log
▁⏐
asciilifeform: ( and yes, archive.is uses shitflare , continuously )
asciilifeform: 'I don't know if this issue was noticed and exploited, but I'm sure other crawlers have collected data and that users have saved or cached content and don't realize what they have, etc. We've discovered (and purged) cached pages that contain private messages from well-known services, PII from major sites that use cloudflare, and even plaintext API requests from a popular password manager that were sent over https (!!).'
asciilifeform: usg.google, unsurprisingly, has top priority of... purging 13333337 s33333kr1tz from its public caches.
asciilifeform: because this unrapes, apparently, someone.
asciilifeform: https://archive.is/X00QT << from the horse's mouth.
asciilifeform: 'The underlying bug occurs because of a pointer error.'
asciilifeform: pretty lulzy that they had the 'how we FOUND our BUG!' document hot an'ready to broadcast.
asciilifeform: ok this is delicious, but i must briefly revisit upstack: mircea_popescu , mod6 , or anyone else in my l1 who wants to ssh+wire-peer with dulap: please gpggram a ssh rsa pubkey to me.
mircea_popescu: heh
mircea_popescu: so basically cloudflare is a piece of shit. whoa.
deedbot: http://www.dianacoman.com/2017/02/24/basic-toolchain-for-blender-cal3d-crystal-space/ << Ossasepia - Basic toolchain for Blender – Cal3d – Crystal Space
mircea_popescu: meanwhile in termic engines, http://68.media.tumblr.com/b690d4d66a18d5f44de2edf2d68bb0d4/tumblr_o8jfq0HgWU1ulgtj6o1_500.gif
asciilifeform: l0l!!
asciilifeform: 'opposed piston engine'
ben_vulpes: asciilifeform: this is quite neat
ben_vulpes: how many hours does it take to pay your rent?
asciilifeform: hm
asciilifeform: i'm usually sold by the pound...
mircea_popescu: i thought you were sold by the year+
asciilifeform: typically
ben_vulpes: http://68.media.tumblr.com/tumblr_ma0ai6YR1E1re5z1ko1_1280.png
mircea_popescu: ben_vulpes you're not going to get a straight answer.
ben_vulpes: mircea_popescu: not looking for an answer, it's a compliment on the his prolific output
mircea_popescu: scary
asciilifeform: dulap down for next 3 minutes, folx
asciilifeform: (only node, rather, on dulap)
asciilifeform: ben_vulpes: you got reversin' that needs doing, or wat
asciilifeform: aaaaaaaaaand we're back.
asciilifeform: no moar ping-reject.
asciilifeform: aaaaaaaaaaand wire-reconnector worx!
asciilifeform: ( what this looks like : you get some, e.g., 'WARNING: disconnecting wire 127.0.0.1:9000 ! (will retry...)' in the debug log. until the wire peer is happy to eat again . )
asciilifeform: lulzily we're banning ~100% of prb nao because they ~insist~ on shitting out 'alert' packets
asciilifeform: (mine, and any other malleus-enabled nodez, will ban.)
asciilifeform: 22 peers.
veen: http://btcbase.org/log/2017-02-03#1611108 << soliciting further input on this question☝︎
a111: Logged on 2017-02-03 15:53 asciilifeform: not a difficult patch, but remains to ask, for which kernel.
asciilifeform: what would you like to know, veen ?
veen: consider a kernel patch to bypass /dev/*random insanity with say "just open and read such-and-such file which i trust has acceptably random bytes in it"
asciilifeform: veen: file ? you gonna store the position somewhere ?
veen: linux, or BSD?
veen: by way of example, imagine /dev/random is just an alias for e.g. /dev/fuckgoats
asciilifeform: let's suppose you trip over the cable. for sake of argument -- what then
veen: it blocks
asciilifeform: or suppose you have -- as i recommend - three FUCKGOATSen.
veen: you would
veen: up to your fuckgoats hardward or driver, i suppose
asciilifeform: there's no driver, veen , it's a tty
veen: maybe i'm coming at this in completely the wrong way
asciilifeform: it plugs in through a ttl to usbuart plug
veen: sure sure, wavehands, whatever
veen: put it this way, i couldn't figure out how to generate a gpg keypair with fuckgoats, because gpg reads /dev/random, and i couldn't work out how to get fuckgoats (or any other file-like) shimmed in there
asciilifeform: my point is, sane proggy oughta know how to eat multiple /dev/ttyUSB0, /dev/ttyUSB1, ... however many, correctly.
asciilifeform: and there is no reason for it to happen in the kernel .
asciilifeform: i would say 'replace /dev/random in gpg source with /dev/fg and build' but the rng in gpg is monumentally retarded and i disrecommend its use entirely
veen: be that as it may, we don't inhabit a world of sane programs
asciilifeform: veen: have patience, i have only 2 hands
veen: great, but gpg is only one of n programs on my system that need good random numbers, and i don't care to recompile them all
asciilifeform: ( http://btcbase.org/log/2017-02-23#1617259 << thread today )☝︎
a111: Logged on 2017-02-23 19:28 mircea_popescu: how's that coming along ?
asciilifeform: veen: rng in gpg has serious problems , on top of using /dev/random
veen: oh it runs output of /dev/random through it's own ('cs')prng?
asciilifeform: see also http://qntra.net/2016/08/rng-whitening-bug-weakened-all-versions-of-gpg .
asciilifeform: aha.
veen: fun
trinque: just to entertain the thing, since dev's this fancy udev thing now, could have some udev rule to delete /dev/random and plop another device node in its place, via symlink or w/e
asciilifeform: theoretically.
asciilifeform: there are some nuances though.
asciilifeform: you MUST kill flow control
asciilifeform: or the tty will LOSE CONTROL CHARS !!!!
asciilifeform: i.e. NOT emit flat spectrum of octets 0x00 - 0xFF !!!!!!
asciilifeform: because unix is retarded
asciilifeform: and this exists.
asciilifeform: the requisite necks for it to unexist, have not yet been broken.
asciilifeform: you also MUST have some means for not attempting to cryptoate if the device for whatever reason is not functioning.
