p, but 1 key objective is to make protocol that can be readily hardwarized, i.e. can build box which eats packets from street at e.g. 1Gb/s in one hole, and passes only valid packets out of other hole (and vice versa)
asciilifeform: jonsykkel: dunno if you were here for the ancient threads re p2p, but 1 key objective is to make protocol that can be readily hardwarized, i.e. can build box which eats packets from street at e.g. 1Gb/s in one hole, and passes only valid packets out of other hole (and vice versa)
asciilifeform: thimbronion: imho the only proper fix for this is to actually have the embargo logic
bonechewer: of course there is a trade-off between time taken to encipher/decipher and transmit, vs. probability of the adversary reading your plaintext.
asciilifeform: bonechewer: normally when 'reddit lego designer' builds ciphermachines, there's no reason for adversary to 'plant' anyffin at all - it leaks entirely naturally in the carrierwave of the bluetooth, wifi, etc. liquishit these 'legos' inevitably include.
bonechewer: perhaps, but TEMPEST seems like a much more difficult class of attack for the adversary than simply (1) send magic packet to box running PGP (2) ask Intel management engine to squirt framebuffer to adversary HQ
dulapbot: Logged on 2021-07-26 15:16:11 bonechewer: http://logs.nosuchlabs.com/log/asciilifeform/2021-07-18#1046718 << upstack: I may be a tedious monomaniac, but I do think that easy availability of a build-it-yourself, un-own-able portable OTPtron would have civilisational impact, if only by crowding out USG's ability to sell ersatz versions
dulapbot: Logged on 2020-05-15 21:48:10 asciilifeform: Apocalyptic: this is universally the case in crypto. recall coventry.
asciilifeform: thimbronion: i wonder whether standard irc clients would eat a fwdslash in nicks. for hearsay indicator would be more compact than parens
asciilifeform: really 'gold standard' is for key to travel rsa'd.
asciilifeform: asciilifeform's proposed rekey algo, for reference : peer A takes 512bit sA from trng, sends sha512(sA) ('key offer') to peer B. the latter does same; sB; sends sha512(sB) to A. then A sends sA to B, who verifies that it hashes to the earlier hash; if yes, sends his 'key slice' similarly to A. new mutual key is sA ^ sB ^ the key they had the conversaion with.
verisimilitude: I mean the conversations, pages of books read, and other things besides merely the large events.
asciilifeform: it's a solution to same problem, such as is possible w/out dedicated rsa coprocessors
asciilifeform: cdd: i'ma assume yer labouring under a misconception, rather than delib. disingenuous. what does a voluntarily-genned pgp key 'by consenting adult' (which ftr need not contain any info re yer meatspace identity, simply rsa pub and a nick you like to be called by) have to do with masterkeyed ssl lulcerts issued by the reich ?
dulapbot: Logged on 2021-11-09 16:45:05 PeterL: perhaps tbf could have a multiperson bounty commity that could approve dispersals, including to asciilifeform?
PeterL: perhaps tbf could have a multiperson bounty commity that could approve dispersals, including to asciilifeform?
cdd: My thought is that if you wanted a currency, why not have Universal Basic Income based off a decentralized distribution. That way the tokens hold their value in distribution because you're not "printing more money" so to speak.
asciilifeform: thimbronion: i take it the current ver. of blatta doesn't mark hearsay?
asciilifeform: 'the adversary has the ability to participate in the Loopix system as a compromised user, who may deviate from the protocol. We assume that the adversary can control a limited number of such users—excluding Sybil attacks [21] from the Loopix threat model—since we assume that honest providers are able to ensure that at least a large fraction of their users base are genuine users faithfully following all Loopix proto
vex: she will interruput a conversation to meet you. go with her
dulapbot: Logged on 2021-10-04 17:45:02 verisimilitude: I want to design a Pest implementation which stores all messages in a log; how am I to store the hearsay information; it seems this information is only revealed in the hypothetical IRC gateway; there shouldn't be information generated which can't later be regenerated.
asciilifeform: 'I have a waiting-room, which you will notice also has to serve as my library, a dining-room, and my study - that makes three. Consulting-room - four, operating theatre -five. My bedroom - six, and the servant's room makes seven. It's not really enough. But that's not the point. My apartment is exempt, and our conversation is therefore at an end. May I go and have supper?'
