Skip to content

Instantly share code, notes, and snippets.

@AgoristRadio

AgoristRadio/gist:1895999

Created February 24, 2012 00:12
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save AgoristRadio/1895999 to your computer and use it in GitHub Desktop.
Save AgoristRadio/1895999 to your computer and use it in GitHub Desktop.
Download ZIP
Intro to Skyhook
Raw
gistfile1.txt
(10:23:36 AM) AgoristDuane2: Does anyone on here know how I can mirror wikileaks?
(10:26:00 AM) nphyx: i think the best thing would be to download and permanently seed their torrents, that's the important part
(10:26:41 AM) AgoristDuane2: Okay well where do I find their torrents?
(10:27:57 AM) nphyx: generally they'll come up on any major torrent tracker
(10:28:08 AM) AgoristDuane2: ok
(10:28:14 AM) nphyx: the last one i grabbed was the cable leak, i think i found it on pirate bay
(10:28:27 AM) AgoristDuane2: okay cool
(10:28:55 AM) Hiro: how do you know if you are downloading and seeding the right stuff?
(10:29:23 AM) Hiro: even at 10K seeders those could all be fake, and the file corrupted with some good and lots of fake stuf
(10:29:26 AM) nphyx: I *think* they publish MD5s on their website, but don't quote me on that
(10:29:26 AM) Hiro: you wont
(10:29:30 AM) Hiro: exactly
(10:29:36 AM) Hiro: but their site can be mitm
(10:29:47 AM) Hiro: so everyone could be getting fake md5s
(10:29:57 AM) Hiro: and if they use ssl you can get mitm easy
(10:30:00 AM) nphyx: granted
(10:30:18 AM) Hiro: the only way is with namecoin, bumper and skyhook
(10:30:19 AM) Hiro: : )
(10:30:19 AM) voodoo: agoristduane2: http://c4ss.org/content/5238
(10:30:24 AM) Hiro: it was part o my pitch.
(10:30:24 AM) a: (notice) voodoo: [C4SS Begins Mirroring Wikileaks]
(10:30:25 AM) anarbot: (notice) voodoo: http://anarplex.net/l/4QrxLBxjBBvB8FA0QJ8 (C4SS Begins Mirroring Wikileaks)
(10:30:33 AM) AgoristDuane2: Okay cool thanks voodoo
(10:30:39 AM) nphyx: running basic sanity checks on the files would help
(10:31:00 AM) nphyx: for instance, shell script that checked that text files still looked like text files
(10:31:00 AM) Hiro: sanity checks will come out OK on information corrupted files.
(10:31:06 AM) nphyx: or perl script, anyway
(10:31:17 AM) Hiro: not talking about corrupt bits, but corrupt info
(10:31:20 AM) nphyx: if someone has gone through and manually replaced with new plausible data yeah
(10:31:24 AM) nphyx: ah
(10:31:42 AM) Hiro: right, I am just saying that all these checks fall apart for anyone that is targetted
(10:31:53 AM) Hiro: unless they are using namecoin, bumper and skyhook : )
(10:32:08 AM) Hiro: been working on the skyhook api
(10:32:13 AM) Hiro: so wikileaks would do:
(10:32:49 AM) AgoristDuane2: Well I just downloaded a file from the wikileaks website wikileaks_archive.7z
(10:33:05 AM) Hiro: skyhook announce torrentxyz@1.4
(10:33:08 AM) Hiro: ok
(10:33:10 AM) Hiro: so
(10:34:08 AM) Hiro: skyhook announce wikileaks_archive.7z@1.4 magnet:uri:blahblah
(10:34:10 AM) Hiro: thats it
(10:34:17 AM) arrakis left the room (quit: Ping timeout: 121 seconds).
(10:34:22 AM) Source [chatzilla@10.0.6.37] entered the room.
