log☇︎
▁▁▁▁▁▁⏐︎▁ 3833
mircea_popescu: Framedragger thinking about it, the ~only correct solution is for the mp-wp maintainer to remove mysql in favour of a flatfile "db" system. then it will be properly static, or as close as its job allows.
shinohai mysql is the reason shinohai ..... has procrastinated with mp-wp
mircea_popescu: the calls are isolated, wouldn't be the end of the world to replace with a filesystem equivalent.
shinohai: In home automation news: https://t.co/WolPp0xEyI
deedbot: http://trilema.com/2017/carambolages-2/ << Trilema - Carambolages
BingoBoingo: SLAC Students discover "crowd control" https://archive.is/nRwmD
BingoBoingo: related to http://qntra.net/2017/03/another-guest-lecturer-attacked-on-us-campus/
Framedragger: mircea_popescu: i see what you mean, but you can't really call it 'static' by any metric. in point of fact i'm surprised you're not grossed out over the fact that the whole thing is a large stinking pile of dynamic php. i guess the counterargument is that it *gets the job done*, very well, over many years. :) so there's that. but i'd like to ditch the 'wp' from 'mp-wp' one day. but maybe baby steps.
mircea_popescu: what are you going to write it in ? c ?
mircea_popescu: what is this clean great language that doesn't gross one out, i must have missed some classes / log days.
mircea_popescu: php is a hypertext preprocessor. that's what it does, websites. just like the rubber dome in your bathroom unclogs the toilet. does it disgust you ? it's a tool, you're not expected to keep it on the diner table.
mircea_popescu: anyway, re static : in context "static" denotes "how much comes from the disk as opposed as through cpuization", there's no other measure. a page stored as files with the extension .html is ~slightly~ more static than a page which is stored as files with the extension .txt in a directory structure that is their de-facto index and are then mixed together into a thing whenever a page is called.
mircea_popescu: turn it any way you want, a flat, disk-bound website IS in point of fact a "dynamic" website loaded into a de facto disk-bound database. the only difference is that you chose to stupidify the index, which is now "exposed" to the user as a band-aid measure over the fact that you failed to do anything with it.
mircea_popescu: that you go fd.com/article/comments/5/reply/ or somesuch and i go mp.com/article/ is not so much a difference as it appears.
Framedragger: mircea_popescu: that's not the only difference. a 'php' site launches and runs additional process(es) to serve user requests. now i guess you could say that "it's just a detail", on the grand picture it's the same (nginx requires additional resources to serve static files), but that would be stretching it.
Framedragger: as regards language choice, yeah, i see your point, "just use the right tool". thing is, with an *actual* static site, you would not expose the language to the web, at all. the only attack surface would be that of the webserver. cf. a wordpress site which as folks say is a "web shell with blog functionality on the side" :)
Framedragger: (though i'm sure mp-wp is on the whole ~decent in terms of holes/security.)
mircea_popescu: apache does that with your flatsite too.
mircea_popescu: what webserver is there that works like bitcoin, single thread ?
mircea_popescu: and the notion that you won't expose the language to the web is not equivalent to the actuality that you opt to use such a banal language nothing can be done which to your mind is equivalent to "not exposing". the man who doesn't lock his door because his chamber contains no maid is not the same thing as the man who doesn't lock his door because his maid is more danger to the youths about than they to her.
mircea_popescu: pile-of-.html-files exposes your directory structure to the world ; badly set permissions have the same effect as i dunno, mysql with an open hole.
mircea_popescu: the whole thing is kind-of spurious, not like trilema wasn't "attacked". there's even articles celebrating the puzzled wtf of the would be attacker, "wut do you mean my magic has no power here"
Framedragger: right, well-managed permissions ensure that any 'break-in' would only result in one being able to *read* some files. but i think your abstraction breaks quickly: i'm sure your php user is able to write files (file upload), even if to a single dir, and to write to db. so it's still not the same.
mircea_popescu: try it i guess ?
