Hide Idle (>14 d.) Chans


← 2016-05-01 | 2016-05-03 →
BingoBoingo: ;;bc,stats
gribble: Current Blocks: 409824 | Current Difficulty: 1.7865925777252728E11 | Next Difficulty At Block: 411263 | Next Difficulty In: 1439 blocks | Next Difficulty In About: 1 week, 2 days, 2 hours, 34 minutes, and 56 seconds | Next Difficulty Estimate: None | Estimated Percent Change: None
BingoBoingo: $phuctor.stats
mircea_popescu: $up fromphuctor
mircea_popescu: $up fromphuctor_
mircea_popescu: and alf was complaining...
deedbot: fromphuctor voiced for 30 minutes.
deedbot: fromphuctor_ voiced for 30 minutes.
mircea_popescu: trinque btw, why is deedbot so slo ?
deedbot: ez_ voiced for 30 minutes.
mircea_popescu: this is kinda lulzy.
mircea_popescu: $up fromphuctor
deedbot: fromphuctor voiced for 30 minutes.
asciilifeform: mircea_popescu: lel
asciilifeform: www still up tho.
mircea_popescu: aha. prolly a setting in python neh ?
asciilifeform: what's interesting is that this barf is ~disabled~
asciilifeform: turns out setting - ignored.
mircea_popescu: modern software.
asciilifeform: burnitall(tm)(r)
mircea_popescu: $up fromphuctor_
deedbot: fromphuctor_ voiced for 30 minutes.
asciilifeform: turns out it's on hnews now.
asciilifeform: hence the mega-torrent-of-flies
mircea_popescu: i guess they showed us, huh.
asciilifeform: 5-10/sec.
asciilifeform: $up gabriel_laddel
mircea_popescu: anyway. can you get it back to normalcy ?
deedbot: gabriel_laddel voiced for 30 minutes.
asciilifeform: mircea_popescu: it is up!
asciilifeform: grunting at a MB/s or so, yes
mircea_popescu: server should be ok up to 100/s sort of levels.
asciilifeform: recall it is also trb.
mircea_popescu: at least in teh-ory.
mircea_popescu: yeah but trb really doesn't load worth the mention. especially if caught up.
asciilifeform: or if helping other folk up
mircea_popescu: don't you wonder why is this so scary btw ?
mircea_popescu: $up fromphuctor
deedbot: fromphuctor voiced for 30 minutes.
asciilifeform: mircea_popescu: waiwut
asciilifeform: ah yeah
asciilifeform: first few thou didn't even bother clicking
mircea_popescu: almost like it has terrorism scent all over it.
asciilifeform: apparently!
mircea_popescu: $up fromphuctor_
deedbot: fromphuctor_ voiced for 30 minutes.
asciilifeform: BingoBoingo: ahahahaha cosmicrayz again
BingoBoingo: what else?
mircea_popescu: teh schedule proceeds unabated!
mircea_popescu: i suppose within a few hours it makes the front page (again) and then it gets replaced with an "official science" replacement...
asciilifeform: with 'why japanese toilets did not catch on in america!'
mircea_popescu: $up fromphuctor
deedbot: fromphuctor voiced for 30 minutes.
asciilifeform: i will be disappointed if the new replacement for the phuctor story is not jp-toilet related.
gabriel_laddel: lol. nice job with phuctor btw ascii. exciting times.
mircea_popescu: asciilifeform incidentally, according to amazon, trilema is biggest in japan.
asciilifeform: mircea_popescu: mega-unsurprise, iirc their entire economy consists of old men browsing pr0n
fromphuctor: What does it mean whe the public exponent is not prime?
mircea_popescu: what's pron got to do got to do got to do with it...
mircea_popescu: fromphuctor do you know how rsa works ?
fromphuctor: It's a public key encryption scheme, right?
mircea_popescu: there's a difference between "what it is" and "how it works".
fromphuctor: I'm reading the linked post now.
mircea_popescu: gabriel_laddel how's life treatin ya anyway.
asciilifeform: $up fromphuctor_
deedbot: fromphuctor_ voiced for 30 minutes.
gabriel_laddel: mircea_popescu: sometimes not really having a job is a bit of a chore.
mircea_popescu: and sometimes having one is.
fromphuctor: How are these prime numbers chosen? I understand it is very hard to find prime numbers.
mircea_popescu: lol they'll run out of dashes.
mircea_popescu: $up fromphuctor__
deedbot: fromphuctor__ voiced for 30 minutes.
asciilifeform: $up fromphuctor__
deedbot: fromphuctor__ voiced for 30 minutes.
gabriel_laddel: Anyways, I'm a bit busy atm, have not been able to get the full masamune replication working, which is irritating. but I do have customers waiting on me, which is exciting.
mircea_popescu: fromphuctor it's not that hard to find prime numbers. in general, rsa keys should be seeded from a good entropy source.
mircea_popescu: (note that e is almost everywhere 65537, which is both prime and cheap.)
mircea_popescu: in fact... 65537 makes SUCH a good e, not using it is triple-eyebrow raising.
fromphuctor: Okay. So the size of the prime number does not matter that much for the security of the cipher as the entrophy source.
fromphuctor: Wouldn't a bigger prime exponent be more difficult for an adversary to crack?
mircea_popescu: the size of e is not particularly relevant ; it not being 65537 is very suspicious. it being non-prime is even more suspicious.
fromphuctor: Okay. So apparently a lot of people messed up their cryptography, and had non-prime exponents (or very small primes) for some weird reason.
asciilifeform: $up fromphuctor_
deedbot: fromphuctor_ voiced for 30 minutes.
mircea_popescu: fromphuctor that is last week's news. this week's news is that ACTUAL KEYS were cracked.
asciilifeform: the texas instruments key, for instance.
fromphuctor: Oh. That's really bad, isn't it?
asciilifeform: fromphuctor: for them.
mircea_popescu: for whoever relied on that key, it is.
mircea_popescu: $up GyrosGeier
deedbot: GyrosGeier voiced for 30 minutes.
GyrosGeier: I'm trying to submit my key, but keep getting an error
fromphuctor: Why were these keys so easy to crack? Were they due to faulty implementations of the cryptosystem?
asciilifeform: GyrosGeier: what kind of error ?
GyrosGeier: is there any restriction on what keys are accepted?
asciilifeform: GyrosGeier: RSA only
mircea_popescu: fromphuctor most likely subverted pgp implementation.
GyrosGeier: Error: Was that really a GPG public key? Try again.
asciilifeform: GyrosGeier: you probably have a DSA or ECDSA key.
mircea_popescu: GyrosGeier dpaste what you're trying to stick in, maybe.
GyrosGeier: RSA 4096, with three RSA 2048 subkeys
asciilifeform: GyrosGeier: pastebin the key plz
fromphuctor: So my SSH keys are probably not compromised, assuming my cryptography software wasn't broken by the government.
fromphuctor: Would that be a good assumption to make?
mircea_popescu: fromphuctor you can export them and check yourself. then no need to assume anything.
GyrosGeier: that is --export-options export-minimal --export --armor
fromphuctor: How do I do that?
asciilifeform: GyrosGeier: you have utf8 rubbish in that key
asciilifeform: GyrosGeier: the box is not set up to handle this yet. sadly.
mircea_popescu: i thought that was fixed last time ?!
asciilifeform: mircea_popescu: nope, pythonism
GyrosGeier: ah, so I need to strip out those UIDs
mircea_popescu: GyrosGeier you'll have to try again later, once this is caught up with.
fromphuctor: My SSH keys came when I used the ssh-keygen command. How do I export them?
mircea_popescu: or wipe the uids if you know how / can.
asciilifeform: GyrosGeier: it will be handled in near future.
asciilifeform: these are being piled up.
GyrosGeier: do you actually need an UID in there?
asciilifeform: GyrosGeier: nope. optional.
GyrosGeier: that makes filtering the packet stream easier
asciilifeform: fromphuctor: it is nontrivial to convert ssh key to pgp key format.
mircea_popescu: i guess we'll have to write a tool for this eventually, willy-nilly.
mircea_popescu: people will just keep asking.
asciilifeform: apparently!
fromphuctor: Apologies. I'm not that good at cryptography.
fromphuctor: Thank you very much for your efforts and help. I sincerely appreciate it.
mircea_popescu: fromphuctor either you go read up on http://btcbase.org/log/2016-04-27#1458766 and do the conversion / publish the tool, or else wait for someone to do it.
fromphuctor: Thank you. Have a good day.
asciilifeform: $up fromphuctor
deedbot: fromphuctor voiced for 30 minutes.
mircea_popescu: lol check out submarine beds.
