mircea_popescu: aha. well technically, i found them because got bored today and dug into older reports in moar detail.
mircea_popescu: eh, the problem with "the people themselves" is they can't stick to anything.
BingoBoingo: My favortie part is "MP preventing Segwit" when instead the power rangers were compelled to Segwit a certain way leaving Bitcoin alone.
mircea_popescu: all comes down to "what are you gonna tattoo, world too complex"
BingoBoingo: Eh, tattoo yourself all black play transracism card
mircea_popescu: a right, actually, there's one, the queen of spades eh.
mircea_popescu: elsewhere in the rotting pile, "If a function is inlined 10 times, there will be 10 copies of the function inserted into the code. Hence inlining is best for small functions that are called often."
mircea_popescu: because, you see, the "phd level" wikitards are entirely bereft of a clue to the degree of not understanding inflexions AT ALL.
mircea_popescu: why the fuck should it be "called often", when obviously all the functions that are called ONCE are inlined by default!
mircea_popescu: asciilifeform yes, but that takes you know, like actual tools. whereas nude reason of a kid posessed of high school maths would have allowed the correct limit be picked.
mircea_popescu: but they don't do lim f(x) for x->k thing anymore as 15yos do they.
mircea_popescu: "advanced" maths of basic calculus. "not needed --- what use is it IN LIFE ???"
mircea_popescu: i dunno dumbsticks, maybe youy don't make a fool of yourself in prose.
mircea_popescu: in other "people themselves" : charlize theron's character in atomic blue (this borderline sleeve superheroine-spy of a retro-hallucinated 90s, as in the real 90s the us agents got fucking raped in eeurope/berlin) is SO FUCKING HOT she takes baths in iced water.
mircea_popescu: to drive this point home, they have her fish out a coupla cubes put them in a glass before pouring vodka
mircea_popescu: because you know, nobody serious drinks vodka without ice, and bathwater really makes the best samagon.
mircea_popescu: such a lulzy fucking scene considering the usistani history in both involuntary self-crit humor and bathtub alcohol it's practically an un-unrollable loop of funny.
mircea_popescu: gotta use the right tool for the job, bacalaureatealf.
mircea_popescu: there probably was a cock or some other radioactive material.
mircea_popescu: in other mild lulz, it seems the albania-serbia-macedonia pressure is slowly mounting. with any luck, 3rd kosovo war.
mircea_popescu: the obvious question being, "how come the ugly one ends up a fiat politician ?" ; and the obvious answer being that sane girls find better shit to do.
a111: Logged on 2017-08-08 21:28 asciilifeform: in other noose, mod6 , phf , et al :
http://btcbase.org/log/2017-07-10#1681208 nao 1.5s . ( this with karasbuba-squaring used in exp, and comba-squaring used as base case in the former. )
BingoBoingo: lol "M. Poopscoop provides a solid foundation to comedy gold. With the current pace of events, in particular coinbase and the DPR trail he doesn't get as much laughs as he used to. I don't have the impression that is going to change anytime soon with the comedy features at an ATH." << The studious ignoring highlighted
BingoBoingo: "The chickens on the lower floor bother me a little, though their usefulness makes sense to me in every way." << What redditard would accept this compromise!
BingoBoingo: "In Urfeld it turns out that over night the garden was trampled by deer." << Who could have predicted free food would just walk by and make a mess of your labor food.
jhvh1: BingoBoingo: The operation succeeded.
deedbot: edivad voiced for 30 minutes.
edivad: i'm a junior sysadmin trying to install trb on my VPS without success
edivad: fwiv it seems that V download seals and patches but then the bitcoin source code is not included, and i should gather it on my own?
edivad: tried both online and offline mode, with zero luck
mircea_popescu: edivad this is somewhat odd as i recently had a new node configured, came out just fine.
edivad: tried also yestereday to troubleshoot with mod6, (there was another issue related to the locale of my OS, then fixed with him), but now i'm stuck at 0x0B
edivad: i'm on ubuntu 16.04, fresh installation
edivad: maybe it's just a permission problem?
trinque: no, you're missing the utility patch.
edivad: was an assumption in the tutorial?
mircea_popescu: well, it's technically part of core linux, but apparently they ship systems without.