Framedragger: :)
mircea_popescu: otherwise what you're proposing is "but hey, i'd still have root, and ssh or no ssh... it's still the same"
Framedragger: anyway, i see your point.
mircea_popescu: well everything can end up the same to the man determined it be so.
mircea_popescu: just consider this point : trilema has ugh.
Framedragger: i can't see how i can be convinced that launching script-specific php processes is ~same as a webserver allocating a standardised additional unit of its resources (memory / thread etc.)
mircea_popescu: trilema has 71877 articles.
Framedragger: right!
mircea_popescu: in your flat scheme, the words "Trilema - a blog by mircea_popescu " would appear... 72k times!
mircea_popescu: that's MEGABYTES!
Framedragger: ohno!!1
mircea_popescu: seems hardly to justify the foregoing of an index.
mircea_popescu: some kind of index. otherwise you end up repeating shit to high heavens for no reason, and your computer looks more like an abacus.
Framedragger: well, the compression-decompression process is so to speak serialised / offloaded to an fs. not a bad thing!
mircea_popescu: lawd have mercy, you'll run it off squashfs ?
Framedragger: that being said, my point would work better if trilema had been having performance issues... which it ain't.
Framedragger: so myeah.
mircea_popescu: what is the cogent difference between these symbols, "script-specific php processes" and "a standardised additional unit of its resources" ?
Framedragger: no need to compress, what i meant by compression is that an index is sorta-doing that. storing flat files on fs is basically 'flattening' the process over space and time.
mircea_popescu: over space, yes. over time - not necessarily. that is the rub here.
Framedragger: first off, the former has a less clear attack surface, may depend on script in question, etc. second off, may scale not as well (no this is not the same as kiddie complaining that an rdbms is "not web scale").
Framedragger: hmm.
mircea_popescu: fx = 2x can be flattened into (1, 2), (2, 4), (3, 6) etc. this clearly flattens it in space, but just as clearly fucks up the time. now you have to seek.
Framedragger: seeking, sure.
mircea_popescu: and i'll compute 2 * maxint/2 faster than you'll seek maxint/2
Framedragger: ...that's why it's great to host this on a disk with great random access times.
mircea_popescu: and this fundamental problem holds. flat is not necessarily faster.
Framedragger: well, you'd like that "compute faster" line to be true, but it ain't.
mircea_popescu: it's certainly and always larger. but whether it's faster is a harder problem.
Framedragger: ..though maxint is a lot of int.
mircea_popescu: Framedragger imagine you have a 64 bit maxint stored as binary tree (provedly - fastest) and now you seek... how many nodes ?
Framedragger: right, basically i'm putting a lot of trust into fs, fundamentally. hence disagreement - fair enough. (to summarise.)
mircea_popescu: (and no, any other storage scheme is cheating -- you're trying to use my f(x) = 2x without admitting it.)
mircea_popescu: neways ; i shall be back to town. anyone wanting to argue the above -- in a few hours.
Framedragger: btw, if you store 2**64 nodes in a (balanced) binary tree, wouldn't the "number of seeks" be ~64? i suppose that doesn't look too pretty, but considering that an ssd's seek time is ~0.1ms... not that these numbers are rigorous or anything.
Framedragger: (number of seeks to access a node.)
trinque: as always with tools, there is not a one-size-fits-all rule to be dumbly applied
trinque: if the thing benefits from caching, cache
Framedragger: (just for posterity, other metrics say that consumer ssds seek average may be ~3ms.) ☟︎
Framedragger: sure, sure!
trinque: if you're sitting there saying "huh, now my writes take a year because I have to update sidebar comments on every page I ever wrote"
trinque: well, drop your caching scheme!
trinque: for that
trinque: also, good morning.
trinque makes espresso
trinque: Framedragger: oh also, take a look at the history of exploits against python sometime.
trinque: all scripting languages written in C are about as syphilitic
trinque: PHP was just the most popular of them
Framedragger: trinque: point taken. :) (i'll only repeat one thing here: in a 'proper static site' setup, one is *not* exposing vulns of a scripting language to the web. only those of the webserver.)
trinque: sure. behold wot.deedbot.org
trinque: Framedragger: though actually I don't buy it
trinque: if your user input is run through your scripting language, how exactly have you changed things in regards to attack surface?
