mircea_popescu: meanwhile in lulz for alf, https://bitcointalk.org/index.php?topic=1959633.msg19501495#msg19501495
asciilifeform: pretty great
asciilifeform: intel found these ?
mircea_popescu: aha. well technically, i found them because got bored today and dug into older reports in moar detail.
mircea_popescu: baccalaureatelifeform. i chuckled.
asciilifeform: 'They are diversified in eth already.' << didjaknow !
mircea_popescu: lol
mircea_popescu: hey, rape is diversification.
asciilifeform: srsly comedy gold. betcha there's more of these, somewhere deep in the sewers
mircea_popescu: o there's tons, yeah. mn words/day outpour.
asciilifeform: also i thought mention of mp/trb/et al were a hangin' offense at tardstalk
mircea_popescu: eh, the problem with "the people themselves" is they can't stick to anything.
asciilifeform: evident
mircea_popescu: anyway, it's not just mp, y'all famous. liek https://bitcointalk.org/index.php?topic=2021010.0 etc
mircea_popescu: https://bitcointalk.org/index.php?topic=2021010.msg20138034#msg20138034 to be precise.
mircea_popescu: and also in moar antique lulz, https://bitcointalk.org/index.php?topic=1330553.0
mircea_popescu: (liek, https://bitcointalk.org/index.php?topic=1330553.msg15354026#msg15354026 to be precise again)
BingoBoingo: My favortie part is "MP preventing Segwit" when instead the power rangers were compelled to Segwit a certain way leaving Bitcoin alone.
mircea_popescu: all comes down to "what are you gonna tattoo, world too complex"
BingoBoingo: Eh, tattoo yourself all black play transracism card
mircea_popescu: a right, actually, there's one, the queen of spades eh.
mircea_popescu: ~only angloword / herdemocracy meaningful tattoo.
asciilifeform: eh there's also that one they put near the arse, devil stoking a furnace
mircea_popescu: but what's it mean ?
asciilifeform: means pierced-pederast
mircea_popescu: ah yeah. but not rly angloworld that is it.
asciilifeform: no but oughta be.
mircea_popescu: elsewhere in the rotting pile, "If a function is inlined 10 times, there will be 10 copies of the function inserted into the code. Hence inlining is best for small functions that are called often."
mircea_popescu: because, you see, the "phd level" wikitards are entirely bereft of a clue to the degree of not understanding inflexions AT ALL.
asciilifeform: they also apparently never bother to actually profile
mircea_popescu: why the fuck should it be "called often", when obviously all the functions that are called ONCE are inlined by default!
asciilifeform: ( every single inline pragma in ffa is there because without it, stat. signif. uptick in run time on all of my iron )
mircea_popescu: asciilifeform yes, but that takes you know, like actual tools. whereas nude reason of a kid posessed of high school maths would have allowed the correct limit be picked.
mircea_popescu: but they don't do lim f(x) for x->k thing anymore as 15yos do they.
asciilifeform: not in monkeystan
mircea_popescu: "advanced" maths of basic calculus. "not needed --- what use is it IN LIFE ???"
mircea_popescu: i dunno dumbsticks, maybe youy don't make a fool of yourself in prose.
mircea_popescu: meanwhile in "ladies with an attitude (and really nice tits)", http://68.media.tumblr.com/4a361c779a8bbdac8db619d5af316e35/tumblr_ni9kq40prH1s8qd8oo1_500.gif
asciilifeform: 'could you please explain (in detail) how they plan to scale bitcoin' ahahahaha
asciilifeform: they oughta sell tickets, to watch this
asciilifeform: but also didjaknow, 'but what they can do is, after a hardfork happens, they could buy all the coins that the MP and the rest of whales dump into the market to try to kill the fork, and not only that, but they could pump it even higher by simply printing more money and pumping the price of "gavincoin" above legacy chain. what then'
asciilifeform: ( why not usg peg of trillion $ per gavincoin ! why think so small. )
mircea_popescu: i see you're enjoying.
asciilifeform: while we're at it, why not yet a trillion $ / per peg on obummer's used knickers
asciilifeform: solve national debt...
mircea_popescu: in other "people themselves" : charlize theron's character in atomic blue (this borderline sleeve superheroine-spy of a retro-hallucinated 90s, as in the real 90s the us agents got fucking raped in eeurope/berlin) is SO FUCKING HOT she takes baths in iced water.
mircea_popescu: to drive this point home, they have her fish out a coupla cubes put them in a glass before pouring vodka
mircea_popescu: because you know, nobody serious drinks vodka without ice, and bathwater really makes the best samagon.
mircea_popescu: such a lulzy fucking scene considering the usistani history in both involuntary self-crit humor and bathtub alcohol it's practically an un-unrollable loop of funny.
asciilifeform: gotta make sure to scoop from the right bathtub tho. wouldn't want to drink benjies from benjie tub
mircea_popescu: i think those are for smoking.
mircea_popescu: cigar lighting at any rate, something.
asciilifeform: aahyes.
asciilifeform: '...he didn't rip people off.
mircea_popescu: gotta use the right tool for the job, bacalaureatealf.
asciilifeform: No one else did. Not theymos, not knighmb, not pirate, not silbert, not Jihan Wu. Not satoshi or asciilifeform.
asciilifeform: '
asciilifeform: gold
mircea_popescu: in other lulz, ro still has sex at concerts ( http://www.stiridecluj.ro/divertisment/sex-la-untold-cluj-doi-tineri-s-au-incins-prea-tare-video ) to everyone's shock and awe.
asciilifeform: 'this video is unavailable'
mircea_popescu: hm.
asciilifeform: nm loads from direct link
asciilifeform: but... censored nao
asciilifeform: ( pixel blob instead of subj )
mircea_popescu: there probably was a cock or some other radioactive material.
mircea_popescu: in other mild lulz, it seems the albania-serbia-macedonia pressure is slowly mounting. with any luck, 3rd kosovo war.
mircea_popescu: https://www.tvfagaras.ro/wp-content/uploads/2013/10/media_136471005390712700.jpg <<< supposedly, angela merkel with a coupla friends, at romanian nudist beach (costinesti) in teh 80s.
mircea_popescu: the obvious question being, "how come the ugly one ends up a fiat politician ?" ; and the obvious answer being that sane girls find better shit to do.
asciilifeform: oh before i fughet, http://btcbase.org/log/2017-08-08#1695461 benchmark is 0.8s on crapple shitbook, and 2.52s on ye olde workhorse x60☝︎
a111: Logged on 2017-08-08 21:28 asciilifeform: in other noose, mod6 , phf , et al : http://btcbase.org/log/2017-07-10#1681208 nao 1.5s . ( this with karasbuba-squaring used in exp, and comba-squaring used as base case in the former. )
asciilifeform: ( 1.5s -- opteron 3Ghz )
mircea_popescu: !!key Scout_
deedbot: Not registered.
mod6: evenin'
shinohai: hey mod6
mod6: hi :]
BingoBoingo: lol "M. Poopscoop provides a solid foundation to comedy gold. With the current pace of events, in particular coinbase and the DPR trail he doesn't get as much laughs as he used to. I don't have the impression that is going to change anytime soon with the comedy features at an ATH." << The studious ignoring highlighted
BingoBoingo: From https://bitcointalk.org/index.php?topic=942404.msg10324985#msg10324985
mircea_popescu: BingoBoingo is that like 2013 ?
