log☇︎
558200+ entries in 0.405s
mircea_popescu: not astonishing in the slightest.
asciilifeform: ah yes, more or less that.
mircea_popescu: yes, actuyally, they have. here even, publicly and explicitly.
asciilifeform: has anyone considered how preposterous the entire notion is, of bitcoin depending in the least bit on crud in external libs that can change on a whim ?
mats: BingoBoingo: chimps are terrifying.
mircea_popescu: the asking is public, let teh enemy pluck its hairs.
[]bot: Bet placed: 1 BTC for Yes on "Gold to drop under $1000 before March 2015" http://bitbet.us/bet/1101/ Odds: 28(Y):72(N) by coin, 28(Y):72(N) by weight. Total bet: 7.1 BTC. Current weight: 99,593.
asciilifeform: unless you'd like to hire them in pairs.
asciilifeform: i expect to be a minority of one on this, but i'd much rather see it done by one of the folks here, than by a great sage who may or may not have been suborned (or shall be as soon as enemy gets wind of intention)
mats: but yes, i agree with the premise re: gendarmerie
mircea_popescu: not that THAT is a bad move in any sense, of course. but timeo Danaos et dona ferentes.
mats: asciilifeform: ive only seen this specific issue get airtime in the last few months
asciilifeform: mircea_popescu: aha, doing the 'nix openssl' thing from therealbitcoin idea list ?
mircea_popescu: anyway, ima get on teh comparison requests tomorrow. if anyone has more names to suggest as per above...
mircea_popescu: unless there's some sort of major backdoor in wuille's ecdsa implementation...
mircea_popescu: them a clear dependency to use when they need consensus-critical
mircea_popescu: probably give us fewer consensus problems than our existing OpenSSL
mircea_popescu: and well-understood library designed with consensus in mind that'll
asciilifeform: mats: old news i think
mircea_popescu: is a good idea on the grounds that it provides us with a well-written,
mircea_popescu: opinion that migrating Bitcoin Core to libsecp256k1 in the near future
mircea_popescu: excellent testing the library has undergone - I personally am now of the
assbot: Bank of America warns of 'lethal' damage to China's financial system as deflation deepens - Telegraph ... ( http://bit.ly/14D8OSM )
mircea_popescu: Wuille's recent findings¹ CVE-2014-3570 - strong evidence of the
mircea_popescu: above incompatibility does strongly suggest that OpenSSL may not itself
mircea_popescu: for verification on the grounds that consensus trumps correctness, the
mircea_popescu: "While I have often cautioned people before to avoid using libsecp256k1
assbot: MassPrivateI: Mass. law enforcement agencies claim they're corporations and they're exempt from FOIA requests ... ( http://bit.ly/14D8PX1 )
mircea_popescu: already cracking at teh seams.
assbot: Logged on 08-01-2015 08:24:54; mircea_popescu: he's prolly aiming for putting it in by february, but won't actually have the tech resources to do it and rather than risk a total humiliatory blowout delay it to march
BingoBoingo: Everyone knows you have them.
mircea_popescu: BingoBoingo let me dig up my own words from the damned logs
asciilifeform: aha. plenty of folks want to take, take, run.
asciilifeform: back-end optimizations, that is
asciilifeform: iirc rms is concerned about something quite valid - gcc has excellent front-end and ast-level optimizations, while at the same time, a middling-to-poor set of back-ends (depending on cpu arch)
mircea_popescu: sounds like the true c compiler!
mircea_popescu: im still there
mircea_popescu: i have not looked at the matter in at least 3 years. does llvm still own gcc much to everyone's chagrin and denial ?
mats: id like to see gcc contribs move over to llvm, if for no other reason than to motivate both parties
mircea_popescu: mebbe they could call it gccemacsd
mircea_popescu: anyway, the gcc-emacs merger seems slowly but surely emergent
mircea_popescu: apparently there's some debate about ast output in gcc.
mats: ive read it several times and concluded a) i dont get it and b) f/oss is embarassing and dumb
mircea_popescu: i don't get it. so, stallman-gcc, is at odds with stallman-emacs and they don';t wanna talk inside his head because cacti ?
mircea_popescu: but that's a way waiting.
mircea_popescu: obviously, on a strategic plane the difference would be "stop making broken by design software ; behead all the shitgnomes ; adopt bitcoin as us currency" etc.
mircea_popescu: wtf is the difference.
mats: ...suggesting that computers as they are can be proportionally defended, rather than a contest of risk management and attack surface
mircea_popescu: "fix the damned software" "nu-uh, we'd rather look for bugs in the chinese's" "they're using the same shit, you know"
assbot: Snowden: US has put too much emphasis on cyber-offense, needs defense | Ars Technica ... ( http://bit.ly/14D22wt )
mircea_popescu: experience over the past few years shows that answer is generally yes
mats: DJB, too
TomServo: kakobrekla | i just find the whole fetch command thing silly. << If it was named scoopdog that'd be one thing...
mircea_popescu: so thinking further on the project to compare ecdsa libraries from yest... i guess the best thing would be to email respectable crypto people see if they want to do it as a contracted job. anyone wish to make recommendations ?
mircea_popescu: amazon will let you have that for ~300 a month
xe4l: mircea_popescu: haha, naw, TOR has a host of issues; this is merely a security layer if contemplated deploying
mircea_popescu: <xe4l> think TOR but you always do 10mbit FD << o that's what this is, you fixing what you read about tor vulnerabilities recently ?
