63500+ entries in 0.477s
a111: Logged on 2017-05-31 19:23 phf: indeed.
i'd like for one of these fucks to go "oh, we've tried this solution in 87 and there's reason A and B for why it's not applicable at industrial scale" or "oh we need 10000KB/s which means that blah blah blah"
a111: Logged on 2017-05-31 19:16 phf:
i wonder what they mean by "large amounts", could they just run a handful of FUCKGOATS in parallel? is there some hidden flaw in FUCKGOATS approach that makes the solution non-viable? so many questions!
phf: indeed.
i'd like for one of these fucks to go "oh, we've tried this solution in 87 and there's reason A and B for why it's not applicable at industrial scale" or "oh we need 10000KB/s which means that blah blah blah"
☟︎ phf:
i wonder what they mean by "large amounts", could they just run a handful of FUCKGOATS in parallel? is there some hidden flaw in FUCKGOATS approach that makes the solution non-viable? so many questions!
☟︎ a111: Logged on 2017-05-31 14:52 erlehmann: reminds me of my adventures with libglitch (most useless shit
i wrote and probably most popular)
a111: Logged on 2017-05-31 14:52 erlehmann: reminds me of my adventures with libglitch (most useless shit
i wrote and probably most popular)
a111: Logged on 2017-05-31 15:36 mircea_popescu: this
i suspect is generally the case, if an item doesn't contain deadly possible states it is more properly a toy than a tool.
a111: Logged on 2017-05-31 15:36 mircea_popescu:
http://btcbase.org/log/2017-05-31#1663763 << this
i'm affraid is wishful thinking. consider the simple case of the 110/220 volt switch on most desktop power supplies. it... does contain such a state, as part and parcel of why it even exists in the first place.
mircea_popescu:
i spent a while having to subdue my fridge which had become embroiled along with my washing machine and its allies in an air-and-sea war over some misunderstandings, and
i decided no more of that! no fridge, no washing machine, no spy etc needs its own armored divisions!
a111: Logged on 2017-05-31 14:41 erlehmann: asciilifeform by that standard, everything is insane (
i might even agree). LANGSEC is not planet-wide asepsis, it is washing hands before walking to the operating table.
a111: Logged on 2017-05-31 14:41 phf: validating input is the security community mantra that
i remember since
i joined it in 99 or so
mircea_popescu:
http://btcbase.org/log/2017-05-31#1663768 << let me tell you what it does, because
i recently ran a browser games check. a) won't allow email from domains with >3 char tlds. because VALIDATING INPUT, yes. b) won't allow your password. it's too long (yes), it has special characters (o ya), it whatever on a stick.
☝︎ mircea_popescu: this
i suspect is generally the case, if an item doesn't contain deadly possible states it is more properly a toy than a tool.
☟︎ Framedragger: it *reminded* me of that fact,
i knew it was crazy turing complete madness before tho :D
erlehmann:
i bet you read that at the orange wobsite
erlehmann: but back to the GCC example,
i think someone said “a computer can not recognize meaninglessness” or similar
erlehmann:
i am ever so slightly sorry for not telling in understandable ways
erlehmann: mircea_popescu certainly,
i was referring to a different person that claimed a computer can not work with “a → b … and also, a is false” or something like that
erlehmann:
i have no idea how someone can believe elementary logic is something magic
erlehmann:
i think
i actually got through by demonstrating n3
phf: (heavy technobabble) prof: yeah yeah ugh
i can see that, moving on
erlehmann:
i think part of the room was sufficiently disoriented by the fact that GCC drops loops without side effects
erlehmann:
i once had a case of a philosophy lecturer claiming computers cannot work on meaning, only syntax.
i answered with an explanation of undefined behaviour in C compilers.
phf:
i wonder if this creates significant cognitive dissonance in these people. it took me a while to learn how to scale elegance (and how incredibly costly it is, hence gems like tex.web ARE gems), but here you have a prof, drinking own koolaid of whatever best practices, attempts to write a non-trivial project and ends up with unmanageable complexity
Framedragger: thanks for the pointer, will actually check.