BingoBoingo: 2015 through 2016
mircea_popescu: ah
BingoBoingo: http://deedbot.org/deed-393913-1.txt
mircea_popescu: that's jan 2014
BingoBoingo: The thread runs for a while
BingoBoingo: Some things never change https://archive.is/BbRh5
BingoBoingo: In still further nostalgia https://voat.co/v/fatpeoplehate/2049247
asciilifeform: in other quiteolds, http://werner-heisenberg.unh.edu/diary.htm
BingoBoingo: "The chickens on the lower floor bother me a little, though their usefulness makes sense to me in every way." << What redditard would accept this compromise!
BingoBoingo: "In Urfeld it turns out that over night the garden was trampled by deer." << Who could have predicted free food would just walk by and make a mess of your labor food.
shinohai: Venison + Salad .... mmmmmmm
mod6: <+mircea_popescu> meanwhile in lulz for alf, https://bitcointalk.org/index.php?topic=1959633.msg19501495#msg19501495 << HEH
deedbot: http://qntra.net/2017/08/a-list-of-known-bitcoin-ransom-cases/ << Qntra - A List Of Known Bitcoin Ransom Cases
BingoBoingo: !~later tell cazalla ty
jhvh1: BingoBoingo: The operation succeeded.
BingoBoingo: !!up edivad
deedbot: edivad voiced for 30 minutes.
edivad: hallo
edivad: i'm a junior sysadmin trying to install trb on my VPS without success
mircea_popescu: specifically ?
edivad: https://thepasteb.in/p/P1hvEKZkQp3Sl
edivad: fwiv it seems that V download seals and patches but then the bitcoin source code is not included, and i should gather it on my own?
mircea_popescu: are you using what, mod6 's recipe ?
edivad: yes, following these instructions since the beginning: http://thebitcoin.foundation/trb-howto.html
edivad: tried both online and offline mode, with zero luck
mircea_popescu: did you do 0x09, gathered vpatches ?
edivad: yes
mircea_popescu: mod6 did a u160 test item end up stranded in there ?
mircea_popescu: edivad this is somewhat odd as i recently had a new node configured, came out just fine.
edivad: tried also yestereday to troubleshoot with mod6, (there was another issue related to the locale of my OS, then fixed with him), but now i'm stuck at 0x0B
mircea_popescu: seems you're missing a file for some reason.
edivad: i'm on ubuntu 16.04, fresh installation
mircea_popescu: that wouldn't do anything.
trinque: > patch: not found
edivad: maybe it's just a permission problem?
trinque: no, you're missing the utility patch.
mircea_popescu: doh.
mircea_popescu: edivad sudo apt get patch eh.
edivad: was an assumption in the tutorial?
mircea_popescu: well, it's technically part of core linux, but apparently they ship systems without.
mircea_popescu: will prolly have to add patch to the pile at the end eh.
edivad: patch is already the newest version (2.7.5-1).
mircea_popescu: i have 2.6
mircea_popescu: edivad can you run it from command line ?
edivad: yes
mircea_popescu: this is bizarre. try the actual line from the .sh that fails ? (prolly the first one to string match "patch") ?
edivad: guys, i'm gonna having asap my usual generous amount of morning coffee, since i was typing in the wrong VPS
mircea_popescu: lol!
edivad: now just installed patch on the right vps
trinque: loller
mircea_popescu: ah so okay. that makes more sense then.
mircea_popescu was bracing self for "o look, new version of patch, breaks downstream" lulz.
edivad: gonna report even in case of success
mircea_popescu: a sound policy.
trinque to bed, to dream of tomorrow's generous amount of morning coffee
mircea_popescu: enjoy.
BingoBoingo wishes trinque a night with no strange knocks on door
edivad: may I take advantage of my troubleshooting sign up into the channel to ask about tmsr?
mircea_popescu: ask away
edivad: thanks, basically i was reading the universal plan for wealth
mircea_popescu: !!key edivad
deedbot: Not registered.
mircea_popescu: you can just register a key you know.
edivad: !!key edivad
deedbot: Not registered.
mircea_popescu: !!help
deedbot: http://deedbot.org/help.html
edivad: thanks
edivad: nice
BingoBoingo: !!up edivad
deedbot: edivad voiced for 30 minutes.
edivad: I know bitcoin since a couple of years and learned the hard way how to protect my funds and stay away from scams. Now I finally got into the sweet spot where I realized how many orders of magnitude my savings are safer in bitcoins
edivad: Then after this "sweet spot", also the universal plan for wealth makes sense to me
mircea_popescu: so good for you.
BingoBoingo: edivad: Ah, so at this point reading into TMSR history will be very beneficial for girding yourself against long cons and other social engineering attempts against your wealth and your self.
edivad: but my question is: as a student without a regular jub, should I need to a aim at a minimum wage job, to possibly apply for credit and then fly away to a second/third word country, get a decent house, marry and reproduce?
mircea_popescu: how is another man going to answer that question for you ?
edivad: or there is a better way to get credit, without harming finance of my family (so not asking to them to put collaterals for my loans)
mircea_popescu: this is how growing up goes : you take stock of situation, you make a plan, you implement it.
BingoBoingo: edivad: Which socialist hellhole do you reside in now?
edivad: mircea_popescu: because the universal plan for wealth makes some great guidelines, but then since every situation is different, I'm trying to understand if there is a better approach for who hasn't already a job and is studying
edivad: BingoBoingo: italy
BingoBoingo: Have you considered working construction?
mircea_popescu: what are they to build in italy ?
BingoBoingo: STADIUMS!
BingoBoingo: For the latest wave of Vandals!
edivad: in this summer holidays aside of ruinous altcoin trading I've done some painter job paid 5 euros/hour
edivad: since it was the first work experience, I was even able to enjoy it
edivad: but then after a month i realized that I was needing a better plan
mircea_popescu: i can see that heh
BingoBoingo: Painting done well is a perfectly respectable trade.
BingoBoingo: And it's a rather portable skill
edivad: well, I have a spare brazilian passport in the drawer, so when I've read the universal plan, I instantly got some very powerful energy for a future exit plan
deedbot: http://qntra.net/2017/08/y-combinator-startups-begin-overt-political-discrimination/ << Qntra - Y Combinator Startups Begin Overt Political Discrimination
edivad: now that i've registered my pgp key, should i be able to authenticate signing something?
BingoBoingo: edivad: Just remember that hunger can be the most devious thief of all as evidenced by kakobrekla's 500 BTC car. Every situation is different, but many of them rhyme.
BingoBoingo: edivad: You authenticate by decrypting something.
edivad: OK
mircea_popescu: and in random other lulz : it's funny how the libertards worshipping at the watergate shrine usually omit to mention that by then washington post had been a libel tabloid for years. somehow dillard stokes' name never comes up. somehow they don't seem to notice it always was simply us sturmer.
edivad: make[3]: c: Command not found
edivad: in this case what is missing?
mircea_popescu: gcc ?
edivad: gcc is already the newest version (4:5.3.1-1ubuntu1).
