211400+ entries in 0.136s
mircea_popescu: otherwise what you're proposing is "but hey, i'd still have root, and ssh or no ssh... it's still
the same"
Framedragger: right, well-managed permissions ensure
that any 'break-in' would only result in one being able
to *read* some files. but i
think your abstraction breaks quickly: i'm sure your php user is able
to write files (file upload), even if
to a single dir, and
to write
to db. so it's still not
the same.
mircea_popescu: the whole
thing is kind-of spurious, not like
trilema wasn't "attacked".
there's even articles celebrating
the puzzled wtf of
the would be attacker, "wut do you mean my magic has no power here"
mircea_popescu: pile-of-.html-files exposes your directory structure
to
the world ; badly set permissions have
the same effect as i dunno, mysql with an open hole.
mircea_popescu: and
the notion
that you won't expose
the language
to
the web is not equivalent
to
the actuality
that you opt
to use such a banal language nothing can be done which
to your mind is equivalent
to "not exposing".
the man who doesn't lock his door because his chamber contains no maid is not
the same
thing as
the man who doesn't lock his door because his maid is more danger
to
the youths about
than
they
to her.
mircea_popescu: what webserver is
there
that works like bitcoin, single
thread ?
Framedragger: (though i'm sure mp-wp is on
the whole ~decent in
terms of holes/security.)
Framedragger: as regards language choice, yeah, i see your point, "just use
the right
tool".
thing is, with an *actual* static site, you would not expose
the language
to
the web, at all.
the only attack surface would be
that of
the webserver. cf. a wordpress site which as folks say is a "web shell with blog functionality on
the side" :)
Framedragger: mircea_popescu:
that's not
the only difference. a 'php' site launches and runs additional process(es)
to serve user requests. now i guess you could say
that "it's just a detail", on
the grand picture it's
the same (nginx requires additional resources
to serve static files), but
that would be stretching it.
mircea_popescu: turn it any way you want, a flat, disk-bound website IS in point of fact a "dynamic" website loaded into a de facto disk-bound database.
the only difference is
that you chose
to stupidify
the index, which is now "exposed"
to
the user as a band-aid measure over
the fact
that you failed
to do anything with it.
mircea_popescu: anyway, re static : in context "static" denotes "how much comes from
the disk as opposed as
through cpuization",
there's no other measure. a page stored as files with
the extension .html is ~slightly~ more static
than a page which is stored as files with
the extension .txt in a directory structure
that is
their de-facto index and are
then mixed
together into a
thing whenever a page is called.
mircea_popescu: php is a hypertext preprocessor.
that's what it does, websites. just like
the rubber dome in your bathroom unclogs
the
toilet. does it disgust you ? it's a
tool, you're not expected
to keep it on
the diner
table.
mircea_popescu: what is
this clean great language
that doesn't gross one out, i must have missed some classes / log days.
Framedragger: mircea_popescu: i see what you mean, but you can't really call it 'static' by any metric. in point of fact i'm surprised you're not grossed out over
the fact
that
the whole
thing is a large stinking pile of dynamic php. i guess
the counterargument is
that it *gets
the job done*, very well, over many years. :) so
there's
that. but i'd like
to ditch
the 'wp' from 'mp-wp' one day. but maybe baby steps.
mircea_popescu: the calls are isolated, wouldn't be
the end of
the world
to replace with a filesystem equivalent.
shinohai mysql is
the reason shinohai ..... has procrastinated with mp-wp
mircea_popescu: Framedragger
thinking about it,
the ~only correct solution is for
the mp-wp maintainer
to remove mysql in favour of a flatfile "db" system.
then it will be properly static, or as close as its job allows.
mircea_popescu: "but mistress, i'm gay" "SILENCE WHEN YOU SPEAK
TO ME WORM!!1!"
shinohai shudders at
the
thought of a cucumber strapon
shinohai: I had a no-shit "Vegan Dominatrix" follow me
the other day. Whole new subculture I never heard about.
mircea_popescu: whore
tit culture ? nb, nb, prolly can get plastic surgery ads.
shinohai: Well it's on
the list, something whore related. Still
trying
to build
the slut following with my
twitter bot at moment.
BingoBoingo: shinohai: Have you considered starting a something
to get some editorial experience? Perhaps you can be
the publisher of "The Most Serene Republic's Journal Of Gardening And Whoreticulture"?
☟︎ shinohai waves back,
thanks mircea_popescu for his motivations over
the years.
shinohai: I still have a copy in archives, but haven't
tinkered with it much. jhvh1 and
trb keep me pretty busy.
jhvh1: shinohai:
The operation succeeded.
a111: Logged on 2017-03-05 04:04 lobbes: I cannot
think of any other way either without even a
tiny bit of JS
mircea_popescu: lobbes not a
terrible idea, only problem is it cuts
to irc line. some comments are long. (otherwise i'd have moved myself)
Framedragger: what i _would_ like is
to be able
to have
these kinds of comments in an otherwise static site (the comment box would be
the dynamic component, so
to speak - an autonomous backend module/script/whatever). not a part of a large ugly php blob.
