log☇︎
164800+ entries in 0.101s
mircea_popescu: switch over my shoulder grinning and bobbing her head. "yeah, what men need to perform is constriction."
a111: Logged on 2017-08-22 14:35 asciilifeform: when saw that the ~original~ src was a pile of shithacks, lost interest in anything but the electron microscopy path ( like it or not, 1uM process folks were ~forced~ to make compact description )
mircea_popescu: http://btcbase.org/log/2017-08-22#1701900 << ehehe ain't that the truth. ☝︎
asciilifeform: point remains, it is the Wrong Thing to use flippable registers to store bits that ain't EVER supposed to flip.
asciilifeform: ( if making own 'disks' -- use otp roms for blockchain. as discussed in old thread. now if only somebody still made otp roms !! )
mircea_popescu: hmm, not putting it in topic, putting it in http://trilema.com/2016/how-to-participate-in-the-affairs-of-the-most-serene-republic/ once i get that thing online again. ☟︎
mircea_popescu: not a bad idea at all ; was going to come up when we were finally making the tmsr hdd controllers. but even early dun hurt anything.
a111: Logged on 2017-08-22 14:20 mod6: http://btcbase.org/log/2017-08-22#1701801 << Sounds like there should be a link to the trusted-nodes page in the HOWTO maybe. Also, a once per-month round-up of me asking for Node-Updates, if there are any.
mircea_popescu: http://btcbase.org/log/2017-08-22#1701887 << actually ima put the link in topic. standby. ☝︎
asciilifeform: now try this idea on for size : picture a 'btcfs' that knows how to use a dead ssd
asciilifeform: cheap ( 'sandisk' and a few others ) actually become unreadable, the controller decides to shit itself when it can't find writable blocks
mircea_popescu: asciilifeform yeah, which aspect makes them slightly better than spinsters, which actually become unreadable.
asciilifeform: not merely predictor -- it gets finite writes in each block, after that -- it's a rom
mircea_popescu: (raid reconstruct is io intensive, could push over the edge the redundancy, dying disk)
mircea_popescu: as age is a great predictor of ssd failure and the shits are perfectly capable of dying same week.
mircea_popescu: so they're not all same age.
mircea_popescu: but yes, the principle is correct : make raid out of same items, then a few months in change one. though it doesn't need to be changed. then use THAT in the next raid you build.
asciilifeform: mircea_popescu: what can i say, it worked great, for the year+
a111: Logged on 2017-08-22 12:40 asciilifeform: say you have 4 holes. use 3 mechanicals + 1 ssd, then few months in, replace a mechanical, then again, year later, whole thing is ssd that will not ever simultaneously burn , in theory.
mircea_popescu: http://btcbase.org/log/2017-08-22#1701877 << not such a good idea to mix different types. ☝︎
mircea_popescu: right. that reverts to the null cipher.
asciilifeform: they dun have ~with what~ to have clue.
mircea_popescu: asciilifeform in my experience they've no clue.
mircea_popescu: it's important to find out, after all most fiat unis/tech corps/whatever actually to this day harbor the managerial delusion that they can in fact compete with the republic on a flesh basis.
asciilifeform: i suspect these and other derps know what the answer is. ergo still sitting in bunker, taking in the wagner an' cyanide.
mircea_popescu: i don't specifically care. it's a simple "come see whether you are good enough to seep people into your company or lose all your brain power to our better model".
mircea_popescu: that's the fucking position, wtf do i want FROM a bunch of fiat rottinculo.
asciilifeform: after that let's write to obummer and ask for the aes pill.
mircea_popescu: not a matter of that. a matter of, hey, we're actually significantly smarter than you, come hang out, who knows, maybe you gain something.
asciilifeform: ( the answer, quite unsurprisingly, never came )
asciilifeform: mircea_popescu: if you'd like to pen a 'can haz the pill against your $B 'intellektual property' racket for phreee? ' letter to lattice, go ahead. i did xilinx.
shinohai is prod to assert that he knows a woman irl skilled in the handling of wartenberg wheel
a111: Logged on 2017-08-22 12:25 asciilifeform: but lattice per se is EXACTLY like xilinx, same profit model, closed arch, license 'ip cores'. their larger flagship fpga is exactly like xilinx 'spartan', full of proprietary peripherals, and that's the one that tends to get packaged into devboards with nic etc
mircea_popescu: http://btcbase.org/log/2017-08-22#1701866 << nevermind ; still should talk to them. ☝︎
mircea_popescu: no that's different.
mircea_popescu: we should get ice-cube trays with various TMSR ship names on the inside.