BingoBoingo: http://qntra.net/2017/08/a-list-of-known-bitcoin-ransom-cases/#comment-107260
BingoBoingo: !!up bounce
deedbot: bounce voiced for 30 minutes.
mircea_popescu: edivad your makefile is getting mangled somewhere.
edivad: let me copy the entire error log
edivad: https://thepasteb.in/p/BghP57zQGWycY
BingoBoingo: !!up edivad
deedbot: edivad voiced for 30 minutes.
edivad: tried now to install the common bitcoin core dependencies with apt
edivad: but no luck
edivad: when i'll login again in IRC, what command should i use to authenticate?
mircea_popescu: !!key edivad
deedbot: http://wot.deedbot.org/2774E3A42199C93B528647ECD19963F9A5C443AC.asc
mircea_popescu: use !!v in pm to deedbot.
mircea_popescu: !!rate edivad 1 painter/student
deedbot: Get your OTP: http://p.bvulpes.com/pastes/brgvw/?raw=true
edivad: let me try
mircea_popescu: and in other civilised behaviours : always remember to hold pinky elevated! http://68.media.tumblr.com/e0686d449baf8a8d73a2199a83f7780c/tumblr_o1f357D0Zh1sr105eo1_1280.jpg
BingoBoingo: !!up edivad
deedbot: edivad voiced for 30 minutes.
BingoBoingo: !!key edivad
deedbot: http://wot.deedbot.org/2774E3A42199C93B528647ECD19963F9A5C443AC.asc
mircea_popescu: lol nothing works for this guy does it.
BingoBoingo: !~later tell trinque maybe look into the edivad deedbot registration thing? Guy is having a hard time
jhvh1: BingoBoingo: The operation succeeded.
mircea_popescu: edivad do it here.
edivad: ok
edivad: !!v
mircea_popescu: ...
mircea_popescu: read the help would you.
edivad: !!up
deedbot: Get your OTP: http://p.bvulpes.com/pastes/WQBqO/?raw=true
edivad: !!v 47E94847E0937D49A0D0EBF20F880C396B416F19177CCDCF756E42A74558A76B
deedbot: You are now voiced in #trilema
edivad: wow :)
edivad: thanks BingoBoingo for the help
BingoBoingo: you are welcome
edivad: a thing that i've not asked and now i remembered
edivad: is allowed/polite to scrape all the btcbase.org/log website?
mircea_popescu: you could just make your own logger.
edivad: I've done it yesterday for a friend that asked me a dvd with the logs inside, to read them when on holiday with no internet access
mircea_popescu: nothing wrong with it.
mircea_popescu: they also end up on archive.is, because the bot archives links and the odds of a whole day going by without a single log reference are small.
edivad: ok thanks, intially i thought that maybe doing 400-500 mb of http traffic could be seen as a bad thing
mircea_popescu: well so if you thought that you could have asked before rather than after eh.
mircea_popescu: anyway, forward your thanks to phf for allowing your exericse.
edivad: i know, it wasn't a smart move, but if you see a spike of traffic now you know that it wasn't a ddos attempt
mircea_popescu: i don't maintain btcbase ; phf does.
mircea_popescu bbl
edivad: phf: so, sorry for not having asked before
BingoBoingo unsure phf really will notice one complete scrape
edivad: it was about 250 mb iirc
edivad: but i've done two times becouse the first has gone wrongly to the standard output
deedbot: http://phuctor.nosuchlabs.com/gpgkey/B47B72AF088972BB3797D9E788CB4552536D6536CAB9BD720FAC499CC89527BF << Recent Phuctorings. - Phuctored: 1537...4537 divides RSA Moduli belonging to ' (ssh-rsa key from (13-14 June 2016 extraction) for Phuctor import. Ask asciilifeform or framedragger on Freenode, or email fd at mkj dot lt) <ssh...lt>; ' (gordon.mostfm.com. NZ AUK)
deedbot: http://phuctor.nosuchlabs.com/gpgkey/B47B72AF088972BB3797D9E788CB4552536D6536CAB9BD720FAC499CC89527BF << Recent Phuctorings. - Phuctored: 1781...1313 divides RSA Moduli belonging to ' (ssh-rsa key from (13-14 June 2016 extraction) for Phuctor import. Ask asciilifeform or framedragger on Freenode, or email fd at mkj dot lt) <ssh...lt>; ' (gordon.mostfm.com. NZ AUK)
mircea_popescu: !!up PeterL
deedbot: PeterL voiced for 30 minutes.
mircea_popescu: what happened to your key ?
PeterL: hi, thanks for the !!up, my key is on another computer
mircea_popescu: aite
PeterL: http://btcbase.org/log/2017-08-08#1695498 << this is completely unrelated to sina's item☝︎
a111: Logged on 2017-08-08 23:26 mircea_popescu: PeterL http://btcbase.org/log/2017-08-08#1695421 << is this supposed to interface with sina's item ?
mircea_popescu: alright
PeterL: I looked at miller-rabin, and switching over to that algorithim is quite simple
mircea_popescu: found a c impl somewhere ?
PeterL: I tested the fermat test, and with 100 numbers of 1024 bits deemed prime by the fermat test, 50 were found to be composite by miller-rabin
mircea_popescu: aha.
PeterL: so yes, using the fermat test would be bad
mircea_popescu: and mind that m-r is a ~probabilistic~ test.
mircea_popescu: you gotta have the params set correctly
PeterL: http://btcbase.org/log/2017-08-08#1695504 << so the program goes through the keys and checks the decryption against each challenge-string☝︎
a111: Logged on 2017-08-08 23:33 mircea_popescu: PeterL +# IMPORTANT NOTE: if the cs is too small, messages have a chance to get decrypted by the wrong key << what is the logic behind this ?
PeterL: if you have a 0 byte cs, then every message looks good
mircea_popescu: um.
PeterL: using the wrong key will result in a random byte string, so with a cs of 1 byte, you have 1/256 chance of looking like it was the right key
mircea_popescu: 0 length isn't usually what one thinks of when seeing "too small". same istrue if 1 byte string ?
mircea_popescu: uh.
PeterL: so I guess "too small" would be something like two or less?
PeterL: not that using the wrong key will give you the plaintext message, but that if it uses the wrong key and happens to match the cs for that key, it will pass the pile of garbage on to all the peers
mircea_popescu: so you are telling me that m ^ e ^ d mod n always has an integer solution for randomly chosen parameters.
PeterL: well, won't that calculation always result in an integer?
mircea_popescu: yes, but would that integer then also be m ?
PeterL: oh, wait, no, I didn't see the extra ^ e in there
mircea_popescu: this is the basis of rsa : m ^ e ^ d = m mod n
mircea_popescu: or how shall i best put it, that's not equality but modulo congruence. whereby 7 = 5 mod 2
PeterL: if you have an encrypted text c, then c ^ d mod n will give an integer, without previously knowing m, how will you check for congruence?
mircea_popescu: PeterL the logical approach would be to include a checksum neh ?
mircea_popescu: https://www.ti89.com/cryptotut/rsa3.htm << very handy rsa tutorial in that it uses base 10 and alphabet-indexing for letters. so one can actually rsa by hand and get a good model of what's going on.
PeterL: aha, that seems like a logical solution.
mircea_popescu: PeterL the broader point here being that you can't warn the user about things he can't control. you gotta provide for it yourself.
mircea_popescu: PeterL the other problem this discussion reveals, of course, is that you aren't using any padding ?
PeterL: this is the padding algorithm described by alf: take random bits r and message x, encrypt r to key A and encrypt (r XOR x) to key B
mod6: edivad's environment is indeed some sort of non-developer version of linux that has almost no tools pre-installed. also, had some non-english version, which my V does not work with. Yesterday asked him to remove gpg v2, and install v1.4.10.
mircea_popescu: PeterL and then you add key A and B to the message at the end so recipient can un-pad ?
mod6: These problems should be resolved once sane environment is achieved.