(10:34:24 AM) Hiro: and anyone in the world can authoritatively see in the blockchain
(10:34:29 AM) Hiro: signed by wikileaks
(10:34:45 AM) Hiro: the filename, version, its hash and seed uri
(10:34:51 AM) Hiro: and do:
(10:35:23 AM) Hiro: skyhook show wikileaks_archive@wikileaks.bit
(10:35:39 AM) Hiro: will print it out, fully verified, no key exchange etc
(10:35:50 AM) Hiro: and they can get it:
(10:36:35 AM) Hiro: skyhook pull wikileaks_archive@wikileaks.bit
(10:36:38 AM) Hiro: then:
(10:36:49 AM) Hiro: utorrent magnet:uri
(10:37:10 AM) Hiro: after file is fully seeded locally, they can
(10:37:36 AM) Hiro: skyhook check wikileaks_archive@wikileaks.bit /path/to/wikileaks_archive.7z
(10:37:55 AM) Hiro: of course after everyone understands how this works it will be built into the clients
(10:38:10 AM) Hiro: so that utorrent download of wikileaks archive actually will be:
(10:38:15 AM) Hiro: run utorrent
(10:38:20 AM) Hiro: from utorrent menu:
(10:38:34 AM) Hiro: File->Skyhook->Download->____________
(10:38:42 AM) Hiro: enter in: wikileaks_archive@wikileaks.bit
(10:39:09 AM) Hiro: and the entire thing is skyhooked fully authenticated signed, locally verified
(10:39:33 AM) AgoristDuane2: Okay is that the entirety of all released "leaks" as of now? And I don't use utorrent...I use tribler would it still work like that through tribler?
(10:39:35 AM) Hiro: pgp key sigs, md5's all that crap in the near future will be thing of the past.
(10:39:52 AM) arrakis [guest@10.0.6.10] entered the room.
(10:39:58 AM) Hiro: doing that stuff manually and posting your md5's on a website will not be done any more, cause its stupid.
(10:40:11 AM) Hiro: .
(10:40:22 AM) Hiro: in the future yes.
(10:40:44 AM) Hiro: all file distribution systems will be using skyhook.
(10:41:28 AM) bruzum: Hiro: check pm pls
(10:43:11 AM) RN left the room (quit: Connection closed).
(10:43:32 AM) Hiro: its bold, but if you don't agree, you don't get it. cypherpunk show coming up on it.
(10:43:46 AM) Hiro: : )
(10:43:53 AM) Hiro: voodoo?
(10:44:03 AM) bruzum: HELLLLLLLLLO THIS IS HIRO WHITE FROM THE CYPHERPUNKD SHOW!
(10:44:13 AM) Hiro: lol
(10:44:23 AM) bruzum: my gf hates your voice btw
(10:44:23 AM) RN [ReturningNoiv@172.31.254.68] entered the room.
(10:44:32 AM) Hiro: "SEASON 2 EPISODE 1!"
(10:44:38 AM) AgoristDuane2: Awesome!
(10:44:39 AM) Hiro: lmao
(10:44:47 AM) bruzum: she thinks it's too monotonous
(10:44:51 AM) bruzum: :D
(10:45:27 AM) voodoo: yes, hiro?
(10:45:39 AM) fonzie left the room (quit: Ping timeout: 121 seconds).
(10:45:43 AM) bruzum: im trying to tell her it's not about the show but the content of the show
(10:46:15 AM) Hiro: I agree with her, often it is... but hey, I am not a professionally ordained radio personality.
(10:46:20 AM) Hiro: voodoo have a sec?
(10:46:30 AM) voodoo: sure
(10:46:41 AM) bruzum: Hiro: I am
(10:46:46 AM) Hiro: ok
(10:46:54 AM) nphyx: really? i enjoy cypherpunked, no artificially induced emotional response
(10:46:57 AM) Hiro: namecoin oauth on request of FT for implementation idea.
(10:47:30 AM) Hiro: nypyx yeah, I play around sometimes but its just "real".