asciilifeform: http://logs.nosuchlabs.com/log/asciilifeform/2021-10-04#1060717 << lessee if asciilifeform can make this clear. for final solution to the ddos problem, it is necessary for ~all~ possible parts to run ~always~ in worst-case time. a la ffa. this is the only way to rule out adversarial 'surprises'. and makes for 'fits-in-head' mechanical simplicity.
verisimilitude: I want to have the entire conversation as a proper data structure which can be examined.
verisimilitude: I want to design a Pest implementation which stores all messages in a log; how am I to store the hearsay information; it seems this information is only revealed in the hypothetical IRC gateway; there shouldn't be information generated which can't later be regenerated.
signpost: where early heidegger is an investigation into mind as a static universal, late heidegger acknowledges that it's a "strange loop" into which w/e may be declared.
verisimilitude: This conversation has reminded me of those whom I despise, and who live long lives in this awful world.
dulapbot: Logged on 2021-09-27 15:43:11 asciilifeform: bonechewer: 1 of these co's actually wrote to asciilifeform last yr, asked whether he'd agree to help design. but when asciilifeform discovered that they want asciilifeform to ~contribute money~ also, the conversation ended, there was nuffin to talk about, lol, after that
punkman: hearsay handling all there, not sure if it works though
asciilifeform: hearsay handling i expect will be ~50% of the moving parts in practice
dulapbot: Logged on 2021-09-27 15:14:45 punkman: some ircv3 clients could also support putting hearsay/speaker/selfchain metadata in message-tags instead of message, and customize display to operator's liking https://ircv3.net/specs/extensions/message-tags
asciilifeform: bonechewer: 1 of these co's actually wrote to asciilifeform last yr, asked whether he'd agree to help design. but when asciilifeform discovered that they want asciilifeform to ~contribute money~ also, the conversation ended, there was nuffin to talk about, lol, after that
punkman: some ircv3 clients could also support putting hearsay/speaker/selfchain metadata in message-tags instead of message, and customize display to operator's liking https://ircv3.net/specs/extensions/message-tags
gregory5: the logged conversations of 2021-09-22 and 2021-09-26 were especially informative.
dulapbot: Logged on 2021-09-24 23:59:51 verisimilitude: On that note, I found stream ciphers very similar to hash checksum functions in many ways; my naive description would be the former are akin to reversible forms of the latter, or vice-versa.
verisimilitude: On that note, I found stream ciphers very similar to hash checksum functions in many ways; my naive description would be the former are akin to reversible forms of the latter, or vice-versa.
asciilifeform: (in out-of-wot hearsay, concretely)
asciilifeform: punkman: this is a good point actually, i haven't specified proper handling of chains in hearsay case
punkman: so must track selfchain for off-wot hearsay guests
asciilifeform: in current draft, hearsay dupes are mandatorily counted and the count is displayed.
punkman: yes got confused looking at my code, although if we stop at 4.2.1 "7. The deduplication queue..." we don't get to the part where we count hearsay copies
punkman: PeterL: yes maxbounces=1 stops my Station from rebroadcasting anything that is not immediate msg. Must also not allow hearsay messages with bounces=0 of course.
PeterL: and 2) the messages will all appear as hearsay of the form $any_user($bad_peer):message , which will make it pretty obvious who is misbehaving
dulapbot: Logged on 2020-01-20 20:03:12 asciilifeform: mike_c: the 'holy grail' still would be an iron which can 4096bit rsa 'at line rate' (1G/s) , but this is as i understand impossible w/out baking silicon.
asciilifeform: http://logs.nosuchlabs.com/log/asciilifeform/2021-09-20#1058849 << there's 'over 9000' of these atrocities. btw the target audience (aside from other academitards) is actually payware broadcasters ('sirius' et al) , the nominal adversary is a decerebrated konsoomer, not nsa
asciilifeform: the 'biba' thing is particularly egregious wtf -- not only is nearly as expensive as 4096bit rsa to sign, but leaks key bits like a sieve and requires constant resupply (somehow!) of the ~10kByte~ (!) pubkey
asciilifeform: apeloyee: btw i considered to have a default rate limit for simple hearsay messages.
