Hide Idle (>14 d.) Chans


← 2021-07-25 | 2021-07-27 →
mats: wonder if its in the pool software
mats: to elaborate a little, there's too many participants to do everything behind closed doors, cooperation against segwit spends is probably done out in the open
punkman: https://twitter.com/ercwl/status/1419580582640721921 "You are now a 20x leverage degen longing the corn when the bankruptcy trustee of the first exchange you previously traded at liquidates you back 3 years in time when selling the remainder of the coins he owes you to pay their fiat-denominated debt to you"
punkman: speaking of liquidations, almost 1b of btc liquidations in last 24h https://www.bybt.com/LiquidationData
punkman: https://twitter.com/ercwl/status/1416643298148691969 oh you see Saylor is the noob, not the guy that got goxxed half a dozen times
mats: whenever i think of saylor i remember saifedean and wonder how much content he sourced for his book from the #b-a log
mats: apparently pete d got a credit which is riotous
punkman: I lol every time I see saifedean cited
punkman: or the turd meister guy
punkman: I think he's also popular in some circles
punkman: also hilarious is how many people think McCaffee mattered at any point since the 90s
punkman: https://www.bybt.com/Grayscale does Grayscale actually hold 650k BTC?
mats: i met a guy in a cafe in LA who told me a story about brock pierce offering him fifty stacks to launder money after guy told him he was a weed grower trying to get a license and go legit
mats: huh, he was a tether cofounder, didnt know that
shinohai: $vwap
busybot: The 24-Hour VWAP for BTC is $ 38203.56 USD
billymg: http://logs.nosuchlabs.com/log/asciilifeform/2021-07-25#1048568 << whaack, lemme know if you need a raw dump of known nodes by any criteria
dulapbot: Logged on 2021-07-25 20:45:21 asciilifeform: whaack: it is theoretically possible that a would-be cooperative miner exists, but the tx aint getting to him. possib. would make sense to autospam it to erry noad turned up by billymg's scanner.
punkman: went down the "HIV isn't real" rabbit hole a few years ago, those folks also obsessed with "HIV has never been isolated"
shinohai: http://logs.nosuchlabs.com/log/asciilifeform/2021-07-26#1048605 <<< Might not hurt to post these txn's to things like https://bitaccelerate.com/ too just to get 'em seen by moar nodes.
dulapbot: Logged on 2021-07-26 11:05:42 billymg: http://logs.nosuchlabs.com/log/asciilifeform/2021-07-25#1048568 << whaack, lemme know if you need a raw dump of known nodes by any criteria
asciilifeform: http://logs.nosuchlabs.com/log/asciilifeform/2021-07-26#1048589 << simplest explanation is that miners are using straight prb
dulapbot: Logged on 2021-07-26 03:28:51 mats: wonder if its in the pool software
punkman: was looking for alt implementations recently, or any mentions of proprietary nodes used by pools, only found these: https://github.com/block-core/blockcore (.net) https://github.com/bcoin-org/bcoin (js)
punkman: and of course the Go-based btcd which is probably the oldest
punkman: I got the impression most pools are using prb
punkman: oh and Taaki's libbitcoin, they even have foundation https://libbitcoininstitute.org/
dulapbot: Logged on 2021-07-26 11:13:40 punkman: went down the "HIV isn't real" rabbit hole a few years ago, those folks also obsessed with "HIV has never been isolated"
dulapbot: (trilema) 2016-11-22 asciilifeform: the photos of 'victim kidz' added to the mix is same gambit as when the 'martians did it' folx were turned loose upon '9/11 truth'.
dulapbot: (trilema) 2015-09-07 ascii_field: discussion of 'fed troops coming' is permitted strictly in the latter; and strictly in conjunction with discussions of martians coming, and shooting mind control rays
asciilifeform: http://logs.nosuchlabs.com/log/asciilifeform/2021-07-26#1048609 << i'd be surprised if it didn't filter for segshitness-compliance (if merely by using prb in the mix somewhere) but worth test
dulapbot: Logged on 2021-07-26 11:38:12 shinohai: http://logs.nosuchlabs.com/log/asciilifeform/2021-07-26#1048605 <<< Might not hurt to post these txn's to things like https://bitaccelerate.com/ too just to get 'em seen by moar nodes.
asciilifeform: http://logs.nosuchlabs.com/log/asciilifeform/2021-07-26#1048615 << recall how mp insisted strenuously for ~years~ that they would never do such thing. then when segshit, quietly stopped mentioning it and would change subj if asked
dulapbot: Logged on 2021-07-26 12:00:22 punkman: I got the impression most pools are using prb
asciilifeform: http://logs.nosuchlabs.com/log/asciilifeform/2021-07-26#1048614 << is that thing still developed ? ( and tracking prbism bug-for-bug ?! )
dulapbot: Logged on 2021-07-26 11:59:31 punkman: and of course the Go-based btcd which is probably the oldest
punkman: dunno about bug-for-bug but seemed active
asciilifeform: punkman: link ?