asciilifeform: (there is a red alarm lamp on the pcb to alert in case of analogue rng failure, but it is theoretically possible for the circuit to break outside of FUCKGOATS proper)
veen: wait, what in the loop cares about control chars?
asciilifeform: veen: linux, by default. because it was dropped as a baby.
asciilifeform: loses, e.g., 0x03.
veen: i'm imagining arch like: device -> udev fuckery -> prog reading /dev/random
veen: where's the problem?
veen: unless i'm grossly misunderstanding the sematics, reading /dev/random for infinity should produce dat sweet flat spectrum, right?
asciilifeform: stty -ixon
asciilifeform: iirc.
asciilifeform: ^ cure
asciilifeform: rather, stty -ixon /dev/yourfg
veen: specific to tty devices no?
asciilifeform: well yes.
asciilifeform: on a unixline, FUCKGOATS shows up as a modem.
asciilifeform: this is deliberate, the os has no business knowing what it is.
asciilifeform: or how many you have.
asciilifeform: !#s specificity
a111: 60 results for "specificity", http://btcbase.org/log-search?q=specificity
veen: asciilifeform: what are known-good, currently-doable usecases for FUCKGOATS
asciilifeform: veen: there's the one you described (conventional gpg with string '/dev/random' ripped out and replaced with the correct) ;
asciilifeform: there are also others ( e.g., generating onetimepads; or in general input for any proggy that sanely eats input )
asciilifeform: there is (not yet released) 'p', mentioned in earlier thread today, which will eat from 1 or more FGs
asciilifeform: there is also http://www.loper-os.org/?p=1762
asciilifeform: which behaves sanely, eats from wherever you want
asciilifeform: you can also feed, e.g., monte carlo algos, from it
veen: my reasoning is that if the semantics of /dev/random is that, taken over infinity, it emits flat spectrum of octects, and lots of binaries in the wild have that assumption baked it, why not coax kernel into allowing FUCKGOATS to fulfill the contract of /dev/random directly?
asciilifeform: veen: specificity-of-diddling. by using one centralized entropy pool that the os knows about, you make enemy's work slightly easier.
asciilifeform: which is why /dev/random was a terrifyingly bad idea from day 1./
veen: well, a paternalistic idea if nothing else
mircea_popescu: http://btcbase.org/log/2017-02-24#1617373 << the importance of this can't be understated. if f(x) = 4 it matters VERY little what 'rng" you feed f.☝︎
a111: Logged on 2017-02-24 01:40 veen: oh it runs output of /dev/random through it's own ('cs')prng?
veen: not sure that recompiling gpg to read from /dev/fg really frustrates enemy all that much
mircea_popescu: and gpg is not very far off this ; neither are ALL usg produced programs you are running.
mircea_popescu: so, you may not ~care~ to compile them all ; but whether you are interested in war or not -- war is interested in you.
veen: importance of what specifically?
veen: seems gpg tried to sovereignty-wash a source of entropy and here it is bearing your criticism anyway
veen: how is /dev/fg not centralized entropy pool?
asciilifeform: veen: i, for instance, am sitting in front of a box with 11 hardware ttys
mircea_popescu: review the thread re centralization recently. it's centralized at the sane place.
asciilifeform: which ones are FGs
asciilifeform: takes actual work to determine
asciilifeform: and the work is 100% unique to the setup, which is not known in advance to anyone
asciilifeform: as opposed to 'just break /dev/random'
veen: so you've got /dev/fg0 thru /dev/fg9
asciilifeform: nope
asciilifeform: i've got /dev/tty.....
asciilifeform: without seeing the rack, you don't know which ones -- if any -- are fg; and which one is my air conditioner; etc
veen: security through obscurity eh?
mircea_popescu: this concept gets abused a lot.
asciilifeform: veen: security through not conveniently labeling 'here i keep the crown jewels' in advance. it multiplies.
veen: aye
mircea_popescu: would you propose the usg "invisible fighter" program is "security through obscurity" ? because... it is.
asciilifeform: every bit in a private key is an 'obscurity' item.
mircea_popescu: cryptographical security is one thing ; operations security is another.
asciilifeform: mircea_popescu: looks like we have another '20 minute block'
mircea_popescu: because cryptography deals with absrtacts only, the kerckhoffs standard makes sense. but whenever items with an associated mass are involved, things change.
veen: to explain my reasoning by way of donning my engineering hat, i saw an existing contract of the form "noise comes out here" and a deficit default implementation, and proposed a better impl
mircea_popescu: it's not clear how your proposal was an implementation, or better. delve please.
veen: but it sounds like the sentitment here is using a well-known noise fountain is a vulnerable one
veen: proposal != implementation, obviously
mircea_popescu: actually, the sentiment here is that ~all usg code is just reused scraps of the same stale old crap. this sentiment is fed by you know, us having cut up the usg toys numerous times and having run into the same bits.
veen: proposal is replace output of linux csprng-crazy that underlies /dev/random with the output of FUCKGOATS
mircea_popescu: that sameness allows the enemy some levers it needn't have, first of all in its own safety's sake.
mircea_popescu: veen ok. how is it better ?
veen: surely we all agree that linux-csprng < FUCKGOATS
mircea_popescu: yes. but if you then turn around and feed that into userland shitprng, you've not impoved anything.
veen: what is at issue at this point is use of /dev/random at all, regardless of how it is implemented
mircea_popescu: well the only argument pro i'm aware of is "it's there already"
veen: and widely depended upon
asciilifeform: iirc argument was ' i dun wanna recompile gpg '
mircea_popescu: so it may make sense as a convenience thing to symlink it to your fuckgoats tty. but don't expect you've now thereby fixed the system
veen: userland shitprng is a wrinkle indeed, one i wasn't aware of until this thread
mircea_popescu: asciilifeform stronger argument than it seems. leaving aside the static issue, it's not even a given gpg compiles at all.
veen: by that token s/\/dev\/random/\/dev\/fg/g again gpg src doesn't help us either
asciilifeform: mircea_popescu: we had half a dozen people here repeatedly build gpg-1.4.10 back in august, recall
mircea_popescu: lol he escaped the slashes, isn't he adorable :D
asciilifeform: during the great wild goose chase.
mircea_popescu: asciilifeform on his system ?