asciilifeform: apeloyee: imho the sandwich/onion approach isn't helpful, because does not somehow solve the problem of 'not having rsa' in the general case -- you cannot communicate authenticably with your l3, only with l1/l2
asciilifeform: ( meanwhile, since perhaps it aint obvious, asciilifeform will explicitly remind readers : pest is arguably an atrocity, in that the Final Solution to the problem it intends to solve, is constant-time-rsa-at-line-rate. and nothing else. but this'd cost 1e9$+ to produce the required iron, and then somehow to get it to erryone who wants to play! so asciilifeform posed the question -- what subset of the desired functional
asciilifeform: apeloyee: it isn't that i can't picture a situation where a simple proxy (eats packets from $ip1, forwards to $ip2, and vice-versa) is useful; but i don't see why to make it part of pest, complicating the protocol and creating multiple types of peering
dulapbot: Logged on 2021-09-12 13:28:57 asciilifeform: punkman: the whole protocol is one big 'weird contortion' around the fact that we can't do rsa at line rate but 'want to play anyway because fuckerryone'
dulapbot: Logged on 2021-09-16 06:23:40 punkman: flow of messages that can be comfortably read as chat, is much lower than packet rate, I assume RSA (or maybe hash-based signature scheme) can keep up with that
asciilifeform: apeloyee: i get the intent (same as punkman's rsa idea more or less) but again the fits-in-head constant-time code does not exist.
asciilifeform: similar problem to rsa.
apeloyee: where's RSAcoin?
apeloyee: Transmitting an RSA signature in addition to MAC, as discussed a few days before? We have established that to big traffic goes through relays, so the assumption that you can RSA-verify everying your peers transmitted to you is quite reasonable
asciilifeform: ( ^ proposed 0xFD algo for in-wot hearsay marking )
asciilifeform: if he's your peer, you have a direct connection definitionally. and vice-versa.
dulapbot: Logged on 2021-09-16 06:23:40 punkman: flow of messages that can be comfortably read as chat, is much lower than packet rate, I assume RSA (or maybe hash-based signature scheme) can keep up with that
asciilifeform: let's have the complexity and slowness of rsa, PLUS the all-to-all symmetric key exchange chore ???
dulapbot: Logged on 2021-09-16 06:09:10 punkman: asciilifeform: so I get why packet fragmentation strictly unwanted, and we can't do RSA at line rate. But what if we put, say 1kb, signature *in* message.text, now we have message.text fragmentation, which doesn't create the hole that fragged packets do..
punkman: flow of messages that can be comfortably read as chat, is much lower than packet rate, I assume RSA (or maybe hash-based signature scheme) can keep up with that
punkman: asciilifeform: so I get why packet fragmentation strictly unwanted, and we can't do RSA at line rate. But what if we put, say 1kb, signature *in* message.text, now we have message.text fragmentation, which doesn't create the hole that fragged packets do..
asciilifeform: bomolochus: very much a work in progress; rekey section not written yet; the hearsay mechanism from yest. -- ditto
asciilifeform: anyways i utterly , thoroughly fail to grasp the point of this horror show, when one can simply print the # of peers who duped-with-bounces==1 a given hearsay. as detailed yest.
dulapbot: Logged on 2021-09-13 14:36:02 punkman: if we forget about packet size limitation, I suppose message could contain N encrypted copies, one for each peer, and hearsay broadcast now has meaningful sig for recipient, even if not received directly
asciilifeform: 4) if this number is 3 or less, the message is displayed in the format e.g. ' asciilifeform(cgra,signpost,punkman): .... ' where the handles in the parens are the peers who sent in the bounces==1 hearsay copies of the msg
dulapbot: Logged on 2021-09-13 16:38:33 asciilifeform: in fact already specified this in 4.1.2.2.2. In-WOT Hearsay. simply, now also count the # of peers from whom got bounce<=1 dupes of a given msg.
asciilifeform: 2) ~every~ hearsay message (rather than strictly in-wot hearsay) is embargoed for a configurable interval.