GyrosGeier: seems to have worked
asciilifeform: GyrosGeier: congrats
asciilifeform: $up fromphuctor_
deedbot: fromphuctor_ voiced for 30 minutes.
GyrosGeier: we'll see if anything falls over with no uids and signatures :)
asciilifeform: ;;later tell phf logz are down ?
gribble: The operation succeeded.
mircea_popescu: asciilifeform server is actually doing pretty good, considering.
GyrosGeier: lots of famous names in there
asciilifeform: mircea_popescu: i massaged the hell out of it
mircea_popescu: nice job.
asciilifeform: GyrosGeier: the caveat is that anyone can create a key with whatever name string in it.
GyrosGeier: good point
asciilifeform: e.g., osama@whitehouse.ru
mircea_popescu: yeah, fingerprints more important than names per se. though there's some orgs that got clearly raped.
GyrosGeier checks signatures
asciilifeform: GyrosGeier: some of the keys (marked 'mirrored' under 'notes') were part of an organized flimflam campaign by an unknown (likely nsa) party exploiting the fact that old versions of pgp used the bottom 32 bits of a modulus as the fingerprint.
asciilifeform: they took legit keys and turned the moduli into repeating lengths of the bottom 32bit of the old mod.
asciilifeform: and uploaded to sks net.
asciilifeform: $up fromphuctor
deedbot: fromphuctor voiced for 30 minutes.
GyrosGeier: indeed, but these shouldn't have signatures from me
asciilifeform: GyrosGeier: those will have signatures but gpg will correctly reject them as invalid.
asciilifeform: (if you find one where it does ~not~, please say!)
GyrosGeier: is there some effort to notify people?
GyrosGeier: I've found one from the same org as myself, with a key they use, which is signed by me, so that is clearly theirs
GyrosGeier: nm, found it
GyrosGeier will check back later, good night
gabriel_laddel: $up r00s
deedbot: gabriel_laddel may not $up r00s
gabriel_laddel: Oh, and X.com was elon musk, not thiel. http://btcbase.org/log/2016-04-29#1459342
gabriel_laddel: They merged with paypal eventually though, so yes, close.
punkman: $up fromphuctor
deedbot: punkman may not $up fromphuctor
mircea_popescu: gabriel_laddel right you are.
mircea_popescu: $up r00s
deedbot: r00s voiced for 30 minutes.
gabriel_laddel: Is anyone here deep into neural nets / ml?
mircea_popescu: GyrosGeier> is there some effort to notify people? << not really, feel free to notify whoever.
gabriel_laddel: And if so, are you familiar with the optimization techniques "optimal braindamage" or "optimal brain surgery"?
punkman: I sent a coupla mails after previous phuctoring, nobody wrote back
gabriel_laddel: (circa 1995 ish)
mircea_popescu: punkman same, iirc.
gabriel_laddel: ^ "Notes Essays-Peter Thiel’s CS183: Startup-Stanford, Spring 2012"
gabriel_laddel: Eventually these were compiled into the book Zero to One.
gabriel_laddel: I enjoyed them ~2-3 years ago
punkman: At the meeting with the BBC, Mr Wright digitally signed messages using cryptographic keys created during the early days of Bitcoin's development. The keys are inextricably linked to blocks of bitcoins known to have been created or "mined" by Satoshi Nakamoto.
punkman: Be assured, just as you have worked, I have not been idle during these many years. Since those early days, after distancing myself from the public persona that was Satoshi, I have poured every measure of myself into research. I have been silent, but I have not been absent. I have been engaged with an exceptional group and look forward to sharing our remarkable work when they are ready.
punkman: Satoshi is dead.
punkman: altcoin incoming!!1
punkman: "Mr Wright does not want to make public the proof for block 1, arguing that block 9 contains the only bitcoin address that is clearly linked to Mr Nakamoto (because he sent money to Hal Finney). Repeating the procedure for other blocks, he says, would not add more certainty. He also says he can’t send any bitcoin because they are now owned by a trust. "
adlai: danielpbarron: thx
adlai: jurov: correct, as always
adlai: mod6: your hairshirt orgmode reimplementation
adlai reminds everybody that the real reason he /does/n't keep secrets is because there were none, to begin with.
adlai: either 60 "random" words have nothing to do with my life, or my basal ganglia are still swimming in lsd.
mircea_popescu: $up roxfan
deedbot: roxfan voiced for 30 minutes.
mircea_popescu: $up JusticeRage
deedbot: JusticeRage voiced for 30 minutes.
roxfan: thx
mircea_popescu: what's a rox
roxfan: i want to submit a key to phuctor but i have only raw N and E, not GPG format
roxfan: any idea how to make one?
mircea_popescu: so make it gpg format.
roxfan: yes, how?
mircea_popescu: it's rfc4880
mircea_popescu: once you write the thing, post it somewhere also.
roxfan: i was hoping there's an easier way...
mircea_popescu: $up dfgg
deedbot: dfgg voiced for 30 minutes.
mircea_popescu: $up fromphuctor
deedbot: fromphuctor voiced for 30 minutes.
mircea_popescu: $up fromphuctor_
deedbot: fromphuctor_ voiced for 30 minutes.
mircea_popescu: $up hexa-
deedbot: hexa- voiced for 30 minutes.
mircea_popescu: $up pabs3
deedbot: pabs3 voiced for 30 minutes.
mircea_popescu: $up piratsimon
deedbot: piratsimon voiced for 30 minutes.
mircea_popescu: $up spoonzy_
deedbot: spoonzy_ voiced for 30 minutes.
deedbot: sbp voiced for 30 minutes.
mircea_popescu: $up tribut
deedbot: tribut voiced for 30 minutes.
mircea_popescu: lettuce have a partay!
mircea_popescu: phf did logbot die ?
mircea_popescu: punkman> At the meeting with the BBC, Mr Wright digitally signed messages using cryptographic keys created during << i dun recall the derpy "sign with key" thing was ever regarded by tmsr.
mircea_popescu: leaving aside this whole "at a meeting with hitler's propaganda minister, we saw it, swear!" angle.
mircea_popescu: roxfan not that i know so far.
roxfan: could the site be modified to accept raw numbers?
mircea_popescu: sure. write the modification and submit it.
piratsimon: Hi folks.
JusticeRage: Thanks for giving me voice. Did you get my MP about the debug mode?
piratsimon: tyvm for the v
piratsimon: just came along because phuctor said so. ;)
piratsimon: and now? ^^
pabs3: are you planning on revoking the keys you have factored?
mircea_popescu: gola piratsimon
mircea_popescu: pabs3 notrealy.
mircea_popescu: $up fromphuctor___
mircea_popescu: JusticeRage did i get myself ?! hm ?
mircea_popescu: piratsimon would you be so kind as to post the software you used to make that key ?
piratsimon: that was really loooooooooong time ago.
mircea_popescu: maybe we actually manage to figure out who did what to whom here, it's suspicious as all hell.
piratsimon: guess i have to investigate that.
mircea_popescu: can there be a numeric value for this "loooooooooong time ago." ?
piratsimon: well at least i have to investigate the version. it was gpg for windows.
JusticeRage: mircea_popescu : didn't understand your answer
mircea_popescu: JusticeRage i didn't understand your question. people call me mp at times.
JusticeRage: I just came to mention that the Phuctor Flask app is running in debug mode
mircea_popescu: oh, still ?!
JusticeRage: That's a security issue and you should probably disable that :)
JusticeRage: At least it was the case a few hours ago
JusticeRage: I stumbled upon a stacktrace by accident
piratsimon: mircea, have u successfull attacked a private key you dont own and did you successfull decrypt some strong encrypted file wighout possess of the private key?
mircea_popescu: JusticeRage asciilifeform was bitching about it ignoring his settings earlier. he'll get on it once back.
mircea_popescu: $up fromphuctor__
deedbot: fromphuctor__ voiced for 30 minutes.
mircea_popescu: piratsimon no ; but given what we know about these keys it's a trivial exercise.
mircea_popescu: JusticeRage thanks for reporting.