Framedragger: i mean, i have in mind an 'actually properly configured static site'. maybe it's a nonexistent spherical cow in vacuum, sure.
trinque: so my http requests don't run through it; something does
trinque: maybe narrower, sure, but don't treat it like it's safe
Framedragger: well, at least your user input is segregated into two 'containers': 1. GET requests for static files; and 2. user comments - processed by some specific script, separate from the rest. but yeah, this isn't exactly amazing innovation, i agree.
Framedragger: sure...
Framedragger: (also re. g'morning, just had bacon for late brunch, such satiation, but also sleepiness. more coffee it is...)
mircea_popescu: Framedragger it would be 64, yes.
mircea_popescu: 64 SEEKS. thousands of asm lines. all i do is a mult. one.
mircea_popescu: look-up table has its niche. it isn;t the universal solution of all computing.
Framedragger: i wonder how well a typical hashtable with 2**64 elements work in practice, tho. where would store its elements?
Framedragger: would work*
Framedragger: memory?
mircea_popescu: probably not.
mircea_popescu: and in other news, they were going to open the school year today, so they went on strike instead. soberania! haymasfuturo!
mircea_popescu: futu-i-in-gura!
trinque: the teachers or students? or can they be discerned?
trinque: also, speaking of wot.deedbot.org (and specifically the generated SVGs) and http://btcbase.org/log/2015-07-04#1186410 (which I have patches in hand to fix the build) I may have something of a usable trb map in the near future. ☝︎
a111: Logged on 2015-07-04 03:18 asciilifeform: so far i'm utterly failing to even get 'codeviz' to build.
trinque: I've been slogging through the thing reading the paths for acquiring and validating blocks, and my god, must have map.
asciilifeform: trinque: how didja make the map ?
trinque: asciilifeform: lots of paring down of output, svg nodes shall be clickable links, only showing to depth 3 on any given page
trinque: not unlike what's on the wot browser
asciilifeform: neato trinque .
asciilifeform: to this very day i haven't anything better than jurov's lxr thing (and the map in my head.)
asciilifeform: ( and lxr is quite dumb, it has no ability to distinguish methods of different cpp classes having same name, for instance )
mircea_popescu: trinque the students are retarded to the point of abrutissement.
mod6: mornin'
deedbot: http://phuctor.nosuchlabs.com/gpgkey/AA482571C81E6473B645402F352ADEE8FAC789C24C049A5E7A755E7243197256 << Recent Phuctorings. - Phuctored: 1395...7303 divides RSA Moduli belonging to '95.240.174.82 (ssh-rsa key from 95.240.174.82 (13-14 June 2016 extraction) for Phuctor import. Ask asciilifeform or framedragger on Freenode, or email fd at mkj dot lt) <ssh...lt>; ' (host82-174-static.240-95-b.business.telecomitalia.it. IT VR 34)
deedbot: http://phuctor.nosuchlabs.com/gpgkey/AA482571C81E6473B645402F352ADEE8FAC789C24C049A5E7A755E7243197256 << Recent Phuctorings. - Phuctored: 1638...2319 divides RSA Moduli belonging to '95.240.174.82 (ssh-rsa key from 95.240.174.82 (13-14 June 2016 extraction) for Phuctor import. Ask asciilifeform or framedragger on Freenode, or email fd at mkj dot lt) <ssh...lt>; ' (host82-174-static.240-95-b.business.telecomitalia.it. IT VR 34)
shinohai: https://arxiv.org/abs/1702.08719 " we extract 96% of an RSA private key from a single trace." ☟︎
asciilifeform: Run Moar VM Kolhoz
deedbot: http://phuctor.nosuchlabs.com/gpgkey/51A4715E6F5562F5ACF8329F35CD21A592B42531B2700B43F9579BC9281EA378 << Recent Phuctorings. - Phuctored: 1705...0847 divides RSA Moduli belonging to '130.88.150.85 (ssh-rsa key from 130.88.150.85 (13-14 June 2016 extraction) for Phuctor import. Ask asciilifeform or framedragger on Freenode, or email fd at mkj dot lt) <ssh...lt>; ' (dbkdell08.mib.man.ac.uk. GB MAN ENG)
deedbot: http://phuctor.nosuchlabs.com/gpgkey/51A4715E6F5562F5ACF8329F35CD21A592B42531B2700B43F9579BC9281EA378 << Recent Phuctorings. - Phuctored: 1751...7887 divides RSA Moduli belonging to '130.88.150.85 (ssh-rsa key from 130.88.150.85 (13-14 June 2016 extraction) for Phuctor import. Ask asciilifeform or framedragger on Freenode, or email fd at mkj dot lt) <ssh...lt>; ' (dbkdell08.mib.man.ac.uk. GB MAN ENG)
mircea_popescu: the pipe dream of the "multi-user computer"
mircea_popescu: machine wants to have single owner.