dulapbot: Logged on 2021-09-13 16:28:23 asciilifeform: per this lemma, you now have a useful number associated with any hearsay message : the # of peers from whom a dupe of said message , having bounce <= 1, was NOT received.
asciilifeform: 1moar refinement to the scheme -- only count as bogowitnesses (peers who did NOT bring a dupe of the hearsay msg) such peers as, within last 15m, have sent in ~anything~ (let's define'em as 'online'.)
asciilifeform: could even reject in-wot hearsay with bogosity over $threshold entirely.
asciilifeform: in fact already specified this in 4.1.2.2.2. In-WOT Hearsay. simply, now also count the # of peers from whom got bounce<=1 dupes of a given msg.
asciilifeform: per this lemma, you now have a useful number associated with any hearsay message : the # of peers from whom a dupe of said message , having bounce <= 1, was NOT received.
asciilifeform: a hearsay message is received; and there may be a certain number of duplicates of it received, in a defined time window (refer as Td.) normally we simply throw'em away and forget about'em. but suppose they get ~counted~
dulapbot: Logged on 2021-09-13 15:51:11 asciilifeform: it is exceedingly unlikely that e.g. asciilifeform will have to carry out a broadcast by hearsaying through ONE thin path into the net.
cgra: asciilifeform: "all my buddies say asciilifeform said so" vs "cgra said nebuchadnezzar said asciilifeform said otherwise", kinda fits the 'hearsay' term
asciilifeform: it is exceedingly unlikely that e.g. asciilifeform will have to carry out a broadcast by hearsaying through ONE thin path into the net.
asciilifeform: i.e. without authenticable (in any sense) hearsay, we have a star topology again. where the only packets that can have any meaning are such that are sent between direct peers.
punkman: SG tells me that one from group signed the hearsay, but I already know this, peer signed and peer is from group
asciilifeform: ... K gets an additional 256bit component, G; and msgs get an additional 256b field, SG. G is shared with all peers; SG is HMAC signature using G. all of your peers can now authenticate (or impersonate) your hearsay.
punkman: "unbroken chain of 'i'm the one who wrote X' going all the way back to the 1st message" << is this a solution? I send message on Friday, then go fishing for weekend. anyone else can start growing this "unbroken chain" with hearsay messages
punkman: it seems to me that any solution that is not "find way to live with hearsay", will amount to pubkeycryptosystem
punkman: if we forget about packet size limitation, I suppose message could contain N encrypted copies, one for each peer, and hearsay broadcast now has meaningful sig for recipient, even if not received directly
asciilifeform: via hearsay.
punkman: but we've already established "if peer sends shit hearsay messages, unpeer/gag/whatever"
punkman: we can only verify msg from direct peer, there is no magic way to verify hearsay for free
asciilifeform: ( a spec-compliant noad will not permit two+ direct peers having colliding canonical (i.e. recorded in WOT) handles. but is powerless to prevent the use of whatever handles, incl. colliding, in hearsay msgs )
asciilifeform: if anyone can think of a 'have the cake and eat it' solution (aside from the unavailable, at line rate, constant-time rsa) i'm all ears.
asciilifeform: punkman: without reasonably-stable connection, you will not reliably track unbroken selfchains. and so will have exactly 0 ability to distinguish genuine from fraudulent hearsay msgs.
asciilifeform: (this in re: hearsay -- messages directly received from a peer, with his handle in'em, are prima facie authentic)
asciilifeform: the case where selfchain is important, is the 'hearsay' case.
dulapbot: Logged on 2021-09-11 11:52:56 asciilifeform: and, relatedly: if we have ACKs, then possibly oughta reject in-wot hearsay pertaining to a 'live' peer, categorically ? (how then define 'live' ? when to accept in-wot hearsay again ?)
asciilifeform: upstack -- forgot to mention -- there's the problem of in-wot-hearsay. 99.999% of it will be completely useless 100% of the time ;
asciilifeform: punkman: the whole protocol is one big 'weird contortion' around the fact that we can't do rsa at line rate but 'want to play anyway because fuckerryone'
signpost: with a direct peer, it seems I should be able, just like in a phone conversation that temporarily loses connection, "hey buddy, I lost ya for a moment. what did you say?"