PeterL: no, recipient goes through his list of keys A and B until he finds the one that decrypts it
mircea_popescu: ...
mircea_popescu: i think you misconstrue alf's padding algo.
PeterL: that is also possible
mod6: meanwwhile, I'll add a preface to the HOWTO doc on the minimum requirements. thanks to diana_coman for gathering them up once upon a time.
mircea_popescu: now : textbook rsa (the sort of thing you seem to be discussing, above) has no semantic security and on top of that is malleable.
mircea_popescu: it's not useful in the field.
PeterL: that is what we were trying to fix, no?
mircea_popescu: long fixed problem, so not really.
mircea_popescu: now, alf's scheme is probably valid padding, though it is very expensive. it works like so : to encrypt a message m to key X, you : a) generate two one-time keys, A and B. you encrypt some bits of m to A and some to B, randomly chosen. you pile together : the bits of m encrypted with A, the bits of m encrypted with B, the schedule of which is which, and the keys A and B into one large m'
mircea_popescu: and THAT you then encrypt to key X and send ove.r
mircea_popescu: what gpg normally uses is called OAEP
mircea_popescu: !!up PeterL
deedbot: PeterL voiced for 30 minutes.
mircea_popescu: it's a sort of two-box permutation thing.
mircea_popescu: basically it takes a random string, jumbles it with the original message, and spits out two halves. the hope with it is that it provides all-or-nothing security, in the sense that to recover any bit of the message you need to correctly process the entire pair of jumbled strings.
PeterL: this thing? http://btcbase.org/log/2017-02-14#1613906☝︎
a111: Logged on 2017-02-14 19:19 asciilifeform: specifically, for every byte you intend to send, you instead send two: x, y. which you generate by obtaining rng byte r, and payload byte b, and x := b xor r, y := r
mircea_popescu: similar, but not exactly.
mircea_popescu: oaep works like this : given hash and hash' hash functions, calculate X as hash(m00) xor G(r) and Y = r xor hash'(X).
mircea_popescu: because hash and hash' are used to stretch/reduce the bitlength of their parameters, something like mpfhf (which permits arbitrary sized outputs/inputs) could work well ; but is also slow.
mircea_popescu: and besides, not muchly tested yet.
mircea_popescu: and upstream, to make clear what "semantic security" means : rsa is deterministic, if i wish to see if your "encrypted" string really was message m, all i have to do is encrypt m myself. if the results match i have cryptographic confirmation.
PeterL: is that a good thing?
mircea_popescu: (and, of course, for short messages ie shorter than n i can just compute the e-root).
mircea_popescu: PeterL terrible, terrible thing, which is why irl rsa is always padded.
mircea_popescu: and since we're apparently doing rsa likbez : if r used in padding above contributes less than n / e^2 bits of entropy to the final, padded message, coppersmith has a few words to tell you.
mircea_popescu: (and they are http://www.di.ens.fr/~fouque/ens-rennes/coppersmith.pdf )
PeterL: mircea_popescu linking to a pdf, what is the world coming to!?
mircea_popescu: i know right ?
PeterL: in " n / e^2 bits of entropy ", what are n and e, the key modulus and exponent?
mircea_popescu: yes.
PeterL: do you mean the bitsize of n and e, or the actual numbers?
mircea_popescu: !!up PeterL
deedbot: PeterL voiced for 30 minutes.
mircea_popescu: i mean the bitsize ; it's not just that though, partially known secrets, low exponents etc all conspire to empwer the latice reduction.
PeterL: how low is low for an exponent?
PeterL: and what partially known secrets here?
PeterL: is 65537 big enough for an exponent?
mircea_popescu: 3, generally. that, you never know. yeah.
deedbot: http://trilema.com/2017/se-vende-joyeria-fina/ << Trilema - Se Vende Joyeria Fina
mircea_popescu: anyway, let it be said that there's nothing wrong with oaep as far as we know, but for the sake of argument a mpfhf based padding scheme would conceivably work like this : 1. given message m, of length l, generate r = random bits, of length l' up to l but not less than 256 bits. 2. compose m' = r + m + c (in that order), where c is l - l` (and its bitness is always same as the bitness of len(m')-256). 3. compose Pm = R + S +
mircea_popescu: c (in that order), where R and S are produced by mpfhf(m') with R len set to c (bitness same as bitness of len(Pm). Pm will be the padded message sent to RSA. The recipient will have to undo mpfhf with known R and S to obtain m.
mircea_popescu: this scheme is both slow and bulky. it is not likely useful for gossipd-style comms. it is certainly valuable for signing material, especially because rsa signature is much more padding-vulnerable than encryption ; and perhaps for some limited encryption work.
mircea_popescu: !!up PeterL
deedbot: PeterL voiced for 30 minutes.
mircea_popescu: PeterL so if you feel like writing a mpfhf reverser... afaik nobody has to date.
BingoBoingo: !!up PeterL
deedbot: PeterL voiced for 30 minutes.
PeterL: I will check in later once I am back at my computer with my key to verify this conversation has been with the real PeterL
PeterL: I will have a look at making a reversing function for the mpfhf
BingoBoingo: !~ticker --market all
jhvh1: BingoBoingo: Bitstamp BTCUSD last: 3298.67, vol: 13040.95962783 | Bitfinex BTCUSD last: 3294.8, vol: 30614.16409473 | BTCChina BTCUSD last: 3325.733768, vol: 12852.97540000 | Kraken BTCUSD last: 3337.978, vol: 6685.96834593 | Volume-weighted last average: 3306.45847118
mircea_popescu: works
PeterL: mircea_popescu: if l is less than 256, then l' = 256?
PeterL: for your padding scheme above ^
mircea_popescu: no. l' = rnd(0, l) ; if l' < 256 l' = 256.
mircea_popescu: and rnd(256, l) is not equivalent because who the fuck knows what rnd does when a > b.
PeterL: so not more than rather than not less than 256
asciilifeform: http://btcbase.org/log/2017-08-09#1695792 << variably-sized packets are the mistake here.☝︎
a111: Logged on 2017-08-09 14:11 PeterL: if you have a 0 byte cs, then every message looks good
mircea_popescu: huh ?
asciilifeform: use fixed size.
mircea_popescu: asciilifeform i was discussing a more general rsa scheme, not gossipd specifically.
asciilifeform: aite, i'm walking the l0gz still
mircea_popescu: but yes, for unrelated reasons fixed size is the right choice for gossipd.
PeterL: asciilifeform, I am not sure I understand what you are getting at here
asciilifeform: http://btcbase.org/log/2017-08-09#1695799 << of course it does. rsa decrypt is c^d(mod n) , where c is ciphertext , n is public modulus, d is private exponent.☝︎
a111: Logged on 2017-08-09 14:14 mircea_popescu: so you are telling me that m ^ e ^ d mod n always has an integer solution for randomly chosen parameters.
asciilifeform: this produces a solution always.
asciilifeform: ( but it will be rubbish if either of the 3 values is not the expected one)
asciilifeform: PeterL: don't permit messages of any length but L.
asciilifeform: L is e.g. 512.
asciilifeform: not 1 byte more, not 1 less.
asciilifeform: !!up PeterL
deedbot: PeterL voiced for 30 minutes.