asciilifeform: ty punkman
punkman: https://coin.dance/nodes reports 34 bitcoin-knots and 24 bcoin nodes
punkman: 0 btcd though, and some others that look active
asciilifeform not tried btcd, tho iirc ben_vulpes did, at one time seemed like an attractive alternative to the clusterfuck
punkman: knots being lukejr's thing
asciilifeform: punkman: iirc all he had was a 2010s prb fork?
punkman: dunno, he had some "features", guess he's still using it
punkman: some more active projects from coin.dance: https://github.com/haskoin (haskell) https://github.com/k-nuth/kth (c++) https://github.com/bitcoin-s/bitcoin-s (scala)
asciilifeform: 'knuth' ?!
asciilifeform: iirc d00d's alive and has nuffin to do with this rubbish. someone oughta tip him off.
punkman: distribution seems much better than a few years ago
asciilifeform: interesting imho that the old giants still >50%
punkman: ~5% unknown
asciilifeform: also will point out that there's nuffin to keep 'unknowns' who want to stay unknown from using a 'known''s plaquard in block hdr
asciilifeform: (or, vice-versa)
punkman: 1 month unknown at 5%, 1 year unknown at 1.7%
asciilifeform for this reason always took charts such as the linked one 'with grain of salt'
dulapbot: Logged on 2021-07-26 12:34:21 punkman: 0 btcd though, and some others that look active
billymg: http://paste.deedbot.org/?id=RZb5 << filtered by last active in last 48hrs
billymg: perhaps i should expose more user agent filtering options on the nodes page
punkman: so yeah bitmain definitely trying to look smaller than they are
punkman: https://bitcoinmagazine.com/technical/mara-pool-and-bitcoin-mining-censorship " this presumably means that this pool will not include transactions in its blocks if these transactions send coins to or from Bitcoin addresses that have been included on an OFAC blacklist." << lol!
asciilifeform: 'this pool will not include transactions in its blocks if these transactions send coins to or from Bitcoin addresses that have been included on an OFAC blacklist' << loox like a simple recipe for setting up your tx so it won't feed ~this~ pool ( simply include a microscopic donation to $banned_addr )
asciilifeform: punkman: tangentially, do you actually sit and listen to these tapes ? ' hear twiddledum and twiddledee discuss $xyz for 45min' etc ?
asciilifeform: pretty dire 'post-literacy' situation imho, if this is standard nao.
asciilifeform: !w poll
watchglass: Polling 17 nodes...
watchglass: 185.85.38.54:8333 : Could not connect!
watchglass: 84.16.46.130:8333 : Could not connect!
watchglass: 185.163.46.29:8333 : Could not connect!
watchglass: 205.134.172.27:8333 : Alive: (0.083s) V=99999 (/therealbitcoin.org:0.9.99.99/) Jumpers=0x1 (TRB-Compat.) Blocks=692783 (Operator: asciilifeform)
watchglass: 205.134.172.28:8333 : Alive: (0.089s) V=99999 (/therealbitcoin.org:0.9.99.99/) Jumpers=0x1 (TRB-Compat.) Return Addr=0.0.0.0:8333 Blocks=692783 (Operator: whaack)
watchglass: 54.39.156.171:8333 : (ns562940.ip-54-39-156.net) Alive: (0.170s) V=99999 (/therealbitcoin.org:0.9.99.99/) Jumpers=0x1 (TRB-Compat.) Blocks=692783
watchglass: 205.134.172.4:8333 : (172-4.core.ai.net) Alive: (0.220s) V=70001 (/therealbitcoin.org:0.7.0.1/) Jumpers=0x1 (TRB-Compat.) Blocks=692783
watchglass: 213.109.238.156:8333 : Alive: (0.270s) V=99999 (/therealbitcoin.org:0.9.99.99/) Jumpers=0x1 (TRB-Compat.) Blocks=692783
watchglass: 143.202.160.10:8333 : Alive: (0.244s) V=70001 (/therealbitcoin.org:0.7.0.1/) Jumpers=0x1 (TRB-Compat.) Blocks=692783
watchglass: 176.9.59.199:8333 : (static.199.59.9.176.clients.your-server.de) Alive: (0.333s) V=99999 (/therealbitcoin.org:0.9.99.99/) Jumpers=0x1 (TRB-Compat.) Blocks=412068 (Operator: jurov)
watchglass: 208.94.240.42:8333 : Alive: (0.290s) V=99999 (/therealbitcoin.org:0.9.99.99/) Jumpers=0x1 (TRB-Compat.) Blocks=692783
watchglass: 54.38.94.63:8333 : (ns3140226.ip-54-38-94.eu) Alive: (0.316s) V=88888 (/therealbitcoin.org:0.8.88.88/) Jumpers=0x1 (TRB-Compat.) Blocks=692783
watchglass: 103.36.92.112:8333 : (terebe.ns01.net) Alive: (0.656s) V=99999 (/therealbitcoin.org:0.9.99.99/) Jumpers=0x1 (TRB-Compat.) Blocks=692783
watchglass: 71.191.220.241:8333 : Violated BTC Protocol: Bad header length! (Operator: asciilifeform)
asciilifeform: !w probe 71.191.220.241
watchglass: 192.151.158.26:8333 : Busy? (No answer in 100 sec.)
