log☇︎
731500+ entries in 0.456s
midnightmagic: The attack is just a heartbeat with a size modifier different; it's an overrun read-only flaw. Unless the attack is expanded to something else, there is no targetting. It's "whatever's sitting 64k behind the heap."
mircea_popescu: at this stage i don't see how any negative statements can really be made.
midnightmagic: mircea_popescu: Well the wording in that section is slippery. My current understanding is to vary the information requires being able to manipulate program execution in other areas of the program.
bounce: if there's multiple code paths you can get there it gets more interesting still
mircea_popescu: midnightmagic this, ~as far as we know~ is probably true.
bounce: and named it, and registered a domain for the name
midnightmagic: mircea_popescu: That is from the heartbleed site. It implies more information is available, but it's information which is sitting in that specific area. It's a busy area, but it's just that specific area.
mircea_popescu: some of teh doods that reported it.
mircea_popescu: midnightmagic "There is no total of 64 kilobytes limitation to the attack, that limit applies only to a single heartbeat. Attacker can either keep reconnecting or during an active TLS connection keep requesting arbitrary number of 64 kilobyte chunks of memory content until enough secrets are revealed."
midnightmagic: mircea_popescu: No; that doesn't appear to be accurate. Ask whoever it is who is telling you that to describe how to target specific memory regions, because I'm fairly sure they're wrong.
tg2: pfs is pretty easy to set up
asciilifeform: no need to re-tell it here.
asciilifeform: the basics of priv elevation on common os variants is a subject beaten to death elsewhere on the net
mike_c: it is the process space for whatever is handling ssl connections.. so all ur keyz belong to us
mircea_popescu: tg2 the process memory for the process running the openssl code
benkay: cavirtex is sponsoring the caconf
mircea_popescu: or into how things such as the vidcard can be leveraged for this purpose./
tg2: is it only the process space for the webserver?
mircea_popescu: midnightmagic actually, it's pretty much all the memory. in 64k chunks, yes, but trivial to map it all out.
assbot: [HAVELOCK] [COG] [PAID] 6.17987915 BTC to 13`595 shares, 45457 satoshi per share
mircea_popescu: MisterE that bank shutdown/issue seems by and large unrelated to btc in any sense. just part and parcel of larger fin sector chinese woes.
Naphex: messing up their TX tables and getting bitcoins locked in addresses
mircea_popescu: Naphex keonne was sayin' earlier they got it fixed, waiting for him to pop back in cause i wanted to grill him a little
asciilifeform: 'bob the bridge builder' fucks goat after goat, has done a whole herd, but remains listed in the phone book under 'bridge builder'
asciilifeform: mircea_popescu: beautiful piece - but the fact that the phoundation will still be revered and fellated in the world media tomorrow tells us how firmly the buggers are still in control.
mircea_popescu: so take that!
mircea_popescu: an' for the record, just in case : http://trilema.com/2014/the-sins-of-the-group-of-posers-behind-the-so-called-bitcoin-foundation/#comment-98933
mircea_popescu: coolabuttoids too
mircea_popescu: asciilifeform https://trilema.com/2014/the-sins-of-the-group-of-posers-behind-the-so-called-bitcoin-foundation/ neh ? works if you want it, just, doesn't default to it. compatibility ftw.
mircea_popescu: BingoBoingo: benkay: A jog can't do the things Lithium can though <<< actually, afaik it does.
gribble: Bitcoin Lolcows, the musical. Today, Kludge pe Trilema - Un blog de ...: <http://trilema.com/2012/bitcoin-lolcows-the-musical-today-kludge/>; How does one list on MPEx ? pe Trilema - Un blog de Mircea ...: <http://trilema.com/how-does-one-list-on-mpex>; Bitcoin pe Trilema - Un blog de Mircea Popescu.: <http://trilema.com/category/bitcoin/>
mircea_popescu: ;;google trilema kludge the musical
BCB: mircea_popescu, what was the kluge scam?
mircea_popescu: the rest's on teh exchange.
mircea_popescu: there's that.
ozbot: The list of discontinued assets on MPEx pe Trilema - Un blog de Mircea Popescu.