asciilifeform: on various junk
mircea_popescu: yes but.
mircea_popescu: listen to the words of he who suffers this weekly with eulora.
veen: sounds like solution for gpg is rip out `char shitprng();` implementation and replace it with one that calls a trusted noise source
mircea_popescu: pretty much.
mircea_popescu: the only thing is that gpg is already obsoleted becauyse of its inane fingerprinting scheme
mircea_popescu: so it's getting replaced altogether.
veen: is this new as of the SHA1 nooze yesterday?
mircea_popescu: yeah, see teh log.
veen: oh i saw it
mircea_popescu: a ok. that.
asciilifeform: mircea_popescu: holy fuck, 454403 14 minutes (and counting) on dulap; verified on zoolag in 15 seconds
mircea_popescu: myeah
veen: http://btcbase.org/log/2017-02-03#1611107 << beside, mircea_popescu said it first☝︎
a111: Logged on 2017-02-03 15:52 mircea_popescu: we should prolly publish a kernel patch
asciilifeform: veen: it isn't that it is a catastrophically bad idea, compared to what is currently on your box -- rather, it is an example of something you do not want to cement in long-term use
mircea_popescu: it's not a bad idea at all ; it's just not a (complete) solution.
asciilifeform: mircea_popescu: ONLY NOW verified 454403!
asciilifeform: ^brain-melting
mircea_popescu: it's worth keeping a farm of vartious nodes just to watcdh them struggle with the chain. pretty interersting data.
asciilifeform: i have this duo, scrolling on opposite lcds
asciilifeform: (via http://btcbase.org/log/2017-02-23#1617304 )☝︎
a111: Logged on 2017-02-23 23:52 asciilifeform: [BTC-dev] (EXPERIMENTAL) A Recipe for the use of Wires via SSH Tunnels.
veen: i suspect we'll never reconcile the "must build snow-flake" paranoia with drive to make architecture which can be reasoned about
mircea_popescu: the what now ?
asciilifeform: veen: snow flake ?
veen: http://btcbase.org/log/2017-02-24#1617433☝︎
a111: Logged on 2017-02-24 02:15 asciilifeform: without seeing the rack, you don't know which ones -- if any -- are fg; and which one is my air conditioner; etc
mircea_popescu: i confess i have nfi what you're talking about.
veen: forget it, it's a low value point i've already attempted to make
asciilifeform: veen: let's try a historical angle. according to legend, emperor qin shi huangdi (same d00d as known for taking the 'immortality pill' and promptly croaking) had a palace with 1,500 rooms. and would not tell anyone in advance which one he plans to sleep in on a given night. and which ones he would put cutthroats in, ready to kill anyone who opens door. think 'minesweeper.'
mircea_popescu: what i'm more interested in is this apparent limit on "what can be thought about" based on some sort of i'm not even sure what. is it the case that i can't think about women now ?
asciilifeform: the emperor is the earliest, known to me, inventor of 'specificity of diddling' lemma. see logs, very informative.
asciilifeform bbl
veen: bbl
asciilifeform back...
asciilifeform: also http://therealbitcoin.org/ml/btc-dev/2017-February/000252.html has typo! and nobody noticed!!1 chown oughta be, of course, chmod.
mircea_popescu: !negrate asciilifeform typos.
asciilifeform: aha, i oughta not've used my anal handz!!1!
asciilifeform: oughta use front hands.
mircea_popescu: aha
asciilifeform: phun phakt: the 'anti-selfconnect nonce' in bitcoin, never worked
asciilifeform: my wired nodes still find each other via addr.dat and open ~second~, plaintext tcp pipe...
asciilifeform: and happily chat on it, like cat talks to mirror
asciilifeform: this is solvable via iptables, but uggly
asciilifeform: probably we want a -dontuse=an.ip.goes.here flag.
asciilifeform: (to clarify: nonce prevents ~only~ self-talking, but not external dupes)
asciilifeform: also mircea_popescu the 'node as paid service' thing now can actually exist.
asciilifeform: in principle.
asciilifeform: turns out, i just built it.
asciilifeform: (any takers..?)
mircea_popescu: rent out ssh pipes ?
asciilifeform: aha
mircea_popescu: yeah not bad.
asciilifeform: ultimately i'ma tear down the tunneltron and replace with 'g'. but same idea, topologically.
asciilifeform: unbitflippable direct pipe to large trb node.
asciilifeform: lulzily enough, back in.. 2013..? mircea_popescu described how Serious Folx, incl. miners, already do this.
mircea_popescu: why's that lulzy
asciilifeform: because only now exists in a public proggy.
asciilifeform: can't help but wonder how much, or little, theirs resembles mine. just as brits wondered how much nazi 'freya' radar, resembled brit radar
asciilifeform: (spoiler: was a mega-downer)
asciilifeform: iirc mpb also had something equiv. to 'wire'.
mircea_popescu: yes ; but doesn't use sshtunnel. more vpn-ish sort of architecture.
asciilifeform: wire is agnostic of tunnelator.
asciilifeform: it was made for 'g', the ssh thing is temporary.
mircea_popescu: yeah.
asciilifeform: the essential thing is nondisconnectable nodes.
asciilifeform: (stock trb will happily drop ~anyone~ on the floor, for dozen different reasons, incl. 'we used him for too long')
asciilifeform: https://archive.is/HBLyJ << vx, claimed. was my suspicion also. chick prolly fed , e.g., pralidoxime, ahead of doing the deed.
asciilifeform: ( or butyrylcholinesterase, or one of the other lulzies asciilifeform worked on when slaving for usg )
mircea_popescu: i dunno, nerve agents are usually irritant.
asciilifeform: nope, not vx
asciilifeform: it is a liquid, similar to motor oil, at room temp
mod6: <+asciilifeform> [BTC-dev] (EXPERIMENTAL) A Recipe for the use of Wires via SSHITunnels. << cool! thanks alf.
mircea_popescu: i suppose.
asciilifeform: yw mod6
asciilifeform: btw i find it strange that the local orc docs did not notice classical picture of organophosphate poison
asciilifeform: (pupils the size of pinholes, etc)
mircea_popescu: i dunno that guy who got splashed vx would go around complaining that hey, i got splashed ten minutes ago.