watchglass: 205.134.172.26:8333 : Busy? (No answer in 100 sec.)
watchglass: 205.134.172.6:8333 : Busy? (No answer in 100 sec.)
watchglass: 71.191.220.241:8333 : Violated BTC Protocol: Bad header length!
punkman: asciilifeform: sometimes I listen, but generally no
punkman: I find it hard to listen to audiobooks too, attention drifts off, even if not doing anything else but listening, then you gotta rewind, etc
punkman: not sure if it's just me, but I generally don't believe people when they say they listened to audiobook/podcast
asciilifeform long ago used to eat these when rode trains. but it's been years.
asciilifeform: punkman: i can't bring myself to listen to 40min+ of 'ughs', u'umms, etc. for ~10m worth of article (and by some bozo)
asciilifeform: !w probe 71.191.220.241
watchglass: 71.191.220.241:8333 : (pool-71-191-220-241.washdc.fios.verizon.net) Alive: (0.670s) V=99999 (/therealbitcoin.org:0.9.99.99/) Jumpers=0x1 (TRB-Compat.) Blocks=692791
punkman: microbt (whatsminer) seems to be largest bitmain competitor. possibly associated with Poolin.
punkman: wonder if they get their chips from TMSC, or maybe Samsung
bonechewer: http://logs.nosuchlabs.com/log/asciilifeform/2021-07-26#1048655 << The scammers of Marathon (which of course was a patent troll before it became a bitcoin miner) backed down from this ploy three weeks later
dulapbot: Logged on 2021-07-26 13:27:44 punkman: https://bitcoinmagazine.com/technical/mara-pool-and-bitcoin-mining-censorship " this presumably means that this pool will not include transactions in its blocks if these transactions send coins to or from Bitcoin addresses that have been included on an OFAC blacklist." << lol!
asciilifeform: wb bonechewer
bonechewer: tnx asciilifeform!
dulapbot: Logged on 2021-07-18 20:40:36 signpost: is not interested in an item that cannot become relevant at a civilizational scale.
bonechewer: ay be a tedious monomaniac, but I do think that easy availability of a build-it\
bonechewer: -yourself, un-own-able portable OTPtron would have civilisational impact, if on\
bonechewer: ly by crowding out USG's ability to sell [http://logs.nosuchlabs.com/log/asciil\
bonechewer: ifeform/2021-07-07#1043951][ersatz versions]
bonechewer: oh drat bad paste from emacs... sorry
asciilifeform: bonechewer: something odd's going on w/ your terminal
asciilifeform: bonechewer: plox to repost
bonechewer: http://logs.nosuchlabs.com/log/asciilifeform/2021-07-18#1046718 << upstack: I may be a tedious monomaniac, but I do think that easy availability of a build-it-yourself, un-own-able portable OTPtron would have civilisational impact, if only by crowding out USG's ability to sell ersatz versions
dulapbot: Logged on 2021-07-18 20:40:36 signpost: is not interested in an item that cannot become relevant at a civilizational scale.
dulapbot: Logged on 2021-07-07 23:35:43 bonechewer: But those who use encrochats will have their traffic read; those who use OTP correctly-- won't
dulapbot: Logged on 2021-07-07 23:55:30 asciilifeform: bonechewer: ever seen operetta 'west side story' ? in it there is line, 'I'll have my own washing machine.' and reply 'What will you have, though, to keep clean?'
asciilifeform: bonechewer: do you know expression 'screen door on submarine' ?
bonechewer: *that* question is beyond my ken, but the rejoinder is "better to need it and not have it, than have it and not need it"
asciilifeform: fat lotta good will 'otp phone' -- even perfectly-honest one, what with FG for the pad generator, etc. -- will do, for 'homo redditus' who has not one but typically three or four listening devices permanently plugged in on his desk (ipnoje, lappy with intel me, etc)
asciilifeform: in this context, any 'crypto machine' you sell these subhumans, will be in the role of a ~fashion accessory~. and you will lose to the people who are able to make better fashion accessories w/out being constrained by also trying to make honest cryptomachinery.
bonechewer: homo redditus is not the most obvious adopter of such a device, but when USG recently mooted the prospect of monitoring SMS messages for crimethink re: vaccines, certainly intelligent normies did sit up and pay attention
asciilifeform: bonechewer: that whole thing is a bogus, constructed pseudo-conflict.
dulapbot: Logged on 2021-07-26 12:17:50 asciilifeform: http://logs.nosuchlabs.com/log/asciilifeform/2021-07-26#1048608 << textbook example of successfully applied discreditation spray.
bonechewer sympathizes with asciilifeform's POV, but at the same time knows non-technical people who are nevertheless not fools
asciilifeform: bonechewer: 'not fools' but at the same time they didn't buy e.g. FG.
asciilifeform: why not ?
asciilifeform: because didn't come in a pretty box, and not advertised in 'bitcoin magazine' or 'forbes' etc.