i know a bit of german but too little. may make it even more fun, tho
erlehmann: Framedragger if you know german,
i suggest to play unteralterbach.
i also suggest to not visit commonwealth countries and others with weird sex laws (comic sex = real punishments) when having that.
phf: Framedragger: it's probably shit code that professor was planning on fixing "eventually".
i've managed to acquire a number of these "secret" sources while at umd and most of them were horrendous.
erlehmann: turns out
i am a far better programmer than philosopher btw
erlehmann:
i quit studying philosophy at HU to earn money.
erlehmann: the only person who would not give complete corresponding source and supplementary materials for stuff was a neuroscientist
i think. something about having done lots of work to collect the data and analyze it.
Framedragger long ago got a "you're not yet ready to read kant, read this about kant", which in retrospect may have been a misjudgement (you can kinda sorta just read Kant, esp. if you're read hume), but
i just went along with it. worked in the end. maybe not comparable situation, but anyway
erlehmann:
i moved to berlin to study philosphy at humboldt university. different climate there. especially regarding bad teaching.
erlehmann: Framedragger 1. prof demoed some program he wrote (?) in linear algebra course 2.
i asked about source code. 3. answer was like “you do not get source code, you would not understand anyway” 4. no other student thought it ridiculous for a teacher to not give source. 5.
i found out implementation was really simple.
Framedragger: erlehmann: just idly curious, why did you not continue studying at TUM?
i'm only curious because
i considered that once, too, and "heard it was good" (well they also seemed to be offering solid-looking courses when
i visited them in ~2013). just in case answer pertains to objective details
erlehmann:
i think he meant it more like “haha good luck you imbecile”
erlehmann: the former boss of my boss, when asked about ethereum, was like “my investment strategy is:
i hope you get rich with ether and then give me some of it”
erlehmann: but
i have not yet found out why people are unaffected. and why
i do not feel the same as they do.
erlehmann:
i believe at least some crypto currency marketing triggers similar magpie instincts as earlier scams
phf: erlehmann: well,
i said "parsing"
i didn't say grammar. there are different ways to write a parser. btcbase uses a readtable dispatch based parser to construct an in memory vpatch structure,
i just checked, in about 90 lines of lisp. presumably if somebody wanted to write a parser using yacc, they'd have to write a lalr grammar for a vpatch
erlehmann: you know part of why
i came here is my friends have become mad
erlehmann: asciilifeform
i see what you mean.
i can not claim to understand everything, but it looks saner than C.
phf: erlehmann:
i think what we're saying is that validation for the sake of validation is an incomplete solution for various reasons. you come from a position where you need to convince people that parsing is important, we're saying that ~we know~ and ~we do it~, but we also think that it's not the whole solution.
erlehmann:
i chose postfix notation and a wraparound ringbuffer as a “stack” because postfix can always be evaluated
erlehmann: reminds me of my adventures with libglitch (most useless shit
i wrote and probably most popular)
☟︎☟︎ a111: Logged on 2016-12-11 23:00 asciilifeform:
i was not going to expand on the 'p' thread until the proggy is done, but this is probably a good time to say 1 more
erlehmann:
i do not understand the question, care to elaborate?
Framedragger: mircea_popescu: yeah, after writing that
i recalled gossipd design and intentions (need to generate a lot of keys, and if it takes a month - so fucking be it)...
erlehmann: asciilifeform by that standard, everything is insane (
i might even agree). LANGSEC is not planet-wide asepsis, it is washing hands before walking to the operating table.