mircea_popescu: will prolly have to add patch to the pile at the end eh.
edivad: patch is already the newest version (2.7.5-1).
mircea_popescu: this is bizarre. try the actual line from the .sh that fails ? (prolly the first one to string match "patch") ?
edivad: guys, i'm gonna having asap my usual generous amount of morning coffee, since i was typing in the wrong VPS
edivad: now just installed patch on the right vps
mircea_popescu was bracing self for "o look, new version of patch, breaks downstream" lulz.
edivad: gonna report even in case of success
trinque to bed, to dream of tomorrow's generous amount of morning coffee
BingoBoingo wishes trinque a night with no strange knocks on door
edivad: may I take advantage of my troubleshooting sign up into the channel to ask about tmsr?
edivad: thanks, basically i was reading the universal plan for wealth
deedbot: edivad voiced for 30 minutes.
edivad: I know bitcoin since a couple of years and learned the hard way how to protect my funds and stay away from scams. Now I finally got into the sweet spot where I realized how many orders of magnitude my savings are safer in bitcoins
edivad: Then after this "sweet spot", also the universal plan for wealth makes sense to me
BingoBoingo: edivad: Ah, so at this point reading into TMSR history will be very beneficial for girding yourself against long cons and other social engineering attempts against your wealth and your self.
edivad: but my question is: as a student without a regular jub, should I need to a aim at a minimum wage job, to possibly apply for credit and then fly away to a second/third word country, get a decent house, marry and reproduce?
mircea_popescu: how is another man going to answer that question for you ?
edivad: or there is a better way to get credit, without harming finance of my family (so not asking to them to put collaterals for my loans)
mircea_popescu: this is how growing up goes : you take stock of situation, you make a plan, you implement it.
BingoBoingo: edivad: Which socialist hellhole do you reside in now?
edivad: mircea_popescu: because the universal plan for wealth makes some great guidelines, but then since every situation is different, I'm trying to understand if there is a better approach for who hasn't already a job and is studying
edivad: in this summer holidays aside of ruinous altcoin trading I've done some painter job paid 5 euros/hour
edivad: since it was the first work experience, I was even able to enjoy it
edivad: but then after a month i realized that I was needing a better plan
BingoBoingo: Painting done well is a perfectly respectable trade.
edivad: well, I have a spare brazilian passport in the drawer, so when I've read the universal plan, I instantly got some very powerful energy for a future exit plan
edivad: now that i've registered my pgp key, should i be able to authenticate signing something?
BingoBoingo: edivad: Just remember that hunger can be the most devious thief of all as evidenced by kakobrekla's 500 BTC car. Every situation is different, but many of them rhyme.
BingoBoingo: edivad: You authenticate by decrypting something.
mircea_popescu: and in random other lulz : it's funny how the libertards worshipping at the watergate shrine usually omit to mention that by then washington post had been a libel tabloid for years. somehow dillard stokes' name never comes up. somehow they don't seem to notice it always was simply us sturmer.
edivad: make[3]: c: Command not found
edivad: in this case what is missing?
edivad: gcc is already the newest version (4:5.3.1-1ubuntu1).
deedbot: bounce voiced for 30 minutes.
edivad: let me copy the entire error log
deedbot: edivad voiced for 30 minutes.
edivad: tried now to install the common bitcoin core dependencies with apt
edivad: when i'll login again in IRC, what command should i use to authenticate?
deedbot: edivad voiced for 30 minutes.
BingoBoingo: !~later tell trinque maybe look into the edivad deedbot registration thing? Guy is having a hard time
jhvh1: BingoBoingo: The operation succeeded.
edivad: !!v 47E94847E0937D49A0D0EBF20F880C396B416F19177CCDCF756E42A74558A76B
deedbot: You are now voiced in #trilema
edivad: thanks BingoBoingo for the help
edivad: a thing that i've not asked and now i remembered
edivad: is allowed/polite to scrape all the btcbase.org/log website?
edivad: I've done it yesterday for a friend that asked me a dvd with the logs inside, to read them when on holiday with no internet access
mircea_popescu: they also end up on archive.is, because the bot archives links and the odds of a whole day going by without a single log reference are small.
edivad: ok thanks, intially i thought that maybe doing 400-500 mb of
http traffic could be seen as a bad thing
mircea_popescu: well so if you thought that you could have asked before rather than after eh.
mircea_popescu: anyway, forward your thanks to phf for allowing your exericse.
edivad: i know, it wasn't a smart move, but if you see a spike of traffic now you know that it wasn't a ddos attempt
edivad: phf: so, sorry for not having asked before
BingoBoingo unsure phf really will notice one complete scrape
edivad: it was about 250 mb iirc
edivad: but i've done two times becouse the first has gone wrongly to the standard output
deedbot: PeterL voiced for 30 minutes.
