66000+ entries in 0.493s
mircea_popescu: shinohai if he manages to capture the lot he could not only skin 'em and make himself
a hat + bathingsuit for girl combo, but also could make squirrel stu.
diana_coman: there was another group who were pro and told them even to take
a different route
mircea_popescu: from experience, every time something blows up i can produce for the benefit of the slavegirl in whose hands it did blow up
a list of what minor precautions she could have taken.
diana_coman: from what I read it was more that they were idiots on the day ignoring the weather forecast and making
a poor decision on the spot re path to take
mircea_popescu: aaand in not-really-news : avalance in retezat (romanian mountain) killed
a few kids that were european and world record holders in mountain-related items. ro "our democracy" media railing about how the trainer (also father of one of the victims) "forced his two daughters to break record after record while training in EXTREME CONDITIONS!!!1 ONLY TO SATISFY HIS OWN EGOTISM!!1111"
☟︎ mircea_popescu: to be perfectly clear : the ONLY use of
a successful attack on
a cryptosystem is to attack real world deployments. publishing is particularly
a worthless (and stupid) endeavour, because it gives
a lazy and entitled "public" something for free that it shouldn't have even for pay.
mircea_popescu: d because cryptology is now
a respectable academic discipline, the benefits of publishing
a successful attack on
a cryptosystem far outweigh the dubious benefits of keeping that attack secret and using it for some kind of fraud. In this area, at least, cryptology has grown up."
mircea_popescu: of course, any fiat paper must include its "hail party" lines, and so "In retrospect this time marks
a turning point in the history of cryptology. No longer would products compete on claimed "better algorithms" than their opposition. It became in everyone's interest to focus on published algorithms whose design principles were well known. Cryptographic products found other areas to compete in (speed, features, ease of use) an
mircea_popescu: too bad i wanted to leave them
a "drop fucking dead, bunch of illiterate monkeys"
mircea_popescu: and of course no way to leave
a comment on the "announcing linkerd 1.0" follow-up piece. but i could "share this post on hacker news".
mircea_popescu: "The explicit goal of the service mesh is to move service communication out of the realm of the invisible, implied infrastructure, and into the role of
a first-class member of the ecosystem—where it can be monitored, managed and controlled." << alternatively, you could read
a fucking book. motherfucking chukas.
mircea_popescu: dude, what the fuck is with the bullshit. "we made
a tcp on top of tcp because we're bored at "work" and hurr."
mircea_popescu: "Unlike TCP, the service mesh has
a significant goal beyond “just make it work”: it provides
a uniform, application-wide point for introducing visibility and control into the application runtime."
a111: Logged on 2017-04-29 01:25 asciilifeform: actually this is
a 'classy' bug, turns out
a111: Logged on 2017-04-29 00:03 phf: vaguely related, all these papers that cite subj. i'm sure all these people have
a copy in their private collection (the one they referenced when writing!!1), that they don't share out of copyright considerations and the respect for great scientist
a111: Logged on 2017-04-28 23:30 asciilifeform: 'It is the most advanced and secure instant messaging protocol to date. This is why the designers got an award in front of
a conference full of seasoned cryptographers and security engineers
a week back for improving Real World Cryptography. ' << from turd in earlier thread. that thing is ~bottomless lulzmine.
mircea_popescu:
http://btcbase.org/log/2017-04-29#1649775 << come to think of it, this is rather remarkable
a quote, enacting as it is teh republic as the ~only antifa available. "for the individual against the state and for the state only inasmuch as it identifies with the individual"
☝︎ mircea_popescu: i bet you that, to use your numbers, the 6"5 cohort in your study composes
a lesser section of "the ceos" than the 6"4 cohort.
a111: Logged on 2017-04-28 23:19 pete_dushenski: in related metaphysical sciences, "Multivariate linear regression analysis indicated that lifetime psychedelic use (but not lifetime cocaine use or weekly alcohol consumption) positively predicted liberal political views, openness and nature relatedness, and negatively predicted authoritarian political views, after accounting for potential confounding variables. Ego dissolution experienced during
a mircea_popescu: (the foregoing is also, if you're following the score, the principal argument of liberals (who, in practice, often end up very radical right wing, individual rights people) against the death penalty : since it is at least in principle possible that the whole thing was
a misunderstanding, it is infinitely better to put the guilty in stocks in the basement than to throw them from
a moving airplane. the later's reviewable.)