asciilifeform: '... and if the tub had been stronger, my song would have been longer'
asciilifeform: well today there ain't any british at all, only 'airstrip one'
mircea_popescu: the former is just where the later ran to.
mircea_popescu: there is no substantial difference between us and british navy just like there's no substantial difference between us and nazy atomic program.
asciilifeform: it's like putting napoleon in a tricorn.
mircea_popescu: wait, is it because india names its ships NSS Blabla sopmething we're supposed to believe "that's just what';s done" ? rather than "oh look, orc HMS!!!" ?
mircea_popescu: it's the sawdust that keeps on giving!
asciilifeform: shinohai: gotta nitpick, pykrete was (rejected by) british navy. ( back when there was a british navy )
shinohai: And I thank thee, mircea_popescu , fpr reminding me that the US Navy + Pykrete = eterenal meme
a111: Logged on 2017-08-22 12:08 asciilifeform: ( implementation becomes an underhanded-C-contest in concealing the fact of ~any~ box running the idiocy reverting to nullcipher on demand )
a111: Logged on 2017-08-22 10:36 shinohai: http://archive.is/0TOaA "The US Navy orders "Operational pause" as it teaches sailors to actually navigate waters and use GPS, whilst all llitoral combat ships are refitted with pykrete
mircea_popescu: http://btcbase.org/log/2017-08-22#1701848 << "the us navy" "inexplicably" forgets to correctly state "as mp has long pointed out on trilema, we are not actually either battle capable or operationally ready ; just like the rest of the usg." ☝︎
a111: Logged on 2017-08-22 10:17 valentinbuza: spyked, people who are serious about transport security (data in transit) shy away from TLS and they craft their own stripped down version using Noise Protocol Framework (http://noiseprotocol.org/index.html)
mircea_popescu: http://btcbase.org/log/2017-08-22#1701847 << in this case, they actually work on gossipd. you seen that ? sina/peterl made mockups. ☝︎
spyked: shellshock: "let's call this general-purpose function that executes programs in a shell".
spyked: yes, and C is I think it's a good example to illustrate the larger issue. it's a snowball thing, in the sense that it's sometimes enough to have 1 hole to break everything. incidentally most recent popularized vulns (not necessarily in C) fit there.
asciilifeform: spyked: ~any~ unanticipated behaviour of your program, is proof that it did ~not~ fit in your (the author's!) head
spyked: also, http://wiki.c2.com/?GreenspunsTenthRuleOfProgramming somewhat relevant. the more your program claims to do, the more of a chance it's gonna be used for unintended purposes.
asciilifeform: spyked: more fundamentally, it is ~impossible to write a nontrivial c proggy without pointer arithmetic, and it is ~impossible to meaningfully prove the correctness of a nontrivial program involving pointer arithmetic.
spyked: think about it, the problem of e.g. C software is that unsanitized inputs let users do *whatever* they like with it, i.e. arbitrary computetion. which goes way beyond program specification.
spyked: valentinbuza, maybe not, but then if you have everything loaded in head, the most you can do is rip the useless parts apart and leave *only* what fits into the problem at hand. which turns "framework" into "item that solves particular problem". it is essential to not leave *anything else* there.
asciilifeform: valentinbuza: the 'frameworks' are the fruits of poison tree
valentinbuza: 'time to learn, the "framework" becomes useless, because the mental framework is in place.' << my guess is not, but I don't think we have a conclusion on this with a sample of 2 points
asciilifeform: and to not be readable+fullygraspable by one man in a few hours.
asciilifeform: the second purpose of tls, 'noise', and every other 'protocol' published, is to install in your head the idea that it is acceptable for a cryptosystem to consist of 50kLines of c.
asciilifeform: whereas they serve the exact opposite purpose.
asciilifeform: the ~actual~ purpose of the attempted 'frameworks' is to drill into your skull and install the idea that nullcipher, diffiehellman, aes, are acceptable things to exist in this world, and can be pushed as 'cryptography'
spyked: on the other hand, if I take these items for granted, joke's on me, which is exactly what "modern engineering" philosophy relies on.
asciilifeform: valentinbuza: i regard the entire concept of 'real time automated public key crypto' as a scam, and anyone claiming to offer such a thing, as a scammer, until constant time rsa routines are public.
