| 01:38 |
danuker |
because "reasons"? is significantly increasing the cost of MITM not a good reason enough? |
| 01:38 |
danuker |
and what is "V"? |
| 01:38 |
danuker |
"shinohai: Welp appears danuker didn't read how V works. Next." |
| 01:49 |
danuker |
"read and understand any software" hmm |
| |
~ 16 minutes ~ |
| 02:05 |
mats |
danuker: http://cascadianhacker.com/07_v-tronics-101-a-gentle-introduction-to-the-most-serene-republic-of-bitcoins-cryptographically-backed-version-control-system |
| 02:06 |
danuker |
thank you |
| 02:06 |
danuker |
I guess it would be hard to MitM so many domains |
| 02:06 |
danuker |
I am following http://thebitcoin.foundation/trb-howto.html to attempt to understand what you guys are doing |
| 02:07 |
mats |
read carefully and follow the links before you return to chat |
| |
~ 18 minutes ~ |
| 02:25 |
mats |
since you are interested in bitcoin i expect you understand why some might disapprove of TLS and the concept of certificate authorities |
| |
~ 18 minutes ~ |
| 02:43 |
mats |
if you read the news at all, you might also notice the greatest threat to users of the internet is not the random passerby but governments and their agents |
| 02:54 |
mats |
such as beijing, usag barr, and lesser characters like the blue coat systems people who used to have an intermediate cert courtesy of symantec and sell intercept devices to govts |
| 02:59 |
danuker |
mats: you told me not to chat until I understand what V does. I now do; and as far as I understood, it is like Git + mandatory signatures + commits as a patch collection + web of trust |
| 02:59 |
danuker |
I agree with your observations on TLS |
| 03:00 |
danuker |
I have a problem with the web of trust; just because someone signed something doesn't mean they weren't compelled by a national security letter to do so |
| 03:02 |
danuker |
I will use trust control for every patch |
| 03:02 |
mats |
american law enforcement might believe it has planetary jurisdiction but thats not realistic |
| 03:03 |
danuker |
as in, not copy patches I don't trust in the pool |
| 03:03 |
danuker |
it's not just about the US, every country has national security exceptions |
| 03:03 |
mats |
the signature doesnt preclude your own audit |
| 03:04 |
danuker |
precisely |
| 03:04 |
danuker |
but it is a bit of a red herring |
| 03:06 |
danuker |
still, the cheapest way I see the government destroying Bitcoin, as well as this community, is to infiltrate and cause chaos in the governance |
| 03:06 |
danuker |
and the web-of-trust being confirmed manually helps that |
| 03:06 |
danuker |
I mean helps against that; mitigates that |
| 03:10 |
mats |
it helps to have competent people in your wot who will also audit signed material |
| 03:13 |
mats |
NSLs are a bogeyman in this discussion |
| 03:19 |
mats |
idk what 'confirmed manually' means. what is your professional background? |
| 03:20 |
danuker |
I was a web developer; now, not much |
| 03:21 |
danuker |
confirmed manually means to me looking at what the signed code does, and deciding whether to trust the public keys one by one |
| 03:23 |
danuker |
and not trusting anymore any keys whose users show signs of malevolence |
| 03:23 |
mats |
yes, the wot is somewhat less useful to someone that doesnt trust anybody in it |
| 03:24 |
mats |
that someone should make more friends, learn to code, or pay someone competent for help |
| 03:27 |
danuker |
I appreciate that V was very simple to review |
| 03:28 |
mats |
have you read thompson's reflections on trusting trust? |
| 03:30 |
danuker |
yes, but I forgot it; will read again |
| 03:36 |
danuker |
awesome :) |
| 03:38 |
danuker |
Thompson has a much better bogeyman |
| 03:52 |
mats |
this is a different rabbit hole but might interest you, http://logs.nosuchlabs.com/log/trilema/2017-04-03#1636708 |
| 03:52 |
snsabot |
(trilema) 2017-04-03 asciilifeform: incidentally the folx who designed ada, read thompson's paper. and immediately acted. which is why in ada you get 'driving stick'-style control over the compiler, the order in which it puts down routines, and data structures during 'elaboration', and can leave bread crumbs for manual binary auditor (yes) to look for when he compares (yes) binaries built on different systems for same rocket. |
| 03:55 |
mats |
and https://web.archive.org/web/20190127203624/http://mocky.org/Log-Reference-Why-Ada |
| 03:56 |
danuker |
I see. So that is why you have an Ada dependency, in addition to the C compiler |
| 03:57 |
danuker |
is the hope to eventually remove the C compiler, and be left with Ada? |
| 04:03 |
mats |
the ada dep is due to a keccak implementation iirc, and i dont believe anyone has expressed the intent to do the former |
| 04:05 |
mats |
er, latter |
| |
~ 16 minutes ~ |
| 04:21 |
mats |
any relation to diana_coman? she is also a romanian that loves semicolons |
| 04:23 |
danuker |
I found her site because she analyzed some Romanian education data scraped with this scraper: https://github.com/ciupicri/bac-parser |
| 04:24 |
danuker |
I am interested in the data to create a map |
| 04:24 |
danuker |
as for the semicolons; that's odd, I never noticed I use so many |
| 04:27 |
mats |
ah, interesting |
| |
~ 23 minutes ~ |
| 04:50 |
mats |
i dont mean to offend, you have been a good sport in spite of the at times chilly replies youve received here |
| 04:59 |
danuker |
well, thanks! I get the chilly replies; for all you know I work for the government |
| 05:00 |
danuker |
here's my blog to see what I care and know about; in case you have time to kill: https://danuker.go.ro/ |
| 05:00 |
danuker |
(still HTTPS of course xD) |
| 05:00 |
danuker |
I should at least allow HTTP |
| |
~ 33 minutes ~ |
| 05:34 |
mats |
some of the regulars here developed an allergy to tls many years ago, doesnt have anything to do with your employer |
| |
~ 1 hours 12 minutes ~ |
| 06:46 |
danuker |
is this allergy a reaction to the conditioning that "TLS = secure"? why should I turn off TLS on my site? |
| |
~ 2 hours 41 minutes ~ |
| 09:28 |
shinohai |
wb danuker ... will check out your blog as time permits. |
| |
~ 3 hours 11 minutes ~ |
| 12:39 |
jurov |
Hi danuker, the "allergy" is reaction to sprawling (=== dangerous ==== evil) complexity of SSL/TLS and the way how it is being forced through with its model of trust. |
| 12:44 |
danuker |
I understand. Thank you! |