PeterL: right, my scheme was doing that
asciilifeform: PeterL: so what was this : http://btcbase.org/log/2017-08-09#1695794 about ?☝︎
a111: Logged on 2017-08-09 14:12 PeterL: using the wrong key will result in a random byte string, so with a cs of 1 byte, you have 1/256 chance of looking like it was the right key
PeterL: It checks to see if it is using the right key by comparing the decrypted text agains a pre-known challeng-string (cs)
asciilifeform: so why on earth would you permit anything like a 1 or 0 byte string ?!
PeterL: mircea_popescu suggested instead using a checksum
asciilifeform: that's the more typical solution aha
PeterL: who am I to stop people from sabotaging themselves?
asciilifeform: PeterL: one of the most comical failure modes, ubiquitous in usg crypto, is the null cipher
asciilifeform: where there is a ready-made 'shoot yourself in the head' button, conveniently under everywhere you might ever put your elbow
asciilifeform: this is not to continue .
PeterL: I see.
PeterL: I am still learning here, the last time I came and said "how do I know if I have used the right key to decrypt it?" nobody suggested a checksum, now I will try to figure out how that would fit into the program
asciilifeform: you have a substring S in every packet, that gotta equal H(rest of the packet) or whole thing discarded.
asciilifeform: ( importantly, the fact of said discard must not be discernible through timing side channel )
asciilifeform: requirement for H is more or less the opposite of mircea_popescu's hash exercise -- it gotta compute in fixed time.
asciilifeform: ( while otherwise quality hash. my current favourite for this is keccak's hash )
mircea_popescu: asciilifeform man, you're mixing industrial process into educative discourse without any sort of rhyme or reason, resultin in some very confuysed and eventually frustrated people.
erlehmann: PeterL 1. write grammar 2. ??? 3. never correct invalid input, nuke it from orbit instead
asciilifeform: aite, i'ma let mircea_popescu handle pedagogical thread, brb
mircea_popescu: don't even have to, but consider the context. yes "it's what rsa is", that's what i'm checking, that he knows.
mircea_popescu: erlehmann wanna do that ?
erlehmann: mircea_popescu nope.
mircea_popescu: how come ?
PeterL: so for longer messages, they will get cut into chunks. It it better to check the first chunk until you find the right key and then use it to dercypt the whole message, or do you want to decrypt the whole message with every key (to hide the fact you found a match)?
mircea_popescu: PeterL the cutting into chunks should happen prior at some client level. it's ok if your think accepts no messagtes lonmger than x. irc doesn't either.
mircea_popescu: your thing*
PeterL: but I want to make longer messages possible
mircea_popescu: why ?
PeterL: why not?
erlehmann: mircea_popescu it feels like work. i had that experience a few minutes ago, when i explained to a rando on the train the concept of non-existence dependencies.
mircea_popescu: because udp packets if nothing else ; besides "longer" is not the same as endless.
mircea_popescu: erlehmann so what, you're of a firm "will only work for evil empires" persuasion ?
erlehmann: no, just tired
mircea_popescu: in other lulz, /me went to open bank account today. you can not BELIEVE how fucking pussy whipped these people are. a) bank's only wire intermediary is bank of america. why ? uh... that's what the other banks do too. but... why ? umm... is it because you schmucks are a us colony, in the sense you don't get medicare and they still get all your shit anyway ? uhhhh
PeterL: well, udp packet is alot bigger than the 512bytes that fit in a rsa packet, why waste all the space?
mircea_popescu: b) they want to... "know your customers". bitch, it's none of your fucking business ? uh no, because ley so and so say so.
asciilifeform: PeterL: 512 is really top limit of 'guaranteed nonfragment no matter what'
mircea_popescu: im guessing i'll be taking ads in the local newspaper, "looking for lawyers willing to sue the government, apply within".
mircea_popescu: PeterL how did you come uop with the 512 value ?
asciilifeform: empirically
mircea_popescu: asciilifeform damn. listen you!
PeterL: do we need guarentee non-fragment ?
PeterL: and if we are sending to key A and B, we will need 1024 bits for each segment anyway
mircea_popescu: PeterL let's get back to cogency here. how did you come to the "512 rsa packet limit" ?
PeterL: 4096 bit key n, message needs to be smaller than that, right?
mircea_popescu: nope.
PeterL: well, shoot, I must be confused somewhere
mircea_popescu: how did you get that idea ?
mircea_popescu: pro tip : it is always a very useful thing to be able to reflect your own mental process, which starts with being able to answer "where i got this from". makes error handling much faster and infinitely more efficient.
PeterL: c^d mod n = m, therefore m must be smaller than n?
mircea_popescu: PeterL can you tell me anything about what the greeks used for encryption ?
PeterL: not really, the ceasar cipher or something?
mircea_popescu: well cesar was a roman, wasn't he ? the "technologically advanced" dorks that took the sail tech of the people who sailed from sweden to south africa and made some square sailed tubs that sunk in the mediterranean half the time.
mircea_popescu: i mean actual strategoi of the ancient greece.
mircea_popescu: !#s scytale
a111: 6 results for "scytale", http://btcbase.org/log-search?q=scytale
mircea_popescu: basically they had this early elliptic curve crypto, implemented as an arbitrary cone on which they wrapped a string. because the string is fixed length see, whereas the section of cone is not.
mircea_popescu: make sense to you ?
PeterL: alright, so the decryption relied on having an identical physical object?
mircea_popescu: yeah.
mircea_popescu: now, intuitively, would you imagine this worked at all if the string was so short it never fully wrapped ?
PeterL: ok
PeterL: hmm, no, it would have nothing to transpose to
mircea_popescu: short messages are a problem for rsa, not a boon. this is generally fixed by padding.
PeterL: ok, but how short is short?
mircea_popescu: shorter than size of n, here.
PeterL: I thought it was only bad if m^e was less than n?
mircea_popescu: that's what i meant earlier with the e-root. if say your key is 1024 bits, and your exponent is 3, and your "encrypted" message is, numerically, 1404928, i can readily extract the cube root and find the original as 112.
mircea_popescu: had there been a wrap, i couldn't have extracted the cube root [quite so easily]
PeterL: right, I understand that part
mircea_popescu: PeterL yes, there is that. larger e provides some protection agaisnt this issue.
mircea_popescu: but in any case, the point is -- rsa is not better for shorter messages. for really short messages it can be really shitty. which is why my 256 minimum bits in the padding scheme.
PeterL: alright, so my scheme pads everything to the length of the key, but as I understand it still has to be smaller than the key n?
mircea_popescu: what it and why ?
PeterL: because you are calculating a number mod n, so the result will therefore be smaller than n
mircea_popescu: so ?
mircea_popescu: that the result is smaller than n is of no consequence to you is it.
PeterL: so you can't use a number larger than n
mircea_popescu: why not ?
PeterL: because the decryption is also a calculation mod n
mircea_popescu: really, use that item i linked earlier.
mircea_popescu: http://btcbase.org/log/2017-08-09#1695807 <☝︎
a111: Logged on 2017-08-09 14:24 mircea_popescu: https://www.ti89.com/cryptotut/rsa3.htm << very handy rsa tutorial in that it uses base 10 and alphabet-indexing for letters. so one can actually rsa by hand and get a good model of what's going on.
asciilifeform: !!up PeterL
deedbot: PeterL voiced for 30 minutes.
mircea_popescu: do an example once, it's instructive. easy to follow because small numbers.