asciilifeform: in asia it is common suicide method (not, granted, with vx! but with weaker commercial pesticides)
asciilifeform: mircea_popescu: he would, if it were dilute / in dmso.
mircea_popescu: also, the russians would have probably ventilated their guy into ~survival.
asciilifeform: complicated. pediwikia lies, paralysis of breath is not the only problem.
mircea_popescu: asciilifeform the administration route is terrible, how the fuck do you dose the ingestion through splashing.
asciilifeform: permanent cns rot.
mircea_popescu: sure.
asciilifeform: mircea_popescu: it's as braindamaged as northkr's linux distro. but seems like worked!
asciilifeform: i could even picture that the original plan included offering d00d antidote, if he comes along..
deedbot: http://phuctor.nosuchlabs.com/gpgkey/B6F7716FB330D2289C4738E5469CA944BBE9C65BD00099E4F03A5EAB8049E80F << Recent Phuctorings. - Phuctored: 1453...7459 divides RSA Moduli belonging to '87.237.120.158 (ssh-rsa key from 87.237.120.158 (13-14 June 2016 extraction) for Phuctor import. Ask asciilifeform or framedragger on Freenode, or email fd at mkj dot lt) <ssh...lt>; ' (nb2508.virtualhosts.netbuild.net. DE)
deedbot: http://phuctor.nosuchlabs.com/gpgkey/B6F7716FB330D2289C4738E5469CA944BBE9C65BD00099E4F03A5EAB8049E80F << Recent Phuctorings. - Phuctored: 1591...6403 divides RSA Moduli belonging to '87.237.120.158 (ssh-rsa key from 87.237.120.158 (13-14 June 2016 extraction) for Phuctor import. Ask asciilifeform or framedragger on Freenode, or email fd at mkj dot lt) <ssh...lt>; ' (nb2508.virtualhosts.netbuild.net. DE)
deedbot: http://phuctor.nosuchlabs.com/gpgkey/C300E7F53E93306CE671E9C2BEE2440C21AE8142202BD8E090FFA40BFF361FDA << Recent Phuctorings. - Phuctored: 1372...0663 divides RSA Moduli belonging to '50.16.76.136 (ssh-rsa key from 50.16.76.136 (13-14 June 2016 extraction) for Phuctor import. Ask asciilifeform or framedragger on Freenode, or email fd at mkj dot lt) <ssh...lt>; ' (ec2-50-16-76-136.compute-1.amazonaws.com. US VA)
deedbot: http://phuctor.nosuchlabs.com/gpgkey/C300E7F53E93306CE671E9C2BEE2440C21AE8142202BD8E090FFA40BFF361FDA << Recent Phuctorings. - Phuctored: 1718...3643 divides RSA Moduli belonging to '50.16.76.136 (ssh-rsa key from 50.16.76.136 (13-14 June 2016 extraction) for Phuctor import. Ask asciilifeform or framedragger on Freenode, or email fd at mkj dot lt) <ssh...lt>; ' (ec2-50-16-76-136.compute-1.amazonaws.com. US VA)
lobbes: http://btcbase.org/log/2016-03-03#1421109 << btw, thank you for this, alf. I will be embarking on my own gentoo quest soon to finally stand up a trb node☝︎
a111: Logged on 2016-03-03 17:24 asciilifeform: mircea_popescu: http://dpaste.com/3YZ2895.txt << preliminary crib sheet
asciilifeform: neato, lobbes !
asciilifeform: ^ only 4 aws keyz popped previously !
asciilifeform: the classical diddled debian, afaik, never coexisted with aws.
asciilifeform: so potentially interesting wtf.
asciilifeform: !$ ssh 50.16.76.136
scriba: ssh banner of 50.16.76.136 as seen on 2016-06-13: SSH-2.0-OpenSSH_4.3p2 Debian-9
asciilifeform: hm!
asciilifeform: go figure.
mircea_popescu: will install wahtever
asciilifeform: http://87.237.120.158 shows a peculiar cartoon.
asciilifeform: (graphical wwwtron needed, noshit)
asciilifeform: 'Voigt & Schweitzer wünscht Frohe Weihnachten!'
asciilifeform: !$ ssh 87.237.120.158
scriba: ssh banner of 87.237.120.158 as seen on 2016-06-13: SSH-2.0-OpenSSH_4.3p2 Debian-9
asciilifeform: lel
phf: asciilifeform: that's some neat hackery
phf: http://btcbase.org/patches/asciilifeform_goodbye_pingers_fixed and http://btcbase.org/patches/asciilifeform_wires_rev1
phf: (also previous versions are available in deprecated: http://btcbase.org/patches/goodbye_pingers and http://btcbase.org/patches/asciilifeform_wires)
shinohai: https://github.com/pirate/sites-using-cloudflare
asciilifeform: shinohai: coinbase , bitpay << lel
asciilifeform: phf: neato!
shinohai: Baloney exchange is on there too .... but majority of exchanges use crapflare so likely affected.
phf: i kind of want a way to link useful assets to a patch on btcbase. right now if you have a readme.txt inside a patches folder you get that included as a prelude for a patchset (http://btcbase.org/patches?patchset=fg). i think it would be handy to include wires over ssh link somewhere on the wires patch page..
asciilifeform: phf: wires_rev1 shows no sigs..?
asciilifeform: (the rest, same..)
phf: ah, i haven't updated your expired key
asciilifeform: there's now 1 key for asciilifeform , from nao until gpg shitburial day ( same modulus as always )
asciilifeform: !!key asciilifeform
deedbot: http://wot.deedbot.org/17215D118B7239507FAFED98B98228A001ABFFC7.asc
asciilifeform: ^
asciilifeform bbl.
phf: ty
ben_vulpes: http://btcbase.org/log/2017-02-24#1617558 << this was a huge boon to me at one point as well☝︎
a111: Logged on 2017-02-24 04:15 a111: Logged on 2016-03-03 17:24 asciilifeform: mircea_popescu: http://dpaste.com/3YZ2895.txt << preliminary crib sheet
phf: dat wot.deedbot link comes back blank for me
ben_vulpes: prolly cloudflare
phf: it's always cloudflare
ben_vulpes: content length here as well
ben_vulpes: trinque: ^^
mircea_popescu: which burial should hopefully occur this year, it's getting ridiculous already.