JusticeRage: No problem!
piratsimon: thats quite interesting. interested in testing it? im gonna encrypt something and you try to decrypt not knowing the phrase nor possessing the private key? ;)
piratsimon: you dont have to but im just curious. ;)
punkman: piratsimon: post it on pastebin, maybe someone will give it a try
mircea_popescu: punkman it was unavoidable. dead men walking.
mircea_popescu: piratsimon sure, by all means post something.
piratsimon: deal. ;) gimme some minutes. ;)
mircea_popescu: asciilifeform you'll have to add verbiage explaining to the goodfolk that rsa keys specifically and uniquely are at issue ; somehow it's not obvious dsa/ecc/elgamaletc dun work.
mircea_popescu: lmao this drcraigwright.net thingee.
mircea_popescu: looks like it's done by the same "i fucking love science" ustard crew.
mircea_popescu: "He was Vice President of CSCSS (Centre for Strategic Cyberspace and Security Science) with a focus on collaborating government bodies in securing cyber systems. Wright has trained government and corporate departments in SCADA Security, Cyber Warfare and Cyber Defence."
mircea_popescu: pity not also marine.
mircea_popescu: "He was Vice President of CSCSS (Centre for Strategic Cyberspace and Security Science) with a focus on collaborating government bodies in securing cyber systems. Wright has trained government and corporate departments in SCADA Security, Cyber Warfare and Cyber Defence."
mircea_popescu: lulzy "that key is not available" failscript, also. MUCH SECURITY!
mircea_popescu: hopefully it protected the aussie something or the other just as well!
mircea_popescu: anyway. domain reg'd feb 16th, first post april 26th. teh boyz poured their sweat blood an' tears as the expression goes. too bad it won't work.
mircea_popescu: but, entertaining while it lasts.
mircea_popescu: $up piratsimon
deedbot: piratsimon voiced for 30 minutes.
piratsimon: challenge: http://pastebin.com/t4xqzfyx im really curious how long it does take. you may contact me via mail@simonlange.eu if you mind. ;)
mircea_popescu: is there some sort of reward associated or just sportstmanship challenge ?
piratsimon: just sportsmanship and curiosity. ;)
mircea_popescu: alrighty. in the meanwhile, you understand how rsa works ?
piratsimon: punkman suggested i should give an example via pastebin.
piratsimon: so voilá there it is. :D
piratsimon: yes i do. but i bet you are right now deeper in the topic than me. ;)
piratsimon: im just curious how long it does really take to break it. you know, theory is one thing, doin it another. :D
mircea_popescu: generally, it takes someone to care enough.
shinohai: Is it just me or are logs not synced?
shinohai: and good morning #trilema
mircea_popescu: you used gpg: public key is E5FF86FA
mircea_popescu: it would appear you don't actually understand how rsa works ?
mircea_popescu: that's not in there either.
mircea_popescu: $up tribut
deedbot: tribut voiced for 30 minutes.
piratsimon: thats why i was curious what key you did factorize? because - yes - it was my name and a really old email address of me. but actually not my key. not even my revoked one.
tribut: mircea_popescu: thanks
piratsimon: no tribut, didnt, did not had that url util now. let me read it fast.
mircea_popescu: piratsimon you could ask that then, neh ? the pile of keys being worked on come from a dump of sks servers.
piratsimon: sry mircea. that was a classic misunderstanding. we both did assume something. ;)
mircea_popescu: for my benefit, list said assumptions explicitly.
piratsimon: anyhow, wont bother you any longer. ;) have a nice day. we got finally sunshine. bb
piratsimon: and my apologies for that itsybitsy misunderstanding. :D
mircea_popescu: no big deal.
mircea_popescu: you have to realise however that if eve is trying to eavesdrop on alice's communications to you,
mircea_popescu: the most effectual approach is to put a broken key of yours up on sks, and wait for alice to mistake it for yours.
mircea_popescu: particularly effective if you don't even know alice ; and no you wouldn't know you missed anything.
mircea_popescu: the specific sort of broken keys listed there (ie, with mirrored low 32bit modulus) is obviously an' very much designed just for this purpose.
mircea_popescu: $up fromphuctor
deedbot: fromphuctor voiced for 30 minutes.
mircea_popescu: $up egorsmkv
deedbot: egorsmkv voiced for 30 minutes.
egorsmkv: hello, who administrate server?
mircea_popescu: yes. next question ?
egorsmkv: disable DEBUG mode on server
mircea_popescu: aha thanks. was already reported. asciilifeform will get to it once he's back.
egorsmkv: service very good, thanks for it
mircea_popescu: *thumbsup*
mircea_popescu: $up fromphuctor
deedbot: fromphuctor voiced for 30 minutes.
mircea_popescu: egorsmkv in fairness most merit goes to bernstein, with his work we do in 20 minutes what used to take ~10 years on the first estimation.
mircea_popescu: $up fromphuctor__
deedbot: fromphuctor__ voiced for 30 minutes.
mircea_popescu: $up fromphuctor____
deedbot: fromphuctor____ voiced for 30 minutes.
mircea_popescu: $up fromphuctor__
deedbot: fromphuctor__ voiced for 30 minutes.
mircea_popescu: $up fromphuctor_____
deedbot: fromphuctor_____ voiced for 30 minutes.
mircea_popescu: $up _Blazed
deedbot: _Blazed voiced for 30 minutes.
jurov: "FYI, @gavinandresen's commit access just got removed - Core team members are concerned that he may have been hacked."
jurov: oops the ycombinator url is wrong, the excerpt is from https://twitter.com/petertoddbtc/status/727078284345917441
danielpbarron: apparently the signature on wright's thing was lifted from an old transaction
punkman: danielpbarron: the redditards fail at reading, so thought the "worked example" in blogpost would be the secret signature presented to BBC et al
danielpbarron: $up iceblox
deedbot: iceblox voiced for 30 minutes.
danielpbarron: $up Valfor
deedbot: Valfor voiced for 30 minutes.
Valfor: Cheers :)
Valfor: oh, timed voice - interesting
Valfor: :)
danielpbarron: yes use it well, what brings you here?
Valfor: I saw the list of broken GPG keys on the phuctor website
Valfor: Saw the contact mention this irc chan
Valfor: and so came here, as I was intrigued
iceblox: Hello there, I found my key to be in the sadmods and followed the contact link :)
danielpbarron: oo interesting. how did you make that key?
iceblox: Using gpg --gen-key, but about 13 years ago
danielpbarron: what version, on what operating system?
iceblox: I have no idea what version, operating system was NetBSD 1.6 for sure
iceblox: maybe 1.6.1
danielpbarron: is your key actually broken or is it just a weird exponent?
iceblox: public exponent is not prime
danielpbarron: you mind sharing which key is yours?
asciilifeform: mircea_popescu: fixed barf
iceblox: Oh, sure... BA8A75F1 simon@hitzemann.org
asciilifeform: secret signature presented to BBC et al << l0l!!!!
asciilifeform: s33333333333333333333kr1t pgp sig !
asciilifeform: not for filthy plebes to see !
asciilifeform: trust yer masterz.
asciilifeform: brilliant.
asciilifeform takes off hat.
asciilifeform: iceblox: if you are sure that the key is yours, actually yours, (there is a number of keys on sks maliciously corrupted in a way that they appear to have the legit fingerprint when viewed in certain pgp clients)
asciilifeform: iceblox: then try please to determine the client you used
asciilifeform: best of all, if you can find a copy of the source.
jurov: iceblox: try to export the pubkey from your local copy and add to phuctor
jurov: to check for any corruption
asciilifeform: ;;later tell mircea_popescu https://news.ycombinator.com/item?id=11609226 << lulzy
gribble: The operation succeeded.
iceblox: okay, I submitted my export for being checked... Let me try to find out what gpg version I used back then. At least it should be possible
iceblox: Ok, according to the archives it should have been GnuPG-1.2.3
asciilifeform: thanks iceblox
iceblox: compiled with --enable-tiger and --with-static-rnd=auto
asciilifeform: ;;later tell mircea_popescu https://www.opennet.ru/opennews/art.shtml?num=44356 << moar lulz
gribble: The operation succeeded.
iceblox: Interesting, my newly submitted pubkey has 3 fingerprints less, but the bad public exponents are still part of it
asciilifeform: iceblox: newly-submitted key was generated with what ?
iceblox: --export --armor
asciilifeform: $up fromphuctor_
deedbot: fromphuctor_ voiced for 30 minutes.
asciilifeform: iceblox: yes, but what version of gpg ?
jurov: eh, frompuctor's lingering along and never says anything
iceblox: same, I only exported it from my machine instead of the one that was already on the website
asciilifeform: iceblox: sks has the interesting 'feature' that it refuses to delete obsolete keys
asciilifeform: $up fromphuctor__
deedbot: fromphuctor__ voiced for 30 minutes.
asciilifeform: $up egorsmkv
deedbot: egorsmkv voiced for 30 minutes.
jurov: it's DSA, not RSA
asciilifeform: welcome back a111 , we missed you so !
mircea_popescu: for srs.
jurov: piratsimon asks me for voice too
jurov: $up piratsimon
deedbot: jurov may not $up piratsimon
shinohai: lame
asciilifeform: $up piratsimon
mircea_popescu: * asciilifeform takes off hat. << note that they were brewing it since two months ago, finally went live days after phuctor ; finally went on social media rampage hours after phuctor.
deedbot: piratsimon voiced for 30 minutes.
