76500+ entries in 0.621s
Framedragger: ah,
i see kk re. ctypes vs the older interface..
phf: just to clarify it doesn't use ctypes, it's using the old
https://docs.python.org/2/extending/extending.html api. which
i suspect is faster, since you're constructing python objects immediately, rather than across the ffi boundry the way ctypes/CFFI would have to naturally do it
phf:
i wouldn't say it's evil nor not evil
Framedragger: phf: given this, would you even say that what pycrypto does is evil,
i wonder..
i mean if it uses ctypes ~properly
Framedragger: BingoBoingo: it's a single php file, relatively elegant
i'd say. the logic is in redirect() (line 212 on v1.07 of plugin) if you want to verify lack of satan. seems ~relatively harmless but
i no wp plugin masta
phf:
http://btcbase.org/log/2016-12-27#1590973 << hah, pycrypto is ~all~ c. python has this ffi mechanism, where import can work on an .so and there are standard hooks for registering/providing python object equivalents from your c code. in this case
i don't think there's a single python line in pycrypto at all
☝︎ Framedragger:
i don't know if redirection plugin does that. if you mean that a plugin would add a new line to htaccess then yeah that's retarded. don't think that's how it works
mircea_popescu: incidentally, there must also be a "timing" attack that relies not on time but on properties of integers. and no
i don't mean birthday attack - if your hashing is an arithmetic process then necessarily the fundamental fact that "primes count is log integers count" in some sort of restatement is going to bite you somewhere.
Framedragger: there are some reasons for it
i suppose? avoid timing side channels etc
mircea_popescu: anyway,
i think it's poetic, like a month that keeps increasing in day count as
i add more pictures. a sort of bizarre astronomy of a planet that slowly distances itself from the sun thereby decelerating and thereby more and more earth days are needed to complete its monthly cycle.
mircea_popescu: speaking of which,
i've had trilema changed so that it publishes a "random" header each day out of my apparently extensive collection of 32! different ones.
mircea_popescu:
i suppose in a forgotten sense this is actually what "competing" means ; walk is "leg competitive" in the sense that the movement of one drags/forces/impels the movement of the other ; tissue growth is competitive in the sense that conjunctive growth drives medular growth and medular growth drives conjunctive growth ; the very chinese (these days) "barracks area B planted roses, can we from barracks area C allow ourselves to
mircea_popescu: ben_vulpes
i r guess in some cases trilema titles are too trite.
ben_vulpes:
i feel a great disturbance in the force, as though a thousand seo experts were suddenly rousted from sweet slumber
ben_vulpes: in oooother lols, at least bing puts trilema on the first page of results when
i search by article title
ben_vulpes: well
i can't seem to get it to and now we have
jurov: that's up to you how you normalize it.
i see three levels - the public key itself (N), any additional information needed to verify signatures (e), and everything else
Framedragger:
i guess one may have a database of keys, as well as a table of signed-with-key nicknames which establish someone claiming a nickname for key? sort of gns. alternative scheme is to have any kind of aliasing be local, as per gossipd. less convenient for things like looking up nickname in wot.deedbot.org of course.
Framedragger: with regards to keyserver, my use of them makes me biased in the sense of thinking of keys as necessarily having user IDs in them. "key has some particular holder". not really the case
i guess :)
jurov:
I hope the answer to "two distinct people in wot having the same N" is clear.
Framedragger: but you're right,
i suppose
i have ornithology in mind here, which is not relevant. that's a separate thing, really. it's exactly an observation which shows an association (key <-> holder at some point in time).
jurov:
i was thinking we're in keyserver context, not ^ this
Framedragger: (so
i don't know. maybe 'keyholder' is really not a property of a key. which
i guess it isn't; so maybe
i'm just generating noise)
Framedragger: all this while acknowledging that if you have same N, you have, *for practical purposes*, same key. but maybe
i've messed it up in my head.
Framedragger: (well, the scheme as proposed does use a particular hashing func (sha256), so that part is contestable
i suppose.)
Framedragger: quite!
i'd say it's flexible and elegant (in terms of minimal complexity) enough
shinohai: BingoBoingo: the text is the same as the article
I submitted earlier?
Framedragger:
i mean, a way to request full public key, with some stable/deterministic permalink url format.
pete_dushenski: this is only partially disappointing because
i) no one ever said macs were computers anyways, and ii) who doesn't like new toys ?
pete_dushenski: mircea_popescu:
i guess too busy making lasagna and quiche (like rest of tmsr!). homemade nanaimo bars too.
phf: (
i remember there being a standalone sha256 (?) version for sbcl, but
i can't find it now. everything crypto that's coming up re lisp is ironclad.)
mircea_popescu: check that out, there's no actual fips 180 past 1 published online. because why the fuck would there be. anyway,
i can't source this "The SHA512/384 spec says that the final bit length of the message is to be stored as a 128-bit (!) integer at the end of the message." assertion. as best it can be determined the blocks are either 512 (for sanity) or 1024 bits (for 384 hmac etc)
mircea_popescu:
i see the link.