ben_vulpes: content length 0*
ben_vulpes is still mortified
phf: ben_vulpes: can you vulpespost ascii's key please?
ben_vulpes: lesse here
ben_vulpes: lessee*
ben_vulpes: phf: http://p.bvulpes.com/pastes/5PqCi/?raw=true
ben_vulpes: vulpes post is delivered by vulture
phf: vulpes post always delivers
ben_vulpes cavorts offstage
jurov: http://btcbase.org/log/2017-02-23#1617305 damn, mailman default setting☝︎
a111: Logged on 2017-02-23 23:53 asciilifeform: and holy mother of fuck, jurov , why does your thing mangle '@' into 'at'
trinque: the fuck are you people talking about, blank
mircea_popescu: trinque hm ?
thestringpuller: http://archive.is/vufVy << affected cloudflare sites. list is long.
mircea_popescu: !!up aseriousgogetta
deedbot: aseriousgogetta voiced for 30 minutes.
deedbot: http://phuctor.nosuchlabs.com/gpgkey/97C29455A45F36568DD279D71FAFBE63624E7C2630F5B764C56D8418E0EDCACB << Recent Phuctorings. - Phuctored: 1404...8569 divides RSA Moduli belonging to '211.234.125.52 (ssh-rsa key from 211.234.125.52 (13-14 June 2016 extraction) for Phuctor import. Ask asciilifeform or framedragger on Freenode, or email fd at mkj dot lt) <ssh...lt>; ' (Unknown KR)
deedbot: http://phuctor.nosuchlabs.com/gpgkey/97C29455A45F36568DD279D71FAFBE63624E7C2630F5B764C56D8418E0EDCACB << Recent Phuctorings. - Phuctored: 1387...5559 divides RSA Moduli belonging to '211.234.125.52 (ssh-rsa key from 211.234.125.52 (13-14 June 2016 extraction) for Phuctor import. Ask asciilifeform or framedragger on Freenode, or email fd at mkj dot lt) <ssh...lt>; ' (Unknown KR)
deedbot: http://phuctor.nosuchlabs.com/gpgkey/992134A45E95AE9AED64792AE64FE334354617FE33B4DE355FBDE4E3D82798BD << Recent Phuctorings. - Phuctored: 1575...1223 divides RSA Moduli belonging to '38.96.32.1 (ssh-rsa key from 38.96.32.1 (13-14 June 2016 extraction) for Phuctor import. Ask asciilifeform or framedragger on Freenode, or email fd at mkj dot lt) <ssh...lt>; ' (Unknown US CA)
deedbot: http://phuctor.nosuchlabs.com/gpgkey/992134A45E95AE9AED64792AE64FE334354617FE33B4DE355FBDE4E3D82798BD << Recent Phuctorings. - Phuctored: 1562...6647 divides RSA Moduli belonging to '38.96.32.1 (ssh-rsa key from 38.96.32.1 (13-14 June 2016 extraction) for Phuctor import. Ask asciilifeform or framedragger on Freenode, or email fd at mkj dot lt) <ssh...lt>; ' (Unknown US CA)
deedbot: http://trilema.com/2017/the-storied-cupcake-and-other-stories/ << Trilema - The Storied Cupcake and other stories
deedbot: http://phuctor.nosuchlabs.com/gpgkey/9C85EE445DE30C249CE8906B1057CCB96E70F87A30A186840F15DF0D4BDA9E82 << Recent Phuctorings. - Phuctored: 1797...6963 divides RSA Moduli belonging to '188.65.217.101 (ssh-rsa key from 188.65.217.101 (13-14 June 2016 extraction) for Phuctor import. Ask asciilifeform or framedragger on Freenode, or email fd at mkj dot lt) <ssh...lt>; ' (hd.a4n.be. BE)
deedbot: http://phuctor.nosuchlabs.com/gpgkey/9C85EE445DE30C249CE8906B1057CCB96E70F87A30A186840F15DF0D4BDA9E82 << Recent Phuctorings. - Phuctored: 1750...1377 divides RSA Moduli belonging to '188.65.217.101 (ssh-rsa key from 188.65.217.101 (13-14 June 2016 extraction) for Phuctor import. Ask asciilifeform or framedragger on Freenode, or email fd at mkj dot lt) <ssh...lt>; ' (hd.a4n.be. BE)
asciilifeform: in other updates, 0 blackholing since wiring zoolag to dulap. thus far.
asciilifeform: !$ ssh 188.65.217.101 38.96.32.1 211.234.125.52
scriba: ssh banner of 188.65.217.101 as seen on 2016-06-13: SSH-2.0-OpenSSH_4.3p2 Debian-9
scriba: ssh banner of 38.96.32.1 as seen on 2016-06-13: SSH-1.99-OpenSSH_4.3p2 Debian-9
scriba: ssh banner of 211.234.125.52 as seen on 2016-06-13: SSH-2.0-OpenSSH_4.3p2 Debian-9
mircea_popescu: heh
mircea_popescu: i am starting to not9ic9e a pa9tter9n he9re.
mircea_popescu: maybe we should start spelling the dork's name K9ch, because it's not 0, it's 9.
shinohai: 109.194.108.169 <<< ports 22, 137,445, 5900, 8081 all open. Why not just open 'em all?
mircea_popescu: well it's a server no ?
deedbot: http://trilema.com/2017/the-jellybean-docket/ << Trilema - The jellybean docket
asciilifeform: shinohai: what means 'open all of' ? gotta have something listening to see 'open' port
asciilifeform: in other finds, there are today perhaps two dozen bitcoin nodes with serious 'uptime'.
asciilifeform: in yet-other lulz:
asciilifeform: ERROR: AcceptToMemoryPool() : transaction with out-of-bounds SigOpCount
asciilifeform: ^ used to be ~unknown
asciilifeform: now -- pestilential.
asciilifeform: somebody's pissing crafted garbage into mempool, and buncha idiots happily relay it...