(10:48:02 AM) Hiro: and if you find it monotonous actually it maybe because your mind is not getting blown with the topics cause you don't understand them
(10:48:12 AM) bruzum: yeah
(10:48:17 AM) Hiro: ok
(10:48:23 AM) Hiro: namecoin oauth on request of FT for implementation idea:
(10:48:25 AM) bruzum: but do you go through mumble when doing radio?
(10:48:52 AM) Hiro: this season will be 100% mumble, has built in recording! already have an #agoristradio-studio channel hehe
(10:48:57 AM) Hiro: ok follow me
(10:49:06 AM) bruzum: yea sry
(10:49:12 AM) Hiro: so voodoo.bit is a website
(10:49:23 AM) Hiro: has cool shit, but I need an account.
(10:49:42 AM) Hiro: and they only offer facebook auth login
(10:49:54 AM) Hiro: so I say fuck voodoo.bit and go with same service over at
(10:50:08 AM) Hiro: smuggler.bit
(10:50:20 AM) Hiro: they offer namecoin oauth.
(10:50:31 AM) Hiro: they ask for my id, I enter in hiro.bit
(10:50:55 AM) Hiro: they do lookup of auth process/method/requirements on the blockchain for that id.
(10:51:04 AM) smuggler: heh? who's calling me?
(10:51:05 AM) Hiro: in my hiro.bit json file I have:
(10:51:54 AM) Hiro: oauth => transport:xmpp location:hiro@agora.bit
(10:52:15 AM) AgoristDuane2: Okay does anyone here have experience with tribler?
(10:52:17 AM) Hiro: key: pubkey
(10:52:34 AM) nphyx: wpi;dm
(10:52:36 AM) nphyx: erp
(10:52:45 AM) Hiro: they then, encrypt a challenge to me saying: is this you? if so, send back to us this number: 43545353452345342532452345
(10:53:05 AM) nphyx: i do not, but i've heard of it agoristduane2
(10:53:13 AM) Hiro: on our desktop we have running namecoin auth client, with status/tray icon and msg alert system.
(10:53:19 AM) nphyx: i don't have the bandwidth at home to fuck around with file sharing right now
(10:53:26 AM) nphyx: it sounded like a good idea, though
(10:53:43 AM) Hiro: they lookup key encrypt the message, then send it through the transport. it could be email, it could be an irc nick on freenode whatever
(10:53:54 AM) AgoristDuane2: Well I'm use it quite a bit it's pretty cool. The only downside is I cannot for the life of me figure out what the attached program called Dowser is supposed to do or how to turn a file into a torrent to seed with tribler
(10:54:13 AM) Hiro: my system gets it, it sees its a msg that is signed by smuggler.bit with auth request.
(10:54:21 AM) Hiro: we accept/reject etc.
(10:54:43 AM) Anomie left the room (quit: Ping timeout: 121 seconds).
(10:54:53 AM) Hiro: when we accept, we also use the namecoin lookup, encrypt msg to their key, and send via their transport mechanism, or just return msg via xmpp source
(10:55:01 AM) Hiro: .
(10:55:03 AM) Hiro: thats it.
(10:55:15 AM) Hiro: now you can say, well oauth can do this now, well it can't:
(10:55:27 AM) smuggler: argh. do NOT use my nick for examples, pls.
(10:55:36 AM) Hiro: lol
(10:55:40 AM) nphyx: haha
(10:55:48 AM) Hiro: 1) get your key authoritatively
(10:55:57 AM) Hiro: 2) give you their key authoritatively
(10:56:09 AM) nphyx: where does skyhook live hiro
(10:56:10 AM) Hiro: its turtles all the way up and a pain in the ass to even do it right
(10:56:18 AM) voodoo: is smuggler.bit the site you mentioned last night with all the granny camwhoring?
