28500+ entries in 0.198s
diana_coman: sure, but after they break it, what do they do with it that is
a. not useful to tmsr b. downright problematic
diana_coman: put
a different way: they are intelligent enough to have the option of earning money honestly and realise the risks of being dishonest are greater than they are worth
diana_coman: it can of course dig into binaries and get the hashes from
A or B and then pretend their own code IS
A or B but ..so what? i.e. author of
A or B will get more money, is that bad?
☟︎ diana_coman: perhaps
a more fleshed out exercise: say there are clients
A and B that have binaries released and accepted by Eulora's server (as per known hashes) ; sources of those are released to l1
diana_coman: asciilifeform, I keep getting the impression that you focus in turn on one or another aspect but not quite on the whole; I'm
a bit at
a loss to point out exactly where it breaks though
a111: Logged on 2018-07-17 02:36 asciilifeform: monkey had ak for quite
a while -- e.g. the openly published fg design; but apparently monkey has atrociously poor aim
a111: Logged on 2018-07-17 03:19 mod6: I'm saying in the instance of inquisition. I don't think there is any way to separate
a willful liar from someone who lost control of their key.
a111: Logged on 2018-07-17 03:24 Mocky: if shortwave repeater was in l1 confidence and one day i became l1, i wouldn't see having to keep that secret as
a burden.
a111: Logged on 2018-07-17 03:47 mod6: Maybe
a "developer license" isn't
a bad idea either. Could raise some capital, and constrain the source code to those who promise not to share it and who want/need it.
a111: Logged on 2016-04-22 01:10 asciilifeform: ida is
a particularly interesting case because it is
a TOTAL monopoly
a111: Logged on 2018-07-16 16:28 asciilifeform: mircea_popescu: releasing binaries does not create this guarantee. even static elf, when put on
a box where linus et al (or his successor) see it fit to subtly change the abi, will bomb, and not necessarily immediately. and i'ma still 'be idiot'
a111: Logged on 2018-07-16 15:44 mircea_popescu: the evident disadvantage is that this only works if we can rely on l1 to keep
a secret ; which means things (such as, that it can't be as big, for instance).
a111: Logged on 2018-07-16 15:44 mircea_popescu: as we're contemplating an eulora client rewrite, i am contemplating the following code release paradigm : client author
a) releases code encrypted to l1, signed and deeded (so basically, gpg -aer asciilifeform -r ave1 -r etc) ; b) releases precompiled binaries for allcomers.
spyked:
http://btcbase.org/log/2018-07-16#1834921 <-- I'm sold on the idea i. in particular for eulora, and ii. otherwise for it to be established on
a case-by-case basis. for (i), I see nothing wrong with e.g. challenging users to reverse-engineer the client (or maybe I'm just nostalgic about game cracking/trainers).
☝︎☟︎ ave1: And the whole thing affirms the power/status of the Lords. I.E. when an author goes against
a Lords wishes or AWOL it is then in the power of that Lord to contact another author and give him the source etc.
☟︎ ave1: I find the 'if it can happen, it will happen'
a strange argument. Let's say you let
a friend stay in your house while you are away for
a couple of months? Yes, he could destroy the house and steal the contents, still this arrangement works and has worked for many friends.
☟︎ a111: Logged on 2018-07-16 15:44 mircea_popescu: as we're contemplating an eulora client rewrite, i am contemplating the following code release paradigm : client author
a) releases code encrypted to l1, signed and deeded (so basically, gpg -aer asciilifeform -r ave1 -r etc) ; b) releases precompiled binaries for allcomers.
ave1:
http://btcbase.org/log/2018-07-16#1834921, ack. I think it's
a brilliant idea. Especially, points (2) and (3) and I'm not worried about the "keeping
a secret" parts. First, I've worked for companies with an extensive secret code base (and this code is and has been secret for
a long time > 30 years) . Second, all leaked sources are "illegal" anyway (as in this source was not sanctioned, so it's worthless).
☝︎ mod6: Maybe
a "developer license" isn't
a bad idea either. Could raise some capital, and constrain the source code to those who promise not to share it and who want/need it.
☟︎ Mocky: or maybe not. i still have software from the 90's that I use on
a daily basis, install straight from orig 90's cd
Mocky: seems theres
a general level of good enough, that's rarely hit first release
Mocky: if shortwave repeater was in l1 confidence and one day i became l1, i wouldn't see having to keep that secret as
a burden.
☟︎ mircea_popescu: Mocky well in thsi case, because the barrier to entry is
a major destroyer of interest. maybe if he can read at cost 0 he reads and if he can read at cost epsilon, he doesn't.
Mocky: i don't see it as
a problem for the client writer. to the contrary i would expect clients to get regular updates and older versions less useful relatively over time. but maybe asciilifeform doesn't care about eulora at all, why involve when only possible involvement 'suspected of leak'?
mod6: I'm saying in the instance of inquisition. I don't think there is any way to separate
a willful liar from someone who lost control of their key.
☟︎ Mocky: there's no way toknow, obviously. but if i wrote
a client under this l1 confidence model, and it leaked not by me, i would suspect someone in l1... who else?