i suspect variant sha512 implementations.
mircea_popescu:
i have nfi why it was even specified other than a love of bloat. all the bs 224 384 blabla does not belong. either you word allign or go away.
phf: it also has rsa, but ~rsa~ only,
i.e. no openpgp containers, etc.
ben_vulpes: well that'd be in stark contrast to the claim
i remember
a111: Logged on 2016-12-25 15:51 Framedragger:
i don't suppose anyone here has messed with android 'adopted' storage? (use sd card as internal encrypted android storage.)
i'm trying to recover files from a half-broken 32GB sd card which has weirdo android-internal partitions and encryption.. oh god
mircea_popescu: "
I knew Obama was looking to take sweet revenge against Israel and Netanyahu. Since he was elected in 2009, he was hostile to settlements and Netanyahu. He revealed his true face with an anti-Israel decision but Netanyahu and Israel will defeat him." << they very likely will, too.
Framedragger: mircea_popescu are you referring to the time-honoured "put some irc logs into deedbot" practice? :D (that
i'd seen)
mircea_popescu: the problem of saving html soup well is hard ; phf announced working on it some time ago but
i dunno how it goes.
Framedragger: unrelated; such heavy reliance on archive.is by qntra, irc forum et al. scares me. it seems to be doing ~fine and
i like the owner's attitude (
http://archive.is/faq), but 'someone' should make another one
mircea_popescu: anyway, the idea is maximum power for the user. a scheme whereby
i am forced to check all seals for each patch dispowers me ; a system whereby
i can always resolve each patch in at least 1 checks or however many
i feel like doing empowers me.
ben_vulpes: in which
i realize that to get code review in tmsr you have to paste it into irc one line at a time
ben_vulpes: look
i'm pointing at a promisetronic bit of v and saying "hey look
i think this is a bit floppy"
ben_vulpes:
i was holding that one in abeyence for lols
mircea_popescu:
i dunno how either the current method adds complexity (show this ?) or the alternative isn't rank insanity. why should
i have to look at >1 seal to verify a patch ?
mircea_popescu:
i don't get it. suppose you ran a maternity ward, would you go "adding nametags to the kids adds complexity, just send the mothers naked in a room fulla puppies let them pick which fit to their teat" ?
ben_vulpes: it costs in complexity, yes. could be argued that it is a very minimal cost, but
i would still prefer to "pick any signature from .seals that verifies" instead of the by my read promisetronic "pick any signature whose filename contains the filename of the patch under verification"
ben_vulpes:
i suppose there's no practical way around the patches and signatures sharing a prefix.
ben_vulpes:
i was a bit surprised that sb-ext:run-program did not signal a condition when the program so ran exited with something other than zero.
ben_vulpes:
i explicitly tested error code downstream of sb-ext. it's not that it "doesn't pass error codes" it's that error code is surfaced in the process struct that sb-ext:run-program returns
ben_vulpes: so
i'm writing some trivial conditions for when it does fail, which means handling eg missing gpg keys
ben_vulpes: fwiw
i have a full-killer sitting in my workdir, for release later
ben_vulpes: what guarantees have
i of this "should"?
ben_vulpes: asciilifeform:
i'm happy to implement post-patch hash checks
ben_vulpes: asciilifeform, mod6: subject of "making things 1000x more complex"
i embarked on handling various conditions a v might encounter (missing pubkey, unsigned patch, mismatched hashes after a press...) and
i daresay the volume of code must increase!
BingoBoingo: What
I have found interesting is that the professed liberals only began reacting to it when
I posed the possibility after 24 hours."
BingoBoingo: lol "
I suspect old Bingo is something of a disinformation hoax.
mircea_popescu: "
I suspect old Bingo is something of a disinformation hoax."
ben_vulpes:
i only really know what one of the courses is, am content to let the chefs work their surprise magic
ben_vulpes:
i'm not even going to start on the five courses currently under preparation
diana_coman: mircea_popescu>
i went around distributing tinned biscuits this morning. <- it gave me this fleeting image of a red-hatted mp with a huge jar going round the neighbourhood
ben_vulpes:
i assume good mushroom, $girl went out and selected them from the hipsters herself
mircea_popescu:
i went around distributing tinned biscuits this morning.
ben_vulpes: where 'convince' is something along the lines of "no seriously you have all the ingredients it would be a sin to not make it. also
i want it. so..."
ben_vulpes: and
i have 'convinced' the girls to make the traditional family coffee cake
BingoBoingo:
I'm not in a bar, but
I have some vague memories of what bars were like.
mircea_popescu: BingoBoingo how the fuck all these mytologizing gimps fail to point out that loch ness' job was to bring down al capone, AT WHICH JOB HE FAILED ? he's like the che guevara of the gynecaeum
i swear.