PeterL: hi, thanks for the !!up, my key is on another computer
PeterL: I looked at miller-rabin, and switching over to that algorithim is quite simple
PeterL: I tested the fermat test, and with 100 numbers of 1024 bits deemed prime by the fermat test, 50 were found to be composite by miller-rabin
PeterL: so yes, using the fermat test would be bad
a111: Logged on 2017-08-08 23:33 mircea_popescu: PeterL +# IMPORTANT NOTE: if the cs is too small, messages have a chance to get decrypted by the wrong key << what is the logic behind this ?
PeterL: if you have a 0 byte cs, then every message looks good
☟︎ PeterL: using the wrong key will result in a random byte string, so with a cs of 1 byte, you have 1/256 chance of looking like it was the right key
☟︎ mircea_popescu: 0 length isn't usually what one thinks of when seeing "too small". same istrue if 1 byte string ?
PeterL: so I guess "too small" would be something like two or less?
PeterL: not that using the wrong key will give you the plaintext message, but that if it uses the wrong key and happens to match the cs for that key, it will pass the pile of garbage on to all the peers
mircea_popescu: so you are telling me that m ^ e ^ d mod n always has an integer solution for randomly chosen parameters.
☟︎ PeterL: well, won't that calculation always result in an integer?
PeterL: oh, wait, no, I didn't see the extra ^ e in there
mircea_popescu: or how shall i best put it, that's not equality but modulo congruence. whereby 7 = 5 mod 2
PeterL: if you have an encrypted text c, then c ^ d mod n will give an integer, without previously knowing m, how will you check for congruence?
mircea_popescu: PeterL the logical approach would be to include a checksum neh ?
PeterL: aha, that seems like a logical solution.
mircea_popescu: PeterL the broader point here being that you can't warn the user about things he can't control. you gotta provide for it yourself.
mircea_popescu: PeterL the other problem this discussion reveals, of course, is that you aren't using any padding ?
PeterL: this is the padding algorithm described by alf: take random bits r and message x, encrypt r to key A and encrypt (r XOR x) to key B
mod6: edivad's environment is indeed some sort of non-developer version of linux that has almost no tools pre-installed. also, had some non-english version, which my V does not work with. Yesterday asked him to remove gpg v2, and install v1.4.10.
mircea_popescu: PeterL and then you add key A and B to the message at the end so recipient can un-pad ?
mod6: These problems should be resolved once sane environment is achieved.
PeterL: no, recipient goes through his list of keys A and B until he finds the one that decrypts it
mod6: meanwwhile, I'll add a preface to the HOWTO doc on the minimum requirements. thanks to diana_coman for gathering them up once upon a time.
mircea_popescu: now : textbook rsa (the sort of thing you seem to be discussing, above) has no semantic security and on top of that is malleable.
PeterL: that is what we were trying to fix, no?
mircea_popescu: now, alf's scheme is probably valid padding, though it is very expensive. it works like so : to encrypt a message m to key X, you : a) generate two one-time keys, A and B. you encrypt some bits of m to A and some to B, randomly chosen. you pile together : the bits of m encrypted with A, the bits of m encrypted with B, the schedule of which is which, and the keys A and B into one large m'
deedbot: PeterL voiced for 30 minutes.
mircea_popescu: basically it takes a random string, jumbles it with the original message, and spits out two halves. the hope with it is that it provides all-or-nothing security, in the sense that to recover any bit of the message you need to correctly process the entire pair of jumbled strings.