PeterL: it looks like this thing is encrypting each character individually?
mircea_popescu: it is.
PeterL: so each character must have a value less than the n it is using, right?
mircea_popescu: you mean, the modulus, p * q ?
PeterL: yes
mircea_popescu: right, solving will only find the lowest anyway.
PeterL: so the message is larger than the key modulus, part of it will be lost when it is decrypted
PeterL: so if ^
mircea_popescu: and so thereby a 4096 bit key can handle chunks of up to 512 bytes of message.
PeterL: yes
mircea_popescu: slightly less even. but anyway.
deedbot: http://qntra.net/2017/08/bitcoin-network-mining-diffficulty-up-7-32-to-another-all-time-high-in-first-adjustment-after-roger-ver-ified-fork/ << Qntra - Bitcoin Network Mining Diffficulty Up ~7.32% To Another All Time High In First Adjustment After Roger Ver-ified Fork
mircea_popescu: PeterL and as asciilifeform aptly points out, this happens to be convenient, because it's right around the size of the nonfragmenting udp packet.
mircea_popescu: (the precediny line was 146 characters, which is less trhan 146 bytes, especially if you do a lzw or something like sane people first)
PeterL: and my scheme splits messages into r and m xor r, so I need 1024 bytes to pass the smallest message, which is already larger than the UDP "unfragmentation limit" of 512 bytes, so why stop there and not just let the message get longer by adding in some more chunks?
PeterL: up to the limit of the size of a udp packet?
asciilifeform: PeterL: think carefully, this is flawed logic
asciilifeform: you don't ~have~ 1024 bytes
PeterL: please, help me see the flaw?
asciilifeform: ergo if you want to use the xor padding algo, you are stuck with payloads of half the size.
PeterL: which would mean using keys of half the size, right?
asciilifeform: not necessarily
mircea_popescu: PeterL what is the scheme contemplated here, that you take a say 8 byte message, generate an 8 byte r, then create a 16 byte padded message by appending the r and the r xor m and then rsa that ?
asciilifeform: ( i will also note, the problem with allowing packet fragging is that frag reassembly is a Something-To-Allcomers operation . )
PeterL: mircea_popescu: but encrypting the r to one key and the r xor m to a second key, so you end up with two rsa-key-length segments
mircea_popescu: ok, so then you also send 2, udp sized packets ?
PeterL: well, I was putting it all in one udp packet
mircea_popescu: yes, but we're examining why and whether you have to.
PeterL: if they did not come together in one packet, then you would have to hold onto packets and try to match them up with their partner
mircea_popescu: yes.
PeterL: this seemed like it would be cleaner
mircea_popescu: but even if you send them "together", there's no guarantee they stay unfragmented. not at that size.
PeterL: (perhaps I misunderstand how udp packets get reassembled)
mircea_popescu: as alf says : "something to all comers". primo target of ddos monkeys.
PeterL: the other optin would be to use rsa keys of half the size, allowing only 256 byte messages
mircea_popescu: you mean messages of half the size.
PeterL: well, message still limited by key size, so yes
mircea_popescu: so your gossiptron only accepts lines of up to 256 chars in length, then you lzw that and pad etc. not the end of the world.
mircea_popescu: the rng consumption will be significant though.
PeterL: but that 256 also has to carry stuff like user name
mircea_popescu: yes.
PeterL: still better than twitter, I guess
mircea_popescu: you would see value in eg irc dropping its 200 char limit or what was it ?
PeterL: I do find it annoying that long messages get split, but I guess it is not the end of the world or anything
PeterL: suggestions on a good hash function for a checksum?
mircea_popescu: xor the bytes ?
asciilifeform: lol that's probably the worst conceivable
mircea_popescu: :D
mircea_popescu: !!up PeterL
deedbot: PeterL voiced for 30 minutes.
mircea_popescu: anyway, crcs usually what people use.
mircea_popescu: steal gnuradio's crc32 for instance.
mircea_popescu: iirc openpgp used a crc-24 self-formulation
mircea_popescu: (that =4char thing at the end of the messages)
mircea_popescu: and with this, PeterL finds himself exposed to galois fields, polynomial division, and the rest of the "easy to implement and straightforward" jewels.
asciilifeform: you wouldn't want to use a checksum ( e.g. crc ) for decryptable-legit vs random rubbish distinguisher
asciilifeform: this problems was how we even ended up with cryptological hash functs
asciilifeform: ( if anyone recalls my sageprobe crack ? that was as simple as it was because the thing used crc as hash... )
mod6: BingoBoingo: 7-ish
BingoBoingo: mod6: ty fxd
PeterL: asciilifeform: ^ what would be the downside of using crc for this?
PeterL looks, finds a .py standar lib function for this: binascii.crc32
deedbot: http://phuctor.nosuchlabs.com/gpgkey/FB227B026FA94ABC18FD0A71ADB21D83E8E43BBF14F2DEBFE85F490FFF3627B9 << Recent Phuctorings. - Phuctored: 1578...0979 divides RSA Moduli belonging to ' (ssh-rsa key from (13-14 June 2016 extraction) for Phuctor import. Ask asciilifeform or framedragger on Freenode, or email fd at mkj dot lt) <ssh...lt>; ' (82-214-135-102.itsa.net.pl. PL)
deedbot: http://phuctor.nosuchlabs.com/gpgkey/FB227B026FA94ABC18FD0A71ADB21D83E8E43BBF14F2DEBFE85F490FFF3627B9 << Recent Phuctorings. - Phuctored: 1618...0213 divides RSA Moduli belonging to ' (ssh-rsa key from (13-14 June 2016 extraction) for Phuctor import. Ask asciilifeform or framedragger on Freenode, or email fd at mkj dot lt) <ssh...lt>; ' (82-214-135-102.itsa.net.pl. PL)
mircea_popescu: asciilifeform yes, well, everything has problems. but there's a difference between using a crc as hash and using a crc as checksum ; and using say sawed-barrel keccak (take first or last x bytes, whatever) isn't all that good because it's really not designed for fragment behaviour like that, nor was such studied
mircea_popescu: trying to stuff a mac or something in there will make the bondogle regret the days of the aes/rsa combo.
mircea_popescu: besides rsa allows existential forgery ~anyway~.
asciilifeform: waiwat
asciilifeform: whole point of the M+H(M) or no-go combo is to prevent forgery.
asciilifeform: ( if message dun match the prescribed structure -> forgery )
mircea_popescu: so you want to take a message m, add that many random bits to it, and then add twice that many bits as a hash of the pile, thereby using 25% of the space for the plaintext ?
mircea_popescu: (the rsa forgery comment was re sig ^ e mod n || sig mod n always verifies as validly signed.)
mircea_popescu: and incidentally, pss should prolly be in the final tmsr-rsatron huh.
mircea_popescu: http://grouper.ieee.org/groups/1363/P1363a/contributions/pss-submission.pdf for the day of the pdfs.
mircea_popescu: (ftr, the way pgp does it is that it repeats two bytes of a more or less random block of 16 bytes, and then checks if they came out the same. this is in fact WORSE than http://btcbase.org/log/2017-08-09#1696023 but then again contemporary applied cryptography is a very low effort, low quality field).☝︎
a111: Logged on 2017-08-09 18:37 mircea_popescu: xor the bytes ?
mircea_popescu: (believe it or not, the 18 byte lulz is actually specificed as such, https://archive.is/QYKu5#selection-3121.6-3121.789 ; worth a read, has null IV and all sorta gems)
mircea_popescu: BingoBoingo by following qntra link, i fell upon http://trilema.com/2014/the-woes-of-altcoin-or-why-there-is-no-such-thing-as-cryptocurrencies/#comment-117679 which i suppose explains http://btcbase.org/log/2017-08-01#1692327☝︎
a111: Logged on 2017-08-01 23:43 mircea_popescu: i suspect steemit is a sort of how did they call that alt-disqus/alt-github "let us steal your content" thing ?