Framedragger: phuctor is streamlined computer optimisation service.
mircea_popescu: one increment per 4.7 cycles. they really massaged the shit out of it
asciilifeform: mircea_popescu: this in re waht
mircea_popescu: the breaking virtualization.
asciilifeform: aah
mircea_popescu: the guys did actually splendid work, read the paper, worth it. ☟︎
mircea_popescu: fig 7 directly what you'd expect based on the competent discussion of "What is a timer"
asciilifeform: looks like quite ordinary (by now) cache timing trick, neh
asciilifeform reads
mircea_popescu: yes, just methodically done.
mircea_popescu: it;s not novel in any sense.
asciilifeform: 'yesterday's nobel is tomorrow's homework' (tm) (r) (uncle al)
mircea_popescu: quite exactly.
asciilifeform: in other lelzies, http://archive.is/ODtxR >> 'Rather than share the now-classified technological means that investigators used to locate a child porn suspect, federal prosecutors in Washington state have dropped all charges against a man accused of accessing Playpen, a notorious and now-shuttered website.'
asciilifeform: the real gold: '"Disclosure is not currently an option. Dismissal without prejudice leaves open the possibility that the government could bring new charges should there come a time within the statute of limitations when and the government be in a position to provide the requested discovery."'
trinque: we would - I'm sure - be shocked to find that the top secret exploit is the damned rebranded firefox
trinque: aside the fact that tor doesn't work
ben_vulpes: in more lcs gold: http://archive.is/XcC3N << not only are the damned things made of paper and disintegrate as soon as you drop them in the water, but the amount of money that the usg.navy has burnt on them is actually so embarrassing as to be worth a classification fight
asciilifeform: trinque: the ministry of parallel-construction must be on strike, or wut.
ben_vulpes: also something something maersk and ibm cockchain tekmologies
trinque: yawn
trinque: asciilifeform: grunts that did this probably don't get the good toys
asciilifeform: 'the good toys' being what -- presumably, items built against something other than tor, winblowz, etc ..?
asciilifeform: does, e.g., heartbleed, qualify as 'good toy' ? considering that openssl was known, to everyone who gave half a rat's arse, to be a cistern of liquishit, long prior ?
trinque: hey man metaNSA is your fanfic not mine
trinque: but yes, they don't want to "disclose" because of the shriveled cock
asciilifeform: the real lul imho is that there appears to be no serious shortage of monkeys willing to run tor
asciilifeform: ( and to then 'plead guilty' etc )
asciilifeform: ( while we're on subj, gotta wonder how many of the 'death ray' folx even ~did~ ever do any such thing as running tor, 'dealing on darkmarket', etc. and how many -- simply idiots, infected with usg shitware and then 'plea bargain' because 0 effective defense )
Framedragger: reminds me, i think i'm still running one tor exit lol. mebbe time to redirect resources
Framedragger: (small virtual machine so wouldn't be too useful for traffic analysis, not much traffic)
asciilifeform: Framedragger: unless you're personally lifting useful bits from the traffic: if it costs even a penny, it's a wasted penny
Framedragger: sure. well, tor had been rather useful to me before, i took from it more than it's taken from me, so at least there's that. :)
Framedragger: (not implying that there's much worth for any noob to start running a tor node *now*.)