asciilifeform: meanwhile, in the monkey cage, https://archive.is/l8ZYG >> a clitlerist: 'oh noez, best prepare to suppress the rebellion that will come when we depose mr.t'
asciilifeform: mircea_popescu, ben_vulpes, mod6, shinohai , et al : anyone ever notice these : http://wotpaste.cascadianhacker.com/pastes/DfsKP/?raw=true << on a node nowhere near OOM condition, multiple GB free
asciilifeform: keeping in mind also that std::bad_alloc can result from heap corruption, not only from failed allocation !
asciilifeform: in other lulz, there is a large population of nodes reporting 'version message: version 60000, blocks=350000' for all eternity (typically they auto-disconnect when discovering trb ver.) . anyone know who they belong to, and wtf ?
asciilifeform: 118979 (yes) connection attempts of this nonsense in 84GB (yes) of dulap log.
asciilifeform: of these, 117106 report ver. 60000 ; but 1873 reported 70002 .
asciilifeform: would seem that these are a type of pseudonode / misc. attacker, that comes in two varieties, one aimed at recent prb (majority), the other -- more trb / old-prb - flavoured.
asciilifeform: minority, rather.
mircea_popescu: can't say as i ahd.
mircea_popescu: and re "isaac simpson", whoever the fuck she is, who gives a shit ? seriously now ?
asciilifeform: nfi, some foot soldier.
mircea_popescu: every useless breeder cow has this predictable fantasy of wedding party, wedding gown, etcetera. what of it.
mircea_popescu: what fucking "rational" and what fucking "basis". trump impeachment = open hunting season for "our democracy" "civilised" cucks. the http://trilema.com/2016/stfu-attention-whore-culture/ will roll right over.
mircea_popescu: it'd matter a lot more if "isaac simpson" could either hold a rifle or man a post. or for that matter make a serving of french fries without taking half an hour. but as it is...
mircea_popescu: "The leaders of the Trump movement (the real leaders) are so disconnected from the media that most of us read every day, and from the information provided by the government, that they might as well be living in one of Jones’ alternate dimensions. To them, it’s 100% fiction, just shadows flickering on the wall of Plato’s cave. And, like the liberated cave dwellers, they’ve seen the outside, and they’ll never believe
mircea_popescu: the shadows again, no matter how factual they may be. The well is polluted to its core. Who to blame for this is at this point irrelevant (though in my last piece I argued the MSM should largely blame itself) because the distrust is so deep that it’s never coming back." << i lulzed.
mircea_popescu: This week’s Rasmussen Poll, for example, found that 45% of voting Americans believe America is on the “right track.” This is down two points from the record high, which was recorded two weeks ago, and is higher than any week during the Obama presidency
mircea_popescu: that's one paragraph down, and supposedly SOMEONE ELSE is "ignoring reality"
mircea_popescu: oh let me guess, medium.
mircea_popescu: bwahahah.
mircea_popescu: choice butt-tears alfie. choice butt tears.
asciilifeform: ACHTUNG, PANZERS!
asciilifeform: mircea_popescu, ben_vulpes , mod6 , et al :
asciilifeform: http://therealbitcoin.org/ml/btc-dev/2017-February/000253.html
asciilifeform: [BTC-dev] (EXPERIMENTAL) Block Timer.
shinohai: ty asciilifeform .... and also have not noticed any `EXCEPTION: St9bad_alloc ` errors in mah logs
asciilifeform: and here we go, on dulap : ... SetBestChain: new best=000000000000000000d5 height=454507 work=79028340706396234909993360 ; AcceptBlock() success : 401334ms ; Tested candidate block in 401349ms
asciilifeform: AcceptBlock ( http://btc.yt/lxr/satoshi/source/src/main.cpp?v=makefiles#1370 ) is the bottleneck
mircea_popescu: shinohai might happen on long running box even if not at oom spot because memory fragmentation.
asciilifeform: mircea_popescu: this was on zoolag after <24 hrs.
mircea_popescu: but it's pretty rare.
mircea_popescu: asciilifeform yeah, i dunno.
asciilifeform: mircea_popescu: on dulap, zero instances in 84GB of log.
mircea_popescu: ahaha oh this is delishious. "My work has appeared in LA Weekly, Vice, Curbed, Complex, ANIMALS, The Daily Dot, and LosAngeles.com" << dork quit law school because tucker max said to and is now a relationships advicerist.
mircea_popescu: my work has appeared on your mother, bitch. what, you're gonna compete ? with what, "curbed" ?
mircea_popescu: nuts.
mircea_popescu: "Like most of my law school classmates, I was a hyper-ambitious narcissist with no concrete plans for achieving the greatness to which I was entitled."
mircea_popescu: and not actually intelligent enough to figure out being a great man's urinal is, in context, an ur-achievement.
shinohai: https://twitter.com/hanno/status/835167407710810115 <<< hanno saves the day
ben_vulpes: dang, asciilifeform my queue can't take much more of this
mircea_popescu: lel
mircea_popescu: how's the eulora gfx work coming :D
ben_vulpes: my stack overfloweth
mircea_popescu: i think we're all agreed that the problem with this here republic is nothing ever happens.
ben_vulpes: stack, for the curious: moar tests for v.pl (i'm writing them because my personal heap is too fragmented to make me a useful manual tester), read and compile a large and a small patch from asciilifeform, ops tasks in support of WIRES, gaze into the writhing horror diana_coman needs a lasso around, and somewhere find an hour to finish up the import of phf's logs back to early 2016
ben_vulpes: AND THAT'
ben_vulpes: 'S JUST REPUBLICAN SHIT
ben_vulpes: http://btcbase.org/log/2017-02-21#1616287 << subj. of autocad, i finally stood a cadcam workstation up in support of project carport and shit damn inventor is a well-designed piece of software.☝︎
a111: Logged on 2017-02-21 20:30 asciilifeform: in other noose, as discussed earlier ( http://btcbase.org/log/2016-12-05#1577994 ) >> https://archive.is/AVO23 << autodesk bought and destroyed 'eagle', the only fully functioning pcb cad for linux.
mircea_popescu: hey, i wrote & published two articles today, did a major game design update, planning for infrastructure refurbishment, started a whole new network of agents AND read some inane shit some dickless failawyer published on medium.
mircea_popescu: and that's just the not-that-secret-stuff, selections ~.
ben_vulpes: don't forget swingin' dick in #trilema
ben_vulpes: daily task for everyone
trinque falls out of chair
mircea_popescu: if you must, i doggyfucked so animalicly a poor damsel yesterday my cock's all broken.
trinque: that's the best kind of cock broken
ben_vulpes: i have discovered the worst kind of cock broken
ben_vulpes: well, "worst"
mircea_popescu: apparently if you hammer enough head can flare enough to tear the fucking foreskin. if it sounds painful it's because it is.
trinque: eh some faggot already tore that off when I got here
trinque: ben_vulpes: ever heard a "pop" when it gets bent?
trinque: that is true pain
mircea_popescu: o that;s horrible.
ben_vulpes: an otherwise gentle and lovely morning with coffee and breakfast in bed, followed by 20+ pounds of micro human determinedly sitting in my lap demanding a book be read him
mircea_popescu: but no, nothing structural.