mircea_popescu: plenty of freshly minted coincidences at coincidence bank.
asciilifeform: the pulled one from 'crypto' category at the coincidence library, aha.
asciilifeform: (last comment)
mircea_popescu: http://btcbase.org/log/2016-05-02#1461004 << the most useful thing would be an exact, verbatim copy of the software in question.
a111: Logged on 2016-05-02 12:43 iceblox: Ok, according to the archives it should have been GnuPG-1.2.3
mircea_popescu: asciilifeform ftr the .ru write-up is about 100x better than the anglo versions. wikipedia almost entirely to blame.
mircea_popescu: ;;later tell egorsmkv consider registering your pgp key with deedbot ; i'll rate you and you'll beable to self-voice
gribble: The operation succeeded.
mircea_popescu: ФуНиКолай - очевидно же << ahahahaha
mircea_popescu: bwhhahahaha these are epic. Лаврентий Августович Плюшкин, Герхард фон Пырохсповыдлом
mircea_popescu: asciilifeform re guy on reddit : he seems to be having the exact same key ?
mircea_popescu: apparently there's some sort of apple shenanigans at work here. you reclal, apple, the dedicated-to-privacy company that recently wouldn't do something or the other to some phone or somesuch, i forget.
mircea_popescu: in other news of vague interest, i burned ~13GB on trilema today alone, of which at least half to be attributed to phuctor discussions (mostly not in english). it's been a while since any event actually visibly dented trilema stats. too lazy to check on phuctor, but i imagine it's headed into terrabytes, what with its endless single pages and whatnot.
deedbot: [Recent Phuctorings.] Phuctored: 565455 divides RSA Moduli belonging to 'The Source <source@491362F1.info>; Lucian Solaris <LucianSolaris@gmail.com>; 7C492C5B491362F1 <491362F1@hackinfotech.org>; ' - http://phuctor.nosuchlabs.com/gpgkey/561245D928FF0843F5F346549A73B46C6836E3B2BE309DC7F6CCAFCF7F17795C
mircea_popescu: almost all of these seem to be in some way connected to either winblows or crapple.
mircea_popescu: $up Twix
deedbot: Twix voiced for 30 minutes.
Twix: hi
Twix: :>
mircea_popescu: http://blog.fefe.de/ << also pretty impressive. "proudly made without shit" line at the end ftw.
jurov: asciilifeform: phuctor rejects this, any idea why? http://dpaste.com/2SKZM9A.txt
jurov: if it requires self-signature, then testing ssh keys is out
mircea_popescu: ah ssh keys aren't self-signed are they
jurov: nope
BingoBoingo: http://btcbase.org/log/2016-05-02#1460826 << Many people tried to find an easier softer way, but they could not. With all the earnestness at their command...
a111: Logged on 2016-05-02 10:40 roxfan: i was hoping there's an easier way...
mircea_popescu: jurov i see "gpg: armor header: Version: PGPy v0.4.0 gpg: packet(6) too short"
mircea_popescu: BingoBoingo actually it's being built as we speak. jurov 's thing above is mere steps away from general purpose.
jurov: huh i see .. tested only with pgpdump, not actually importing it
BingoBoingo: Right, It's being done the actual way as opposed to the query shithub for an existing script way.
mircea_popescu: actually there is no script. which in itself is glaringly scandalous.
mircea_popescu: jurov possibly needs some padding. pgp keys are a festival of arbitrary and nonsensical fixed widths and whatnot.
jurov: yea the py library i'm trying aptly reflects that
mircea_popescu: $up hax404
deedbot: hax404 voiced for 30 minutes.
mircea_popescu: $up Echoplex
deedbot: Echoplex voiced for 30 minutes.
mircea_popescu: poor a111 getting hammered pretty good and solid.
deedbot: [Trilema] Just call me Annah. - http://trilema.com/2016/just-call-me-annah/
mircea_popescu: maybe they should make special fatty hydrogen engine.
mircea_popescu: need oxygen tank anyway amirite.
a111: Logged on 2016-05-02 14:24 jurov: if it requires self-signature, then testing ssh keys is out
asciilifeform: will happily eat anything containing 1 or more rsa modulus.
asciilifeform: in rfc2440/4880 format.
a111: Logged on 2016-05-02 13:11 mircea_popescu: asciilifeform ftr the .ru write-up is about 100x better than the anglo versions. wikipedia almost entirely to blame.
jurov: mkay, will analyze the pubkey
asciilifeform: $up nadav
deedbot: nadav voiced for 30 minutes.
mircea_popescu: $up schlaftier
deedbot: schlaftier voiced for 30 minutes.
phf: so odd, connection is otherwise stable, i have ssh open to it, but bot simply pinging out
mircea_popescu: phf did it lose most od the day's log ?
phf: no
asciilifeform: $up fromphuctor_
deedbot: fromphuctor_ voiced for 30 minutes.
mircea_popescu: http://btcbase.org/log/2016-05-02#1460660 << it turns out, it's yet another leah goodman story. kinda weaksauced.
a111: Logged on 2016-05-02 04:40 asciilifeform: i will be disappointed if the new replacement for the phuctor story is not jp-toilet related.
asciilifeform: at least i was hoping for leah on a jp toilet
asciilifeform: but we get simple rubbish.
asciilifeform: $up fromphuctor__
deedbot: fromphuctor__ voiced for 30 minutes.
phf: well, it did, but i have a backup always, so unless there's a complete breakdown, logs are retained. i need to add an autoreconnector, but as is usually the case with that sort of things, i'm limited on time
mircea_popescu: phf i looked, everything seems to be there
mircea_popescu: every last valuable line of me going $up fromphuctor and all.
mircea_popescu: $up Shredder121
deedbot: Shredder121 voiced for 30 minutes.
asciilifeform: srsly why these folk never speak.
Shredder121: I'm on mobile, so you got to me faster than I could /nick
mircea_popescu: asciilifeform one of the things the web has done is trained clickers.
mircea_popescu: people click, it's a webpage, what.
asciilifeform: evidently.
mircea_popescu: see what's here, see what's there, live of www.tv
mircea_popescu: not even anything wrong with it per se.
asciilifeform: though apparenly reddit has problems staying up
asciilifeform: (reddit per se)
mircea_popescu: lol that hanno boeck assclown got called out. curious what happens nao.
asciilifeform: http://btcbase.org/log/2016-05-02#1461046 << seems like the schmuck sat down on one of the helpfully prepared stakes - wrote 'apple' a bug report, which was duly read at ft meade on account of his using 'apple' key as appears on phuctor
a111: Logged on 2016-05-02 13:17 mircea_popescu: asciilifeform re guy on reddit : he seems to be having the exact same key ?
asciilifeform: $up sbp_
deedbot: sbp_ voiced for 30 minutes.
asciilifeform: http://btcbase.org/log/2016-05-02#1461051 << the ~100+ wholly shamatronic keys could've been made anywhere
a111: Logged on 2016-05-02 13:28 mircea_popescu: almost all of these seem to be in some way connected to either winblows or crapple.
mircea_popescu: asciilifeform yeah i meant the other ones. the "naively broken" ones,
mircea_popescu: which seem mostly to be a case of "take p, q random numbers, skip on testing for primality."
asciilifeform: mircea_popescu: my conclusion 1y ago was that the enemy is pretty good at factoring wholly-random-int rsamods.
asciilifeform: (it isn't so hard.)
mircea_popescu: if you think about it : for any random number, the odds of being divisible by 3 are 1 in 3. and by 7, 1 in 7. and the sum of this converges etc.
Apocalyptic: 17:19 <+mircea_popescu> which seem mostly to be a case of "take p, q random numbers, skip on testing for primality." // having a fully factored modulus would help to confirm this
asciilifeform: my other hypothesis is that this was 'warmup' and current diddled pgptrons use somewhat more subtle magick
asciilifeform: Apocalyptic: the presence of small primes more or less clinches it
mircea_popescu: Apocalyptic i recall you were running miller-raqbin last year ?
mircea_popescu: if you care to hack a py script, i think it could be bolted onto phuctor.
Apocalyptic: asciilifeform: presence of small primes would happen either way, however if your modulus N has k bits and the biggest prime factor has k/2 bits, you could easily conclude that it wasn't generated the way mircea proposes
mircea_popescu: well within some sort of probability.
Apocalyptic: mircea_popescu: I factored a 32-bit mirrored one yeah, currently i'm trying to factor a non-mirrored small one
asciilifeform: Apocalyptic: so far very little is known for certain. but the presence of multiple tiny primes is heavily suggestive of random int.
mircea_popescu: cool deal.
Apocalyptic: asciilifeform: indeed
mircea_popescu: Apocalyptic you got a blog or anything ? where you gonna post ?