a111: Logged on 2017-02-14 19:19 asciilifeform: specifically, for every byte you intend to send, you instead send two: x, y. which you generate by obtaining rng byte r, and payload byte b, and x := b xor r, y := r
mircea_popescu: oaep works like this : given hash and hash' hash functions, calculate X as hash(m00) xor G(r) and Y = r xor hash'(X).
mircea_popescu: because hash and hash' are used to stretch/reduce the bitlength of their parameters, something like mpfhf (which permits arbitrary sized outputs/inputs) could work well ; but is also slow.
mircea_popescu: and upstream, to make clear what "semantic security" means : rsa is deterministic, if i wish to see if your "encrypted" string really was message m, all i have to do is encrypt m myself. if the results match i have cryptographic confirmation.
mircea_popescu: (and, of course, for short messages ie shorter than n i can just compute the e-root).
mircea_popescu: PeterL terrible, terrible thing, which is why irl rsa is always padded.
mircea_popescu: and since we're apparently doing rsa likbez : if r used in padding above contributes less than n / e^2 bits of entropy to the final, padded message, coppersmith has a few words to tell you.
PeterL: mircea_popescu linking to a pdf, what is the world coming to!?
PeterL: in " n / e^2 bits of entropy ", what are n and e, the key modulus and exponent?
PeterL: do you mean the bitsize of n and e, or the actual numbers?
deedbot: PeterL voiced for 30 minutes.
mircea_popescu: i mean the bitsize ; it's not just that though, partially known secrets, low exponents etc all conspire to empwer the latice reduction.
PeterL: how low is low for an exponent?
PeterL: and what partially known secrets here?
PeterL: is 65537 big enough for an exponent?
mircea_popescu: anyway, let it be said that there's nothing wrong with oaep as far as we know, but for the sake of argument a mpfhf based padding scheme would conceivably work like this : 1. given message m, of length l, generate r = random bits, of length l' up to l but not less than 256 bits. 2. compose m' = r + m + c (in that order), where c is l - l` (and its bitness is always same as the bitness of len(m')-256). 3. compose Pm = R + S +
☟︎ mircea_popescu: c (in that order), where R and S are produced by mpfhf(m') with R len set to c (bitness same as bitness of len(Pm). Pm will be the padded message sent to RSA. The recipient will have to undo mpfhf with known R and S to obtain m.
mircea_popescu: this scheme is both slow and bulky. it is not likely useful for gossipd-style comms. it is certainly valuable for signing material, especially because rsa signature is much more padding-vulnerable than encryption ; and perhaps for some limited encryption work.
deedbot: PeterL voiced for 30 minutes.
mircea_popescu: PeterL so if you feel like writing a mpfhf reverser... afaik nobody has to date.
deedbot: PeterL voiced for 30 minutes.
PeterL: I will check in later once I am back at my computer with my key to verify this conversation has been with the real PeterL
☟︎ PeterL: I will have a look at making a reversing function for the mpfhf
jhvh1: BingoBoingo: Bitstamp BTCUSD last: 3298.67, vol: 13040.95962783 | Bitfinex BTCUSD last: 3294.8, vol: 30614.16409473 | BTCChina BTCUSD last: 3325.733768, vol: 12852.97540000 | Kraken BTCUSD last: 3337.978, vol: 6685.96834593 | Volume-weighted last average: 3306.45847118
PeterL: mircea_popescu: if l is less than 256, then l' = 256?
PeterL: for your padding scheme above ^
mircea_popescu: and rnd(256, l) is not equivalent because who the fuck knows what rnd does when a > b.
PeterL: so not more than rather than not less than 256
a111: Logged on 2017-08-09 14:11 PeterL: if you have a 0 byte cs, then every message looks good
mircea_popescu: asciilifeform i was discussing a more general rsa scheme, not gossipd specifically.
mircea_popescu: but yes, for unrelated reasons fixed size is the right choice for gossipd.
PeterL: asciilifeform, I am not sure I understand what you are getting at here
a111: Logged on 2017-08-09 14:14 mircea_popescu: so you are telling me that m ^ e ^ d mod n always has an integer solution for randomly chosen parameters.
deedbot: PeterL voiced for 30 minutes.