Framedragger: yes,
that's what i (finally) understood - i had assumed wrongly before!
ben_vulpes: i have nfi what is in it, but spied
the cover on
the way out
ben_vulpes: the
thing
that finally sold me was unique footnote references across corpus.
ben_vulpes: my
trinque-simulator sez "wtf with
this sqlite; have a process listening for changes
to
the comments
table and re-rendering
the comments page upon submission"
Framedragger: i should keep
that in mind lest i become unnecessarily overexcited here.
ben_vulpes: fwiw i
thought long and hard about
this and ultimately migrated
to mp-wp.
Framedragger: it sure would be nice
to just be able
to post simple comments on a blogpage,
tho.
Framedragger: sure, but in
that case one may as well just implement a gpggram-to-blog-comments interface (not
that it's a wholly bad idea or anything)
Framedragger: ben_vulpes: yes, but it requires a dynamic component on
the backend, right?
Framedragger: (your sqlite could do, or something even simpler). when comment is approved, static site generator gets
triggered
to re-render necessary pages including 'newest comments' box (if present.) etc.
Framedragger: my maybe-convoluted personal plan was
to have a static site generator but
to have
the comment box be rendered by a dynamic component (hence loaded separately upon user clicking
to comment, or sth.)
that component does
the 'fraud prevention without JS' magic (like with
trilema's comments - IP address is sent
to html form
to be returned as hidden value / whatnot). when comment is submitted, it gets added
to some queue
lobbes: either
that or I'll just leave it without
the ability
to properly quote an arbitrary selection.
lobbes: I cannot
think of any other way either without even a
tiny bit of JS
☟︎ lobbes: hm, yeah actually, I may end up going down
that route
Framedragger: i guess
they could include blog post number at least, but
then not full proper quotation as you say. arbitrary selection within a DOM element only possible with some JS (trilema and archive.is at least have
that JS piece
tucked nicely in one place, not a
total horror)
lobbes: yeah, seems like it'd be a pain for
the commenter
to have
to manually input
that info
to
the bot
Framedragger: (i'd like a static site + comments-without-captcha-or-JS setup,
too, yeah)
Framedragger: lobbes: selection as in on
the website,
to provide unique href
to selection?
Framedragger:
http://btcbase.org/log/2017-03-05#1622326 << just checked and realised
that your
trilema comments don't seem
to have any JS, so it seems like i was wrong. (i now realise i had a (rather arbitrary) additional constraint with
the original comment long ago, "make it work with a static site", but
that's another matter/project altogether.)
☝︎ lobbes: but no idea how
to handle selection of blog post
text
lobbes: right?
then, if I was sure
that
the data coming in is not shit, I could perhaps automate
the generating of
the blawg pages, adding in comments from said db at whatever intervals
Framedragger: ah,
that's one way
to do it, via a saner interface with much less cruft...
lobbes: but I have not really
thought it out much
lobbes: I almost want
to
try something like a !Qcomment command via lobbesbot
that'd store comment in a sqlite db. I'm
thinking I may be able
to 'default deny' input
that way, somehow.
Reuel: thats worth nothng
then?
Reuel: I only seem
to have 2 enumerations
Reuel: well
to be honest I
thought I still had claim keys
Reuel: no
they are part of
the work hehe
Reuel: he gave
them for work
Reuel: nah
theyre not mine
Reuel: mircea_popescu, I have 2 items I want
to return on eulora, are you on
Reuel: hmm,
there was something on
the radio a few days ago about
the Dutch central bank running blockchain
tests
Reuel: Or
the gift
that keeps on
taking,
tax money
that is
Reuel: Those are
the gift
that keeps on giving here
Reuel: like I said, I dont like
to be a net
taker but I don't have much
time atm
Reuel: I want
to work, and I will certainly give
time
danielpbarron: what is
this, "i want
to work but only if it doesn't
take any
time"
Reuel: danielpbarron, and
time of course... but who knows
danielpbarron: everything can be automated.
the only limit is your own ability
to code it
Reuel: Well
there is a lot of failing going on in Dutch IT, I must say
Reuel: BingoBoingo, does it have
to be current?
Reuel: I guess
that can probably be automated
Reuel: ok let me put it more bluntly, I didn't enjoy dragging
tables across green hills
mircea_popescu: i guess so, but
there seems no danger of such a wonder, so.
danielpbarron: Reuel, i'm not inviting you
to come have fun (although you will probably enjoy it) but you indicated you want
to do work in
the republic but don't know how. i have
told you how
Framedragger: aha, point
taken - but reproducible documented methodology / code is still something.
Reuel: well I get
the hard disk part, but not how it relates
to bitcoin
mircea_popescu: Framedragger
the
thing is
that by now i wouldn't
trust
the results anyway. dude clearly has nfi what he'd be doing.
Framedragger: Reuel: just fyi, and it's only my humble opinion, but you don't need
the context of
the whole
trb
to do
the symlink experiment. from what i
took of it, it's a matter of
testing how various filesystems (probably starting off with ext4) can manage with (very) large numbers of nodes and large numbers of links
to nodes. how seek
times increase with
those numbers of links
to links, etc. (as an fs overhead, on
top of hdd/sdd).