Apocalyptic: i'm gonna post in-channel I guess, same as earlier
asciilifeform: i've been considering adding a user-contributed factors box
deedbot: [Qntra] Hoaxtoshi Coninues Swindling Media - http://qntra.net/2016/05/hoaxtoshi-coninues-swindling-media/
asciilifeform: (it'd be trivial)
mircea_popescu: asciilifeform more like, you know, run m-r on the cracked moduli
mircea_popescu: also trivial. not like it doesn't have the juice.
mircea_popescu: and the results could be fed into the hopper in turn.
asciilifeform: after the current wave of derp cools, i'll fiddle with it
BingoBoingo: asciilifeform: sorry no japanese toilets for you, just Hoaxtoshi. Drove to get cigarettes, Nooyz made it to radio.
asciilifeform: leloshi
mircea_popescu: wtf, radio ? seriously ?
asciilifeform: it is strange that same sc4mz0r was recycled
asciilifeform: they could not turn up another ?
mircea_popescu: schmucks. "oh i work for big deal pr firm" "suck my cock".
asciilifeform: i'vethunk there'd be no shortage of them
mircea_popescu: asciilifeform i think a little bit of the whole spam strategy is at work. they WANT the smart folks to lose interest early.
BingoBoingo: <mircea_popescu> wtf, radio ? seriously ? << Yes in the generic CBS radio feed KMOX runs on the hour
asciilifeform: mircea_popescu: that makes a certain amount of sense.
davout: for some reason this hoaxtoshi stuff seems very interesting to journos
mircea_popescu: in other non-news, omfg all the famished camhos posing as online dommes. they are the masters of your wallet dontchakno.
mircea_popescu: derpiest shit ever.
mircea_popescu: davout finally something about bitcoin with no maffs in it. they've been waiting patiently a long long time.
BingoBoingo: <davout> for some reason this hoaxtoshi stuff seems very interesting to journos << Heartbleed and the bash vulnerability made radio
mircea_popescu: asciilifeform aaand 500
asciilifeform: 500 of wat
mircea_popescu: 500 of error code.
davout: BingoBoingo: your radio seems cooler than mine!
BingoBoingo: davout: If the weather's just right you can prolly pick up KMOX's 10,000 watts... maybe
asciilifeform: mircea_popescu: it is up
davout: moon bounce is a thing apparently
asciilifeform: just strained
mircea_popescu: how much bw did it burn this month ? got a stat anywhere ?
asciilifeform: not readily
asciilifeform: nic sent >1TB since last power cycle
asciilifeform: (112 days ago.)
asciilifeform: but this includes, e.g., trb.
mircea_popescu: not horrible.
asciilifeform: there is nothing heavy on the site
mircea_popescu: the braindamage page is like 1mb
asciilifeform: i prolly oughta have massaged it further, e.g., pages
mircea_popescu: btw, ever had a chance to turn off whatever dev environment ? ppls were pointing out.
asciilifeform: it had to be reset correctly so the fix took.
asciilifeform: but done.
asciilifeform: i am still disappointed with the shitstack.
mircea_popescu: honestly, nonpaged is better. guy gets whole thing in one go, prolly results in less overall bw as less futzing and wastage.
asciilifeform: yeah greppable
asciilifeform: sorta why i did it this way to begin with.
mircea_popescu: curl it once an be done
mircea_popescu: ya. right calL.
asciilifeform: speaking of...
asciilifeform: curl -s http://phuctor.nosuchlabs.com/sadmods | grep -c -i " 1 is not prime"
asciilifeform: ^^^ ! ^^^
mircea_popescu: one exponent is best exponent.
asciilifeform: the journawhores dun seem to notice that one.
asciilifeform: lel i'm surrounded by a number of folx here at slaveshit reading reddit etc
mircea_popescu: are you workplace famous now ?
asciilifeform: hopefullynot
asciilifeform: though funnily enough i mentioned phuctor when i was hired there, as a 'litmus test'
asciilifeform: (of them, that is)
asciilifeform: sorta like throwing a rabbit out of airlock to see if atmosphere on new planet is breathable
mircea_popescu: $up tophunctor____
deedbot: tophunctor____ voiced for 30 minutes.
asciilifeform: 'move along citizens!'
mircea_popescu: lol reddit one behind the curve ?
asciilifeform: paid muppet, prolly
asciilifeform: (this'd be a dupe thread)
mircea_popescu: "pgp was broken ayear ago i recall defcon talk"... it's kinda shocking in the despairing sense of the term, exactly what sort of monster a specialised society creates.
mircea_popescu: "i know how to make widgets. i also think the loch ness monster found the cvadrature of the ellipsis."
asciilifeform: mircea_popescu: i dun think there is 'thought' involved in the usual sense
asciilifeform: this here'd be orwell's 'duckspeak'.
BingoBoingo: !up xorrbit
gribble: Error: "up" is not a valid command.
BingoBoingo: $up xorrbit
deedbot: xorrbit voiced for 30 minutes.
Apocalyptic: asciilifeform: re earlier thread I was considering either random p and q then multiplied, or whole modulus is random. Obviously the latter could not occur since the software couldn't compute phi(N), hence doing anything usefull with it.
Apocalyptic: so yeah no k/2-bit prime to be expected in modulus
asciilifeform: Apocalyptic: there are reasons why someone might generate wholly unusable modulus and post to sks.
Apocalyptic: There might be, the resulting thing is a degree of magnitude less usable though
asciilifeform: there appear to be at least two types of phucked moduli
Apocalyptic: including the 32-bit mirrored ones ?
asciilifeform: and it stands to reason that they were born in separate places for distinct reasons.
Apocalyptic: so far I also see the two categories
asciilifeform: the 32-bit mirrored ones are a fairly transparent ploy
asciilifeform: mircea_popescu: lel, yet another firm wasted hours of my time only to barf when told that i refuse to 'top secret'
mircea_popescu: Apocalyptic i just interpreted your argument to mean k/4
mircea_popescu: asciilifeform ftr, there are VERY MANY people refusing to top secret for very many good reasons.
mircea_popescu: one is that they pay fails to compensate the risks (trivially verified : find insurer who will indemnify you for any and all responsabilities in exchange of fraction of extra salary)
asciilifeform: mircea_popescu: fact is, i'm approaching ~unemployable
Apocalyptic: mircea_popescu: why k/4 ? my argument was if the whole modulus is random, then we can expect a k/2-bit prime factor, if modulus is random p times random q, then we can't unless p or q is actually prime (assuming p and q same size), which is quite unlikely if truly random
mircea_popescu: as with all failing empires in history a) the better commentary happens among people who do not have the empire's language as native language ; b) the hassle of obtaining official seal of whatever exceeds the benefits.
mircea_popescu: Apocalyptic p and q randomly generated can still produce a prime factor somewhere in there, perhaps as large as 1/4 of the length of the key.
mircea_popescu: ie even with p, q obtained straight from /urandom, you can still see a 1024 bit prime or somesuch
mircea_popescu: i don't recall right off how you calc the probability, but it is indeed tiny.
Apocalyptic: yeah but why the 4 specifically ? for all you know you can have a k/3 prime as well
mircea_popescu: hey, whadda ya want from me, when trying to rescue statements that are trivially broken i use heuristics!
asciilifeform: mircea_popescu: prime number theorm
Apocalyptic: the important thing is k/2 prime enables to distinguish between the 2, a k/4 prime doesn't, as it would occur in both cases
asciilifeform: hadamard
mircea_popescu: Apocalyptic i guess so.
mircea_popescu: $up cyco
deedbot: cyco voiced for 30 minutes.
cyco: hey
cyco: one of my old keys got phuctored
asciilifeform: cyco: which ?
asciilifeform: cyco: and before getting alarmed, download the key and compare to yours
cyco: ok i'll do that
asciilifeform: it may be a spurious version, someone has been making them for years.
asciilifeform: and this key appears to be one of them.
mircea_popescu: $up cyco1
deedbot: cyco1 voiced for 30 minutes.
cyco1: thanks :)
cyco1: it'll take some time to find the key in my backups
cyco1: i'll come back when i've found it
mircea_popescu: consider also registering your current key with deedbot
mircea_popescu: i'll rate you and you'll beable to self voice in the future
mircea_popescu: are they influencing and community-whatever-ing ?
BingoBoingo: of course
mircea_popescu: $up steffen
mircea_popescu: good for them then.
deedbot: steffen voiced for 30 minutes.
