danuker: because "reasons"? is significantly increasing the cost of MITM not a good reason enough?
danuker: and what is "V"?
danuker: "shinohai: Welp appears danuker didn't read how V works. Next."
danuker: "read and understand any software" hmm
mats: danuker: http://cascadianhacker.com/07_v-tronics-101-a-gentle-introduction-to-the-most-serene-republic-of-bitcoins-cryptographically-backed-version-control-system
danuker: thank you
danuker: I guess it would be hard to MitM so many domains
danuker: I am following http://thebitcoin.foundation/trb-howto.html to attempt to understand what you guys are doing
mats: read carefully and follow the links before you return to chat
mats: since you are interested in bitcoin i expect you understand why some might disapprove of TLS and the concept of certificate authorities
mats: if you read the news at all, you might also notice the greatest threat to users of the internet is not the random passerby but governments and their agents
mats: such as beijing, usag barr, and lesser characters like the blue coat systems people who used to have an intermediate cert courtesy of symantec and sell intercept devices to govts
danuker: mats: you told me not to chat until I understand what V does. I now do; and as far as I understood, it is like Git + mandatory signatures + commits as a patch collection + web of trust
danuker: I agree with your observations on TLS
danuker: I have a problem with the web of trust; just because someone signed something doesn't mean they weren't compelled by a national security letter to do so
danuker: I will use trust control for every patch
mats: american law enforcement might believe it has planetary jurisdiction but thats not realistic
danuker: as in, not copy patches I don't trust in the pool
danuker: it's not just about the US, every country has national security exceptions
mats: the signature doesnt preclude your own audit
danuker: precisely
danuker: but it is a bit of a red herring
danuker: still, the cheapest way I see the government destroying Bitcoin, as well as this community, is to infiltrate and cause chaos in the governance
danuker: and the web-of-trust being confirmed manually helps that
danuker: I mean helps against that; mitigates that
mats: it helps to have competent people in your wot who will also audit signed material
mats: NSLs are a bogeyman in this discussion
mats: idk what 'confirmed manually' means. what is your professional background?
danuker: I was a web developer; now, not much
danuker: confirmed manually means to me looking at what the signed code does, and deciding whether to trust the public keys one by one
danuker: and not trusting anymore any keys whose users show signs of malevolence
mats: yes, the wot is somewhat less useful to someone that doesnt trust anybody in it
mats: that someone should make more friends, learn to code, or pay someone competent for help
danuker: I appreciate that V was very simple to review
mats: have you read thompson's reflections on trusting trust?
danuker: yes, but I forgot it; will read again
danuker: awesome :)
danuker: Thompson has a much better bogeyman
mats: this is a different rabbit hole but might interest you, http://logs.nosuchlabs.com/log/trilema/2017-04-03#1636708
snsabot: (trilema) 2017-04-03 asciilifeform: incidentally the folx who designed ada, read thompson's paper. and immediately acted. which is why in ada you get 'driving stick'-style control over the compiler, the order in which it puts down routines, and data structures during 'elaboration', and can leave bread crumbs for manual binary auditor (yes) to look for when he compares (yes) binaries built on different systems for same rocket.
danuker: I see. So that is why you have an Ada dependency, in addition to the C compiler
danuker: is the hope to eventually remove the C compiler, and be left with Ada?
mats: the ada dep is due to a keccak implementation iirc, and i dont believe anyone has expressed the intent to do the former
mats: er, latter
mats: any relation to diana_coman? she is also a romanian that loves semicolons
danuker: I found her site because she analyzed some Romanian education data scraped with this scraper: https://github.com/ciupicri/bac-parser
danuker: I am interested in the data to create a map
danuker: as for the semicolons; that's odd, I never noticed I use so many
mats: ah, interesting
mats: i dont mean to offend, you have been a good sport in spite of the at times chilly replies youve received here
danuker: well, thanks! I get the chilly replies; for all you know I work for the government
danuker: here's my blog to see what I care and know about; in case you have time to kill: https://danuker.go.ro/
danuker: (still HTTPS of course xD)
danuker: I should at least allow HTTP
mats: some of the regulars here developed an allergy to tls many years ago, doesnt have anything to do with your employer
danuker: is this allergy a reaction to the conditioning that "TLS = secure"? why should I turn off TLS on my site?
shinohai: wb danuker ... will check out your blog as time permits.
jurov: Hi danuker, the "allergy" is reaction to sprawling (=== dangerous ==== evil) complexity of SSL/TLS and the way how it is being forced through with its model of trust.
danuker: I understand. Thank you!