And (off-topic) if you are wondering why some of your recent comments are being downvoted so much, it's probably because of the tone (saying things such as "good job repeating my research" when work of the same kind with results of the same kind had been done before (see above.))
Still an interesting result and curious re. SKS servers (not) checking subkeys etc...
Can you please disclose the key ids? Are they the same instances of inserting subkey under someone's public key with an invalid self-signature? If so, it seems that this attack is exploiting the fact that the sks-keyserver pool doesn't verify self-signatures and some non-gpg client might not verify self-signatures either (dunno which one, though).
I, for one, would still like to learn who and why placed the garbage on the SKS servers. (And no, I cannot prove to the satisfaction of everyone that I had not somehow done it myself. Though if anyone can picture what such proof would look like, I'd be happy to try.)
And why Mr. Anvin's key was chosen, rather than another.
Incidentally, anyone who suspects that I, Mircea, or Hitler fabricated these keys in order to troll the planet, is free to contact anyone who runs an SKS mirror and ask to examine their copies.
I do not know where the key came from, and especially whether it originates from the person who it claims to belong to (other people have found persuasive evidence that this is not the case) but I did find them 'in the wild.' Doubters are encouraged to check for themselves.
Sorry, I was looking at the other one. But something is still very, very odd. (1) Two of the subkeys agree with one another for hundreds of digits and then disagree. (2) I did gpg --recv-key 51221121 and I got a key back from the keyserver with fingerprint 7EAA C969 3E7D 2205 46BE 576C BDA0 6085 493B ACE4 (only, no other keys) -- which doesn't match the key ID that it should, and is seemingly missing the vulnerable subkey entirely.
Can you post the ASCII-armored key that you have? I am getting a radically different key from the keyservers, and I wonder if there could be some kind of keyserver attack or misbehavior involved here too.
I can only confirm that we have a key, downloaded from an SKS dump, said key purporting to belong to one Mr. Anvin, containing one sub-key being an RSA public key which turned out to be factorable with trivial effort.
Possibly I should have emphasized the specific claim that junky input devices (e.g. QWERTY keyboard) are merely one symptom of the deprofessionalization of computer programming - rather than the 'alpha and omega' of it.
And, in this case, not only of computer programming. The fact that millions of people who make their living entering natural language text do so with the abominable limb destroyer known as QWERTY is an atrocity. Quite like the case of the radium watch dials and the labourers who went to an early grave making them. Or those who worked in the match factories, before them.
I just read through what you had to say about the death of HyperCard.
Why do you think Python etc. do not fill the hole HyperCard has left? Is it because of their ever-so-slight price of admission (which tends to push non-professional users away, as compared to the comfortable familiarity of a GUI)?