BingoBoingo: !s Xanthyos
ben_vulpes: i was worried about structural damage for a moment
mircea_popescu: ben_vulpes ahahaha yeah, fatherhood problems.
mircea_popescu: "my son broke my penis. he's three years old." "well... how good of a penis could you say it was to begin with, then ?"
ben_vulpes: worse than being stomped on, dick at least has somewhere to go relative to tiny feet. NO ESCAPE FROM THE DIAPER
ben_vulpes: hey man i've never tested the buckling load of my own cock
mircea_popescu: they make solid madonna's-bra vinyl diapers now ? like a helment ?
ben_vulpes: but it's a pin joint at the base and that's pretty weak from a structural perspective
ben_vulpes: actually
ben_vulpes: ball joint
ben_vulpes: :D
mircea_popescu: i was waiting for that :D
trinque: wew
mircea_popescu: but no. the penis is not joint. it's a single item, goes about a foot inside of oyu.
mircea_popescu: or however long, ~same as visible length.
ben_vulpes: mhm
ben_vulpes: just makin bad ME jokes over here
mircea_popescu: the computation of just how bad "science" awareness among the "our democracy" crowds must be that no "ripped penis right out of socket" jokes emanated in twenty years of cancerous male-hating "comedy" is left for the reader.
BingoBoingo: mircea_popescu: But if they don't pull it all of the way out, then they just tore the suspending ligament and made it look bigger!
mircea_popescu: and purpler
ben_vulpes: http://news.wisc.edu/from-rocks-in-colorado-evidence-of-a-chaotic-solar-system/
ben_vulpes: ^^ going to have to reread in depth, but interesting agw not-a-ganda
ben_vulpes bbl
mircea_popescu: is this fake science ? i would like to know before i click if some dork in "our democracy" approved these findings.
mircea_popescu: such gingerly concerns direct the whole of my entire lyf.
mircea_popescu: i like how they manage to package tidal locking and orbital harmonics into "a little known theory from 1989". by the same measure fucking is a little known activity from the 70s. if you're at camp with janine garofalo i guess this isn't even so far fetched a description.
mircea_popescu: in other intrigues, http://infoforcefeed.shithouse.tv/intrigue/ben_vulpes
BingoBoingo: lol @ GNULAG
mod6: asciilifeform: ya, I've seen the 'std::bad_alloc' from ProcessMessage before -- it doesn't happen to me often, and it doesn't seem to be at the point of OOM exactly. i have noticed that it seems to happen after my node has been up for an extended period of time. say >1week.
mod6: lately, i've been getting bh'd so much, i've been recycling my node nearly daily.
deedbot: http://qntra.net/2017/02/fire-in-the-security-theater-cloudflare-leaks-as-sha1-broken/ << Qntra - Fire In The Security Theater: Cloudflare Leaks As SHA1 Broken
ben_vulpes: mircea_popescu: you track iff now?
mircea_popescu: notrly.
mircea_popescu: ahaha nice lede BingoBoingo
BingoBoingo: ty mircea_popescu
mircea_popescu: might be your best yet.
BingoBoingo: It's been a tough fight, largely against myself, but hopefully I can keep the venom cutting instead of resorting to taking words on top of words
mircea_popescu: like all real fights huh.
BingoBoingo: Seriously
mircea_popescu: meanwhile at the cubifarms, http://68.media.tumblr.com/4a2822eee5e93accda3b4983dd086a89/tumblr_noovhod4LS1uvbtcpo1_400.gif
mircea_popescu: and in other lulz, trump finances seem to settle towards a) much larger deficit ; to be employed towards b) "rebuilding america" in the sense of... a much larger military.
mircea_popescu: this is optimal lulz wtf.
mircea_popescu: but if the "impeachment" fizzles like the rest of the libertards' hopes, dreams and aspirations, its rather http://btcbase.org/log/2017-02-15#1614023☝︎
a111: Logged on 2017-02-15 16:08 mircea_popescu: myeah. things are pretty simple : either peace with russia and therefore war with china ; or else bickering with russia while china continues to fatten unmolested.
mircea_popescu: of course, if it succeeds i might very well discover in myself an inclination to move over there, spend the next decade going on safari among the "urban elite" for fresh daughters to feed the slave markets.
asciilifeform: mircea_popescu: why wait
mircea_popescu: because lazy. why does one ever wait ?
asciilifeform: point
asciilifeform: in other noose, discovered that the actual contents of a block are 'red herring' re verification, and we're actually looking at idiot lock deadlock
mircea_popescu: moreover, i'm the one guy time flows favourably for. why wait in 2012 ? because lo, dollar from 50 bitcents to a tenth of a dime in five years.
mircea_popescu: asciilifeform that's also a large part of it. there's a bunch of large parts like that.
asciilifeform: i got the thing profiling as we speak.
mircea_popescu: good.
mircea_popescu: in other lulz, british national and ex-guantanamo detainee abu zakariya al britani blew up a car in mosul. which you know, "is being progress made upon", still, six months later. except for the part where isis killed kadim al saeedi, ie one of the few actually competent sand monkeys on the imperial side.
asciilifeform: http://btc.yt/lxr/satoshi/source/src/main.cpp?v=makefiles#1310 << ~95% of ProcessBlock() time spent here in all cases
mircea_popescu: can you see where inside addtoblockindex ?