PeterL: right, my scheme was doing that
a111: Logged on 2017-08-09 14:12 PeterL: using the wrong key will result in a random byte string, so with a cs of 1 byte, you have 1/256 chance of looking like it was the right key
PeterL: It checks to see if it is using the right key by comparing the decrypted text agains a pre-known challeng-string (cs)
PeterL: mircea_popescu suggested instead using a checksum
PeterL: who am I to stop people from sabotaging themselves?
PeterL: I am still learning here, the last time I came and said "how do I know if I have used the right key to decrypt it?" nobody suggested a checksum, now I will try to figure out how that would fit into the program
mircea_popescu: asciilifeform man, you're mixing industrial process into educative discourse without any sort of rhyme or reason, resultin in some very confuysed and eventually frustrated people.
erlehmann: PeterL 1. write grammar 2. ??? 3. never correct invalid input, nuke it from orbit instead
mircea_popescu: don't even have to, but consider the context. yes "it's what rsa is", that's what i'm checking, that he knows.
PeterL: so for longer messages, they will get cut into chunks. It it better to check the first chunk until you find the right key and then use it to dercypt the whole message, or do you want to decrypt the whole message with every key (to hide the fact you found a match)?
mircea_popescu: PeterL the cutting into chunks should happen prior at some client level. it's ok if your think accepts no messagtes lonmger than x. irc doesn't either.
PeterL: but I want to make longer messages possible
erlehmann: mircea_popescu it feels like work. i had that experience a few minutes ago, when i explained to a rando on the train the concept of non-existence dependencies.
mircea_popescu: because udp packets if nothing else ; besides "longer" is not the same as endless.
mircea_popescu: erlehmann so what, you're of a firm "will only work for evil empires" persuasion ?
mircea_popescu: in other lulz, /me went to open bank account today. you can not BELIEVE how fucking pussy whipped these people are. a) bank's only wire intermediary is bank of america. why ? uh... that's what the other banks do too. but... why ? umm... is it because you schmucks are a us colony, in the sense you don't get medicare and they still get all your shit anyway ? uhhhh
PeterL: well, udp packet is alot bigger than the 512bytes that fit in a rsa packet, why waste all the space?
mircea_popescu: b) they want to... "know your customers". bitch, it's none of your fucking business ? uh no, because ley so and so say so.
mircea_popescu: im guessing i'll be taking ads in the local newspaper, "looking for lawyers willing to sue the government, apply within".
PeterL: do we need guarentee non-fragment ?
PeterL: and if we are sending to key A and B, we will need 1024 bits for each segment anyway
mircea_popescu: PeterL let's get back to cogency here. how did you come to the "512 rsa packet limit" ?
PeterL: 4096 bit key n, message needs to be smaller than that, right?
PeterL: well, shoot, I must be confused somewhere
mircea_popescu: pro tip : it is always a very useful thing to be able to reflect your own mental process, which starts with being able to answer "where i got this from". makes error handling much faster and infinitely more efficient.
PeterL: c^d mod n = m, therefore m must be smaller than n?
mircea_popescu: PeterL can you tell me anything about what the greeks used for encryption ?
PeterL: not really, the ceasar cipher or something?
mircea_popescu: well cesar was a roman, wasn't he ? the "technologically advanced" dorks that took the sail tech of the people who sailed from sweden to south africa and made some square sailed tubs that sunk in the mediterranean half the time.
mircea_popescu: basically they had this early elliptic curve crypto, implemented as an arbitrary cone on which they wrapped a string. because the string is fixed length see, whereas the section of cone is not.
☟︎ PeterL: alright, so the decryption relied on having an identical physical object?
mircea_popescu: now, intuitively, would you imagine this worked at all if the string was so short it never fully wrapped ?
PeterL: hmm, no, it would have nothing to transpose to
mircea_popescu: short messages are a problem for rsa, not a boon. this is generally fixed by padding.
PeterL: ok, but how short is short?
PeterL: I thought it was only bad if m^e was less than n?
mircea_popescu: that's what i meant earlier with the e-root. if say your key is 1024 bits, and your exponent is 3, and your "encrypted" message is, numerically, 1404928, i can readily extract the cube root and find the original as 112.
mircea_popescu: had there been a wrap, i couldn't have extracted the cube root [quite so easily]
PeterL: right, I understand that part
mircea_popescu: PeterL yes, there is that. larger e provides some protection agaisnt this issue.
mircea_popescu: but in any case, the point is -- rsa is not better for shorter messages. for really short messages it can be really shitty. which is why my 256 minimum bits in the padding scheme.