signpost: not distinguishable from them choosing to address different parts of the conversation, and it's unclear if a distinction is needed.
signpost: were the netchain used in UI you'd notice that suddenly folks that were agreeing on netchain suddenly forking off into chunks of the conversation
asciilifeform: i.e. unpeering w/out gagging will still have you picking up same thing as hearsay if even one peer still peers with $victim
asciilifeform: http://logs.nosuchlabs.com/log/asciilifeform/2021-09-12#1057666 << great question -- (UN)PAUSE is for a peer; (UN)GAG is for any message in general incl. hearsay. currently they're uncoupled, but possibly some kinda coupling is justified
asciilifeform: signpost: difficult to include opposable-anything directly in the protocol w/out bringing in rsa
asciilifeform: and, relatedly: if we have ACKs, then possibly oughta reject in-wot hearsay pertaining to a 'live' peer, categorically ? (how then define 'live' ? when to accept in-wot hearsay again ?)
asciilifeform: otherwise no way for'em to connect except via hearsay
asciilifeform: we had the thread (re earlier conceptions w/ rsaism ) , i simply dun have the link handy.
thimbronion: signpost: the way I see it, spooks are a major influence on platforms because there's no WoT - anyone can participate in the conversation. With a WoT, you have to know someone to even join the conversation. This forces spooks to put more effort into their influence ops.
thimbronion: asciilifeform: I think this is implicit in your write up, but it might be helpful to include for the "thick": The fact that you have to be in the WoT to use it, which is a major attack on spooks attempting to "influence" the conversation.
asciilifeform: cgra: after this, examples of usage (generation of rsa keys; cramer-shoup; various practical examples)
asciilifeform: in any other case they will show up as a 'hearsay'.
asciilifeform: signpost: the 'final' solution asciilifeform is partial to, is (unsurprisingly) a universal vtree + minimal bootstrap compiler. from this, press whatever one needs on given time/place.
asciilifeform: noades oughta be rsapeered.
dulapbot: Logged on 2021-09-01 16:24:16 asciilifeform: signpost: think about it tho. what's the use of ada fixedtime rsa planted in the middle of 100GB of js liquishit. rather like inverse of proverbial 'submarine screen door'.
asciilifeform: signpost: think about it tho. what's the use of ada fixedtime rsa planted in the middle of 100GB of js liquishit. rather like inverse of proverbial 'submarine screen door'.
asciilifeform: ^ notbad for ersatz.
asciilifeform: signpost: hey i'm sure somebody wants. y'know, just like prolly some folx do want a provably-correct fixed-time rsa. simply, people want for phree (or damn near) naturally.
asciilifeform: (plus reasonably well-gardened lan, so x can only see y and vice-versa if they have biznis doing so)
asciilifeform: punkman: the Official presumption that savings dun exist (and so you couldn't possibly have lived on'em) is perhaps recent but moar or less universal and not even baseless
asciilifeform: (not even a hypothetical 'pill for rsa' kept at ft meade underneath pillow of lizard hitler's throne, perhaps)
adlai: please state your purpose, question, and expected timeframe for the conversation) /away
adlai hopes that this conversation does not count as negotiation, nor "concerning the details of a payment"
asciilifeform: whaack: tried on my end, got 'gpg: Signature made Tue 17 Aug 2021 02:12:09 PM EDT using RSA key ID 01ABFFC7'
dulapbot: Logged on 2021-08-16 18:34:50 billymg: demonstrates that an indigenous people can defend themselves against a much more technically advanced and well funded adversary
billymg: demonstrates that an indigenous people can defend themselves against a much more technically advanced and well funded adversary
verisimilitude: RSA stops working if factoring primes becomes easy.
adlai: fwiw, the official jewish approach is funeral ~within~ 24h, wake lasting max six days, revisit grave one month after burial, and observances at yearly anniversaries hence.
asciilifeform: mats: i'm not aware of a universally-shared portrait of 'bitcoinization'
asciilifeform: pretense to the contrary is politically expedient, yes, and nearly universal in the Official lugenpress and 'security' racket. changes nothing.