BingoBoingo: ;;bc,stats
gribble: Current Blocks: 409899 | Current Difficulty: 1.7865925777252728E11 | Next Difficulty At Block: 411263 | Next Difficulty In: 1364 blocks | Next Difficulty In About: 1 week, 2 days, 8 hours, 13 minutes, and 9 seconds | Next Difficulty Estimate: None | Estimated Percent Change: None
BingoBoingo: ;;ticker --market all
gribble: Bitstamp BTCUSD last: 441.0, vol: 5354.45823665 | BTC-E BTCUSD last: 443.2, vol: 4879.32364 | Bitfinex BTCUSD last: 441.37, vol: 26801.5056244 | BTCChina BTCUSD last: 443.169345, vol: 20804.50170000 | Kraken BTCUSD last: 443.915, vol: 1075.02228224 | Bitcoin-Central BTCUSD last: 446.4716, vol: 69.1292423 | Volume-weighted last average: 442.174813814
BingoBoingo: $up hdbuck
deedbot: hdbuck voiced for 30 minutes.
BingoBoingo: In other news the US Navy is now allowing neck tattoos
mircea_popescu: "don't ink, don't yell" ?
deedbot: [Recent Phuctorings.] Phuctored: 83780493 divides RSA Moduli belonging to 'James Bottomley <jejb@kernel.org>; James Bottomley <JBottomley@Odin.com>; James Bottomley <JBottomley@Parallels.com>; James Bottomley <James.Bottomley@HansenPartnership.com>; ' - http://phuctor.nosuchlabs.com/gpgkey/23B2173C2FF1A9C43007D526720EA2B9EC1CB4AC21503429ACFBA1DA022517B3
mircea_popescu: always nice to see kernel.org in there.
mircea_popescu: i guess im gonna message him
steffen: interesting stuff, added my public key to check it out ;)
phf: so i did a simple exercise, since there were some claims that "none of the keys import", of grabbing phuctored data. the 223 moduli represent 156 keys, importing which results in 133 "no valid user IDs" and 23 successful imports listed here http://paste.lisp.org/display/315214
jurov: asciilifeform: i tried to check my own keys but http://phuctor.nosuchlabs.com/gpgkey/BBB0A99950037551F533850A677ABD62D0AEE7D7 gives me a broomstick
jurov: then i noticed you use yet longer fingerprints
asciilifeform: phf: not only this, but i strongly suspect that winblowz pgp eats them all...
asciilifeform: jurov: why would i use short fp for anything!
jurov: so even the 40char one is short?
asciilifeform: the one above is correct.
asciilifeform foiled in yet another escape attempt from butugychag.
ben_vulpes: poor baby
phf: need a top-secret job where can discuss things in a public log, tmsr style
asciilifeform: phf: pretty much all of my conversations ended the same way
asciilifeform: (where i refuse to take holy orders, and they stop calling)
phf: i've interviewed for reverser jobs in 2004 or so when i was still doing "infosec", and my interviews all ended same way because i'm not a citizen
mircea_popescu: nice work phf .
asciilifeform: i'm a citizen, but no good at lying.
mircea_popescu: jurov he has to because obv keys can be diddled.
mircea_popescu: we've seen different keys of same fingerprints etc.
phf: "в день индийский слон съедает 100 кг сена, 50 кг моркови, 30 кг капусты, 40 кг хлеба и т.д" - неужели правда, что этот слон столько съедает? - съесть он может и съел бы, да кто ему даст...
mircea_popescu: anyway, yet another thing bitcoin corrupts irretrievably. "wtf this secret job has no public log ? a fie upon you!"
jurov: wtf you're on? i never tried to approach phuctor with sort fingerprint
jurov: i always used 40-char one, just wrong url
jurov: *with short fingerprint
jurov: and noticed /gpgkey/ uses much longer hexporn and was confused
jurov: that one is sha512 or something?
asciilifeform: mircea_popescu: almost face!
asciilifeform: съесть он может и съел бы, да кто ему даст << win.
asciilifeform: ^ my entire life.
asciilifeform: $up gabriel_laddel
deedbot: gabriel_laddel voiced for 30 minutes.
mircea_popescu: jurov the reason for teh hexporn is that there have been diddled keys!
jurov: yes!
mircea_popescu: $up anotheryou
deedbot: anotheryou voiced for 30 minutes.
jurov: and i'm asking, what does /gpgkey/0xhexporn stand for?
mircea_popescu: ie how he derives it from the keys ? nfi. i always assumed it's arbitrary index from db
asciilifeform: jurov: it is a hash of the moduli
asciilifeform: arbitrary!
asciilifeform: plox do not attempt to use for anything other than indexing on phuctor.
asciilifeform: NOT same as fp !
asciilifeform: those are separate !
deedbot: plp voiced for 30 minutes.
jurov: ok, ty
asciilifeform: and correspond to legit fp
asciilifeform: jurov: i needed a way to uniquely identify ~keys~ rather than ~moduli~
asciilifeform: so that i could hash a key and determine if we have it already
asciilifeform: without a megatonne of db grind
asciilifeform: thinkaboutit.
mircea_popescu: $up distemper
deedbot: distemper voiced for 30 minutes.
jurov: it's amazing that fingerprint is not even suitable for that use.
mircea_popescu: quite the accomplishment yeah.
asciilifeform: jurov: not only, but fp identified MODULI
asciilifeform: (even if it worked perfectly with 0 collisions, which, guess what.)
asciilifeform: $up fromphuctor__
deedbot: fromphuctor__ voiced for 30 minutes.
asciilifeform: so many silenceisgolden folx
mircea_popescu: your dash-mojo is not powerful enough!
asciilifeform: such quiet
anotheryou: sorry, just ment to lurk :) don't mind me. Maybe most don't need the up.
anotheryou: trying to make sense and reading a bit before asciing stupid questions :)
asciilifeform: commendable.
mircea_popescu: i kinda gave up autovoicing the default nick folken.
asciilifeform: at this point i can see it.
mircea_popescu: he has a point, too. can just be here for the feeds.
anotheryou: So many german pirate-party members on the list. How where the tested keys selected? I assume you had to start somewhere...
mircea_popescu: nah, no selection. it's the whole sks dump
mircea_popescu: (the keys are not processed one at a time. this used to be the case, but not anymore. now, all done simultaneously)
anotheryou: So my uninformed conclusion would be that something went especially wrong in germany or the pirates cryptoparties got a lot of people using pgp in the first place.
asciilifeform: anotheryou: most of the german keys are of the 'mirrored' type
asciilifeform: and quite likely were crafted by a third party.
anotheryou: third party means it was sort of an impersonation?
asciilifeform: they appear to have the genuine key's fingerprint in certain pgp clients.
anotheryou: I see.
anotheryou: thanks for all the work :)
mircea_popescu: it'd be fun if we could diagnose, eg, fukushima by quality of keys from place and time.
asciilifeform: as with digital cameras, l0l!
asciilifeform: would be ++lulzy if we had the neutronograph
asciilifeform: (neutron background pretty much everywhere on planet3 is same, with the exception of fukkupppies)
jurov: neutrinoscope!
mircea_popescu: but no, it's entirely out of the question any sort of natural event is at work here. usg.nsa been diddling not merely angela merkel's phone,
mircea_popescu: but all communications of all germans at all levels possible.
asciilifeform: the germans have been taking it nice and hard in the arse for half century +.
asciilifeform: and so quietly, too.
mircea_popescu: while supplies last.
asciilifeform: $up steffen
deedbot: steffen voiced for 30 minutes.
steffen: being a german myself, yes, and that's where I thought pgp added a nice sense of privacy to interested parties no matter the government
asciilifeform: mircea_popescu: pgp really took off in de, it seems
asciilifeform: so that was where the ferret cannon was aimed.
steffen: now my next question would be which software was used to generate the flawed keys and if those were software packages with malicious intent
mircea_popescu: steffen you gotta make sure your pgp is actual protocol-strength rsa not merely promise-strength rsa tho.
mircea_popescu: many rsa implementations, especially for the closed source walled gardens, are miserable indeed.
steffen: I lack the skill to verify my software package
steffen: i can only be so paranoid.
mircea_popescu: steffen we've been trying to get people with exposed keys to post the software they used.
mircea_popescu: steffen the golden standard re such verifications in tmsr is V.
steffen: at least so far I can see that my key is not malformed. I'll certainly check that result page periodically in the future.
steffen: a lot of germans that I know use gpg4win
steffen: which incidentally is also a software package vetted by the BSI (german ministry for informational security or something like that)
mircea_popescu: yeah ; a lot of eulora players also. seems to be the most accessible for "people in general"
asciilifeform: steffen: any ministry recommending a ms-winblowz package ipso facto answers to washington.
mircea_popescu: you recommend ida :)
mircea_popescu: $up fromphuctor__
deedbot: fromphuctor__ voiced for 30 minutes.
