log☇︎
778400+ entries in 0.496s
mircea_popescu: i'd like a mpex like thatr.
mircea_popescu: now that'd be interesting.
cads: So that if an adversary has captured the state vector they can only continue to simulate it faithfully
asciilifeform: turdware vendors are mightily annoyed that the occasional consumer, 'smarter than average rabbit', pries open and exposes their turdwork.
cads: I came up with the idea of encrypted computing when I was thinking how to design an autonomous AI agent that cannot ever have its state vector interrogated or partially simulated.
cads: you may have to excuse my ignorance of the commercial or political side of this work
asciilifeform: cads: look who is working on this, and why. or do i have to draw a picture.
asciilifeform: problem is (well, depending on how you look), the consumer is to be on the 'wrong end of the barrel' for this one.
cads: right, currently it's amazingly inefficient and not general, and I also believe there are unfortunate theoretical limits to the power of any such approach
asciilifeform: cads: exists (provably not in the general case, but for many particular cases, sure)
cads: Which could give us some padding between the software agent and untrusted underlying hardware.
asciilifeform: garden variety winblows box could busy a thousand auditors for a thousand years.
cads: asciilifeform: that brings us to study methods of invalidating the security properties by changing aspects of the substrate system that the security properties gloss over or assume by fiat.
mircea_popescu: asciilifeform your dream of software that's unauditable by the user is getting closer and closer huh
asciilifeform: of course, no need for such shenanigans if the box is already built of 'cooperative' iron.
cads: fair enough, then even the most correct formally proven software should expect some faults due to underlying hardware.
asciilifeform: (if cosmic rays are insufficient, someone might be so kind as to pump some ionizing strange through your server. or merely turn up the thermostat in the cage. etc.)
cads: hmm, the verified software I've read about uses security properties which are proven via a formal proof assistant in a standard logic.
asciilifeform: 'ECC' memory is largely absent from consumer turdware. i wait for the box running your 'proofy' crap to be hit by cosmic ray.
asciilifeform: example, for the thick:
asciilifeform: the idea that bugs are being banished anywhere by this obscurantist crap is nonsense.
asciilifeform: we aren't seeing proof in the mathematical sense. only (apologies to bush the lesser) - 'proofiness.'
cads: It does feel like you're concentrating the bugs into a very rare and amazingly lucrative bug class
cads: But I'm optimistic since we can study the theory of what should constitute a correct and effective security property
asciilifeform: or something as mundane as the hardware.
mircea_popescu: you can now have no bugs except that sort of bugs you'll never find
cads: And that's the part that hits my stomach with dread.
cads: And I appreciate that this makes it /easier/ to avoid bugs - the only place a bug can now live is in the security properties you prove about your access model.
asciilifeform: and this requires a 'bonfire of the' complexity.
asciilifeform: it is an attempt to hide head in the sand, escape from the fact that the only way to guarantee expected function is: actual understanding
cads: I appreciate that we can create a kernel of security properties and then prove it about our access control model, and then build the system on that.
asciilifeform: the whole 'automated proofs' business is fundamentally turdalicious
cads: for example UC's Quark verified browser kernel or the NICTA's l4.verified project.
asciilifeform: attempts at 'transitioning from the informal to the formal by formal means'.
asciilifeform: (as discussed in a turd of mine, http://www.loper-os.org/?p=1390 and elsewhere)
mircea_popescu: o ya definitely likes the c0q
mircea_popescu: cads so send them over.
mircea_popescu: anyway, reference to the "java man"
asciilifeform: it's hilarious. they have people 'formally verify' DRM crud.
BingoBoingo: asciilifeform: Most Land Grants had them back in the day.
cads: mircea_popescu: sell some Coq nerds on the importance of implementing a formally verified blockchain algorithm and further specialization to a btc implementation :)
asciilifeform: (i once discovered that my uni used to have a rifle range. gone.)
mircea_popescu: or for that matter make it fire solid metal ordnance.
benkay: sure but then you're not really putting the barrel through its paces are you?
mircea_popescu: a howitzer can fire blanks on the football field just fine
mircea_popescu: benkay you don't have to make the shells actually do anything you know ?
asciilifeform: obligatory link to the MIT lamp video!
benkay: u want shells too sir?
asciilifeform: implementing btc would be a little like having the mech eng. students build a working howitzer.