☟︎ phf: validating input is the security community mantra that
i remember since
i joined it in 99 or so
☟︎ phf: well, that's why
i referred to that djb paper about qmail. he stated both the problem and the solution, and his solution was essentially "compartmentalize", but when it comes to parsers specifically it's something very aggressive. like a fixed length line reader that dispatches on a single prefix character. not even a "grammar"
Framedragger:
i don't believe they are actually suggesting that doing key gen on third party is a good idea for user. discussion was about performance, no? (granted, did not read whole paper)
Framedragger:
http://btcbase.org/log/2017-05-31#1663689 <<
i believe you misquoted out of context. the purpose of that was to (as you can see if you read till end of para), "The challenge here is to show that secure multi-user RSA key generation can becarried out more efficiently than one-user-at-a-time RSA key generation"
☝︎ erlehmann: phf yeah, the results are not palatable to people. “what
i can not do ‘<script>document.write('<script>')</script>’ anymore?”
phf: erlehmann: that is true, but doesn't take into account complete attack surface.
i agree that "write a proper parser" should be the first step, but that's also a baseline. problem is that most of these protocols are either non-regular, have types that depend on state (e.g. a fixnum whose range changes based on a flag), or are outright turing complete
mircea_popescu: well up until now because
i never heard of him ; from now on tba.
erlehmann: mircea_popescu
i believe linley is creative and knows his theory. but no one ever asked him to clean up his code.
erlehmann: mircea_popescu
i never heard of eulora. earn BTC for playing games?
erlehmann: we sometimes bump into each other at conferences. also
i made the yellow press (BILD) stylesheet for his blog some time ago.
erlehmann: asciilifeform djb never replied to my emails as well.
i asked fefe about it and he was like “that guy has tenure, he does not care, people had to pester him for years to make his stuff public domain”
mircea_popescu: erlehmann
i own a publisher ; not particularly looking for a game, but vaguely interested in competent/efficient dev people for eulora client improvment.
erlehmann: at least that is what he claims,
i never tried
erlehmann: mircea_popescu if you like RTS without multiplayer,
i suggest to try out liberation circuit. the math seems to be fixed-point only, so real-time multiplayer should be possible if you can wade through the abysmal codebase.
erlehmann: phf
i have worked on existing protocol. the grammar codifies the assumptions that you as a programmer make. take an ENUM in the input, for example. grammar should only contain values you know you can process right.
erlehmann: mircea_popescu only by mail. apparently he writes games on windows with code::blocks.
i wrote a dofile and contributed some features.
mircea_popescu: phf
i suspect he's young ; in any case excitable. give the man a moment.
phf: diots" position. what you going to audit ffmpeg?
i'm saying that the correct solution is not to run media decoder on a mission critical machine
phf: erlehmann: sure, but the question is, are you designing your protocol from scratch or you're saying something about an existing protocol. and if you're designing it from scratch then there are existing long established solutions that long predate langsec (unless of course they are just an education organization). but if you're saying something about existing solutions, and you mentioned ffmpeg etc., then it's your classical security specialist "y'all
i erlehmann: phf
i believe you misunderstand the problem
erlehmann:
i asked him at two conferences and both times he was like “
i have to answer lots of questions about crypto, ask later pls”
mircea_popescu:
i suspect the idea is that systems which require something like make are broken anyway.
☟︎ erlehmann: experimenting with a medium-size C++ project (liberation circuit)
i found that there can be as much non-existence dependencies as “normal” dependencies
erlehmann: but apparently,
i am the only one who does. DJB thought of it, he has notes on it.
erlehmann:
i am of the opinion that all build systems except my own redo implementation are shit. reason: non-existence dependencies. if you search for header files at locations A, B, C, find it at C, then C is a dependency. but if non-existing A or B start to exist, the target must rebuilt.
mircea_popescu: actually in my youth
i deemed as the highest achievement in literature a situation where multiple parties participated in a conversation that admits an interpretation for each.
erlehmann: at one langsec and tea gathering
i suspected that every joke contains a misunderstanding on some level
mircea_popescu: hey,
i beat the slavegirls if they fail to infer ; and also if they infer incorrectly.