BCB: mircea_popescu, you have any numbers posted market caps, exits (beisdes the very suspicious satoshi dice)
ozbot: A gas cloud collides with the black hole at the center of our galaxy, and we get to watch | PBS News
mircea_popescu: wait dudes! do you realise god spelled backwards is dog, and so the black lab meme and the bitcoin jesus meme just came together in a total and complete
mircea_popescu: hello this is you.
nubbins`: is this me?
nubbins`: is that you, john wayne?
mircea_popescu: mike_c is this also me posting ?
mike_c: forum lulz @ neobee: "The financial report that you all have been waiting for is ready. Total revenue from date of incorporation to date: ZERO."
mircea_popescu: and contrary to whatever you may have heard, ive done in fewer than that.
mircea_popescu: bout a dozen give or take
Duffer1: change the wording to what though? "a situation eerily similar to that of a fugitive" how is that different?
fluffypony: Aquent: because all the mtgox bagholders might panic and sell their coins on mtgox?
mircea_popescu: just promise me you don't come up with this nutty ritual of eating "my flesh and blood" later on.
gribble: WARNING: Currently not authenticated. Trust relationship from user benkay to user Aquent: Level 1: 0, Level 2: 0 via 0 connections. Graph: http://b-otc.com/stg?source=benkay&dest=Aquent | WoT data: http://b-otc.com/vrd?nick=Aquent | Rated since: never
Aquent: its just a suggestion - take it or leave it is of course entirely your choice
Aquent: right ok I would kindly and very respectfully ask you to change the wording
bounce: went on a hike with that neobee guy?
fluffypony: I bet he'll turn up in a StarBucks somewhere
Aquent: is that what you were refering to or....
mircea_popescu: a situation eerily similar to that of a fugitive.
Aquent: some article is saying he's gone to taiwan
nubbins`: ^ he got ya on a technicality
mircea_popescu: Aquent because that's what you call people who avoid showing up in court.
fluffypony: got a fabrication facility, and then it's packed and shipped from a picking/qc floor
nubbins`: my square cc reader showed up in the mail today, woo
mircea_popescu: do you build them in your garage like ? or got a little warehouse somewhere ?
fluffypony: OCLHashCat users and the GPGPU/GPUGrid crowd
mircea_popescu: o hey. so 3k frames closer to sanity, that's a public service.
fluffypony: but we've also had customers that aren't miners
mircea_popescu: kinda curious because the appalling situation of mining rig arrangements is a bit of a historical lolpoint
mircea_popescu: just curious if you wanted to say anything in public.
mircea_popescu: a well then no need.
fluffypony: mircea_popescu: I'll gladly send you the proposal if you have a bit of time to take a glance at it, just not too keen on sharing it publicly for all and sundry;)
BCB: mircea_popescu, he's still being paid by them
mircea_popescu: fluffypony so what are you planning to expand into ?
Naphex: mircea_popescu: guy probably had a short on bitfinex trololol
Naphex: mircea_popescu: i'm guessing any decent programmer that implemented the bitstamp API noticed that they do HMAC all wrong, also the guy who posted that, total douche imho :)
mircea_popescu: BCB no need to, because gavin did the right thing and quit.
BCB: mircea_popescu, tells us how you really feel about the BCF
fluffypony: but yes, peripheral services for miners is the primary aim of the business
mircea_popescu: o so you make rigs ? that's a pretty cool idea!
mircea_popescu: why didn't you warn us in time!
fluffypony: Naphex: the company is already making money, just not enough for the next lot of things we're doing :)
mircea_popescu: WHO WROTE THIS CODE
mircea_popescu: "so if you were to perform the request over an unsecured network, you could easily intercept and send a different payload without having to generate a new signature"
Naphex: wot schmot, fluffypony , go do your thing make some money, things will happen ;]
fluffypony: it means the trust graphs to me are all unhappy pandas
fluffypony: but because everyone's changed their rating of him to a negative
mircea_popescu: fluffypony a cool, look at that.
gribble: WARNING: Currently not authenticated. Trust relationship from user nubbins` to user fluffypony: Level 1: 0, Level 2: 0 via 1 connections. Graph: http://b-otc.com/stg?source=nubbins%60&dest=fluffypony | WoT data: http://b-otc.com/vrd?nick=fluffypony | Rated since: Sat Apr 6 08:20:32 2013
mircea_popescu: then that one establishes his credibility, over time.
fluffypony: mircea_popescu: already there
mircea_popescu: fluffypony one first gets into the wot.
ThickAsThieves: coins, bills, what's the difference?
fluffypony: if I'm looking to raise BTC-denominated funds privately as a company (angel investing, really) and don't want to go the IPO route in order to at least somewhat stave off the general discovery of trade secrets (for want of a better term), is there a generally accepted way of doing so? proposal has been drawn up already, just not really sure how one goes about finding BTC angel investor types
fluffypony: ok so I have a question that has nothing to do with bills
mircea_popescu: supreme court peering into "the intent of congress" is perhaps the largest inside joke in the us legal profession.
mircea_popescu: there's no such thing, a government/agency/etc is quite incapable of intent.
mircea_popescu: a but unrelatedly, as the possibility of intent in large institutional actors.
mircea_popescu: otherwise, we two could write a bill in that sense, right now. what of it.
mircea_popescu: ThickAsThieves i guess i was thinking more about "passed"
ThickAsThieves: i could see a bill being passed as being closer to "shat"
benkay: but you know, any of the two are great to have around, right?
benkay: mircea_popescu: more of a comment on myself than the world