422000+ entries in 0.275s
assbot: Logged on 13-08-2015 09:59:16; shinohai: Here in
the Southern US you can identify
the real deal easily.
The have crude signs
that advertise
their produce with
the most horrific spelling possible.
mircea_popescu: roast a fuckjing rabbit
take it over or something sane.
mircea_popescu: poor old guy, gets isolated because people are getting incredibly weirder, and
then when he
tries
to break out
that's grounds for further isolation ?
assbot: Logged on 13-08-2015 09:36:42; cazalla: guy's a barber
too but just like his offer
to
take what i want from his backyard, i
turn down offers for haircut and straight razor shave
ag3nt_zer0: okay
thanks for
the byzantine feedback
mircea_popescu: this was a major
thought cleavage, which i noticed at
the
time, and i noticed
that people were actually visibly... peculiar about other
things.
mircea_popescu: the societal consensus being at
the
time
that "to
the best worker belong
the best
tools"
mircea_popescu: well, specifically what
triggered me was
the proposition
that "this man
that is doing a bad job would do a better job weith better
tools"
phf: no, my school was ran by a strong georgian woman pretty much on her
terms. 35A 35B starting classes were reduced
to 12A 15B by 12th grade,
through gentle "your kid is just not right for
this place. i suggest you remove him, because it might get very HARD for him
to study here very soon"
mircea_popescu: one of
the fringes of "intellectual"
throughout
the period.
mircea_popescu: right after
the 90s
these "englightened" folks started
to pop up, usually looking just like steve jobs
phf: mircea_popescu: my russian education was downright abusive by u.s. standards. or you're
talking eton style mandatory beatings?
mircea_popescu: but re
the languages
thing : both ru and cn have ~their own~ idiot matrices.
mircea_popescu: it's rank nonsense,
they love it (perhaps for good reason) like you love washington.
mircea_popescu: the notion
that people in china dislike
their government
to any degree is not unlike claiming
that
there's going
to be a peasant revolt
that'll shoot stalin', where stalin' = stalin - 99.9% of
the killings.
mircea_popescu: ag3nt_zer0 you have
to understand
that
this entire "market"
thing is more of a DoS
thing
than a local
thing.
there isn't a substantial similarity between ukraina and china
that makes both appear in
the press you read as "so and so square".
mircea_popescu: phf don't get me wrong, i'd love for it
to work. i'd also love for
the "not beating kids makes
them smarter" and "all education should consist of is encouragement" nonsense
to work.
phf: mircea_popescu: yeah, i've not reevaluated it since
the last
time i
thought it, which was 2005 or so
mats: tiananmen sq literally does not matter
to anybody but english readers
ag3nt_zer0: asciilifeform: a while back we were having an exchange about
tienanmen and it's relation (or non)
to
the fall of
the wall... I have looked a bit in
the direction you indicated but haven't found so much... you got any rcommended paths for
that ?
mircea_popescu: meanwhile
the
top google result for i will pay for your
tits is still me.
mircea_popescu: but i liked
the part about "he abandoned
twitter so is no longer reachable"
assbot: Did anyone
take Mircea Popescu's offer? He'd need more
than 25000 BTC
to settle his bet now... : ethtrader ... (
http://bit.ly/1Jfxx2J )
mircea_popescu: so
the solution remains
to plug
the holes in
the heads. either alf style, with bullets, or else wot style, or somehow unknown yet.
phf: in
the sql example, it's sql_execute('select * from ' + sql_var_sanitize(variable)). naturally people keep forgetting
the sql_var_sanitize
mircea_popescu: it
turns out
that
the sort of people who write good code write it in asm for a z80 or in c
mircea_popescu: phf iirc
this
theory was variously
tried and failed
to deliver.
phf: traditional infosec solution
to problems like
that is a proactive bandaid and
then yelling at people for not using bandaid appropriately
phf: e.g. sql_execute
takes character arrays. if your sql_execute
took ASTs instead, well, in
that case you can't violate
the assumptions of
the abstraction
phf: mats: well, i actually meant
the opposite. classes of attacks can be eliminated by not using c. i
think
that majority of
the attacks come from leaky abstractions.
there's no <string> in c, but
there's a null
terminated memory region.
there's no <sql> in perl, but
there's a character array with sql
text in it. one of
the solutions is
to plug abstraction holes on a level of
the language, in such a way
that you can't not use improved abstractions
☟︎ assbot: Logged on 28-07-2014 19:19:31; asciilifeform: results - and from
this comes strength;
the fight now
turns, from a draining, futile floundering -
to a merry, wrathful clobbering of a dying vermin, who with us - men - has nothing whatsoever in common. But it all begins - with nonparticipation.' (Беркем аль Атоми, articles.
translation mine.)
assbot: Logged on 28-07-2014 19:19:31; asciilifeform: sheath, you have
traded places with
the *pederasti* - now you are sighted, and
they are blind. Now you no longer struggle in
the darkness with something foggy and omnipresent, which softly absorbs every blow - instead, you can now clearly make out a pathetic piece of shit, which has smeared itself over
the most important part -
the eyes - of a large and powerful man. You can now deal blows, directly s
assbot: Logged on 28-07-2014 19:19:31; asciilifeform: 'Learn not
to participate -
to
the point of utter impossibility of meeting
the enemy 'half-way' - and you will see
that inside
there lay a very useful mindfuck: in learning
to 'nonparticipate,' in fact you drew out your *will* from its scabbard -
to which it seemed so securely riveted by your upbringing.
The appearance of *your will* changes everything and forever. With your own will slipped into your
mats: there are criminals
to catch and people
to save, regardless
mats: well, sure. like a detective or a physician, folks attempting
to write secure applications begin from a position of weakness. and rarely win.
mats: hey, i've maintained
that its about increasing cost. not preventing
the barbarians from entering.
mats: dunno man. maybe i'm lost in
the matrix.
mats: i didn't say
that. but _the cost of attack can still be substantially increased_
mats: and more reasonable
than casting sailors
to islands filled with savages
mats: this works better
than suggesting folks write code in ocaml, erlang, haskell, etc...
mats: anyway, as phf says, it is of course possible
to kill certain classes of vulns in C, be it memory mgmt
to fix corruption, strncpy and
the _s functions from MS for known, fixed size destinations, properly strict coding conventions, reducing attack surface with sandboxing e.g. NaCl, and full SFI/CFI
☟︎ phf: turdels all
the way down
phf: a deployment strategy in
that case could be qemu-x86 -hda bitcoind.img -hdb /dev/blockchain_drive
assbot: Logged on 13-08-2015 14:56:38; funkenstein_: perhaps in some way similar
to simply passing around a massive virtual machine file (yes I'm fishing for a correction on
this)
mats: this is
the ship we got, and its underway. for
those on it,
the holes must be plugged; we cannot return
to port and build anew
mats: as I
think more about it,
there may yet be a software solution... will share later. asciilifeform will not like it -
this involves, inevitably, a multitude of mitigations
phf: mats:
there's a systematic solution
to an entire class of problems. in
the poor people world perl "solved" buffer overflows on string input by closing
the abstraction leak, meanwhile introducing its own leaky abstraction, i.e. string injection attacks.
the solution
to
that problem was known for 50 years now, specifically structured/validated data
mats: burn
the
thing
to
the ground, I know
assbot: Logged on 13-08-2015 16:43:50; mats:
there is no systematic solution
to be had