asciilifeform: at one point it was an ok place to get shitware samples
asciilifeform: ( and the occasional login into various ??? tested by some idiot )
mircea_popescu: that dude has to be the king of imbeciles to STAY IN THE US
mircea_popescu: which nevertheless he will do, as per alf's "there's no shortage of usg cowsies who WISH to be such."
asciilifeform: lol
mircea_popescu: dude fucks some kids, usg files suit on the expectation that kidfucker is going to be so fucking impressed with them caring he'll sign anything they want. when this expectation fails to materialize, usg asks judge to roll back time, "really for keepsies never happensies", judge agrees, on the rationale that maybe we fuck him later. dude... sticks around.
mircea_popescu has participated in this sort of "home invasion" where one girl got fucked, the other one "are you going to fuck me too ?" "maybe tomorrow". on the morrow, dilligent, awaiting her turn...
mircea_popescu: "breaking news : so very importuned were the damsels by that fabled rod, they made an appointment to be visited again next week."
asciilifeform: mircea_popescu: there is an ancient song re subj, 'бабушка здорова...кушает компот...и мечтает снова...пережить налёт' ( http://www.kbelyaev.ru/txt/babuchka.htm )
mircea_popescu: aha!
mircea_popescu: more than one, i daresay
mircea_popescu: the plumber, always rampant.
asciilifeform: that's just the 1 asciilifeform happened to know
asciilifeform: probably everybody from eskimo to pygmy has 1+.
asciilifeform: ( anyone know an engl. one?? )
mircea_popescu: lol fruit confit
BingoBoingo: !~ticker --market all
jhvh1: BingoBoingo: Bitstamp BTCUSD last: 1277.33, vol: 3951.43467663 | BTC-E BTCUSD last: 1255.001, vol: 3727.24823 | Bitfinex BTCUSD last: 1277.9, vol: 9123.69593111 | BTCChina BTCUSD last: 1203.5, vol: 3275.01000000 | Kraken BTCUSD last: 1276.68, vol: 1065.66551472 | Volume-weighted last average: 1262.17079525
BingoBoingo: Mas Stabilitit
BingoBoingo: https://www.insidehighered.com/quicktakes/2017/03/06/texas-san-antonio-president-quits-over-embraces << No grabbing in Texas
asciilifeform: https://www.insidehighered.com/news/2017/03/06/u-california-berkeley-delete-publicly-available-educational-content << moar lulz from same rag
BingoBoingo: What a time to live
asciilifeform: 'The University of California, Berkeley, will cut off public access to tens of thousands of video lectures and podcasts in response to a U.S. Justice Department order that it make the educational content accessible to people with disabilities.'
asciilifeform: '“This move will also partially address recent findings by the Department of Justice, which suggests that the YouTube and iTunes U content meet higher accessibility standards as a condition of remaining publicly available,” Koshland said. “Finally, moving our content behind authentication allows us to better protect instructor intellectual property from ‘pirates’ who have reused content
asciilifeform: for personal profit without consent.”'
asciilifeform: gold.
trinque: how do they expect me to watch gender studies courses on how to properly sit on my hands?
asciilifeform mildly surprised that there is still such a thing as lectures in berkeley, and that anyone bothered to film'em
asciilifeform: iirc there are tall piles of canned lectures from mit, etc, wherever you like, on www; somehow did not lead to magical golden age of learningz.
jurov: i have tried mit ocw. big disappointment, whatever subject I tried, material was utterly incomplete and patchy
trinque: you're doing it all wrong.
trinque: you're supposed to click through them whenever they get linked on reddit, then you put "autodidact" in your twitter profile
deedbot: http://trilema.com/2017/no-such-labs-snsa-february-2017-statement/ << Trilema - No Such lAbs (S.NSA), February 2017 Statement
jurov: trinque: srs?
trinque: I... refuse to answer that.