bonechewer: Naah, because they are doctor or businessman but can't use e.g. the command prompt
punkman: making OTP fashionable is more interesting than the specific hardware each tard decides to run it on
asciilifeform: actual security aint a pretty box, bonechewer , that a luser can 'buy and forget'. it's a lifestyle, like orthodox judaism or catholicism etc
asciilifeform: punkman: iirc there are already hucksters offering supposed 'otp on ipnoje' etc via closed src turd. but with lotsa, lotsa fancy magazine fluff articles and pretty pictures !
asciilifeform: if you want to compete in that market, go right ahead.
bonechewer: I know a successful businessman who has secretary handle his email and phone calls a la 1980s, but massively competent within his own bailiwick. I'd hand his secretary an OTPtron.
asciilifeform: bonechewer: let's flesh out the picture. how do you envision this item ?
bonechewer: one of two possible ways:
punkman: I've been thinking of putting together a raspberry zero (no wireless) + keyboard + screen + camera + battery, for own use
bonechewer: (a) dumb handheld box with some microcontroller and SD card inside. OTP on SD card. Simple menu-driven app allows message to be composed and xor'd with pad, and wrapped with asciilifeform's A++ HMAC goodness
asciilifeform: punkman: plz describe yours also (i.e. for what, rather than simply outta what)
asciilifeform: bonechewer: that looks like a bitch to type on
asciilifeform: (can you imagine composing a multipg message on that thing)
bonechewer: Then it renders the ciphertext as a QR code on-device screen. User snaps a pic with pnoje and transmits to correspondent, who captures the QR ciphertext on same OTPtron, verifies and decrypts
bonechewer used to send SMSs on a similar looking blackberry back in the day. Let multipage messages wait for a future release; gotta crawl before you walk.
asciilifeform: bonechewer: this as you can already see aint esp. difficult to build. problem will be similar to FG (which, or something like it, you in fact will need to include in each unit). you'll need to sell'em for 1k$+ to break even. (or, alternatively, 100$ but sell 1e6 units.)
asciilifeform: bonechewer: this problem afflicts more or less any and all attempts to build & market sane cryptoirons.
bonechewer: Indeed, I'd be happy to break even. $1k unit price seems about right but 1e6 seems too high at $100; can you share what's behind that estimate
asciilifeform: bonechewer: experience w/ low-volume pcb manufacture.
asciilifeform: which btw is in direr straits than ever before, what w/ parts shortages.
asciilifeform: bonechewer: the 'economics of scale' are ruthless to the 'electronics for smart people' would-be vendor. this is why errything you see on store shelves is shit.
bonechewer: aha yes, if had to fab a PCB... but something off-the-shelf might fill the bill
mats: looks like the tether commercial paper is probably chinese real estate
asciilifeform: bonechewer: you need FG or equiv. in there, if yer doing otp, you live & die by trng quality.
bonechewer: of course! need to pre-fill the OTP with a quality TRNG. That is separable, though, from the handheld client device.
asciilifeform: bonechewer: how do you propose to separate it , and why ?
bonechewer: why not separate it? the use case is as follows:
bonechewer: technical person uses son-of-FG to fill, say, 128G SD card with random bytes, with some sort of block boundary markers
bonechewer: then makes a dozen copies of that SD card and loads each into the handheld client
bonechewer: then gets on a plane and hands each one off to colleague
asciilifeform: bonechewer: this is terrifyingly broken scheme imho, esp. if yer filler uses a computer somewhere in that process.
asciilifeform: bonechewer: what you want instead is for the otp to be internal, and for all devices which are to share one, to be connected for generation of pad
bonechewer: naah-- my interest is only communicating among pre-selected correspondents, not random derps.
asciilifeform: the thing is, the # of devices has to equal 2. or you cannot be assured of proper destruction of spent blocks.
asciilifeform: bonechewer: it aint about 'random derps', but about the absolutely vital elimination of general-purpose computer from the entire scheme.
bonechewer: that is certainly true
bonechewer: so okay, fair enough, scheme needs a refinement.
bonechewer: To allow N correspondents to communicate, the guy with the TRNG generates N^2 pads, each of which allows two correspondents to communicate
mats: operation venona happened in part because of key reuse
bonechewer: So each of the N devices gets a different selection of two-person pads, and some menu in the app allows the user to choose which of the N interlocutors the message is for. If sending to K recipients, then K different ciphertexts are generated
bonechewer: Yes, I think the weak point of the whole scheme is where the attacker tries to throw communicants' block selection out of sync.
bonechewer: But in version 1.0, could just require everyone have an accurate clock, and the blocks could be preassigned based on e.g. 15-minute time slots GMT.
bonechewer: (okay, to be more precise, not N^2 pads but just the upper triangle of the NxN matrix minus the diagonal, hopefully you get what I meant
bonechewer: or... thinking out loud... probably do need N^2-N pads, so that there is no race condition allowing pad reuse if A wants to message B at the same time that B wants to message A
bonechewer: Therefore the pad for A->B and the pad for B->A must be different.
whaack: http://logs.nosuchlabs.com/log/asciilifeform/2021-07-25#1048568 <-- i will probably do this eventually but it's not a top priority atm
dulapbot: Logged on 2021-07-25 20:45:21 asciilifeform: whaack: it is theoretically possible that a would-be cooperative miner exists, but the tx aint getting to him. possib. would make sense to autospam it to erry noad turned up by billymg's scanner.