BingoBoingo: Ah, that may be it?
mircea_popescu: guy made a blog, next year but still.
BingoBoingo: Not really made a blog. Started making posts on platform that it seems some other folks made.
BingoBoingo not looked into "who made Steemit"
mircea_popescu: it's incomprehensible to me, how this "i moved from a forum to a ... forum" thing works in the public's mind.
mircea_popescu: but, it given, it's no wonder all cars migrating to being the same engine in different plastifications.
mircea_popescu: BingoBoingo http://btcbase.org/log/2016-05-21#1470340 << low effort reddit spinoff ?☝︎
a111: Logged on 2016-05-21 23:31 shinohai: https://steemit.com/girlsgonesteem-nsfw/@steempower/welcome-to-girls-gone-steem#comments <<< the logo even looks like a turd. "steem"
asciilifeform: mircea_popescu: i looked at the pss thing, seems like simply yet another obfuscatorily-complex nsaological artifact
mircea_popescu: iirc there is a proof it is as secure as rsa.
asciilifeform: replete with magicnumbers, 'random oracle' assumptions, 'perfect hash', and other maculae
mircea_popescu: what is this, bayesian proof evaluation ?
asciilifeform: mno, i did go & read
asciilifeform: here's a gem :
asciilifeform: ''When RSA is the underlying primitive, something even more is known: that the ability to forge with resources R in an attack which does not exploit some structural characteristic of the MGF implies the ability to invert RSA on random strings using computational resources only slightly greater than R.''
mircea_popescu: so what is teh fail ?
asciilifeform: see problem ?
asciilifeform: thing ~assumes~ own conclusion ! acquinas-style.
mircea_popescu: wait.
asciilifeform: now if you want a pubkeycrypto where this proof actually exists, i know of exactly one : cramer-shoup
mircea_popescu: the statement is that if pss is used atop rsa, then baring poor implementation a forgery is going to cost more than what reversing rsa costs.
asciilifeform: ( my distaste for it comes largely from it not being rsa, and from a suspicion that enemy has a partial pill against discrete logarithm problem , given that dsa was based on same )
mircea_popescu: pubkey crypto dunb enter into it, this is a discussion of signature hashing (digests, really) schemes.
mircea_popescu: distaste for c-s ?
asciilifeform: possibly distaste is wrong word
asciilifeform: but for above reasons i prefer rsa.
mircea_popescu: i thought there's consensus re offering c-s in teh tmsr cryptotron
asciilifeform: i don't know of any hard, tangible reason to avoid it.
asciilifeform: at any rate it is just as easily implemented on pmachine as rsa.
mircea_popescu: afaik pretty much the only candidate besides rsa itself.
asciilifeform: ( dun require any new primitives )
asciilifeform: aha.
asciilifeform: i know of no others worth bothering with.
mircea_popescu: but in my own mind the "well alf is making P" pretty much was "he's walking to path to both cs and rsa impls to the furthest node"
asciilifeform: correct.
mircea_popescu: otherwise why implement a ptron rather than simply a rsatron.
asciilifeform: incidentally you get best attributes of both if you harness them as i described, via otpxor
asciilifeform: ( yet another reason for pmach )
asciilifeform: you can do more or less whatever variations on whichever theme, you feel like, all it costs is a few extra chars in pubkey
erlehmann: btw i found a new social game
erlehmann: 1. mention non-existence dependencies to people who know C and/or C++
asciilifeform: erlehmann: incidentally what exactly is a 'nonexistence dependency' ?
erlehmann: 2. look on while almost all of them develop the exactiy same train of thoughts (including fixing make, which is impossible for this kind of program)
mircea_popescu: asciilifeform that for x to work, y has to not exist.
mircea_popescu: like you know, poisons.
asciilifeform: granted, but when would this come into play ?
asciilifeform: in erlehmann's context
mircea_popescu: i dunno he has some abstractive grammars itch.
asciilifeform: didn't we do the STOP FUCKING PARTIALMAKING thread ?
erlehmann: asciilifeform on systems with multiple include paths, a C or C++ header file is looked for in location A, B, C. it is found in directory C. it does not exist in location A or B.
asciilifeform: clean the fucking chalkboard
erlehmann: s/directory/location
asciilifeform: flush the toilet.
erlehmann: if C changes, the target needs to be rebuilt. that is a dependency.
asciilifeform: multiple include paths are retarded.
erlehmann: if A or B start to exist, the target also needs to be rebuilt. that is a non-existence dependency.
asciilifeform: they correspond to a vgraph with contradictory inputs.
mircea_popescu: well, systems without patch are also retarded.
asciilifeform: systems are to be fixed - i.e. brought into conformance with vtronics -- or discarded.
asciilifeform: no third.
mircea_popescu: asciilifeform anyway, let's sit down and make something sane for this guy. peterl i mean. what's his message supposed to be like ?
erlehmann: asciilifeform that is one possible answer to the think. the thing that starts the triggering is usually a combination of said devs using make and realizing that this is, indeed, a problem.
mircea_popescu: letting him "figure for self" at this juncture is unsanitary.
asciilifeform: erlehmann: the problem however is not where you seem to put it
BingoBoingo: mircea_popescu: Looking like exactly that
erlehmann: asciilifeform C header files are only one instance of such non-existence dependencies where existing of a thingy invalidates the assumptions that went into building another thingy.
erlehmann: they are only arguably the most common one
asciilifeform: erlehmann: are you familiar with how v works ?
erlehmann: and excellent for stunning freeBSD developers btw
asciilifeform: erlehmann: the problem you describe is absent in v
erlehmann: asciilifeform you are correct
asciilifeform: erlehmann: if it is present in whatever you are using instead -- your process is broken
erlehmann: asciilifeform it is always absent if you always build clean
mircea_popescu: erlehmann that's not what v does.
erlehmann: mircea_popescu in a way, it does. no?
asciilifeform: erlehmann: the building-clean thing is sanity. we had this thread. if your program is 'too big to always build clean', IT IS TOO BIG
asciilifeform: cut it. like procrustes, or into independent subsystems, i don't care how
asciilifeform: no program has any business being a billion line build.
mircea_popescu: erlehmann it's a pile of patches. how the compiler optimizes the rebuilding is irrelevant ; if you change one file it can rebuild the whole thing or not ; but v still only changes the one file and still doesn't have the problem.
erlehmann: asciilifeform correct. the talk begins with me mentioning non-existence dependencies and ends with the recipient either having a solution (one guy), being aware of the problem already (i counted two) or being unaware of it but being aware that their software is a lie.
erlehmann: the solution turned out to be a non-solution btw
erlehmann: something involving a goedelized perl script that builds all build rules that don't build themselves. drugs were probably involved.