spyked: loaded (because I don't use this day-to-day), I must consult these items in great detail. my guess here is that once I have spent all the time to learn, the "framework" becomes useless, because the mental framework is in place. ☟︎
spyked: valentinbuza, to exemplify asciilifeform's point ^ I shall quote from the docs: "A Noise protocol begins with two parties exchanging handshake messages. During this handshake phase the parties exchange DH public keys and perform a sequence of DH operations" <-- this requires me to import a couple of concepts: handshake messages, DH public keys, there may be others along the line. now, given that my crypto brain-memory module is not
valentinbuza: asciilifeform, two things can suck and one can suck less. But instead of throwing a lot of arguments, why not propose your ingredients and recipes?
asciilifeform: both tls and 'noise' are the products of exactly the same type of broken mind.
spyked: re schematic for protocol patterns, why not use e.g. petri nets for the model (assuming that works) then just implement from that? why add extra software? ehm. it seems like they're trying to automate some work, but that automation trades off actual understanding, i.e. by introducing (IMHO useless) levels of abstraction.
asciilifeform: a recipe that explicitly features liquishit -- suxx
valentinbuza: probably. but i think that your argument is invalid because you say that "in TLS ingredients suck and recipe sucks" and "in Noise ingredients suck therefore the recipe also sucks" ☟︎
asciilifeform: valentinbuza: lemme guess, you are the victim of a recent university 'education' ? got quite bit of unlearning to do.
valentinbuza: it's an attempt to make some things better than TLS (or other data in transit protocol) as opposed to other ways of creating software such as "we use TLS because it's standard, we have no clue what to do and just use what everybody is using" and sell it as military grade
asciilifeform: then what the hell is it ?
valentinbuza: i don't find the word 'standard' in the description or in the spec. it's not a standard and should not be seen as one
asciilifeform: a 'standard' that consists of 'go and implement whatever you like' is not a standard in any meaningful sense. ☟︎
valentinbuza: probably the word framework is misunderstood. Let's say you want NOISE_CURVE25519_ETC it does not provide you with curve25519 implementation, you have to create you own. It's just a schematic for protocol patterns, not a framework a la "django"
asciilifeform: incidentally all existing systems that do pubkey crypto in real time ( incl. 'noise' ) are trivially breakable by the enemy, because no constant-time numeric stack currently exists publicly.
asciilifeform: spyked: trb is very long way from 'sane object' but otherwise yes.
spyked: valentinbuza, my issue is that "framework" approach (as used in today's terminology) is utterly anti-engineering. one can (on the condition that they know what they're doing! and there really is no alternative to that) write own software from first principles without requiring 3rd party. or, use 3rd party only to strip of shit and output sane object (e.g. http://btcbase.org/log-search?q=trb ), which is distinct from "framework".
valentinbuza: as you can see on the spec, it is not concerned with PKI or your authentication methods, it's up to you ☟︎
asciilifeform: mno. it is exactly the same thing, under slightly variant sauce.
valentinbuza: agree on the TLS part. As I told before, Noise was a partial response for spyked blog post (TLS sucks, PKI sucks). Noise is just a somewhat better choice for the TLS sucks part
asciilifeform: nobody here uses tls .
asciilifeform: valentinbuza: behold, for instance, http://shop.nosuchlabs.com << a www store that does not and never will use tls/ssl
asciilifeform: tls is not the standard of comparison.
valentinbuza: also "massive pile of moving parts" << not even close to TLS. as for your other questions i can't really answer.
asciilifeform: diffie hellman is thoroughly ( and likely irreparably ) porous to nsa.
asciilifeform: and why is diffie hellman in the standard.
valentinbuza: don't know. ask Trevor Perrin, maybe he thought of creating all the possible recipes ☟︎
asciilifeform: WHY IS IT IN THE STANDARD
valentinbuza: it is different from TLS, where whatever version you are using it has null cipher. The question should be: does someone deployed NOISE_NULL_CIPHER_TOTAL_BS? then you can blame them
asciilifeform: and why the massive pile of moving parts is necessary.
asciilifeform: this does not explain why this is a standardized feature.
valentinbuza: noise is a framework for creating protocols. you have the option to create NOISE_NULL_CIPHER_TOTAL_BS protocol which is totally different from NOISE_ANOTHER_SANE_CHOICE ☟︎
asciilifeform: it exists so that enemy can coax your proggy into switching to it.
valentinbuza: linked noise as a partial response to spyked http://thetarpit.org/posts/y03/05b-https-war-declaration.html. Noise null cipher is an different context than TLS null cipher.
asciilifeform: valentinbuza: also recommend to read the mircea_popescu's intro, in the chan greetingline ☟︎
asciilifeform: valentinbuza: didja read today's log ? answr'd re 'noise' etc.