PeterL: alright, so my scheme pads everything to the length of the key, but as I understand it still has to be smaller than the key n?
PeterL: because you are calculating a number mod n, so the result will therefore be smaller than n
mircea_popescu: that the result is smaller than n is of no consequence to you is it.
PeterL: so you can't use a number larger than n
PeterL: because the decryption is also a calculation mod n
a111: Logged on 2017-08-09 14:24 mircea_popescu:
https://www.ti89.com/cryptotut/rsa3.htm << very handy rsa tutorial in that it uses base 10 and alphabet-indexing for letters. so one can actually rsa by hand and get a good model of what's going on.
deedbot: PeterL voiced for 30 minutes.
mircea_popescu: do an example once, it's instructive. easy to follow because small numbers.
PeterL: it looks like this thing is encrypting each character individually?
PeterL: so each character must have a value less than the n it is using, right?
PeterL: so the message is larger than the key modulus, part of it will be lost when it is decrypted
mircea_popescu: and so thereby a 4096 bit key can handle chunks of up to 512 bytes of message.
mircea_popescu: PeterL and as asciilifeform aptly points out, this happens to be convenient, because it's right around the size of the nonfragmenting udp packet.
mircea_popescu: (the precediny line was 146 characters, which is less trhan 146 bytes, especially if you do a lzw or something like sane people first)
PeterL: and my scheme splits messages into r and m xor r, so I need 1024 bytes to pass the smallest message, which is already larger than the UDP "unfragmentation limit" of 512 bytes, so why stop there and not just let the message get longer by adding in some more chunks?
PeterL: up to the limit of the size of a udp packet?
PeterL: please, help me see the flaw?
PeterL: which would mean using keys of half the size, right?
mircea_popescu: PeterL what is the scheme contemplated here, that you take a say 8 byte message, generate an 8 byte r, then create a 16 byte padded message by appending the r and the r xor m and then rsa that ?
PeterL: mircea_popescu: but encrypting the r to one key and the r xor m to a second key, so you end up with two rsa-key-length segments
PeterL: well, I was putting it all in one udp packet
PeterL: if they did not come together in one packet, then you would have to hold onto packets and try to match them up with their partner
PeterL: this seemed like it would be cleaner
mircea_popescu: but even if you send them "together", there's no guarantee they stay unfragmented. not at that size.
PeterL: (perhaps I misunderstand how udp packets get reassembled)
mircea_popescu: as alf says : "something to all comers". primo target of ddos monkeys.
PeterL: the other optin would be to use rsa keys of half the size, allowing only 256 byte messages
PeterL: well, message still limited by key size, so yes
mircea_popescu: so your gossiptron only accepts lines of up to 256 chars in length, then you lzw that and pad etc. not the end of the world.
PeterL: but that 256 also has to carry stuff like user name
PeterL: still better than twitter, I guess
mircea_popescu: you would see value in eg irc dropping its 200 char limit or what was it ?
PeterL: I do find it annoying that long messages get split, but I guess it is not the end of the world or anything
PeterL: suggestions on a good hash function for a checksum?
deedbot: PeterL voiced for 30 minutes.
mircea_popescu: and with this, PeterL finds himself exposed to galois fields, polynomial division, and the rest of the "easy to implement and straightforward" jewels.
PeterL: asciilifeform: ^ what would be the downside of using crc for this?
PeterL looks, finds a .py standar lib function for this: binascii.crc32
mircea_popescu: asciilifeform yes, well, everything has problems. but there's a difference between using a crc as hash and using a crc as checksum ; and using say sawed-barrel keccak (take first or last x bytes, whatever) isn't all that good because it's really not designed for fragment behaviour like that, nor was such studied
mircea_popescu: trying to stuff a mac or something in there will make the bondogle regret the days of the aes/rsa combo.
mircea_popescu: so you want to take a message m, add that many random bits to it, and then add twice that many bits as a hash of the pile, thereby using 25% of the space for the plaintext ?
mircea_popescu: (the rsa forgery comment was re sig ^ e mod n || sig mod n always verifies as validly signed.)
mircea_popescu: and incidentally, pss should prolly be in the final tmsr-rsatron huh.
mircea_popescu: (ftr, the way pgp does it is that it repeats two bytes of a more or less random block of 16 bytes, and then checks if they came out the same. this is in fact WORSE than
http://btcbase.org/log/2017-08-09#1696023 but then again contemporary applied cryptography is a very low effort, low quality field).
