36100+ entries in 0.335s
Darwin_Fish: Do you not know that your bodies are members of Christ? Shall I then take the members of Christ and make them members of
a harlot? Certainly not!
mircea_popescu: but... listen. isn't this the whole entire proposition of manhood, both biologically and socio-historically, "go ye and make
a pile of resources so females may be attracted thereby" ?
mircea_popescu: zx2c4, the only thing you can get with
a smaller key is "something just as good", in the sense mcdonalds is just as good as the restaurant i go to. perhaps it is -- for the poor. i'm not poor, nor do i orient my life around the needs of the needy.
mircea_popescu: zx2c4, no, they're fucking disputable. you're going to tell me you get "the same thing" but "with
a smaller key" ? i'm tuning out, this is nonsense.
zx2c4: all of them? some of the advantages are indisputable like key size and computation speed and implementation ease. im guessing you dont believe there's
a security advantage over RSA? you're not soothed by the fact that many attacks against RSA dont work with ECC? okay, but that still doesn't discredit the indisputable advantages. so then maybe your position is that ECC has _weaker_ security than RSA for various reasons? that'd be
a more interesting
Darwin_Fish: Do not prostitute your daughter, to cause her to be
a harlot, lest the land fall into harlotry, and the land become full of wickedness. (Lev 19:29 NKJ)
Darwin_Fish: Ron Paul believes prostitution should be legal. I turned
a blind eye to that, but I should not have
zx2c4: sha256 isnt an encryption function. also beware this construction, especially the second one where the string comes last -- length extension is
a problem with sha2
zx2c4: > For
a functional example consider node
A, whose "encryption" mechanism consists of sha256(string+"hurr"), and node B, whose encryption mechanism consists of sha256("durr"+string.).
mircea_popescu: Darwin_Fish, isn't it silly, to ruin
a long standing relationship like that, over what was in the end
a small error ?
mircea_popescu: zx2c4, the idea being that the "wtf are you going to do, keep talking forever with anyone you ever talk to ?! morons!" problem is not unknown, but
a major item giving me
a bellyache as it stands now. invariants, god damn them all.
zx2c4: mircea_popescu: and i think having that kind of thing always on -- constant chattiness -- would be
a security step backwards, since it'd give up stealthiness. but of course if you still wanted it for
a special use case, there's nothing in wireguard preventing you from having it pretty easily
Darwin_Fish: But now I have written to you not to keep company with anyone named
a brother, who is sexually immoral, or covetous, or an idolater, or
a reviler, or
a drunkard, or an extortioner-- not even to eat with such
a person. (1Co 5:11 NKJ)
zx2c4: mircea_popescu: wireguard isnt
a library. its
a virtual network interface that tunnels ip packets. what im pointing out is that your suggestion implies that both sides must _keep_ talking always, since thats the only way to obscure termination messages.
zx2c4: mircea_popescu: re:rand(20,200) - sorry. random number of bytes is all i was going for. (an ip header is 20 bytes, so you'd probably want to bound it at that. and 200 seems like
a reasonable cut off. but of course we could keep engineering and designing that sort of thing and come up with different numbers.)
zx2c4: otherwords, an attacker still knows that the protocol has gone silent, because one side will stop responding. it sounds to me like what you would prefer is for both sides always to be talking and chatting -- always, and with garbage when not with real data -- to trip of traffic analysis. that's
a legitimate desire, and there are many other additional things can add to protocols to further trip up traffic analysis. wireguard distinctly isn't focused
zx2c4: mircea_popescu: if what you mean is rather than sending an empty packet, i should instead rand(20,200) zero bytes encrypted, then i wonder what this would accomplish. the other side now receives this. if it's
a keepalive message (which it knows after decryption), then it goes silent. if it's not, then it either responds with whatever is appropriate to respond to that, or if it has nothing to say, it would have to send
a keepalive too. in
mircea_popescu: Darwin_Fish, anyway, theology is the study of divinity as
a theoretical possibility ; religion is the study of historical human practice. the catholics resolve this problem by claiming (falsely) that they were specifically promised god will preserve their religion in theology. this claim has all the strength of their claim constantine deeded them the world.
