[joke][cryptotragedy][crazy] nvidia ngc

k gmkarl at gmail.com
Tue Jan 4 10:36:14 PST 2022 

[silly talk]
ngc is a ridiculous tool that nvidia has
it's for people who have been mind controlled by the corporate ai to
work on data science.
it's downloadable from their website at
https://ngc.nvidia.com/setup/installers/cli although you might need to
give them your social security number or something to download it.
[/silly talk]

On their website:

> Check the binary's md5 hash to ensure the file wasn't corrupted during download:
>
> md5sum -c ngc.md5

Yay, verifying download integrity using md5.  Hum, there's no hash on
the website.

In the terminal:

[user at localhost ngc]$ wget -O ngccli_linux.zip
https://ngc.nvidia.com/downloads/ngccli_linux.zip && unzip -o
ngccli_linux.zip && chmod u+x ngc
--2022-01-04 13:22:42--  https://ngc.nvidia.com/downloads/ngccli_linux.zip
Resolving ngc.nvidia.com (ngc.nvidia.com)... 13.249.184.51,
13.249.184.53, 13.249.184.59, ...
Connecting to ngc.nvidia.com (ngc.nvidia.com)|13.249.184.51|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 25122952 (24M) [application/zip]
Saving to: ‘ngccli_linux.zip’

100%[==============================================================================================>]
25,122,952  67.0KB/s   in 2m 0s

2022-01-04 13:24:44 (205 KB/s) - ‘ngccli_linux.zip’ saved [25122952/25122952]

Archive:  ngccli_linux.zip
  inflating: ngc
 extracting: ngc.md5
[user at localhost ngc]$ md5sum ngc
c41a2bf4772f2abcac1620d2f924377e  ngc
[user at localhost ngc]$ cat ngc.md5
c41a2bf4772f2abcac1620d2f924377e  ngc
[user at localhost ngc]$

My md5 verified!  Yay!  _The md5 to verify against is bundled in the
same download._

Did you know that TCP has protection against non-malicious corruption
too? https://en.wikipedia.org/wiki/Transmission_Control_Protocol#Checksum_computation

As does the zip format;
https://en.wikipedia.org/wiki/Zip_%28file_format%29#Local_file_header

The point of manually verifying a digest is for _cryptographic
integrity_.  It doesn't work if the digest is bundled with the data.
It doesn't work if the digest is md5.

The only reason to _pretend_ you are doing that is to help mitm
attackers modify files in transit.

One sees this pattern a lot of places.  WHAT ARE WE SUPPOSED TO MAKE OF IT?

Story:

"I got my new prosthetic brain in the mail!  Hum, the postman was that
guy in the wanted poster."

"Yay!  Make sure to verify it's the right one before replacing your
old one with it."

"How do I do that?"

"Ask the postman!"

"Okay. Um, guy from the wanted poster, is this the right brain?  I can
throw out my old one?"

"Yes!  I only deliver the right brains!"

"YAY!"

The recipient of the brain proceeds to go on a bankrobbery, and gives
the funds to the postman.

Here's another story:

"Yay!  Let's go on a drive!"

"Make sure you don't get hurt if there's a car crash!"

"A car crash what's that?"

"That's what we have seatbelts for!"

"Seatbelts?  What are those?"

"Aren't you worried you might hit somebody?"

"No!  My government protects me from car crashes!"

More information about the cypherpunks mailing list