whaack: http://logs.nosuchlabs.com/log/asciilifeform/2021-07-26#1048590 <-- not sure exactly what you mean here, are you saying that transactions uncompliant with segwit are blocked (partly) via deleting them from the memorypool?
dulapbot: Logged on 2021-07-26 04:12:32 mats: to elaborate a little, there's too many participants to do everything behind closed doors, cooperation against segwit spends is probably done out in the open
whaack: http://logs.nosuchlabs.com/log/asciilifeform/2021-07-26#1048605 <-- thanks, maybe some dump of all the nodes with prb version < 0.16. again, i may not use this for a bit
dulapbot: Logged on 2021-07-26 11:05:42 billymg: http://logs.nosuchlabs.com/log/asciilifeform/2021-07-25#1048568 << whaack, lemme know if you need a raw dump of known nodes by any criteria
whaack: http://logs.nosuchlabs.com/log/asciilifeform/2021-07-26#1048622 <-- this tool only take the txn hash as a parameter, but the service hasn't seen the txn itself so the service can't rebroadcast it. likely because it's using some prb node
dulapbot: Logged on 2021-07-26 12:20:40 asciilifeform: http://logs.nosuchlabs.com/log/asciilifeform/2021-07-26#1048609 << i'd be surprised if it didn't filter for segshitness-compliance (if merely by using prb in the mix somewhere) but worth test
punkman: http://logs.nosuchlabs.com/log/asciilifeform/2021-07-26#1048750 << I'd just want to give SD card to friend, with 2 pads (A->B, B<-A), he plugs it into whatever airgapped device, we use off-the-shelf or custom software for the OTPing
dulapbot: Logged on 2021-07-26 15:42:31 asciilifeform: bonechewer: what you want instead is for the otp to be internal, and for all devices which are to share one, to be connected for generation of pad
bonechewer: punkman: your scheme seems not unlike mine for N=2
punkman: bonechewer: I do like the idea of deleting parts of the pad in specified time interval like you said, but is wasteful if communication is infrequent (and the time interval not very long)
bonechewer: punkman: agreed! But my thesis is that SD cards are cheap and huge, so pads can also be cheap and huge
punkman: also not much sense in deleting pad, if messages aren't also deleted immediately. and you might want to keep unencrypted messages for a while, at least on the device itself
mats: whaack: no, slushpool, antpool etc
bonechewer: punkman: yeah, either way, the idea is for the security of the communication to be equivalent to the physical security of the handheld, airgapped device.
whaack: mats: ok, you're saying the big mining pools block the txns
punkman: https://www.adafruit.com/product/4818 << I was looking at similar adapter board for some blackberry keyboard. Convenient size and price, but annoying for longer texts like asciilifeform said. I've seen some people use off-the-shelf wireless mini-keyboards. I think some of them might be possible to connect via usb instead of bluetooth.
bonechewer: punkman: but if the adversary owns your phone, can he not then snoop your keystrokes right from your wireless mini-keyboard? And once you start sending OTPgrams around, the adversary is going to very much want to pwn your phone
bonechewer: so better be able to disable the keyboard's wireless interface
bonechewer: Similarly, if we need to send multiple ciphertexts, one per recipient, it would start to get tedious to snap all those QR codes and send the right one to each
bonechewer: So sending ciphertext to and from the phone over bluetooth might sure be nice
punkman: yeah bluetooth connected keyboard is retarded
punkman: bluetooth is a pile of shit, I wouldn't use it for anything
punkman: you can easily make "animated" QR
bonechewer: asciilifeform seemed to think an enemy bluetooth chip could be trusted if not given DMA; I'd have to be convinced of that.
dulapbot: Logged on 2021-07-09 13:44:19 asciilifeform: bonechewer: keep in mind that 'enemy phy' is only a problem if you give it dma.
punkman: you can also transmit ciphertext with sound if you add speaker
bonechewer: I also hate bluetooth, but if "Bluetooth SPP" really just behaves like a serial port, it's awfully tempting
bonechewer did not know about "animated QR", thanks for the information!
bonechewer: seems like video would be much higher bandwidth than sound though
punkman: no idea how fast you can read QR code on phone/laptop
punkman: I imagine both would fall in kbps range
dulapbot: Logged on 2021-07-26 16:48:06 punkman: https://yarh.io/yarh-io-m2.html
dulapbot: Logged on 2021-07-26 16:54:42 bonechewer: So sending ciphertext to and from the phone over bluetooth might sure be nice
dulapbot: Logged on 2021-07-26 15:19:36 asciilifeform: bonechewer: do you know expression 'screen door on submarine' ?
dulapbot: (trilema) 2014-03-17 asciilifeform: our friends at ft. meade call this 'NONSTOP'
asciilifeform: that's the thing, bonechewer , ~genuine~ cryptoiron looks ~very, very~ different from 'cosmetic' (errything linked above) fashion-crapola.
dulapbot: Logged on 2021-07-26 16:56:28 bonechewer: asciilifeform seemed to think an enemy bluetooth chip could be trusted if not given DMA; I'd have to be convinced of that.