zx2c4: nothing. alternatively, it sends
a bunch of garbage data at random points to trip up traffic analysis. now introduce the wireguard final-confirmation keepalive. one side has nothing more to say, yet it just now received
a message from the other side. rather than sending nothing, wireguard now sends
a single length 0 message. after that, both sides are entirely silent. what does the sending of that length 0 message reveal that sending nothing would
zx2c4: mircea_popescu: let's take
a protocol that just encrypts ip packets and nothing more. traffic analysis of the size of packets gives you something, especially in the case of TCP where there are necessary types of responses at various points. but i suppose you want me to consider "general purpose cases". so im thinking about
a raw UDP protocol. in this case, it might be that at the end of an exchange, one side has nothing more to say, and so it says
mircea_popescu: well, have you ever met
a religious dude who didn't SAY, and broadly think, they're following god ?
mircea_popescu: but we're discussing theology not religion. cryptography is eminently not
a religion. in fact, i'm the frirst one to have ever said anything remotely like the foregoing, and it's giving crypto people hives just reading it.
mircea_popescu: i'll propose something to you : inasmuch as one is in
a better position understanding god for god, rather than understanding god for what some guy said, cryptography is the most direct path to divinity.
mircea_popescu: if i have
a message, which is not null, i can package that message in any string of any arbitrary sized chunklets. so your observing 8+16+24+8+8 does not tell you whether you observed 5 null messages, or
a 64 message, or 4 16s, or anything else.
mircea_popescu: i suppose at work might be
a confusion between what-some-idiots-might-be-thinking-retroconstructed-on-the-flimsy-basis-of-how-they-behave, where "general purpose os" means "the sprinkle of magic turning the computer from
a computer to anything i want it to be, which is to say
a tool that magicvally works for any purpose i might come up with, especially the nonsensical and self-contradictory ones".
zx2c4: mircea_popescu: could you elaborate your argument on why you think the 0 response is different from the 16, 32, 48, etc response? spare me the hand-wavy "its always an invariant!" arguments. can you give some real security analysis of what you have in mind? am willing to take your concern seriously if theres
a good case for it
mircea_popescu: then they moved to
a non-general purpose os, and alf threw
a fit because the thing took time to boot or w/e.
mircea_popescu: the best example i can think of is the code on the old handheld calculators. THAT is
a general purpose os : it makes no assumption about the downstream, merely fully, cleanly and directly exposes the hardware.
☟︎☟︎ mircea_popescu: spyked, i disagree general purpose os is actually
a null concept, or
a useless one.
mircea_popescu: danielpbarron, indeed. hey, purity is
a great boon for blogging.
mircea_popescu: spyked, i don't see how this distinction works. what does "eliminate word from vocabulary" even mean, you'll take out some classes/dependencies/whatever out of
a pile of lines of code, leaving
a them-shaped hole behind.
danielpbarron: lemme know when's
a good time to do the atruechurch Q&
A spyked: in fact 90% of blogpost was purely
a discussion on terminology. eliminate "general purpose os" from head and you're left only with means to create
a sane system.
a111: Logged on 2018-04-16 14:45 mircea_popescu:
http://btcbase.org/log/2018-04-16#1799724 << this is the equivalent of "designing"
a caveroom. tell you what : if your approach is substractive, no systems engineering took place. the guy hacking
a motorcycle out of two broken cars isn't an industrialist, he's
a scavenger. these are fundamentally, and radically, different things.
spyked:
http://btcbase.org/log/2018-04-16#1799833 <-- but! the
a, b examples I gave were *not* in any sense subtractive, read again. and by "eliminate" I mean, the words from vocabulary, unlearn them, throw to trash bin (hence "systematically"!), *not* "take monolith and prod it with toothpick"
☝︎ a111: Logged on 2018-04-16 14:06 danielpbarron: got
a message from my former employer that they "Have
a service" and were notified of my blog post. hows that for seo? i'm not even trying to game the search
ascii_lander: moar with economy of scale (e.g. the impracticality of rolling out
a new IC for every new thing)
mircea_popescu: ascii_lander, this is not
a problem with modern industry as much as it's
a problem with the EXTREME cognitive cost of design.
mircea_popescu: buildings, however, are
a very opposite attempt : the dismal resistance of air (and see also un prophete discussion of winds here) and the minimal and well understood constraint of gravity allow enough free space for design to be
a thing.