(10:56:19 AM) Hiro: this is not skyhook, hold on nphyx
(10:56:32 AM) Hiro: lol. yes. all the GILFs
(10:56:33 AM) TacoTruck-mobile left the room (quit: Connection closed).
(10:56:36 AM) Hiro: ok
(10:56:38 AM) Hiro: ALSO
(10:56:45 AM) Hiro: ID is not tied to the email address you get this?
(10:56:50 AM) Hiro: nor the xmpp destination.
(10:57:10 AM) Hiro: ALL systems now tie you to account or ID that is based on a centralized or fixed location.
(10:57:22 AM) Hiro: so hiro@metropipe.net may be what I use to auth
(10:57:26 AM) Hiro: but that is only transport
(10:57:46 AM) Hiro: so if metropipe.net gets seized, I just update my namecoin address to show another transport mechanism and endpoint.
(10:57:46 AM) Hiro: .
(10:58:09 AM) Hiro: authoritative record is namecoin, and lookups should be done to check what is the current latest info etc.
(10:58:29 AM) Hiro: like maybe I change my key all the time. so what.
(10:58:29 AM) Hiro: .
(10:58:53 AM) Hiro: now I don't want to get crazy but this also creates a system or regular email so that you can have 1000 email addresses and a new one each day
(10:58:58 AM) Hiro: and no one needs to know or care
(10:59:18 AM) Hiro: they email voodoo.bit their client does all the magic of keys, and your email address of the day.
(10:59:33 AM) Hiro: so this system has epic implications on the old net, not just the darknet.
(10:59:33 AM) Hiro: .
(10:59:41 AM) Hiro: nphyx: what about skyhook?
(11:00:14 AM) nphyx: was asking for a link, so i can go check out code :)
(11:00:15 AM) Hiro: skyhook is a CLI and GUI app, and a protocol that ushers data in and out of the namecoin blockchain.
(11:00:31 AM) nphyx: or git repo would be cool
(11:00:36 AM) LokeRundt left the room (quit: Ping timeout: 121 seconds).
(11:00:59 AM) Hiro: I have not made the git commit yet, but follow distributedcity org on github
(11:01:12 AM) Hiro: skyhook is there, and I will push up what I have in the next few days.
(11:01:21 AM) Hiro: its so fucking simple its stupid
(11:01:33 AM) TacoTruck-mobile [yaaic@10.0.6.10] entered the room.
(11:02:07 AM) Hiro: but like a lot of things, its nothing new, its just a new way to use something that already is there, with an agreed json name/value format and a few helper scripts
(11:02:21 AM) Hiro: once it catches on though it will be put into many existing apps.
(11:02:21 AM) Hiro: .
(11:02:40 AM) nphyx: cool, ill check it out
(11:02:43 AM) Hiro: remember also, skyhook also allows for execution
(11:03:22 AM) Hiro: so you can do: skyhook exec wine firefox@portableapps.bit
(11:03:44 AM) Hiro: and it will get the file, check the md5 on the blockchain from portableapps guys, if all cool then exec it
(11:03:58 AM) Hiro: and the file actually is not located firefox@portableapps.bit
(11:04:05 AM) Hiro: that is only lookup info
(11:04:11 AM) arrakis left the room (quit: Ping timeout: 121 seconds).
(11:04:20 AM) Hiro: the record actually returns urls of hacked servers in russia
(11:04:27 AM) Hiro: UNTRUSTED hacked servers.
(11:04:35 AM) Hiro: just using that as an extreme example.
(11:04:59 AM) Hiro: so if using skyhook you can execute a trusted app from anywhere.