punkman: http://logs.nosuchlabs.com/log/asciilifeform/2021-08-08#1051089 << a tough place to be. sometimes I end up in this "current science is shit" conversation, especially after a few drinks. I don't think I've convinced anyoned, but I can see some people getting scared if I manage a few good points
adlai: asciilifeform: probably, once I actually have such a conversation with a surgeon!
adlai: good word, vex ; the idiomatic preimage from the conversation, whence I took that idea, does not equal "zealotously sober"
adlai spent several years of his life practicing almost rabid smoking-atheism, so had quite a few of these conversations with active smokers
dulapbot: Logged on 2021-08-08 15:50:45 adlai: is not having this conversation now, although thank you for the invitation
adlai: followed by dead silence, and "what's a straightedge?" from the guy who never talked to anyone unless there were both drugs and money in the conversation
adlai is not having this conversation now, although thank you for the invitation
asciilifeform: 'Nor do the Federal Rules of Evidence apply to extradition proceedings.... Hearsay evidence is admissible at an extradition hearing, and “[a]certification of extradition may be and usually is based entirely on the authenticated documentary evidence and information provided by the requesting government.”... unsworn statements may be sufficient to justify extradition)... Nothing more is
asciilifeform: depending on what the victim is doing with his broken rng, different approach (e.g. if rsa or ecdsa -- solve lattice)
dulapbot: Logged on 2021-07-30 08:25:03 adlai: as for the old entropy question: working almost entirely off my readings of the past conversations on this, I'm surprised ~any~ peripheral built as an input device, in this case optical, is considered a good entropy source
adlai: as for the old entropy question: working almost entirely off my readings of the past conversations on this, I'm surprised ~any~ peripheral built as an input device, in this case optical, is considered a good entropy source
asciilifeform: raw_avocado: i aint trolling. rng is a safety-critical component if you're a rsa or bitcoin user. if you had to jump with a parachute tomorrow, would you ask randos on a forum how to sew one ?
asciilifeform: to disarm it needs, near as i was able to tell (with substantial effort to look for bugs) -- their rsa privkey.
bonechewer: I suppose that a booby-trapped QR box specifically designed with perfect knowledge of the OTPtron's innards could snoop emanations from the data bus and broadcast them over a secret superminiature wifi chip, but for that to be a realistic threat the adversary would need to steal the QR box from mailbox, replace it with boobytrapped version. This is not the threat model the device under
bonechewer: Yep. So? I have already stipulated that if the adversary owns a nearby device, he might be able to snoop plaintext from the RF emantations of the screen.
dulapbot: (trilema) 2016-08-02 asciilifeform: one of these bargains is that you cannot build a career as a university academic with 'use rsa, kthx, bye'
asciilifeform: ( recall, while on subj, how 'pro cryptographers' are all about use ANYTHING BUT RSA!1111 , for similar reason )
bonechewer: I agree with the latter, but if the adversary has no way to get his code onto the OTPtron, then he can't run timing attacks, differential power analysis, and the like
bonechewer: mats: fun piece but a QR code hacked by the adversary will fail asciilifeform's hash-against-the-pad test and will be rejected by OTPtron
bonechewer: sure, I would call that a TEMPEST attack: OTPtron screen displays message, phone listens to RF emanations and transmits to adversary. No?
bonechewer: asciilifeform: do I understand correctly that the threat model is: the adversary pwns your phone and uses it to mount a TEMPEST attack against the nearby OTPtron?
bonechewer: punkman: but if the adversary owns your phone, can he not then snoop your keystrokes right from your wireless mini-keyboard? And once you start sending OTPgrams around, the adversary is going to very much want to pwn your phone
bonechewer: http://logs.nosuchlabs.com/log/asciilifeform/2021-07-18#1046718 << upstack: I may be a tedious monomaniac, but I do think that easy availability of a build-it-yourself, un-own-able portable OTPtron would have civilisational impact, if only by crowding out USG's ability to sell ersatz versions
bonechewer: ifeform/2021-07-07#1043951][ersatz versions]
asciilifeform: (or, vice-versa)
raw_avocado: dpb: i remember reading this on your blog ;) http://danielpbarron.com/2018/a-conversation-between-darwin-fish-and-mircea-popescu/
raw_avocado: You are very right, but for this conversation the volume of code outputed is relevant, not by whom was made
bingoboingo: thimbronion: Maybe? Had a conversation of this sort with a stranger in Indiana over cam last night. He resented his family for the drugs, I resented mine for the beatings.