fromphuctor__: i have an idea for phuctor
fromphuctor__: you could collect many millions keys from SSH server using the ssh-keyscan utility included in OpenSSH
fromphuctor__: it is very fast
mircea_popescu: iiuc jurov already has a more or less complete package of github keys, working to turn them into proper format.
mircea_popescu: the rub there is, currently, the conversion not the acquisition
mircea_popescu: asciilifeform awww, herpy bock got humiliated in public ?
fromphuctor__: ssh-keyscan provide digits
asciilifeform: mircea_popescu: aha
asciilifeform: after which, zap
mircea_popescu: fromphuctor__ yes but phuctor currently eats rfc 4880 format, owing to its history as a pgp key checker.
asciilifeform: what the hell happened to the last time folks collected ssh pubkeys and bernsteined'em
asciilifeform: i tried to find out, found ~0
mircea_popescu: if you have a conversion script anywhere plox feel free to publish.
mircea_popescu: asciilifeform "published studies".
asciilifeform: mircea_popescu: yeah, heninger et al. but iirc there were others
mircea_popescu: of course, others. "published".
ben_vulpes: no code, not published.
ben_vulpes: not in wot, not published.
asciilifeform: sorta lulzy, how much mileage one can get by taking all the shit these muppets claim to have done, and actually ~doing~ it
mircea_popescu: asciilifeform but he has a point ; once we get conversion going running a ssh-keyscan werker is good idea.
mircea_popescu: asciilifeform quite so, yep.
mircea_popescu: reminds me of being in school.
fromphuctor__: bye bye
jurov: ssh-keyscan and the github trove are completely independent things (former scans for server keys, latter are users' keys)
mircea_popescu: jurov yeah meanwhile it percolated through my head.
mircea_popescu: this is rounding out nicely actually!
fromphuctor__: it would be interested testing router keys
mircea_popescu: it even has a -t rsa1!
mircea_popescu: which really halps.
mircea_popescu: $up fromphuctor___
deedbot: fromphuctor___ voiced for 30 minutes.
fromphuctor___: thanks... would the phuctor checker work with non PGP keys, if i correctly converted an RSA key to the required format?
mircea_popescu: absolutely.
mircea_popescu: as long as it's a rsa key, it will work.
fromphuctor___: sounds like i'll be busy then!
mircea_popescu: keep us posted
mircea_popescu: also, consider registering your key with deedbot
mircea_popescu: helps build your identity, and you'll be able to self-voice.
fromphuctor___: i need to figure out how to convert plain key to that base64/der stuff
fromphuctor___: will the submit page tell me my key is malformed if i made a mistake?
asciilifeform: was there really..?
asciilifeform: i can't wait to listen to the tape of 'my' talk.
asciilifeform: at shitcon.
asciilifeform: or wherever.
mircea_popescu: no idea ?
mircea_popescu: you're asking me who you talked to ? what am i, the omniphone ?
asciilifeform: well i did not in actuality give any such lecture
asciilifeform: in real life.
asciilifeform: but perhaps someone gave 'for'.
asciilifeform: y'know, a henninger.
mircea_popescu: eh reddit ; who even has teh energy.
asciilifeform: mircea_popescu: l0l looks like moar ddos.
mircea_popescu: asciilifeform it won't last, server's pretty well supplied.
mircea_popescu: let 'em try.
mircea_popescu: incidentally, i just remembered : http://www.hanewin.net/encrypt/PGpubkey.htm << this of any use ?
asciilifeform: pretty basic rfc4880 parser thing aha
mircea_popescu: asciilifeform but it also has a convertor to mpi/b64
mircea_popescu: $up andrej235
deedbot: andrej235 voiced for 30 minutes.
asciilifeform: for folks trying to understand the format, it is worth a read
mircea_popescu: PGencode.js particularily interesting i thought as it really takes base64 pubkey and puts it through rsa.js
mircea_popescu: so isn't this pretty much 99% of bignum->rsa in pgp format ?
asciilifeform: agonizing to read on account of shitlang
asciilifeform: and the million kludges it needs to do basic things
asciilifeform: (e.g., ordinary integers)
mircea_popescu: http://www.hanewin.net/encrypt/PGencode.js << the comments peculiarily amusing.
mircea_popescu: "windows clock moves in 18.2 ms jumps"
asciilifeform: 'We need an unpredictable session key of 128 bits ( = 2^128 possible keys).' << lel
mircea_popescu: still. it has a key parser that works.
asciilifeform: i actually came across it before, when cataloguing known pgptrons
asciilifeform: (hunting for 'magical' ones)
mircea_popescu: i put it on my pgp page on trilema,. forgot all abpout it, now stumbled on it all over again
mircea_popescu: blogs rule.
mircea_popescu: but yes, pretty nifty as you can use it to send a [sorta] encrypted message entirely via web
asciilifeform: just like keybase!1111111
asciilifeform: ;;later tell jurov observed any spike in trb site traffic ? (it is linked from nosuchlabs.com)
gribble: The operation succeeded.
asciilifeform: so... looks like the reddit thing is done, huh.
asciilifeform: like writing on beach sand.
asciilifeform: farts in the wind.
asciilifeform: $up plp
deedbot: plp voiced for 30 minutes.
mircea_popescu: you sound almopst like you're expecting something.
asciilifeform: mircea_popescu: there is always the 1 reader in a million who says something applicable.
asciilifeform: mega-unsurprise that he did not appear, sure.
asciilifeform: mircea_popescu: picture if you threw a match into latrine and it roared with fire like jet engine.
asciilifeform: yes, it is quite clear that latrine will not be flying anywhere.
asciilifeform: but still impressive.
mircea_popescu: of course he appeared ? we got all sorts of workable ideas for phuctor!
asciilifeform: i don't recall any new ones
mircea_popescu: well "new", nothing's ever new.
asciilifeform: lel, megatonnes of traffic on my www also
asciilifeform: largely from mircea_popescu's links
asciilifeform: $up Valfor
deedbot: Valfor voiced for 30 minutes.
asciilifeform: $up fromphuctor__
deedbot: fromphuctor__ voiced for 30 minutes.
phf: since today is a looking at stats day, btcbase is at modest 3500 hits right now, which has been the average since about april 6th, but note that the day is not over and system has been down for almost 8 hours. the number of hits brought by referer has spiked though to ~~500, and looking at graph roughly correlates to trilema posts. not surprisingly the top referer is trilema at ~~1000, followed by qntra at ~~600 and phuctor at ~~80.
phf: (the last three values are totals)
phf: the-phuctoring is second top ref from trilema, losing out by a large margin to top ref ill-pay-for-your-tits
mircea_popescu: o.O check out the tits!
asciilifeform: $up fromphuctor__
deedbot: fromphuctor__ voiced for 30 minutes.
deedbot: [Trilema] The mathematics of scamming - http://trilema.com/2016/the-mathematics-of-scamming/
mircea_popescu: $up bolts
deedbot: bolts voiced for 30 minutes.
asciilifeform: mircea_popescu: 10000000th prime is...
asciilifeform: 179424691
asciilifeform: gentlement please welcome the all-new 8ball.
asciilifeform: deploying now.
asciilifeform: ;;later tell mircea_popescu from beloved l0lcow, https://twitter.com/hanno/status/727179938017759232
gribble: The operation succeeded.
asciilifeform: 'if it's a bug it's most likely in the keyservers. if you look at those keys they usually have a lot of bytes replaced by ff values'
asciilifeform: https://github.com/hannob/pgpmoduli << and he's got the obligatory 'we did it first, move along!' thing going. 7h ago.
asciilifeform: incidentally, didn't the derp already have a 'we did ALL the keyz' post LAST may ?
asciilifeform: so how come he has to hastily do it (with henninger's proggy no less, see his shithub) ~now~ ?
asciilifeform: noteventrying.jpg
asciilifeform: (and where are his posts on any other subject ?)