bonechewer: asciilifeform: do I understand correctly that the threat model is: the adversary pwns your phone and uses it to mount a TEMPEST attack against the nearby OTPtron?
asciilifeform: bonechewer: mno
asciilifeform: bonechewer: read link. if you have a) ciphermachine b) radio transmitter in close proximity -- unless very expensive precautions taken, yer broadcasting bits of plaintext and/or key.
asciilifeform: and with considerable reach.
bonechewer: sure, I would call that a TEMPEST attack: OTPtron screen displays message, phone listens to RF emanations and transmits to adversary. No?
asciilifeform: bonechewer: traditionally 'tempest' refers to emissions of the ciphermachine per se.
bonechewer: okay, maybe I am mis-using the word 'tempest', but do I at least understand the proposed threat model?
asciilifeform: anyways how the fuck would you even come up with a horror like 'use bluetooth kbd to enter text into a cirphermachine' ?!!
punkman: asciilifeform: building with "legos"
asciilifeform: punkman: aaha.
punkman: but he soldered power on bt keyboard'
asciilifeform: punkman: this is why folx familiar, even on surface, with adult hardware, laugh their arses off when they see 'kickstarter ciphermachines'
bonechewer: hmm, in case it was unclear I did not consider bluetooth keyboard
punkman: I just want a general purpose linux handheld (without radio)
asciilifeform: ftr what adult iron looks like. observe radio and ciphrator -- separate boxes, w/ own grounding, etc.
bonechewer: rather, was wondering whether a bluetooth link for transmitting ciphertext between phone and OTPtron could be made as secure as scanning QR codes
mats: lol
asciilifeform: punkman: depending what means 'handheld', already canhaz
punkman: asciilifeform: which?
asciilifeform: punkman: 'linux handheld'
bonechewer: with one's own code running on a microcontroller, and an auditable Bluetooth PHY running on an FPGA, rather than someone else's Bluetooth ASIC, that doesn't seem outside the bounds of possibility
punkman: asciilifeform: yes, which device is this?
asciilifeform: punkman: e.g. rk3328
asciilifeform: ( attach spi lcd and your choice of 5v source.. )
asciilifeform: mats: i recall this lolpiece
asciilifeform: mats: it is why 'adult' product is specifically ~not~ 'made of lego'
asciilifeform: if 'made of lego' i.e. other-people's-shitware-opensores -- then you get laffs like the linked 'oh but this is a barcode polyglot, and machine will try to read it as xyz, haha' and similar
bonechewer: mats: fun piece but a QR code hacked by the adversary will fail asciilifeform's hash-against-the-pad test and will be rejected by OTPtron
dulapbot: Logged on 2021-07-08 00:12:39 asciilifeform: just about any hash-based checksumming will prevent anyone w/out a copy of the pad from forging messages. (you still gotta keep count, not only to sync but to prevent replays, however)
asciilifeform: there's a reason why FG is made of a 72 macrocell cpld and ZERO OTHERPEOPLESCODE
asciilifeform: bonechewer: was speaking of the general principle
bonechewer agrees on principle, which is in complete opposition to the fashion of, apparently, pulling in as many horrors as dependencies as possible
asciilifeform: the fundamental problem with 'duct tape and chewing gum' ciphermachines, is that it is very, very easy to fool yourself into thinking that you've achieved something, when in fact you have led yourself and -- worse, possibly people with actual secrets to protect -- to the chopping block, by putting same linux+opensores liquishitware into pocket-sized vaguely-ciphermachine-like package.
bonechewer: most egregious examples come from, natch, not only the cesspool that is Javascript but also the very trendy "Rust"
asciilifeform: shitware is shitware regardless of what shape computer.
asciilifeform: a responsible, honest practitioner's job, if he wants to advance state of the art, is to get linux, bluetooth, java-xyz, fucking unix, multitasking os per se, c/cpp compiler outputs, von neumann machine, THE FUCK OUTTA cryptography.
asciilifeform: not in, no.
asciilifeform: who wants to go in this direction -- asciilifeform will help.
asciilifeform: but who in other direction -- can't stop you, naturally, but no, will not help.
asciilifeform: this is asciilifeform's official position on the subj and it aint changing.
bonechewer: This is why I envision a simple microcontroller running single-threaded code at the heart of airgapped OTPtron. Don't need much of anyone else's code other than, unavoidably, SD card and camera interfaces, possibly QR decoder
punkman: bonechewer: sound seems a lot easier than camera+qr
asciilifeform: bonechewer: there's a chinese qr->camera->rs232 box, iirc i linked in the logs
bonechewer: Don't need and don't want a multi-user OS involved; that would just be another point of failure
asciilifeform: bonechewer: i have one here in parts bin.
bonechewer: asciilifeform: A++, that simplifies things a lot
asciilifeform: the important thing is to get qrism etc 100% separated from anything that touches plaintext.
asciilifeform: electrically separated. (optocouple)
punkman: optocouple serial? how fast do those go
asciilifeform: punkman: multi-MB/s if you need
punkman: bonechewer: also easier than QR: blinky led
asciilifeform: typically vendor's datashit will give you a guaranteed min.