asciilifeform: erlehmann: you seem to be fixated on a problem that simply doesn't exist in sane contexts
asciilifeform: !#s martian problem
a111: 4 results for "martian problem", http://btcbase.org/log-search?q=martian%20problem
erlehmann: asciilifeform the goal of the game is to make dev aware of context being insane
asciilifeform: http://btcbase.org/log/2014-11-26#934853 << thread☝︎
a111: Logged on 2014-11-26 01:11 asciilifeform: 'I’d like to see one expression coined by the poker writer Matt Matros become common parlance, since it applies far more widely than only to poker. An “alien problem” means some problem that might be fun, interesting and educational to analyze, and it would be really important to know the solution if you ever found yourself in that situation, but the point is that you shouldn't even be having that problem in the first pl
asciilifeform brb
erlehmann: indeed, one part of the solution is to return to earth
mircea_popescu: to encrypt : take plaintext message M, no longer than 250 bytes, and zero-pad it to 250 bytes. take pile of random bits R 250 bytes long. calculate X = M xor R. calculate Y = R xor MPFHF(X) set for R.len = 250 bytes. RSA the 500 byte pile of X || Y. done. to decrypt : de-RSA the 500 byte pile. cut it in two halves. calculate R = Y xor X. calculate M as X xor R. done.
mircea_popescu: how's that sound ?
mircea_popescu: erlehmann did anything further come of it ?
erlehmann: mircea_popescu one person hallucinated having seen the elusive djb redo c code that ultimately did not exist. another person was a release manager and made sure the problem does not exist. a third person wrote a cmake thingy longer than my own redo implementation. a freebsd developer confirmed the problem exists.
erlehmann: mainly i realized why my talk to the conference was rejected
asciilifeform: mircea_popescu: mphf in a fixedtime fixedspace system is insane
erlehmann: because the reaction of most people to it is
mircea_popescu: asciilifeform most importantly, do we ACTUALLY want to do something pgp-retarded like say R.len = 200 bytes, repeat the last 50 for a 250 byte total then use the repeat to make sure you decrypted correctly ?
erlehmann: 1. this is not a problem at all in my process
mircea_popescu: asciilifeform what else makes arbitrary size output ?
erlehmann: 2. yes, this might be a problem for some, but it never happens to me
mircea_popescu: but yes insane.
asciilifeform: keccak?
asciilifeform: or any other sponge
mircea_popescu: i thought it's any input fixed output
erlehmann: 3. yes, this is not detectable, but the effect is negligible
erlehmann: 4. yes the effect matters. we can patch make, though
asciilifeform: mircea_popescu: nope that'd be classisal hashes
erlehmann: 5. make is unfixable, but we can patch gcc!
mircea_popescu: erlehmann which talk is this ?
erlehmann: (which does not help btw)
asciilifeform: sponge goes from any-input to desired-width-out
asciilifeform bbl, meat
mircea_popescu: asciilifeform i guess when he comes back from the mpfhf reverser ima make him do a keccak impl that ACTUALLY does the any-output thing. afaik they're all 32/64byte
mircea_popescu: but afaik keccak isn't that fix-space-able either.
erlehmann: mircea_popescu i wanted to give a talk about non-existence dependencies at SHA 2017 and it was rejected with “provide a 5min lightning talk on problem instead”. problem: 5min are enough to understand the problem, not why you are having it or what follows from it.
mircea_popescu: erlehmann was this paid ?
erlehmann: one lulzy consequence is that a lot of software might have been released with sublty wrong header files included
erlehmann: mircea_popescu like, ticket? it was camping, mostly
mircea_popescu: did they pay you to do a talk.
erlehmann: no, they rejected my entry
erlehmann: like, my submission
mircea_popescu: do you know who harlan ellison is ?
erlehmann: maybe i am not clear enough: i did not get to hold a talk so i talked to random c developers for fun.
erlehmann: mircea_popescu not yet
mircea_popescu: aite, here : https://www.youtube.com/watch?v=mj5IV23g-fE
mircea_popescu: watch at least until he says turnip
erlehmann: on train now, later
mircea_popescu: "tell that to some guy a little younger than you, who just fell off the turnip truck. there is no publicity value in my talk being at your conference. what, if you sell 2000 of them it'll be a miracle. and what, what are people going to say, uuuuuu i like how that erlehmann talks, i wonder if he's got a blog or anything".
mircea_popescu: nobody knows what the fuck "sha 2017" is. nobody cares. even the people paid to fucking care stopped giving a shit in the 90s, as that nsa goon at "crypto conferences" piece amply attests.
mircea_popescu: hanging out with any other troop of stoners would be a better use of your time, in the sense of variety.
mircea_popescu: in other lulz : obviously there's a "foundation" and a "code of conduct" (the usgistani nonsense copy/pasted) and a freenode chan, why not. ~600 accounts logged in (specifically : http://p.bvulpes.com/pastes/yDU6G/?raw=true ) , ZERO anyone has to say at all whatsoever. most are related to matrix.org, which is a pile of nonsensical lulz which you're more than welcome to try and make sense of by yourself. in any case, it's an "
mircea_popescu: independent" "free" bla bla made by amdocs employees. which YES, is that thing made by the israeli golden pages, and YES is that thing involved in the espionage scandals. and so on.
mircea_popescu: but isn't it great that all mgm needs to do is to put on a coupla hats and suddenly the turnips think themselves human fucking beings ?
asciilifeform: http://btcbase.org/log/2017-08-09#1696171 << it dun branch-on-secrets if correctly made. so yes fixed.☝︎
a111: Logged on 2017-08-09 22:14 mircea_popescu: but afaik keccak isn't that fix-space-able either.
mircea_popescu: are we talking the keccak reference code here ?
asciilifeform: the algo strictly
asciilifeform: the 'reference' is sad
mircea_popescu: yeah well, above his pay grade.
mircea_popescu: but yes, i agree that in principle something-like-keccak could be made to spit arbitrary len digests ; and perhaps also in fixed space. the latter will require actual impl to settle.
asciilifeform: fwiw i have a half-built one here. on hold until p.
asciilifeform: mircea_popescu: amusingly that was almost whole point of keccak
mircea_popescu: no, i know.
mircea_popescu: well barnacled.
asciilifeform: that and killing length extension attack idiocy
mircea_popescu: ftr, we both talking http://keccak.noekeon.org/KeccakReferenceAndOptimized-3.0.zip ?
asciilifeform: but this being said , i am not even ready yet to barf re ref-keccak, i aint even yet done barfing re ffa not having already existed
asciilifeform: srsly wtf, oughta have been written in 1993 at the latest
mircea_popescu: the herd is lazy, the aparatchicks are scared, and the intelligent are lost in the soup, interacting with cattle and criminals as if they were people.
pa1atine: hi all, great reads I had those days. logs are a trove of wisdom
pa1atine: http://btcbase.org/log/2017-08-09#1696206 < first verse of your religious leader sermon? ;)☝︎
a111: Logged on 2017-08-09 23:00 mircea_popescu: the herd is lazy, the aparatchicks are scared, and the intelligent are lost in the soup, interacting with cattle and criminals as if they were people.
trinque: sorry, we're past our quip quota for the day. what else you got?
pa1atine: nothing, really
pa1atine: just back reading all the stuff
pa1atine: much catch up to do
pa1atine: http://btcbase.org/log/2017-07-18#1686026 <this one was the one that got me occupied the last couple days☝︎
a111: Logged on 2017-07-18 18:23 mircea_popescu: asciilifeform understand this bit of GT : the knowledge of all the things you don't know thereby constructs a sybil of you.