☝︎ a111: Logged on 2017-08-09 18:37 mircea_popescu: xor the bytes ?
a111: Logged on 2017-08-01 23:43 mircea_popescu: i suspect steemit is a sort of how did they call that alt-disqus/alt-github "let us steal your content" thing ?
BingoBoingo: Not really made a blog. Started making posts on platform that it seems some other folks made.
mircea_popescu: it's incomprehensible to me, how this "i moved from a forum to a ... forum" thing works in the public's mind.
mircea_popescu: but, it given, it's no wonder all cars migrating to being the same engine in different plastifications.
mircea_popescu: the statement is that if pss is used atop rsa, then baring poor implementation a forgery is going to cost more than what reversing rsa costs.
mircea_popescu: pubkey crypto dunb enter into it, this is a discussion of signature hashing (digests, really) schemes.
mircea_popescu: i thought there's consensus re offering c-s in teh tmsr cryptotron
mircea_popescu: afaik pretty much the only candidate besides rsa itself.
mircea_popescu: but in my own mind the "well alf is making P" pretty much was "he's walking to path to both cs and rsa impls to the furthest node"
mircea_popescu: otherwise why implement a ptron rather than simply a rsatron.
erlehmann: 1. mention non-existence dependencies to people who know C and/or C++
erlehmann: 2. look on while almost all of them develop the exactiy same train of thoughts (including fixing make, which is impossible for this kind of program)
erlehmann: asciilifeform on systems with multiple include paths, a C or C++ header file is looked for in location A, B, C. it is found in directory C. it does not exist in location A or B.
erlehmann: if C changes, the target needs to be rebuilt. that is a dependency.
erlehmann: if A or B start to exist, the target also needs to be rebuilt. that is a non-existence dependency.
mircea_popescu: asciilifeform anyway, let's sit down and make something sane for this guy. peterl i mean. what's his message supposed to be like ?
erlehmann: asciilifeform that is one possible answer to the think. the thing that starts the triggering is usually a combination of said devs using make and realizing that this is, indeed, a problem.
mircea_popescu: letting him "figure for self" at this juncture is unsanitary.
erlehmann: asciilifeform C header files are only one instance of such non-existence dependencies where existing of a thingy invalidates the assumptions that went into building another thingy.
erlehmann: they are only arguably the most common one
erlehmann: and excellent for stunning freeBSD developers btw
erlehmann: asciilifeform it is always absent if you always build clean
erlehmann: mircea_popescu in a way, it does. no?
mircea_popescu: erlehmann it's a pile of patches. how the compiler optimizes the rebuilding is irrelevant ; if you change one file it can rebuild the whole thing or not ; but v still only changes the one file and still doesn't have the problem.
erlehmann: asciilifeform correct. the talk begins with me mentioning non-existence dependencies and ends with the recipient either having a solution (one guy), being aware of the problem already (i counted two) or being unaware of it but being aware that their software is a lie.
erlehmann: the solution turned out to be a non-solution btw
erlehmann: something involving a goedelized perl script that builds all build rules that don't build themselves. drugs were probably involved.
erlehmann: asciilifeform the goal of the game is to make dev aware of context being insane
a111: Logged on 2014-11-26 01:11 asciilifeform: 'I’d like to see one expression coined by the poker writer Matt Matros become common parlance, since it applies far more widely than only to poker. An “alien problem” means some problem that might be fun, interesting and educational to analyze, and it would be really important to know the solution if you ever found yourself in that situation, but the point is that you shouldn't even be having that problem in the first pl
erlehmann: indeed, one part of the solution is to return to earth
mircea_popescu: to encrypt : take plaintext message M, no longer than 250 bytes, and zero-pad it to 250 bytes. take pile of random bits R 250 bytes long. calculate X = M xor R. calculate Y = R xor MPFHF(X) set for R.len = 250 bytes. RSA the 500 byte pile of X || Y. done. to decrypt : de-RSA the 500 byte pile. cut it in two halves. calculate R = Y xor X. calculate M as X xor R. done.