jurov: kek
Framedragger: ^ snsa statement << awesome, good news
mircea_popescu: and in five-year-old-lulz, http://www.telegraph.co.uk/news/worldnews/europe/russia/10290243/Russia-mocks-Britain-the-little-island.html
mircea_popescu: asciilifeform VIDEO lectures / podcasts are entirely fucking useless for any academic purpose, as i'm sure you know.
asciilifeform: mircea_popescu: the sicp film was ~watchable, but it is ancient, 1980s, and not even filmed at mit iirc (sussman taught the class for hp employees)
mircea_popescu: i guess.
mircea_popescu: pretty much the only topic on which video works is girl fucking. and even there -- stills are preferable.
asciilifeform: aactually i can think of 1 other subj
asciilifeform: metalwork
mircea_popescu: ie hand cnc-ing ?
asciilifeform: aha
mircea_popescu: how the fuck is this academic.
mircea_popescu: yes, technical instruction works best in the manner of monkey see monkey do
asciilifeform: ( incidentally mircea_popescu might be surprised how much 'hand cnc' is still involved in cnc practice )
mircea_popescu: we were discussing the needs of people not of the fucking orc.
mircea_popescu: i don't give a shit. there's a woman on her knees polishing my floor as we speak. you propose her trade is academic also ?
mircea_popescu: because yes, i'm sure she learned by watching another interchangeable item just like her.
asciilifeform: yeah yeah we all read our aristitle etc.
asciilifeform: *aristotle
mircea_popescu: no please, video feed of some dork reading for me, i'm fucking george over here.
asciilifeform: lecture is not any more necessarily 'some dork reading' than, e.g., comedy is
mircea_popescu: academics is the exclusive domain of the written form. if one can not convey in that manner, one is entirely inadherent to any sort of academic life.
asciilifeform: the folx whose lectures ~anybody still watches, e.g., sussman, are known largely for the written form
mircea_popescu: in fact -- if ANY professor is better through video than writing, and i don't mean better overall - if he is better in any one definite way, then THEREFORE that person is not a professor but a hunting dog.
mircea_popescu: if writing is not your strongest asset, you are not an academic and stick to the stage, doing whatever parlor tricks.
asciilifeform grudgingly discovers that he does not disagree with mircea_popescu
mircea_popescu: there we go.
mircea_popescu: and there's nothing wrong with women fucking, nor with the actress, cnc miller's or floor washer's art. heck, god knows i've had my private female property engage in all of those. but it sure as fuck ain't academic, forgetaboutit.
asciilifeform: i dun expect to live to so much as see from a distance, a female so much as touching a cnc machine
asciilifeform: but on mircea_popescu's planet, more wondrous wonders than this, are known.
mircea_popescu: why not ?
asciilifeform: i don't know precisely why not. but it is in asciilifeform's lived experience, fwiw, a 'man bites the dog'
mircea_popescu: girl wanted to make span
mircea_popescu: or how do you call it in english, the colorful byproduct.
asciilifeform: swarf?
mircea_popescu: there you go.
asciilifeform: why on earth would anyone want swarf
asciilifeform: other than for thermite
mircea_popescu: it's pretty!
asciilifeform: lol!!
mircea_popescu: well ? it is.
asciilifeform has at this very minute a shop vac full of 'pretty'
mircea_popescu: aha. ended up used as costume jewelry.
asciilifeform: what else she wears as jewelry ? concertina wire ?
mircea_popescu: lol. it went on the stage, yo! to grand effect!
asciilifeform: ( if you're cutting anything other than brass, you get ~= razor wire , like clockwork )
mircea_popescu: nah, steel will make these pretty colorful blue-to-yelloy bands
mircea_popescu: aluminum also.
asciilifeform is apparently Doing It Wrong
mircea_popescu: you're doing it fast
mircea_popescu: this was an ancient, not very useful tool.
mircea_popescu: and so the swarf was basically testimony of uneven work hardening.
asciilifeform can picture this
mircea_popescu: kinda why she ended up doing herself, normal people (tm) have other priorities than making the swarf pretty.