(11:05:02 AM) Hiro: look at this shit>
(11:05:11 AM) Hiro: you can put gpg.exe in your dropbox folder
(11:05:16 AM) Hiro: and run all encryption from there
(11:06:07 AM) Hiro: skyhook exec /my/dropbox/asshole/hackerthief/friend/shared/folder/gpg.exe --change my passphrase
(11:06:10 AM) Hiro: something like that
(11:06:30 AM) Hiro: so you are executing gpg from an untrusted host/share etc in realtime
(11:06:38 AM) Hiro: you could even do:
(11:06:44 AM) Hiro: mv gpg /dropbox/
(11:07:01 AM) Hiro: then in bash
(11:07:21 AM) Hiro: alias gpg="skyhook exec /my/dropbox/asshole/hackerthief/friend/shared/folder/gpg.exe"
(11:07:36 AM) Hiro: so every time you run gpg it runs it from remote host automaticallyu
(11:07:48 AM) Hiro: you could link every fucking file on your machine to be located on another machine
(11:07:59 AM) Hiro: and still run it all secure from untrusted machines.
(11:08:11 AM) Hiro: now I know some stuff like apps that do eval could sneak stuff in
(11:08:16 AM) Hiro: but thats the case now with regular apps.
(11:08:16 AM) Hiro: .
(11:08:23 AM) Anomie [mglasgow@10.0.6.10] entered the room.
(11:08:32 AM) Hiro: so the exec thing is another whole aspect
(11:08:32 AM) Hiro: .
(11:08:55 AM) Hiro: also skyhook is meant to be like apt-get or npm or gem stuff for ruby
(11:09:06 AM) Hiro: but not a full package management replacement.
(11:09:22 AM) Hiro: its best if those systems would implement skyhook into their way of doing things.
(11:09:23 AM) Hiro: .
(11:10:18 AM) Hiro: I am done. : )
(11:11:08 AM) Hiro: the log will be used in the wiki, so even if everyone fell asleep at least I was able to explain some of this more.
(11:11:09 AM) Hiro: .
(11:11:25 AM) Hiro: OH
(11:11:31 AM) Hiro: also check out github project called
(11:11:33 AM) Hiro: HNET
(11:11:39 AM) Hiro: from marak of nodejitsu
(11:12:00 AM) Hiro: they are trying to solve a distributed systems bootstrapping problem, this system ties right in with that.
(11:12:08 AM) Hiro: .
(11:13:36 AM) TacoTruck-mobile left the room (quit: Connection closed).
(11:13:46 AM) LokeRundt [LokeRundt_1@10.0.6.37] entered the room.
(11:13:46 AM) nphyx: will do
(11:15:38 AM) nphyx: neat
(11:15:43 AM) nphyx: got you both watched
(11:17:41 AM) AgoristDuane2: http://news.yahoo.com/blogs/cutline/marie-colvin-war-reporter-killed-syria-guest-anderson-161524606.html
(11:17:41 AM) AgoristDuane2: While I may dislike the mainstream media...I feel the world is a little poorer considering she was brave (or perhaps foolish) enough to step foot in Syria when it was publicly ordered that any journalists found there would be killed.
(11:17:41 AM) anarbot: (notice) AgoristDuane2: http://anarplex.net/l/xnjaw7xL840J9BxUcuE (Marie Colvin, war reporter killed in Syria, was a guest on Anderson Cooper’s show last night | The Cutline - Yahoo! News)
(11:17:41 AM) a: (notice) AgoristDuane2: [Marie Colvin, war reporter killed in Syria, was a guest on Anderson Cooper’s show last night | The Cutline - Yahoo! News]
(11:17:43 AM) nphyx: so hiro, when are we going to see more cypherpunked?
(11:18:21 AM) Hiro: within the week
(11:18:38 AM) AgoristDuane2: Awesome!
(11:18:56 AM) nphyx: nice
(11:19:04 AM) TacoTruck-mobile [yaaic@10.0.6.10] entered the room.
(11:19:20 AM) Hiro: gotta run, cu guys
(11:20:01 AM) AgoristDuane2: Cya Hiro
(11:22:57 AM) nphyx: later man
(11:25:54 AM) Hiro: oh one last example:
(11:26:00 AM) Hiro: you can also use skyhook in the BROWSER
(11:26:06 AM) Hiro: to execute code in the cloud
(11:26:09 AM) Hiro: trusted
(11:26:32 AM) Hiro: so lets say you trust jquery1.6.js hosted in the cloud at google url.