mats: remember the conversations about snipers / ieds goal to maim than kill
dulapbot: (trilema) 2017-07-26 phf: relatedly to the other conversation, though i grew up on the same yarns as asciilifeform, i start to think that usenet was the original reddit, just the guys were smarter, perhaps even grownups. i posted on reddit at some point, and i want to believe that my comments were carefully constructed and detailed, but there were many reasons that we
mats: https://www.wired.com/story/the-full-story-of-the-stunning-rsa-hack-can-finally-be-told phished w/ a flash 0day and mimikatz to pivot l0l
asciilifeform: asciilifeform's current proposed answer to this is to buffer all hearsays for e.g. 1sec.
asciilifeform: what i was speaking of upstack, is the oddball case where N 'hearsay' copies of item come ~before~ the original.
asciilifeform: except for irc front end, if 'hearsay' then handle in parens.
asciilifeform: had come -- the message M in such a packet is termed "hearsay".'
signpost: the hearsay item differs how?
asciilifeform: signpost: the tricky bit in protocol so far (on asciilifeform's chalkboard) is how to prevent station from relaying to irc console a packet as 'hearsay' that you 0,1sec later get the ~original~ version of, from vagaries of the net
signpost: nature also gives no fixed universal ordering of messages
dulapbot: Logged on 2021-07-09 16:26:41 mats: ive had this fscking conversation like five times, 'why dont you buy house? mortgage is better than rent! cant sit on btc forever...' etc
mats: ive had this fscking conversation like five times, 'why dont you buy house? mortgage is better than rent! cant sit on btc forever...' etc
asciilifeform still surprised that no one (afaik, again) built 'cable box' miners. wouldn't even have to be surreptitious -- simply have it eat rsa-signed broadcasts, and shit out result in such a way that only vendor can make use (will omit the maffs, but not difficult) -- buyer of box feeds it mains current at own expense, and payment
bonechewer: Maybe I am overconfident, but I fail to see how the adversary could compromise a device using a Xilinx FPGA as long as its designer did not use the Xilinx proprietary tools nor on-chip blobs
thestringpuller: asciilifeform: oh before i forget. is it possible to lease fg as part of hosting service? didn't see it on: http://www.loper-os.org/?p=3557; i know i could co locate mine but given previous conversations want to use this one locally.
bonechewer: good night, asciilifeform! thank you for the enjoyable conversation.
bonechewer: but it was spoofed by the adversary, and you overwrote it in sram, now you lost that part of key and can't read legit traffic using it
bonechewer: So for wide adoption of BTC payments by those without the time to become specialists, it would be desirable to have a device that makes it easier for people to create and send bitcoin transactions without sacrificing the high level of security needed in the face of a nation-state adversary. Whether this "coldcartwallet" qualifies as such, of course I don't know.
punkman: http://logs.nosuchlabs.com/log/asciilifeform/2021-07-05#1042907 << Retroshare has been around for 15 years, that's kinda respectable compared to all the other derps. And only used RSA+SSL, which made sense in 2006.
dulapbot: Logged on 2021-07-05 10:42:44 asciilifeform: punkman: at the same time, observe that we are able to have a conversation without even any kind of authenticity guarantees at all currently.
asciilifeform: punkman: at the same time, observe that we are able to have a conversation without even any kind of authenticity guarantees at all currently.
asciilifeform: no rly i have nfi what. i don't think there is a universal answer to this q.
verisimilitude: Oh, RSA was once a fairy tale as well, don't give me that.
asciilifeform: as for 'bandage' -- if linespeed constant-time rsa were available, whole thing would be trivial.
dulapbot: Logged on 2021-07-04 16:10:52 asciilifeform: it is possible to construct a scenario where this is not the case on account of packets arriving out-of-order. but there is no clean universal pill against this.