asciilifeform: BingoBoingo: just about anything that involves a book-length standard, esp. with the familiar committees, is an inevitable turd.

asciilifeform: BingoBoingo: it's a bigger issue than one particular C turd

asciilifeform: wtf is that

asciilifeform: very convenient.

asciilifeform: (german grenade had a convenient, almost identical ring that wasn't attached to the pin)

asciilifeform: like germans who carried captured russian 'limonka' grenades by their rings.

asciilifeform: so, to be kind to him, git, which he was accustomed to.

asciilifeform: herr mole couldn't be bothered to learn cvs.

asciilifeform: still trying to discern how they got it in << this is by far the least surprising part. next, what, ask how the roaches got in the kitchen?

asciilifeform: ;;google underhanded c contest

asciilifeform: and when people realize the actual root of the problem (as eventually must) they will piss themselves.

asciilifeform: i specifically mentioned 'openssl' in 'don't blame the mice.' well, nobody want to read a crackpot blog, they will have to learn the lesson on their own arse.

asciilifeform: unless, of course, someone wants

asciilifeform: no need to re-tell it here.

asciilifeform: the basics of priv elevation on common os variants is a subject beaten to death elsewhere on the net

asciilifeform: (unless poor chumper ran with 'root' privs)

asciilifeform: process memory

asciilifeform: 'bob the bridge builder' fucks goat after goat, has done a whole herd, but remains listed in the phone book under 'bridge builder'

asciilifeform: mircea_popescu: beautiful piece - but the fact that the phoundation will still be revered and fellated in the world media tomorrow tells us how firmly the buggers are still in control.

asciilifeform: ahahaa

asciilifeform: lol!!

asciilifeform: stumbled across it by accident.

asciilifeform: thx

asciilifeform: which one of you folks runs btcalpha.com ?

asciilifeform: wait since when ssl on trilema?

asciilifeform: http://filippo.io/Heartbleed/#schneier.com

asciilifeform: http://www.loper-os.org/?p=1299

asciilifeform: re: openssl - perhaps time for repost:

asciilifeform: remaining btc exchanges cleaned in 3, 2, 1...

asciilifeform: http://www.cnn.com/2014/04/03/us/us-russia-relations-nasa

asciilifeform: in other news, usa is tired of flying to orbit:

asciilifeform has to sleep

asciilifeform: we don't even know (to this standard of proof) if a pill against rsa requires factoring

asciilifeform: it is indeed impossible to prove, with mathematical rigour, damn near anything

asciilifeform: how do you know ... that it is indeed fucked << all crypto hardware, especially of the single-chip variety, is to be thought of as 'guilty until proven innocent'

asciilifeform: building rng is not hard, and is educational

asciilifeform: (this will change soon)

asciilifeform: i cannot in good conscience recommend anything that is presently available for sale

asciilifeform: correct

asciilifeform: because you cannot, except at great expense, determine what is inside.

asciilifeform: but rpi is still unsuitable for cryptography

asciilifeform: it will show beautiful numbers

asciilifeform: and 'e'

asciilifeform: and on the digits of pi

asciilifeform: it will!

asciilifeform: i cannot emphasize this enough

asciilifeform: there is no mathematical test for 'evil'

asciilifeform: 'diehard' is just a collection of statistical tests

asciilifeform: this and related topics have been beaten to death elsewhere.

asciilifeform: or, when testing prng, any periodicity in the output

asciilifeform: e.g. a bit in a register that's stuck on

asciilifeform: kakobrekla: the statistical tests are for determining sources of 'natural' bias, not enemy action.

asciilifeform: you'll get 'better' stats than any genuine rng.

asciilifeform: run the result through 'diehard'

asciilifeform: exercise: encipher a consecutive stream of nulls, with aes, using whatever you want as init vector

asciilifeform: unless the malefactor is dumb as a brick

asciilifeform: no statistical test will reveal a malicious rng

asciilifeform: just as the digits of pi, if run through 'diehard', would.

asciilifeform: the numbers will show... beautiful entropy

asciilifeform: (hint: same reason as intel's)

asciilifeform: artifexd: see if you can learn why the raspi rng is unsuitable for cryptography.

asciilifeform: decimation: 'n strikes' warez users rule, precedent.

asciilifeform: pure gold.

asciilifeform: functional illiteracy rates will go from the current 40% to 80-90%.'

asciilifeform: will be issued by a computer program, in absentia. In keeping with current practice, both the charge and the evidence will be kept secret. The newly minted felons will be dropped from voter rolls, their passports cancelled, their bank accounts confiscated, and their employment (if any) terminated. They will receive form letters informing them of their sentence but most of them will be unable to read it because

asciilifeform: 'With small businesses and private enterprise made illegal, most people will be forced to resort to illegal activities, under the watchful eye of the NSA. But since putting even more people in jail will be prohibitively expensive, a new, streamlined process of dispensing justice will be put into place: the NSA and the Justice Department will link computer systems, and verdicts of fraud and suspended sentences

asciilifeform: http://cluborlov.blogspot.com/2014/04/business-as-usual.html

asciilifeform: but it isn't a good use of time

asciilifeform: i've done it before, when younger and poorer

asciilifeform: that too

asciilifeform: i'd have baked the rng pcbs personally, but on account of them being analogue devices, you can't really characterize them unless you use the same board materials as the final product.

asciilifeform: (i used to. 8 mil and smaller, easy. same process as b&w photography)

asciilifeform: one can trivially make boards by hand

asciilifeform: the real bitch is assembly

asciilifeform: there's the occasional 'via' that isn't

asciilifeform: not only

asciilifeform: as is traditional

asciilifeform: yes

asciilifeform: MisterE: little widget, co-authored with mircea_popescu

asciilifeform: MisterE: http://trilema.com/2013/snsa-first-product-the-cardano

asciilifeform: nothing in this particular product is the least bit exotic.

asciilifeform: now, i hesitate to recommend them 'for everyone' - all i've had done there, is very simple boards.

asciilifeform: everything seems to go on the very next flight, straight to where it is supposed to go.

asciilifeform: phoenix ships 'for free' (well, rolled into the price at any rate)

asciilifeform: don't believe? visit the web site of any u.s. pcb maker. they're all decorated with pictures of rockets, tanks, etc

asciilifeform: (even they try to go chinese, when they can get away with it)

asciilifeform: at this point nobody has pcbs made in usa except for military contractors

asciilifeform: it's 'the bezzle' again

asciilifeform: for roughly the same quality.

asciilifeform: it was 35x the cost.

asciilifeform: american

asciilifeform: i used a different house before

asciilifeform: three months sounds like a reasonably safe, pessimistic figure

asciilifeform: Mats_cd03: how long it will take to go from blueprints to production line is not yet known to me

asciilifeform: that. and we intend to switch part vendors liberally.

asciilifeform: decimation: (as i will detail at a later time) i am expecting the supply chain to be fucked with

asciilifeform: consider the purpose of the product.

asciilifeform: did you actually think i would personally bake every unit ?

asciilifeform: decimation: for the production run - certainly

asciilifeform: the ones in the pic haven't their shields yet.