deedbot: [Recent Phuctorings.] Phuctored: 6723834688378347131962599764946917095897099 divides RSA Moduli belonging to 'Tim Fiedler <tfcoding@gmail.com>; ' - http://phuctor.nosuchlabs.com/gpgkey/FE99DB4C8A6980859D6C2322594C1B2CB4348ECB0F9BA3A7275285C7F3D02F7F
deedbot: [Recent Phuctorings.] Phuctored: 4309906883679414593286257 divides RSA Moduli belonging to 'Sven Arnold <psykoman@system-failures.org>; ' - http://phuctor.nosuchlabs.com/gpgkey/DC9D7BC1ADFF9D074C29DA18CB7224920FDAABD2348152DE296A6293FF3C1914
deedbot: [Recent Phuctorings.] Phuctored: 7495348559018251213 divides RSA Moduli belonging to 'Paul Okkerse (Hoofd ICT) <paulokkerse@huighaverlag.nl>; ' - http://phuctor.nosuchlabs.com/gpgkey/DAB44446629F9CF37EB64BF72BBB6471AB6817777283D5F20F162E4FD344C3C5
deedbot: [Recent Phuctorings.] Phuctored: 1391496359719179921 divides RSA Moduli belonging to 'Tim Fiedler <tifi@goapple.de>; ' - http://phuctor.nosuchlabs.com/gpgkey/D7B81471B4D1C2FC6AA8D6709F391B026BD1BAFEBAB21AE8BA277C1B3D054536
deedbot: [Recent Phuctorings.] Phuctored: 2095136408731482091 divides RSA Moduli belonging to 'Yumeomi Tanaki; ' - http://phuctor.nosuchlabs.com/gpgkey/9B9B0ED6921A8C15003519B16DAED0FB79CB70782F178A4DD5CE5FBDCF85C47A
asciilifeform: theeeeeeeere we go
asciilifeform cleans chopping block
asciilifeform: the folks who keep popping, are good candidates for 'random int' hypothesis
asciilifeform: others - less so.
asciilifeform doing what he does every single fucking day of the week, applying to jobz, and notices a 'christ-based software products!'
asciilifeform: finally the ancient prophecy coming true, a genuine merger of software and conventional voodoo !
asciilifeform: lulzily i get unsolicited wurk callz every few days
asciilifeform: but they are useless
ben_vulpes: how useless?
asciilifeform: nonremote
asciilifeform: and 9 times out of 10 usg.
deedbot: [Recent Phuctorings.] Phuctored: 226646661742163 divides RSA Moduli belonging to 'dallasdak96 <teardownthiswall@tormail.com>; ' - http://phuctor.nosuchlabs.com/gpgkey/12AD3EF8AAEFE48EA63A8917991A984660ECEB4194F6F5CEC2EA8304CB2C120F
deedbot: [Recent Phuctorings.] Phuctored: 625320991898048033 divides RSA Moduli belonging to 'Henry Hertz Hobbit <hhhobbit@gmail.com>; Henry Hertz Hobbit <hhhobbit@hotmail.com>; Henry Hertz Hobbit <hhhobbit@securemecca.net>; Henry Hertz Hobbit <henryhertzhobbit@yahoo.com>; ' - http://phuctor.nosuchlabs.com/gpgkey/63016E43A530350EC983F09A74C50EC8E87FEB92F3DEAC355BE2E64CA7985921
ben_vulpes: path dependency's a bitch.
ben_vulpes: but hey!
ben_vulpes: you could be fielding questions from clients past about why you billed them nine hundred grand for misc. support over the month.
ben_vulpes: look at the upside! think of all the tacks you don't have to chew!
asciilifeform: $up zgrep
deedbot: zgrep voiced for 30 minutes.
asciilifeform: ben_vulpes knows that i chew only rusty nails mixed in liquid shit
asciilifeform: never tacks.
trinque emits a parser error
ben_vulpes: unrelatedly, datomic is a *very* spiffy data abstraction layer.
asciilifeform: wats that
ben_vulpes: proprietary proggy that sits atop your $db of choice
ben_vulpes: effectively a distributed prolog-alike db, to the extent that i can be trusted to call something 'prolog-alike'
asciilifeform: ben_vulpes: ever play with symbolics 'joshua' ?
ben_vulpes: the answer to 'ever play with symbolics *' is always 'no', dude.
asciilifeform: ben_vulpes: download 13333333333333333337 w4r3z and run emulator
asciilifeform: it (mostly) worx.
asciilifeform: alternatively,
ben_vulpes: not an expert system, not ai, not anything special.
ben_vulpes: simple an EAVT data store with a single threaded writer. caches recent images of the db in peer memory (yes, 'immutable' db).
asciilifeform: like 'elephant' ?
ben_vulpes: but i don't know enough about elephant to say.
ben_vulpes: seemed very specifically a CLOS data store.
asciilifeform: it is spiffy
asciilifeform: mostly shoots in the head the need to think about db
ben_vulpes: mostly, except as trinque discovered when one goes to do joins.
asciilifeform: but tricky to set up (it refuses to work on a great many 'modern' linuxen due to library retardation)
ben_vulpes: when, smack back in SQLland.
asciilifeform: iirc trinque was using conventional sql ?
ben_vulpes: elephant on PG.
ben_vulpes: because if it cannot support multiple web hosts, it is not a db with which i will fuck.
asciilifeform: what means 'multiple web hosts' ?
trinque: tbh I'm willing to consider that if you wrote too many layers of joins and views, you chose the wrong data structure in the beginning
asciilifeform: >1 instance of apache? or what
ben_vulpes: asciilifeform: yes, that. or your actual logic layer of choice.
ben_vulpes: whatever it is that returns the JSON that sends mircea_popescu scrambling and screaming for the "programmer's view"
phf: Datomic is piece of shit for non-trivial datasets. I don't understand how they could steal so much old lisp tech and still manage to fuck it up
asciilifeform: phf: the perennial question re shitware, no ?
ben_vulpes: phf: knows from experience?!
asciilifeform: think of, e.g., java.
asciilifeform: 'stole so much, delivers so little'
ben_vulpes: i wish i had the historical perspective to even know.
ben_vulpes: mostly, i find rocks of various sharpness and heaviness and use them to beat my local reality into shape.
ben_vulpes: phf: i would like to hear about what kinds of misery you've found in datomic. not to doubt! never to doubt the misery of technology. but out of curiosity, and limits-finding by proxy.
ben_vulpes: (and also as previously discussed in logs, the scraps on my table are rarely of "web scale" magnitude)
phf: Sorry I'm on phone and just needed to pipe in. But I picked up datomic on a project as "clojure take on allegro cache" and I was expecting similar performance (tens of millions of records on a reasonable machine)
ben_vulpes: > allegro cache
phf: Needless to say it's nowhere near there. Be prepared to grok both datomic and the underlying store.
ben_vulpes: yeah, i only run on postgres for that precise reason.
phf: Basically the game becomes "how does query translate into PostgreSQL so I can index all the things"
phf: And those proverbial millions of records require really beefy machines. 8gb of ram, fast flash drives, etc
ben_vulpes: it is the classic "db that looks good but needs tender loving care from its authors to work well" software trap.
phf: Don't worry you can hire them to consult :)
ben_vulpes: i harbor no illusions in this regard.
ben_vulpes: were i not desperately trying to eke my own living out i would most likely be camping outside of the cognitect offices until they took pity upon me and let me sweep the floor.
ben_vulpes: > allows programmers to work directly with objects as if they were in memory while in fact the object data is always stored persistently << stinks of ORM shit-dippery
asciilifeform: ben_vulpes: wats that
ben_vulpes: "object relational model"
asciilifeform knows ~nothing of this.
ben_vulpes: may ye long remain ignorant of it
ben_vulpes: Foo.objects.get(pk=20) or Foo.objects.get(name="Stan")
ben_vulpes: 'tis the root of the success of Rails and friends
trinque: b-but y'know sql is hard and so caked shit atop
ben_vulpes: "you mean i don't have to think about the db!?!?"
BingoBoingo: !up ascii_deadfiber
gribble: Error: "up" is not a valid command.
BingoBoingo: $UP ascii_deadfiber
deedbot: ascii_deadfiber voiced for 30 minutes.
BingoBoingo: HO HO HO TO YOU TOO FULL STOP
ascii_deadfiber: snow, in motherfucking may.
BingoBoingo: wow, I thought you had swamp
ascii_deadfiber: and icestorm in may.
ascii_deadfiber: apparently.
BingoBoingo: And ascii_deadfiber thinks the middle west is horribru
ascii_deadfiber: zoolag dead until further notice.
ascii_deadfiber: you can't even ~get~ real net in midwest.
ascii_deadfiber: at least not on human budget.
BingoBoingo: Seriously, you get fiber in the middle west, that connects to hubs in different directions. We discovered redundancy 3 years ago and nao everything is grand.
ascii_deadfiber: then why BingoBoingo's node not 24/7 ?
BingoBoingo: Not all middle west are equal and which node is Bingo's?
ascii_deadfiber: the one mentioned back when
ascii_deadfiber: and in which midwest decent fiber?
ascii_deadfiber: if it's urban centres, i need those like i need second arse drilled.
BingoBoingo: Turned out box rented back then was crap still running node at home and not advertising, programable version string for reason
BingoBoingo: And no, the good fiber in the midwest is in exurbs. Usually connects to nearest urban center and a further urban center because
BingoBoingo: $up dotblank
deedbot: dotblank voiced for 30 minutes.
BingoBoingo: $up fromphuctor__
deedbot: fromphuctor__ voiced for 30 minutes.
← 2016-05-01 | 2016-05-03 →