Mocky: if in the case of
a confirmed leak, pointed questions could be asked even of those who never so much as looked at it. and i'm not saying answering questions is
a big burden, but alternately not being suspected in the first place could be considered
a benefit
mircea_popescu: i would expect it is actually
a ~gain~ if one discovers he's leaking secrets unwillingly.
mod6: I figured, can't really help it with the old client. Was thinking maybe there is
a new one in the works with some stuff that need not be open sores.
mircea_popescu: well, there's obviously
a published server protocol, as well as the old client... these don't constitute ?
mircea_popescu: lobbes consider the obvious example -- people will pay (but ~
a few ecu~ sorta thing) to merely ~use~ an auction bot. they could just do that by fucking hand, what's to keep them.
mircea_popescu: but at
a buck
a shot. not at 20 bux
a shitty "album" cd.
mircea_popescu: it is however not the customer's problem that the fair price point for borland whatever is 0.0006 except borland can';t chage that because must be 9.95 or else visa monopoly throws
a fit.
☟︎ lobbes: I could see someone creating
a 'ecu casino' for the 'masses' indeed
mircea_popescu: that's the whole fucking point. not just of writing games, but of storytelling altogether, as
a whole discipline reaching all the way to the core of substance. people's enjoyment of reading say
http://btcbase.org/log/2018-07-16#1835256 might be ~enhanced~ by
a secure mastery of the writer's craft
☝︎ mircea_popescu: asciilifeform not at all. people should be able to play
a fucking game without necessarily understanding how the actual code works.
mircea_popescu: and think in terms of confusable ~by whom~. as far as 50% or so of fetlife female moron population is concerned, they have "
a master" or whatever in that vein.
mircea_popescu: yes, well, ideally this should be kept at
a minimum. both the kloinking and the sharding.
mod6: I see this as even beyond the Eulora scenario, stretching out to any TMSR~ source; I just don't see
a good way to solve it right now, other than being selective with who gets rights to see the $src.
mod6: It seems like
a burden to thrust these decisions upon the L1 however, should someone defect and leak the sensitive materials.
mod6: nope, but who knows. maybe someone finds
a winner-takes-all-zero-day, to be used at time X.
mod6: I'm not sure that we have the correct abilities to do such
a thing at this time, at least on
a policy based level.
mod6: I would like for TMSR~ to retain it's own code; for many reasons, including preventing other possible fraud and snake-oil salesmen...
a variety of things have been written about on the subject in here actually.
mod6: I'd like to say, that I don't think that it's an over all /bad/ idea, I'm just not sure if it's
a good idea either. I think this might just be
a case-by-case basis.
mircea_popescu: not really. there's
a mechanism to permit the user to check his client against what it tells the server
mod6: Another scenario that I was kind of thinking about is where: Lord X encrypts $src_code, drops it into deedbot, and $src_code is encyptped to {
a,b,c,d}. Upon
a future date, person '
a', is drummed out and neg-rated. Nothing stops person '
a' from still decypting that $src_code with his key, neg-rated or not. This is not wholly differnt than before... just saying that there's no "backsies".
mircea_popescu: consider the case at hand. i dunno if you've read the proposed protocol etc, but suppose it happens with euclient. so recognized owner creates
a new set of binaries (i dunno, moves
a class around say) and i use the new hashes for server, and so the leaker gets what exactly ? client for
a server that won't talk to it ?
mod6: Well, my fear is that: Lord X encypts $src_code, to {
a,b,c,d} ; as was said before, it would be impossible to tell if $src_code was leaked by X, or
a,b,c or d. (This was stated earlier too).
mod6: I've been trying to see how this doesn't end up with
a bunch of finger-pointing once someone's source code is inevitably leaked. (If it can happen, it will happen.)
mod6: From the earlier discussion, I tend to see
a lot of points from all sides. And quite an interesting discussion. I've been thinking on it all day.
mircea_popescu: danielpbarron anyway, the goal isn't specifically client competition. but it seems to me it's
a necessary possibility.
a111: Logged on 2018-07-16 16:01 diana_coman: mircea_popescu, there is of course the fact that l1 is neither for life nor perhaps yet all that difficult to get in and out - I don't know whether this is
a l1 matter or
a s.mg board matter
shinohai: I think I'll order
a couple and get on those experiments forthwith
BingoBoingo: I can host
a few nights, but this is
a bit cramped for
a two week stay.
BingoBoingo: <mircea_popescu> BingoBoingo do you have
a guestroom/bed anything btw ? << I have
a place to put
a surface for guest accomodations
mircea_popescu: BingoBoingo do you have
a guestroom/bed anything btw ?
BingoBoingo: On this sunny pleasantly warm alt-January day I went for
a walk and returned to OMG logs
mircea_popescu: uncharacteristically close to original, even has same ending. i just cleanned up the science
a little.
mircea_popescu: ahahah yeah. and imo did plenty of good, convinced me i'm
a great poetastre!
diana_coman: I thought of Sheckley's Ask
a Foolish Question but it might be just me
Mocky: could have
a special item in game that will spit out
a secret once per day, if you can figure out how to use it...
diana_coman: so would it accept any binary?
a binary signed by at least 1 person in l1?
mircea_popescu: asciilifeform maybe this is not evident, but there's
a large difference between client and server in
a mmorpg. here discussed is client, equivalent of browser in phuctor-netuser relationship
diana_coman: mircea_popescu, tbh I keep thinking that I'd rather have at least someone in l1 signing
a binary before I run it but I'm not even sure that makes sense atm without imposing therefore on l1 to build the binary
mircea_popescu: asciilifeform i wasn't proposing this be
a default. too soon for that, in any case. i was proposing this may have merit & utility.
diana_coman: asciilifeform, server is quite
a different story from client