asciilifeform: shortly.
mircea_popescu: http://archive.is/jaM2c in other things that just happen and aren't anybody's fault, also known as "inept our democracy diplomacy"
asciilifeform: mircea_popescu: here's typical example: block 454521 on dulap : AddToBlockIndex: ~90 sec: http://btc.yt/lxr/satoshi/source/src/main.cpp?v=makefiles#1212 << 99.98% of this interval
asciilifeform: 454520 has a reorg, and spent 219 seconds, also ~entirely in same spot
mircea_popescu: and which part of http://btc.yt/lxr/satoshi/source/src/main.cpp?v=makefiles#0118 ?
asciilifeform: 454520: ~98 seconds; ditto
asciilifeform: 454523: 78 sec. (same)
asciilifeform: mircea_popescu: shortly...
mircea_popescu: ;)
asciilifeform: mircea_popescu: you're in wrong function
asciilifeform: http://btc.yt/lxr/satoshi/source/src/main.cpp?v=makefiles#1121 << this is the one
mircea_popescu: 1212 is call setbestchain return if false
mircea_popescu: you said 1212 above
asciilifeform: match the args.
mircea_popescu: this makes a lot more sense.
mircea_popescu: is it constant calls to Reorganize ?
asciilifeform: nope
mircea_popescu: is it the boosted foreach "removefrommemorypool()" ?
asciilifeform: quite likely. 1sec
mircea_popescu: (ftr, these in order are the two major soaks i am aware of ; whether they manifest for you right here or not)
asciilifeform: reorg takes motherfucking forever
asciilifeform: but interestingly 0 reorgs on zoolag in past couplea months
asciilifeform: but reorg on dulap on ~every restart.
mircea_popescu: aha.
mircea_popescu: it's actually a ddos avenue in its own right.
mircea_popescu: there's three different ways a node can end up in reorg crisscross, and it doesn't even take owning all its connections.
mircea_popescu: moreover with a little care you can actually fingerprint for things such as "does this node have a tunnel to another one" in this manner.
asciilifeform: http://btc.yt/lxr/satoshi/source/src/main.cpp?v=makefiles#1166 << 200 sec !!!
mircea_popescu: lel. wallets ftw.
mircea_popescu: anyway, that'd be the disk sensitivity, or most of it anyway.
mircea_popescu: also a main reason why the discussed wallet separation.
mircea_popescu: anyway, asciilifeform, you should prolly publish a codebase adnotated with time profiles. trb-454523 ; trb-454520 etc.
asciilifeform: mircea_popescu: at some point, when i find out how to get gprof to run with musltronic/static binary
mircea_popescu: in between the line and the line number
asciilifeform: this run is 100% by hand
asciilifeform: and times pried out of log, also by hand.
mircea_popescu: myeah.
mircea_popescu: needs some scriptage. may i suggest perl ?
asciilifeform: eventually
asciilifeform: was aiming to find 'obvious culprits'
mircea_popescu: it ~is~ what it is ~for~, after all.
asciilifeform: http://btc.yt/lxr/satoshi/source/src/main.cpp?v=makefiles#1136 << the more typical delay spot; e.g., 109 sec. on block 454532.
jurov: https://bitnodes.21.co/nodes/?q=Slovakia i finally put up permanent trb node (it's the syncing one), but have nfi about the other two
asciilifeform: mircea_popescu: ~80-90% of time spent in ConnectBlock
asciilifeform: in all cases.
mircea_popescu: aha
asciilifeform: 3, 2, 1...
asciilifeform: http://btc.yt/lxr/satoshi/source/src/main.cpp?v=makefiles#1002
asciilifeform: ^ ~85% of time
asciilifeform: i.e. http://btc.yt/lxr/satoshi/source/src/db.h?v=makefiles#0085 << .
asciilifeform: the db writes.
asciilifeform: apparently this is what ~all 'blackhole' consists of.
asciilifeform: waiting for bdb to do it's thing.
asciilifeform: *its thing
asciilifeform: barfalicious.
mircea_popescu: heh
asciilifeform: ACHTUNG, PANZERS!
asciilifeform: mircea_popescu, ben_vulpes , mod6 , et al:
asciilifeform: http://therealbitcoin.org/ml/btc-dev/2017-February/000254.html
asciilifeform: (EXPERIMENTAL) Blackhole Revealer.
asciilifeform: looks like my original hypothesis (disk thrash) is supported.
mircea_popescu: certainly a large part of it.
asciilifeform: there are no substantial 'other large parts', detectably
asciilifeform: this is it.
mircea_popescu: it depends on teh blocks to some degree.
asciilifeform: this is where ~100% of block-eating time is actually spent.
asciilifeform: it also explains why the ssd box beats the living shit out of the mechanical one.
mircea_popescu: that yes.
asciilifeform: (~100-fold difference, on avg.)
asciilifeform bbl, meat
pete_dushenski: BingoBoingo: http://p.bvulpes.com/pastes/Zr1V2/?raw=true
pete_dushenski: shinohai: i notice that same 'st9bad_alloc' error on vps node with some frequency as well but never on dedibox. not sure if it's a clock / timing issue but that's my best guess.
pete_dushenski: looks like alf's been busy! wd mate.
pete_dushenski: in other logical conclusion news http://www.ibtimes.co.uk/laid-off-swedish-workers-could-be-given-paid-sex-breaks-improve-well-being-1607836
BingoBoingo experienced frequent st9bad_alloc before implementing malleus
deedbot: http://qntra.net/2017/02/hussein-bahamas-to-vacation-closer-to-kenya/ << Qntra - Hussein Bahamas To Vacation Closer To Kenya?
pete_dushenski: heh gj on title tweak BingoBoingo
BingoBoingo: No problem, ty pete_dushenski
pete_dushenski: mah pleasure
BingoBoingo: Just note for the future that "Bahamas" on its own could be confused for Islands. To reference the dark one, harbringer of suffering one must use "Hussein Bahamas"
pete_dushenski: in other cuts, the latest taleb "surgeons should not look like surgeons" http://archive.is/qqywK
BingoBoingo: STFU, knowing a little bit about green lumber is a pre-requisite to manhood