☟︎ mircea_popescu: as
a matter of fact, there's no design in cave rooms : you will dig where the soil [read: resistence of the medium] permits you to dig, and that is all.
a111: Logged on 2018-04-16 10:05 spyked: then moving from this approach you can systematically eliminate e.g. "pdf library" or e.g. "udev" or e.g. "protected mode" or everything else that is not *needed* for the system, not just userland (if there should be anything such as "
a userland" at all in there)
mircea_popescu:
http://btcbase.org/log/2018-04-16#1799724 << this is the equivalent of "designing"
a caveroom. tell you what : if your approach is substractive, no systems engineering took place. the guy hacking
a motorcycle out of two broken cars isn't an industrialist, he's
a scavenger. these are fundamentally, and radically, different things.
☝︎☟︎ ascii_lander: speaking of 'for all', i saw (on 2 consec. days!)
a sight that must be seen to be believed : 500+ gurlz standing in line. for what? for 'starbucks'
mircea_popescu: ascii_lander, there has yet not existed such
a system where the top wasn't leisurely. the "leisure / no leisure" discussion contrasts "leisure for all" with "leisure for some"
mircea_popescu: leisure is
a precondition for the many aspect of civilisation whereby woman sits on ass all day yakking annoyingly.
a111: Logged on 2018-04-13 20:37 zx2c4: i'm not saying everyone with leisure _does_ do something worthwhile with it. but you cant deny that leisure is in many cases
a necessary precondition for many great aspects of civilization
ascii_lander was just nao having
a quite mircea_popescuine 'as above, so below' thought : in usa, hotel maids are invariably bags, in ~every~ orcistan -- pretty gurlz
mircea_popescu: so, if your desert march results in
a jewel of code,
a la ffa, sure. if your desert march results in ample "lulz" as we call them, ie, intricate, unforgiving documentation of orcs' idiocy, sure.
mircea_popescu: the one where he has
a lot of fun / sees
a lot of things / is all impressed / tastes all the tomatoes IS NOT useful.
mircea_popescu: and more generally : there's two kinds of sallies
a gentleman may engage in. the one is where he comes back with
a boatload of gold/tomatoes/whatever. the other is where he comes bacl with
a well written tale of his travels.
mircea_popescu: mod6, i could have saved you the time, i guess, but then again IF you publish
a detailed discussion then we have that.
mod6: In other tales from the TRB: I spent
a solid chunk of time this weekend trying to backport all of the rpc rawtx functions from upstream prb. Just to see if it was workable, and an educational endevour. This is not going to be
a thing. They change tons of baseclasses and introduce
a variety of new ones. Going forward, I think these will just be reimplmented in
a trb-fashion.
mircea_popescu: "so in which sense is it
a taj mahal then ?" "they say so. that gotta count for something, beyond any consideration of form or substance" "notrly" "TERRORIST!"
mircea_popescu: sorta like
a taj mahal made out of pet bottles in the approximate shape of clinton's nose.
mircea_popescu: such
a credible effort, that shitpile. imo ethereum is very useful in the following sense : it shows EXACTLY what bitcoin'd have been like if it occured to the ustards.
ascii_lander: mircea_popescu: i read it, it was
a snoar, ethertards doing their 'unhappen this eggog, unlose some shitcoin' thing again.
mircea_popescu: as there's not enough room in reality for both their larpings, they eventually split, there's
a useless "new" php without mysql and
a similarily useless "new" mysql withouyt php now. that neitjher were ANYTHING other than "one piece of LAMP, which exists STRICTLY because tmsr v 0.1 says it does" entirely wooshes over all their herads.