(11:26:48 AM) Hiro: if you load that and run it remotely, you could get 0wned by google at their whim.
(11:27:18 AM) Hiro: so instead of <script src="http://google.com/jquery1.6.js">
(11:27:43 AM) Hiro: you have a skyhook js function and you do
(11:28:34 AM) Hiro: <script>skyhook(url, hash)</script>
(11:28:42 AM) Hiro: or something like that
(11:28:44 AM) ppp left the room (quit: Quit: leaving).
(11:29:10 AM) Hiro: which essentially loads the remote js into a var, checks its hash, if it matches it does an eval on the string.
(11:29:11 AM) nphyx: does that require the client to have relevant software?
(11:29:16 AM) mmmm [webchat@172.31.254.69] entered the room.
(11:29:16 AM) mmmm left the room (quit: Changing host).
(11:29:16 AM) mmmm [webchat@mynet0id.d0q.ejevp0.IP] entered the room.
(11:29:24 AM) Hiro: well it depends on how its implemented.
(11:29:38 AM) nphyx: could just supply static hash i guess
(11:29:49 AM) Hiro: if its an issue of a remote server that you trust then the remote server takes care o securing itself
(11:29:51 AM) Hiro: right
(11:29:58 AM) Hiro: but if you want to take it pure client!
(11:30:02 AM) Hiro: check this shit out
(11:30:08 AM) mmmm: howdydo
(11:30:10 AM) Hiro: and I have a working demo of this right now!---->>
(11:30:22 AM) Hiro: a fucking md5 checker inside a bookmarklet doing this.
(11:30:33 AM) Hiro: its a skyhook bookmarklet.
(11:30:46 AM) Hiro: here is how it works:
(11:31:01 AM) Hiro: bookmarklets support js apps. but they have a limit of 1-2K max or whatever
(11:31:19 AM) Hiro: so a skyhook bookmarklet has this->
(11:31:34 AM) Hiro: a built in md5 checker function
(11:32:09 AM) Hiro: a remote url of a js file that you trust. its like pgp in javascript which does exist.
(11:32:48 AM) Hiro: and it has a hash of that file derived from the skyhook bookmarklet create function that generated this bookmarklet : )
(11:33:02 AM) Hiro: so when you click the bookmarklet, it loads a remote js file into a var
(11:33:15 AM) nphyx: interesting
(11:33:18 AM) Hiro: it then checks that file with its embedded hash
(11:33:24 AM) Hiro: if it checks out, then it evals it.
(11:33:40 AM) Hiro: you can remotely bootstrap a 10 gigabyte string of js files from that.
(11:33:48 AM) Hiro: just saying.
(11:33:57 AM) Hiro: and all js files can be on untrusted servers.
(11:34:17 AM) Hiro: so its really all the skyhook stuff I talked about at the cmd line and in apps, but taken to the browser as a client
(11:34:37 AM) voodoo left the room (quit: Connection closed).
(11:34:47 AM) Hiro: and this example does not even use the skyhook system integrated. it uses a bookmarklet created by skyhook.
(11:35:36 AM) voodoo [voodoo@172.31.254.68] entered the room.
(11:36:53 AM) Hiro: *crazy stuff* I just need to finish the presentations, push my example code for the browser, and the stuff that works on the blockchain for publishers and consumers. again its so simple its stupid. but its wild. hail namecoin and skyhook.
(11:36:57 AM) nphyx: man so many things have evolved just over the past 6 months or so
(11:37:18 AM) yossarian [john@10.0.6.10] entered the room.
(11:37:31 AM) Hiro: nphyx: its blowing my mind, every freaking day now it seems.
(11:37:41 AM) Hiro: really gotta go now, bbiab for real this time.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment