287200+ entries in 0.065s
mircea_popescu: lobbes: and the paper wasn't even peer reviewed << in that guy's case, peers can be a misnomer :p
mircea_popescu: maybe. still, a lot can be done until one runs into such walls.
mircea_popescu: in a security environment, security is auditable provided the comittment to security is not compromised in order to listen to some ziggler impersonator.
mircea_popescu: it is impossible if one allows runaway complexity for "ux" and other idiotic reasons. but then again so is any scenario of chasing two rabbits.
mircea_popescu: mike_c: security audit is basically impossible. <<< im unconvinced.
mircea_popescu: doctors have been doing ok auditing the human body w/o any spec for a while now.
mircea_popescu: TomServo: Would an audit even be useful without a specification? << perhaps, yes.
mircea_popescu: ThickAsThieves: is there a trustworthy wot-signed document of an auditor saying any version of bitcoin is safe? << the most there is is me going on the record that .6.* is probably okay.
mircea_popescu: their card has nothing but their name on it, which is kinda generic. nothing else. the boxes have NOTHING. no phone. no address. no website. nothing whatsoever.
mircea_popescu: so i just got totally outcarded. i find this nice chocolatier, buy three pounds of mixed chocolates in three boxes, ask for their card, and leave.
mircea_popescu: mike_c it's a very large hole. odds of no pencildick managing to find it, ever... hm
mircea_popescu: mike_c checking if your box is open is something you'll haveto do yourself.
mircea_popescu: this is the 7169 one, where it fucks up the exporting circumventing the fix
mircea_popescu: export badvar='() { (a)=>\';bash -c "hackerfile echo vulnerable";grep vulnerable hackerfile||echo safe << if anyone wants to test it
mircea_popescu: rather than dedicating yourself to being friends with idiots, dedicate yourself to being enemitous to idiots.
mircea_popescu: bounce: plenty money hiring people to do the reading and lots of lawyers to paper over the obvious problems with threats of large fines << alternatively skip the lawyers thing and hurt people that fuck up.
mircea_popescu: that is the thing. they only seem complex to the lazy and to the stupidly vain. but otherwise, the mechanisms are damned simple.
mircea_popescu: ThickAsThieves: i often think about that, how the hell can someone who cannot/willnot read code, ever be the steward of a software project safely? <<< you know i don't actually read all that much code at all. i guess i could, more or less, but i wouldn't trust myself to understand it. by which i don't mean "what it does", but i do mean "what we can absolutely say about this program"
mircea_popescu: how is it done ? why, by not acting towards a goal, but from a cause.
mircea_popescu: asciilifeform this is where you're wrong. because consider, what is your definition of "human mind" ? could you in fact have two human minds that are identically the same one mind for this purpose ? turns out you can, it's the most important field of research of the vory.
mircea_popescu: we're not here for a goal, we're here because a cause. major fucking difference.
mircea_popescu: if the process of figuring out what is safe worked, we wouldn't have the bug in the first place.
mircea_popescu: mike_c notice how little beating is actually needed, among civilised adults that interiorise the wot model.
mircea_popescu: asciilifeform selective beating is selective beating. people adapt, young people especially so, women most of all.
mircea_popescu: whether to make the piss freeze or to try and electrolytically separate iron from shit is an exercise left for the engineer.
mircea_popescu: you, in fact, are currently and have been for a year, molding a bullet.
mircea_popescu: if he says this sitting right next to a lathe i'm going to smack his head on the lathe.
mircea_popescu: besides. there's iron in the heme that the shit is mostly comprised of.
mircea_popescu: as long as you let me beat them selectively i'll have my bomb, and some adoring princesses to follow me around to boot.
mircea_popescu: in fact, it's the sentinels that distinguish army from band of drunken revelers.
mircea_popescu: there's no such thing as "the army is generally watching the surroundings". no dude, sentinels, since 2000 years ago and never with an exception since.
mircea_popescu: unless a meteor falls, they're coming home with 10 kids.
mircea_popescu: case 2, every hour of the day one adult is in charge of watching the kids. if anything happens he's in for murder.
mircea_popescu: let's model this. people with young children go camping. 20 adults, 10 children. case 1, "people generally" look after the kids.
mircea_popescu: it's only empirically false because it's so easy to lie.
mircea_popescu: you don't need round stones to produce round stones. you just need a rotative process.
mircea_popescu: in order for the job to be done, nobody needs to do it.
mircea_popescu: just because they meanwhile fell off doesn't mean you didn't need them to get here.
mircea_popescu: the reason airbus is a thing is because the romans forced men to push oars.
mircea_popescu: asciilifeform all flight started with the galley slave.
mircea_popescu: except, twice as much, plus all the other benefits of not having to deal with the insane arbitrariety of only doing it to half the population
mircea_popescu: once the "you have one chance, don't fuck it up" model gets implemented universally, we'll have a wholesale return to the pleasant mores of the society constructed on enforcing the same principle upone women only.
mircea_popescu: all the current fucktards calling themselves "developers" would find themselves in the positon of taaki, maxwell et co stat, once someone started leveraging that model aginst their scummy, indolent, ignorant idiocy.
mircea_popescu: he lives in a world where being a scummy fuckwit is okay, because everyone is a scummy fuckwit.
mircea_popescu: jurov: redhat would be in a position to do it << redhat is a usg subcontractor. this is like saying goldman sachs is in a position to break the aml/kyc bullshit ring.
mircea_popescu: so if your per line price can be few enough satoshi, this is a valid business model.
mircea_popescu: jurov: is anyone willing to pay "we have read the code for you" kind of security? <<< yes. but it's like the case with drinking water : people ARE wiling to pay for drinking water ; people are not willing to pay to have a dam constructed.
mircea_popescu: "map is not the territory", "stat rosa pristina nomine, nomina nuda tenemus", pick your poison.
mircea_popescu: wywialm no, you're right, it's just... it's a fundamental idea that saw much expression.
mircea_popescu: for that matter, it's a direct pastiche of knight, “You cannot fix a machine by just power-cycling it with no understanding of what is going wrong.”
mircea_popescu: people figured it'd work maybe if you not teach him to say goto 10
mircea_popescu: which is why you can have good programmers that speak english, russian or whatever else natively, as well as c or lisp or whatever else ; but you can't make someone a good programmer by teaching him to say i++;
mircea_popescu: this is exactly the case in here. to imagine one can somehow magically learn "the language" without a) passing the requisite tests and b) interiorising the culture that spawned that language is naive. and if a and b is satisfgied, the form of language is really moot anyway.
mircea_popescu: ing even may be an excessive requirement. if on the other hand in a room with a woman that doesn't want to, you can be e a poe for all the good it'll do you.
mircea_popescu: bounce: now it would help if we can properly articulate what ails us. but we can't, because the terminology has been deliberately confused and watered down and broadened and stretched (by the industry) so as to spread FUD more effectively << you are very naive to imagine the terminology has anything to do with it. point in case : if in a room with a woman that wants to fuck me, i don't need to speak her language. point