mircea_popescu: but then their successors, two groups of dweebs with sparse goatees, really REALLY don't believe they're just gunk on ancients' unremarkable cogs in
a larger system.
mircea_popescu: phf, there's been this ancient grudge between "mysql people" and "php people" in the following sense : in the 90s, the "foss community" consisted of
a sad indeology-lite republic that still had enough people to get shit done. they needed an egine for their "revolution" which was to be centered around "the web",
a shoddy, ill conceived can of mostly "make it easy for people to participate AND IT WILL TAKE OVER THE WORLD [of pe
mod6: iirc posted
a pic once upon
a time even.
mod6: mircea_popescu: no, thankfully. I'd probably have died. I have
a mean-snowblower.
a111: Logged on 2018-04-15 22:25 phf: esthlos: mysqli appears to be
a force pushed buggy replacement for original php mysql driver (the usual "deprecated!!1" tricks, while missing features and introducing creative bugs)
mircea_popescu: you're so funny, you know, spend
a whole year all dour and then go out for like
a week and be all "squeeee"
danielpbarron: got
a message from my former employer that they "Have
a service" and were notified of my blog post. hows that for seo? i'm not even trying to game the search
☟︎☟︎ a111: Logged on 2018-04-14 21:22 mircea_popescu:
http://btcbase.org/log/2018-04-14#1799029 << anyway, i wouldn't simplify it quite to that point. obviously there's
a pull and there's
a push way to make money, and if i propose to some guy, "do x, get y" it's my push not his pull, and obviously if he wants to pull instead of waiting to b pushed aroundhe gotta do pull-y sorta things. but anyways.
spyked: then moving from this approach you can systematically eliminate e.g. "pdf library" or e.g. "udev" or e.g. "protected mode" or everything else that is not *needed* for the system, not just userland (if there should be anything such as "
a userland" at all in there)
☟︎ spyked: window with the box or whatever. that C is the set through which you intentionally make your OS
a non-general-purpose item.
a111: Logged on 2018-04-14 21:12 mircea_popescu:
http://btcbase.org/log/2018-04-14#1799018 << the notion that there's such
a thing or could be such
a thing as "resonable expectation" of pre-existing userland on the basis of os is not unlike young women expecting fucking them means they get to reorganize your bathroom.
spyked:
http://btcbase.org/log/2018-04-14#1799116 <-- no "pre-existing $thing" was contemplated at any point. lemme exemplify:
a. you wanna implement bitcoin-node-os and determine that it requires crypto primitives, bitcoin db/fs, text editor for config files and so on up to
a set of components C and *nothing else*; b. you audit the system at [
a] and find out that idem, all components present in the systems are in C, and if not, then out the
☝︎ mats: i have four fgs if pizarro needs
a few more though
mats: sounds like
a task for
a lord
esthlos: ah you're right, it's
a recent removal
esthlos: there's not even
a mysql use flag, just mysqli and PDO
☟︎ phf: esthlos: mysqli appears to be
a force pushed buggy replacement for original php mysql driver (the usual "deprecated!!1" tricks, while missing features and introducing creative bugs)
☟︎ hanbot: look at the log where i linked it, for example. the girl registers, the bot confirms she's registered, ---you announce that you got her registered---.
a few lines down you've got four lines to announce that there's
a problem with
a picture, after the picture's been posted. how many times yesterday did you ping mircea_popescu and then do it ---again--- to ask if he's around? etc.
lobbesbot: danielpbarron: Sent 15 hours and 3 minutes ago: <BingoBoingo> You have
a comment in cue
a111: Logged on 2018-04-15 00:09 mircea_popescu: in other news : darwin fish, of fabled atruechurch group, agreed to do
a q/
a session for
a coupla hours tomorrow / next week sometime.
Courtneyxd: douchebag said it usually only takes 5 to ten minutes but it has been
a long while and still nothing xc
Andria: i love sex and it pays well i love being
a sex worker
a111: Logged on 2018-04-15 03:53 ben_vulpes: i'm kinda
a little puckered about using the apache worker model; i'm going to have to set up something that lets folks upload content