bonechewer: hmm, if a Chinese QR reader emits serial data, sticking it behind an optocoupler adds no additional security afaict, because the plaintext is going to be displayed on screen anyway, so there's an electrical connection, right there
asciilifeform: punkman: asciilifeform's experimental version of this eschewed light entirely, in favour of acoustic modem
asciilifeform: bonechewer: the idea there is to separate the multi-MB shitware and iron capable of running it, req'd to process QR, from your own software and its substrate.
asciilifeform: bonechewer: that way if there's e.g. 'magic code' which arbitrarily modifies the qr reader somehow, it still has no possible effect on anything that touches plaintext.
asciilifeform thought that this was obv.
bonechewer: Unfortunately not obvious; bear with me. If the microcontroller speaks serial, without DMA, to the Chinese QR reader, how does it increase security if that serial data is transmitted through optocoupler or not?
punkman: because the whole thing is an antenna, and transmits
asciilifeform: the qr reader is a potentially arbitrarily-hostile artifact, you don't want it on same power rail as the piece which handles plaintext.
asciilifeform: this is illustrated in the ciphermuseum link, i thought.
asciilifeform: and yes this seems onerous, unaesthetic, heavy, expensive, and yes definitely won't be a reddit bestseller.
bonechewer: "All electronics engineers create antennas, only some realize that they are doing so" (or words to that effect)
asciilifeform: but this is what adult iron looks like. rather than cosmetic.
bonechewer: Try as I might, I can't imagine a realistic attack over a serial line.
punkman: asciilifeform: re: rockchip, have considered, but keyboard is more pressing problem than cpu for my purposes
bonechewer: ...as long as OTPtron lives inside proper metal case.
asciilifeform: punkman: afaik there's very little choice but to reuse a kbd from old lappy. (1990s 'thinkpad' or 'toshiba' best imho for these)
punkman: asciilifeform: I've seen some threads about (perhaps more recent) laptop kbd, and connecting seems not worth the effort
asciilifeform: punkman: typically is simply diodeless matrix
asciilifeform: bonechewer: try to understand that hygiene is not about whether you can at a particular time imagine a particular bacterium entering your body
asciilifeform: bonechewer: it is about 'holistic' approach to making entire classes of event logically impossible.
asciilifeform: punkman: poor traumatized spacebar !
asciilifeform: would be nifty item if could get w/out winblowskeys
bonechewer: Agreed 100%. The question is what incremental security is added by optocouplers in which microcontroller interfaces
asciilifeform: bonechewer: absolutely nothing added, unless you actually understand why you're doing it and read up on e.g. differential power analysis, power supply fault injection, etc. and follow through with ~the rest~ of the req'd elements in the design (concretely -- separated power rails, proper ground topology, shielding)
asciilifeform: and also understand that if you ~aint~ doing ALL of this, there's 0 point in doing ANY of it, you're simply fooling yerself (and, worse, gullible others) into using homeopathic crypto
bonechewer: I agree with the latter, but if the adversary has no way to get his code onto the OTPtron, then he can't run timing attacks, differential power analysis, and the like
asciilifeform: bonechewer: a but he has not only code but iron in your proposed otptron. in the form of the qr reader box.
asciilifeform: (and its camera, usually itself an entire linux box + chinese shitware)
asciilifeform: a qr reader aint a passive component, it's a thing w/ the horsepower of approx a 486 and often enuff multi-MB of ???
bonechewer: In that case, could revert to the original design: simple camera sends pixels to uC and it decodes its own QR codes.
asciilifeform: punkman: nifty kbd. btw i recall a 'keyboard generator' script that ate a layout and shat a pcb mask, in the log somewhere yrs ago
asciilifeform: bonechewer: go and write decoder of qr w/out massive other-peoples-code-shitware.
asciilifeform: maybe come back in 10y.
asciilifeform: bonechewer: much simpler to make acoustic modem in software.
asciilifeform: for short messages, fast enuff
punkman: funny how there is no "hardware wallet" doing anything but QR
asciilifeform: since yer not looking for speed, can use 1970s dtmf encoder/decoder.
asciilifeform: punkman: aaha
asciilifeform: bonechewer, punkman : now that you know the ~actual~ solution to this puzzler, consider who, how, and why put in people's heads the bogus pseudosolution (qr, camera) .
asciilifeform: anyffin, anyffin but the ~actual~ solution!111
punkman: one advantage of QR is that you can also print
asciilifeform: can print 2d barcode just as well
asciilifeform: and 9000x easier to read, doesn't require fft and exotica
punkman: I had a stash of backup-to-paper softwares somewhere
asciilifeform: ( recall, while on subj, how 'pro cryptographers' are all about use ANYTHING BUT RSA!1111 , for similar reason )
dulapbot: (trilema) 2016-08-02 asciilifeform: one of these bargains is that you cannot build a career as a university academic with 'use rsa, kthx, bye'
bonechewer: sorry, not following you here. What are you thinking of as the "actual solution"?
asciilifeform: bonechewer: dtmf for ciphertext i/o.