☟︎ erlehmann: mircea_popescu one person hallucinated having seen the elusive djb redo c code that ultimately did not exist. another person was a release manager and made sure the problem does not exist. a third person wrote a cmake thingy longer than my own redo implementation. a freebsd developer confirmed the problem exists.
erlehmann: mainly i realized why my talk to the conference was rejected
erlehmann: because the reaction of most people to it is
mircea_popescu: asciilifeform most importantly, do we ACTUALLY want to do something pgp-retarded like say R.len = 200 bytes, repeat the last 50 for a 250 byte total then use the repeat to make sure you decrypted correctly ?
erlehmann: 1. this is not a problem at all in my process
erlehmann: 2. yes, this might be a problem for some, but it never happens to me
erlehmann: 3. yes, this is not detectable, but the effect is negligible
erlehmann: 4. yes the effect matters. we can patch make, though
erlehmann: 5. make is unfixable, but we can patch gcc!
mircea_popescu: asciilifeform i guess when he comes back from the mpfhf reverser ima make him do a keccak impl that ACTUALLY does the any-output thing. afaik they're all 32/64byte
erlehmann: mircea_popescu i wanted to give a talk about non-existence dependencies at SHA 2017 and it was rejected with “provide a 5min lightning talk on problem instead”. problem: 5min are enough to understand the problem, not why you are having it or what follows from it.
erlehmann: one lulzy consequence is that a lot of software might have been released with sublty wrong header files included
erlehmann: mircea_popescu like, ticket? it was camping, mostly
erlehmann: maybe i am not clear enough: i did not get to hold a talk so i talked to random c developers for fun.
mircea_popescu: "tell that to some guy a little younger than you, who just fell off the turnip truck. there is no publicity value in my talk being at your conference. what, if you sell 2000 of them it'll be a miracle. and what, what are people going to say, uuuuuu i like how that erlehmann talks, i wonder if he's got a blog or anything".
mircea_popescu: nobody knows what the fuck "sha 2017" is. nobody cares. even the people paid to fucking care stopped giving a shit in the 90s, as that nsa goon at "crypto conferences" piece amply attests.
mircea_popescu: hanging out with any other troop of stoners would be a better use of your time, in the sense of variety.
mircea_popescu: in other lulz : obviously there's a "foundation" and a "code of conduct" (the usgistani nonsense copy/pasted) and a freenode chan, why not. ~600 accounts logged in (specifically :
http://p.bvulpes.com/pastes/yDU6G/?raw=true ) , ZERO anyone has to say at all whatsoever. most are related to matrix.org, which is a pile of nonsensical lulz which you're more than welcome to try and make sense of by yourself. in any case, it's an "
☟︎ mircea_popescu: independent" "free" bla bla made by amdocs employees. which YES, is that thing made by the israeli golden pages, and YES is that thing involved in the espionage scandals. and so on.
mircea_popescu: but isn't it great that all mgm needs to do is to put on a coupla hats and suddenly the turnips think themselves human fucking beings ?
a111: Logged on 2017-08-09 22:14 mircea_popescu: but afaik keccak isn't that fix-space-able either.
mircea_popescu: but yes, i agree that in principle something-like-keccak could be made to spit arbitrary len digests ; and perhaps also in fixed space. the latter will require actual impl to settle.
mircea_popescu: the herd is lazy, the aparatchicks are scared, and the intelligent are lost in the soup, interacting with cattle and criminals as if they were people.
☟︎ pa1atine: hi all, great reads I had those days. logs are a trove of wisdom
a111: Logged on 2017-08-09 23:00 mircea_popescu: the herd is lazy, the aparatchicks are scared, and the intelligent are lost in the soup, interacting with cattle and criminals as if they were people.
trinque: sorry, we're past our quip quota for the day. what else you got?
pa1atine: just back reading all the stuff
a111: Logged on 2017-07-18 18:23 mircea_popescu: asciilifeform understand this bit of GT : the knowledge of all the things you don't know thereby constructs a sybil of you.