mircea_popescu: but this phenomenon exists whereby girl ends up in trouble for reasons which, upon later examination, turn out to not actually exist. that the whole thing was actually
a misunderstanding is proof positive the entire system fits in no one's head : not in mine, who misunderstood what was going on, not in the girl;s herself, who, confronted with the misunderstanding, failed to identify what to say to dispel it.
a111: Logged on 2017-04-28 21:28 Framedragger:
http://btcbase.org/log/2017-04-28#1649507 << at the risk of committing
a slippery slope / false equivocation / something, orly? is this not unavoidable sometimes. i do realise "b-b-t muh kernel! is not
a good answer
mircea_popescu:
http://btcbase.org/log/2017-04-28#1649528 << it is avoidable as
a matter of fact. i have by now built an item that is too complex to fit in my head. i call it $harem for convenience, but it's
a set of girls who do things on the basis of rules which they were at some point in their girly youth illo tempore been beaten / screamed at for.
☝︎ phf: FZ_Mul(
A, B, R, Overflow);
mats: made out like
a bandit with those shares, i hope
mats: relatedly -
a trivia q i didn't know the answer to, until it was shared - what is the proper way to test for support for the cmpxchg8b instruction?
phf: probably not. unless there's
a djvu archive somewhere of "доклады академии наук ссср"
phf: vaguely related, all these papers that cite subj. i'm sure all these people have
a copy in their private collection (the one they referenced when writing!!1), that they don't share out of copyright considerations and the respect for great scientist
☟︎ phf: philistine that i am, for
a longest time i thought karatsuba was japanese..
phf: which i think should be considered
a kind of upper bound (this is the most naive algo, without making it intentionally retarded)
a111: Logged on 2016-09-08 17:31 asciilifeform: the #1 entry is gut-bustingly lulzy to asciilifeform , because i spend ~half year auditing
a multilinear-map thing for $rupturefarm, and even was sent to
a 'conference' where 'serious cryptographers' did not even blink when someone walked in with
a proof that whole thing was crock of shit
pete_dushenski: asciilifeform: one wonders what the attendees were seasoned with. salt ? paprika ?
a dash of lemon zest ?
pete_dushenski: anyways, i thought it was being
a ceo that made one taller
pete_dushenski: in related metaphysical sciences, "Multivariate linear regression analysis indicated that lifetime psychedelic use (but not lifetime cocaine use or weekly alcohol consumption) positively predicted liberal political views, openness and nature relatedness, and negatively predicted authoritarian political views, after accounting for potential confounding variables. Ego dissolution experienced during
a ☟︎ pete_dushenski:
http://archive.is/unVPU << related (antbleed - bitmain). " We planned to add this feature to the code to empower customers to control their miners which often times can be hosted outside their premises. This was after more than one incident of miners being stolen from
a mining farm or being hijacked by the operator of the mining farm"
mircea_popescu: anyway, it's
a funnysituation this, miners just can't stick to mining. gotta gravitate towards the flame. so what if ~only thing flame does is burn butterflies.
a111: Logged on 2016-08-23 21:41 asciilifeform: znort987: rather, yes, there was provision for it in the original openpgp spec, but it is
a bogus concept because it entails
a global repository of revocation messages and
a universal agreement re what time it presently is.
a111: Logged on 2016-08-23 21:44 asciilifeform: revocation is
a ~promise~, in that there is not such
a thing, and never will be such
a thing, as
a magical lever that instantly makes
a key stop working.
Framedragger: asciilifeform: they were already using
a scheme which was supposed to protect it, but broke the spec, and implemented poorly. i don't remember but it's probably fixable without migrating to snakeoil or whatever framework
Framedragger: i don't have
a super-plausible scenario. i'm saying such scenario is possible; scheme used by tox can 'minimise damage' (i realise that it's
a funny word when describing 'key stolen'); it doesn't, hence that complaint on shithub.
mircea_popescu: so basically if master key annuls
a key it is thereby annulled ?