asciilifeform: needs 0 fancy processors.
bonechewer disagrees strongly, but suspect he will not convert asciilifeform to his pov
asciilifeform: a dtmf otptron can be built in fact 100% of 1980s components.
asciilifeform: which in asciilifeform's pov makes it intrinsically superior.
asciilifeform: importantly, requires 0 magic boxes.
bonechewer: Architectural perfection that doesn't add incremental security against any feasible attack is just wank
asciilifeform: anyways imho this is muchly academic exercise -- you will build either a redditardation or a FG, i.e. sumthing ugly and sells 100 units.
asciilifeform: bonechewer: what part of 'qr reader requires an enemy base inside your device itself' is hard to understand ?
bonechewer disagrees on two levels
asciilifeform: perhaps more subtle is the notion that this is still true even if you construct the reader yourself. because realistically you will not be able to do it with Zero Other People's Code.
asciilifeform: bonechewer: go ahead, and disagree. go, buy raspberry, chinese camera, stuff it into cigar boxes, sell to chumps. i can't stop you.
bonechewer: First, on an air-gapped device inside a metal case, running one's own application code, enemy QR code could not do more than, maybe, deny service. Assuming it can only be spoken to serially, what knob can the enemy turn into order to attack?
punkman: asciilifeform: perhaps stupid question, is your acoustic modem a wired connection?
bonechewer: Second:
asciilifeform: punkman: audio. recall, it's for ciphertext.
asciilifeform: let whole planet listen to the beep-boop if it wants to.
asciilifeform: bonechewer: your box has an opening, neh ? for the camera objective.
bonechewer: Yep. So? I have already stipulated that if the adversary owns a nearby device, he might be able to snoop plaintext from the RF emantations of the screen.
dulapbot: Logged on 2021-07-26 17:43:46 asciilifeform: bonechewer: try to understand that hygiene is not about whether you can at a particular time imagine a particular bacterium entering your body
asciilifeform: bonechewer: a decent designer making a boobytrapped camera-qr box for your device run could ferry plaintext a considerable distance beyond what merely leaks from your screen. or simply inject random electrical faults that would jeopardize successful pad block deletion on yer sd. or 9000 other things that presently i haven't time to enumerate.
asciilifeform: just to understand the ^ one given example w/ deletion, you gotta know something about how e.g. nand flash worx
asciilifeform: the spittoon, bonechewer, 'is all in one strand!'
asciilifeform unfortunately must bbl.
bonechewer appreciates asciilifeform's time and POV, even if doesn't completely share the latter
bonechewer: I suppose that a booby-trapped QR box specifically designed with perfect knowledge of the OTPtron's innards could snoop emanations from the data bus and broadcast them over a secret superminiature wifi chip, but for that to be a realistic threat the adversary would need to steal the QR box from mailbox, replace it with boobytrapped version. This is not the threat model the device under
bonechewer: discussion is intended to address.
bonechewer: And audio transmission of ciphertext is simply laughable for real-world use: ambient noise is often very high
bonechewer: Finally, it would certainly not be ten years' work to snip the necessary bits from 14 year old QR-reading code, read it over to convince self there's not a tailor-made hidden booby-trap (and what, on an airgapped microcontroller, would spring the trap?) and include it in a simple application
punkman: https://blog.bitmex.com/battle-for-asic-supremacy/ << apparently Microbt did start out with TMSC, but is now manufacturing at Samsung. Also Bitmain sued Microbt, because Microbt guy worked at Bitmain and stole teh chip secrets in 2016
bonechewer will be back another time
asciilifeform: http://logs.nosuchlabs.com/log/asciilifeform/2021-07-26#1048940 << i can't resist to ask, where do you live or work such that acoustic coupler cannot work (they work at point-blank range) due to ambient noise ?
dulapbot: Logged on 2021-07-26 18:19:26 bonechewer: And audio transmission of ciphertext is simply laughable for real-world use: ambient noise is often very high
asciilifeform: http://logs.nosuchlabs.com/log/asciilifeform/2021-07-26#1048941 << very few people merit 'tailor-made boobytrap'. instead what you get is a GB of opensores liquishit in which ~infinitely~ many 'naturally-occurring' boobytraps. a la [insert favourite shitware here]
dulapbot: Logged on 2021-07-26 18:30:45 bonechewer: Finally, it would certainly not be ten years' work to snip the necessary bits from 14 year old QR-reading code, read it over to convince self there's not a tailor-made hidden booby-trap (and what, on an airgapped microcontroller, would spring the trap?) and include it in a simple application
asciilifeform tried to make this clear in the earlier thread, evidently entirely failed.
asciilifeform: in wholly-unrelated other noose : phf wrote in , in fact he updated his vpatch page! for ffa, logotron, and trb ! appear to be 100% current nao !
asciilifeform: ty phf .
asciilifeform takes this back nao !
dulapbot: Logged on 2021-07-21 20:09:37 asciilifeform: raw_avocado: there's also phf's patch viewer for the early stuff, but catastrophically outta date.
asciilifeform: no longer outta date.
← 2021-07-25 | 2021-07-27 →