mircea_popescu: merely gotta do the work.
cads: I'd love to see a haskell or agda implementation
asciilifeform: 'yesterday's nobel prize is tomorrow's homework'
mircea_popescu: asciilifeform maybe i'm blinded by zeal but seems to me sed is actually harder.
mircea_popescu: all the unspeakable depth of pitecantropic refuse
mircea_popescu: cs professors who failed to have the kids implement bitcoin in 2013
mircea_popescu: "humanities" "professors" that have no idea what a college is and can not speak latin,
asciilifeform: perhaps vaccum cleaner is the wrong picture. more of an idiot with mouth open, catching raindrops.
mircea_popescu: so they can go around pretending like they're things they could never be.
mircea_popescu: we're fortunate to live in a world where nobody has any clear measuring stick to be able to measure exactly how tall the pile of shameful excrement they find themselves under is.
benkay: most us unis i've been to are similarly oriented around hoovering up research + dod monies asciilifeform
asciilifeform: that is its primary function, with the students as an afterthought (read: source of cheap labour)
asciilifeform: can't speak for other unis, the cs dept. i studied in was a vacuum cleaner for slurping up DOD moneys
mircea_popescu: "what, you have not implemented bitcoin as a term project ? you're defunded. 100%"
mircea_popescu: and i seriously do not understand what a rector must be thinking to not close down their cs department after this
Bugpowder: How to blow 1000BTC in under 5 minutes.
benkay: mircea_popescu: cs departments are for research. mechanical and ee departments are apparently where you learn to actually weld shit together.
mircea_popescu: this'd have been anyone's term project if i were teaching.
benkay: mircea_popescu: it's a goddamn shame that everyone's leaving it to the self-taught hacks
Bugpowder: man, gox back down to where it started... what a derp
mircea_popescu: as in a sane world no uni with a cs department could have done anything else in 2013 as a term paper
mircea_popescu: there are 5k universities proposing they have cs departments, which is a fraud
asciilifeform: copy/paste vs. actual thinking.
mircea_popescu: yet nobody went "ok, the ideas are quite clear, let's do this then"
mircea_popescu: one thing i can't for the fucking life of me understand is why on earth has nobody made an actual competing implementation.
mircea_popescu: well yeah in ashell environment. not quite that much flexibility in bitcoin scrupting
asciilifeform: mircea_popescu: right. you arrange to have the turd jumped to after sig check.
mircea_popescu: just the signed part.
mircea_popescu: asciilifeform the diference here being of course that you're not expected to run the whole turd
copumpkin: it picks up about halfway through
copumpkin: I'm a big fan of the tune in sonmi-451 meets chang, and the various times it recurs throughout the rest of the soundtrack
cads: copumpkin: you're right, this is good
BingoBoingo: Mark's face is shaped in such a way, I imagine, he imagines he can just hug away the scam.
asciilifeform: re: tx issue: this is reminiscent of microshit's EXE signing. where you can append whatever to the signed turd and it still passes checksum.
BingoBoingo: Well, then there is the third mistake, scam.
BingoBoingo: mircea_popescu: Well so far it is at least two mistakes on Gox's part leading zeros and txid as database primary key.
cads: if a soundtrack is good I usually watch the movie
mircea_popescu: but apparently the php lolcat interpreter adds leading 0's to O RLY?/OIC blocks or something
cads: copumpkin: You've got me piqued on the soundtrack
BingoBoingo: Cutting those zeros changed the txid though.
mircea_popescu: mtgox was at least 5 times told to stop with the idiocy.
mircea_popescu: ^ that'd be acurate.
BingoBoingo: Anyways, the problem in Gox's case is they kept leading zeros in their signatures. Everyone else was like STFU that's dumb. Eventually some nodes started correcting this mistake.
mircea_popescu: watch it abd blog about the experience, i never saw it.
copumpkin: I like the soundtrack
mircea_popescu: but they're defo not a flaw.
copumpkin: it's not ideal and the devs are trying to adjust it
mircea_popescu: like tits, they get cold and flop arouind and your nipples hurt and everything,
pankkake: apparently there are easy improvements http://blog.oleganza.com/
benkay: the flaw is in people using the txid as a bookkeeping device which satoshi explicitly warned against iirc
benkay: anyways, this malleability thing as mentioned above is not really a flaw, cads.