Framedragger: if scheme works as it should, you get
a signed message from bob and you know it's bob who sent it to you.
Framedragger: it's not an algo, i was referring to
a possible fix of
a further bad-thing that happens when key stolen. bad-thing is: once your key stolen, attacker (in that broken tox scheme) can impersonate as *anyone* *to* you.
Framedragger: could just be
a social thing, someone literally using your key
Framedragger: (what if it's
a station key? what if you wanted to be alerted of 'key stolen!')
a111: Logged on 2016-12-11 21:09 asciilifeform: trinque: it is
a very simple thing, think 'rpn calculator' and you almost have it.
Framedragger: (re. else, later, moving self. but just
a quick note re turing complete, well yes
a bignumtron should not in itself be turing complete, but i wasn't sure how much additional stuff was planned on top)
trinque: I remember the church derps used to say things like "there's
a god-shaped hole in everyone". The homoeroticism of that aside, does appear that there's
a "metaphysical domination" shaped hole in most folks. looks like this when nobody in your land bothers to stick it in.
Framedragger: i just thought, asciilifeform's bignumtron is probably not even turing complete yes? if it's not, that *
a big plus*
mircea_popescu: well, maybe. i'm not really able to evaluate
a framework rightnao.
mircea_popescu: but to return upstack : if i can't enumerate the states of my machine, i will thus therefore worry about it ending up in
a state i can't predict, understand or recover. this is rational.
mircea_popescu: even more directly : every kid who ever tried maintaining
a machine, be it linux, bsd, anything, knows very directly the problem with this framework thing. apt-get is guess what ?
a package framework. what's its principal function on anyone's machine ? that it imports packages you
a) didn't want or need and b) turned out vulnerable.
ben_vulpes: current thinking in re testing dumper is to solo mine and test but that's
a not-small pile of test harness to write
Framedragger: mircea_popescu: no disagreement. i honestly don't know re framework, i do think they just abused
a term (which isn't
a great signal)
ben_vulpes: gotta back out the c++11 work, implement
a predicate and test the shit out of it
mircea_popescu: if your protocol is, for the sake of this argument,
a state machine with about 150k states, and then the "framework" is
a further state machine with about
a half million or so states, your protocol framework escapes security as
a fundamental property of it.
mircea_popescu: abstraction has this cost, that if i have to maintain AB i spend twice the time if i maintained an
A and
a B.
mircea_popescu: let's revisit the early cs classes. if you have state machine
A, with 4 states, and state machine B, with 5 states, the composed mechanism AB has... 20 states.
Framedragger: i thought you were *for*
a crypto library where operator would not have to use (by which i mean abuse, because he will) low level primitives?
Framedragger: the fact that interfaces implement literal crap in the case of openssl is of course not the best advertising for
a simile...
Framedragger: makes sense to have core building blocks. i see protocol framework here in the sense of openssl being
a protocol framework
Framedragger: i think by 'you can create protocol' they meant
a high degree of abstraction kind of protocol. e.g. stateless or stateful transport security, etc.
mircea_popescu: (at least that's what i parse the words to mean, framework = "standard with
a lot of user serviceable knobs")
mircea_popescu: either you have
a protocol standard, or else you have more prototyping work to do.
mircea_popescu: ie,
a "protocol framework" is definitionally premature.
mircea_popescu: to put it another way : when
a fundamental problem is well understood enough to approach conclusively, and yet the approach eschews creating
a standard in favour of preserving choice, the signal is that the problem was NOT actually understood enough.
Framedragger: i'm not convinced it's
a very bad idea. i'm not advocating such 'we love complexiti' architecture of course
Framedragger: ah. well, i thought it was
a set of lower-level crypto interfaces on which you could build higher-level protocols
mircea_popescu: even if we don't consider practical experience (hey, automake tried to be
a makefile framework yes ?) and only focus on the theoretical aspect