mircea_popescu: if it were a military matter they wouldn't cut the walls offhouses.
xe4l: the idea is to reduce the number of data points that can be gathered from sniffing
BingoBoingo: xe4l: You idea seems to introduce of getting v& for DDoS as plausible reason even if attacker can not tell your actual schtick
xe4l: lol valid point, few organizations other than the NSA have any idea if data is moving or not
xe4l: no one can tell if your node is even doing anything or if it's just all white noise
xe4l: think TOR but you always do 10mbit FD
xe4l: mircea_popescu: if the endpoint isn't doing anything, the software saturates the encrypted tunnel up to the same traffic volume/patter/protocol
asciilifeform: xe4l: then enemy relocates to the other end of the connection and proceeds to do - whatever he was originally to do at your end
xe4l: mircea_popescu: oh the point would be that a sniffer would either see say 1mbit full duplex say ipsec traffic
assbot: Logged on 07-01-2015 04:40:04; *: asciilifeform rather thinks that this is a military matter, where adversary can afford to ransack and search 100 houses but not 100,000, and hence his gathering bits of info - matters
decimation: like those magnets you stick to your gas tank to improve fuel economy
BingoBoingo: <asciilifeform> mircea_popescu: i got a piece of junk mail once, advertising specially-made capsules (for folks who have no idea how to use a saw or glue?) for buring rifles. << Obvious hypothesis, they found a Wasp cache and kept the rifles
asciilifeform: answer (rot13) - boivbhfyl, gur fvahfbvqf. qnl/avtug plpyr, znpuvarf trg fjvgpurq ba, bss. gur cynarg gheaf.
asciilifeform: xe4l: student exercise in traffic analysis. http://sleipnir.syari.net/pool/graphs.html?Month << litecoin miner graphs. say which ones are chumpnet-powered.
mircea_popescu: xe4l i don't get what the attacker is supposed to think here. "oh, it's ok, that's just what that weird node does" ?
xe4l: over wireless you would pulse, your receiver would always transit and receive say 10mb every hour on teh hour
asciilifeform: mircea_popescu: picture the fool who buys this, with his credit card, has it sent, etc.
asciilifeform: mircea_popescu: i got a piece of junk mail once, advertising specially-made capsules (for folks who have no idea how to use a saw or glue?) for buring rifles.
decimation: asciilifeform: what is comcast's 'secret' bandwidth cap these days? a few hundred gigabytes per month
xe4l: asciilifeform: it was a crude example, a proper implementation would do fancy shaping, but normalize the overall traffic pattern; I'm sure residential providers wouldn't like this, but MPLS/VPLS, metro-e, routing over peering/IX - it's irrelevant
mircea_popescu: asciilifeform now that's an excellent approach to make the point.
asciilifeform: wasn't on a list the day before, and now you are.
decimation: who is 'they', and what are you transmitting or receiving?
asciilifeform: xe4l: let's start with the fact that 10mb/s will instantly promote you to your isp's 'hog list' in some, if not all, isp
mircea_popescu: i guess something on udp then
xe4l: what I'm talking about is simply providing less information, right now all of our connectivity generates a substantional amount of noise that can be intperetered, my thought is to shift that to, they are transmitting and receiving or they aren't
mircea_popescu: "david has a mental issue that makes him see vivid scenes from literature and also forces him to write about himself in the third person."
assbot: Logged on 27-08-2014 01:00:10; asciilifeform: 'pardon my cynical twist, but what are you doing with that 20,000×20,000 double-precision floating point matrix you say you need to invert _today_? If you answer "nutt'n, I jus kinda wondered what it'd be like, you know", you should be very happy that I am most likely more than 3000 miles away from you, or I would come over and slap you hard.'
mircea_popescu: David is on track to retire in two years from investing in bitcoins. David wants to help you understand the once in a lifetime opportunity this digital currency revolution provides."
mircea_popescu: http://www.benzinga.com/news/14/02/4346277/bitcoins-shocking-resilience-and-achilles-heel << one of the most idiotic articles on btc
assbot: Logged on 05-01-2015 05:22:48; mircea_popescu: Fun noobs have a reputation of wishing to get involved in the most complex end of any matter first thing.
mircea_popescu: in general, to keep 99% out of any attacker's hands you'll need to spend 100x what they spend.
mircea_popescu: i think you will soon discover if you ever get to the practical side of things that denying ALL INFORMATION to an undefined attacker is a function of infinite budgets.
xe4l: if for instance, your laptop, desktop, phone, whatever; always did 10mbit of encrypted traffic with variations in timing, packet size, etc
xe4l: the size, shape, duration, timing, etc of our traffic, no matter how encrypted still provides a wealth of information
asciilifeform: it's trivial to sniff most connectivity, especially wireless << >> 'it is trivial to steal most objects, especially rotting squirrels in parks'
xe4l: it's trivial to sniff most connectivity, especially wireless
mircea_popescu: xe4l i guess i don't understand what the purpose would be
kakobrekla: yes, good to know it works with numbers over 1k.
xe4l: talking about how you deal with protocol timing attacks would go more with the buried treasure opsec concept
assbot: Logged on 30-08-2014 20:46:17; asciilifeform: but, as every treatise on the subject invariably begins with, first try to understand what is to be hidden - and from whom
asciilifeform: http://log.bitcoin-assets.com/?date=30-08-2014#816402 << buried treasure thread. instructive. ☝︎
xe4l: it's trivial to detect if someone is or isn't doing what I described, it's merely a layer to mask activity inside of a segment