▁▁⏐︎▁▁ 8740
PeterL: just wanted to verify that http://btcbase.org/log/2017-08-09#1695864 was indeed me ☝︎
a111: Logged on 2017-08-09 17:10 PeterL: I will check in later once I am back at my computer with my key to verify this conversation has been with the real PeterL
PeterL: http://btcbase.org/log/2017-08-09#1696147 << I don't think we need to do a hash on the data, it is already xored with the random string ☝︎
a111: Logged on 2017-08-09 22:09 mircea_popescu: to encrypt : take plaintext message M, no longer than 250 bytes, and zero-pad it to 250 bytes. take pile of random bits R 250 bytes long. calculate X = M xor R. calculate Y = R xor MPFHF(X) set for R.len = 250 bytes. RSA the 500 byte pile of X || Y. done. to decrypt : de-RSA the 500 byte pile. cut it in two halves. calculate R = Y xor X. calculate M as X xor R. done.
PeterL: and wouldn't you also need to know S if you are going to reverse the MPFHF from a given R?
PeterL: Is there a way to calculate the probabilty that a random string of 256 bytes will pass a csc check?
PeterL: csc32 that is
PeterL: ack, I meant crc32
mircea_popescu: !!up pa1atine
deedbot: pa1atine voiced for 30 minutes.
mircea_popescu: !~later tell peterl the hash-xor thing is oadp, which is a provedly strong padding scheme for rsa.
jhvh1: mircea_popescu: The operation succeeded.
mircea_popescu: reversing MPFHF is not required for the above quoted version, as the fhf is used there as a hash function not as a padder. (and alf's objection is valid, not a very good option, a settable size output sponge would be much better).
mircea_popescu: reversing mpfhf is required for the padding scheme originally described, whereby you simply mpfhf the plaintext message and then encrypt the S + R, see http://btcbase.org/log/2017-08-09#1695856 ☝︎
a111: Logged on 2017-08-09 15:58 mircea_popescu: anyway, let it be said that there's nothing wrong with oaep as far as we know, but for the sake of argument a mpfhf based padding scheme would conceivably work like this : 1. given message m, of length l, generate r = random bits, of length l' up to l but not less than 256 bits. 2. compose m' = r + m + c (in that order), where c is l - l` (and its bitness is always same as the bitness of len(m')-256). 3. compose Pm = R + S +
mircea_popescu: these two are are not the same thing.
mircea_popescu: and finally re crc : given a string S of any length, the probability of a string S' where less than 32 bits have been altered in a "burst" passiong crc32 is 0. if you go over 32 bit long bursts the probability is ~ proportional to the burst length / 32.
mod6: <+erlehmann> something involving a goedelized perl script that builds all build rules that don't build themselves. drugs were probably involved. << dafaq is this dude on about?
asciilifeform: soooo ACHTUNG PANZERS , asciilifeform went and actually tried http://btcbase.org/log/2017-08-08#1695511 : ☝︎
a111: Logged on 2017-08-08 23:51 asciilifeform: it thereby follows that i could unroll comba into explicit cases from 1 to 8 words
asciilifeform: for simplicity, tested the case that actually happens in practice: on a 64bit box, any ffa width over 512 bits gives a strictly 8-wide comba mult ocurrence ☟︎
asciilifeform: and so here http://wotpaste.cascadianhacker.com/pastes/hoM4U/?raw=true we have a combasquareatron explicitly unrolled for 8-word operand
asciilifeform: ( yielding 16 word result )
asciilifeform: it is loop- (and any other jump) - free
asciilifeform: so theoretically x86 branch predictor oughta be very very happy;
asciilifeform: HOWEVER the actual result is : ~13% cut in execution time.
asciilifeform: so imho it is not worth it.
asciilifeform: mircea_popescu, phf , mod6 , et al ^^
mod6: hmm, nice test though
asciilifeform: had to.
asciilifeform: itched to find, what if another 2x vrooom is possible.
asciilifeform: but apparently branch predictor dun matter so much when your entire thing is ~guaranteed to fit in cache
mod6: yeah, worth the hunting trip
asciilifeform: there's still a dilemma tho :
asciilifeform: the unrolled-8word thing is 1 ) less general 2) harder to read with naked eye but 3 ) easier to prove correct
asciilifeform: 3 of course because no branching
asciilifeform: you can reduce it algebraically
asciilifeform: so currently it is not obvious to me, which variant is Moar Right Thing
asciilifeform: ( i'ma keep the general case, for nao, because it is always very easy to turn it into the above later. but not vice-versa. )
mod6: sure. keep it in your back pocket.
asciilifeform: aite, nao all asciilifeform needs is a constantspacetime MODULAR exp algo that can be expressed with the mux primitive
asciilifeform: and then we can play.
asciilifeform: ( nobody seems to have produced a branch-free montgomery-reduction algo. or any other division-free modexp. )
asciilifeform: srsly this entire exercise has been a brainmelting tour of the sheer unfathomable worthlessness of 'the litarature', 'the cryptography komyoonity', et al
asciilifeform: 'sorry you can't have multiplication in algebraic - branch-free - form ! That Would Be Wrong'
mircea_popescu: asciilifeform yeah, i guess. depends though, good to have both variants.
mircea_popescu: honestly i don't believe the somewhat more cl is such a problem.
asciilifeform: mircea_popescu: it'd be many moar , to correctly handle cases of 1-7 word too
mircea_popescu: anyway. i think the point re : fathers are worthless , siblings are severely retarded is well vindicated
asciilifeform: ( a ptron is permitted to be invoked with any bitness that is multiple of 64 )
asciilifeform: waiwat
asciilifeform: did i miss a whole thread
mircea_popescu: asciilifeform i doubt it. ~nobody who came before did anything useful and ~nobody currently active has an actually functioning brain.
asciilifeform: aa
mircea_popescu: anyway, re the unrolls : it's really not that bad, because of the patterns. it's only "unreadable" because alien because too much time spent reading code written by idiots.
mircea_popescu: will get used to it (tm)
asciilifeform: we definitely don't need any case of comba above 8 tho
mircea_popescu: right.
asciilifeform: currently i lean to unrolling them ~in the proof doc~ and leaving proggy as is.
asciilifeform: tabula proof!
mircea_popescu: i am all for keepiong the unrolled version at the ready ; but i really see no problem with having and using the unrolled loops version. you read it once, over a weekend or a week, and you use it ten billion times over fifty years.
mircea_popescu: tell me 13% of 50 years somehow comes out to less than a week ?
asciilifeform: anyway this is the easy bit. hard bit apparently is the final crown, coughing up a sane modexp
asciilifeform: turns out, none is publicly known.
asciilifeform: ( every single motherfucking modexp in the open lit, branches on seekrit )
mircea_popescu: coincidentally.\
asciilifeform: ^ if asciilifeform is wrong here, folx, plz to write in !!
asciilifeform: knuth has one with 'addition chains', but it requires the exponent to be welded into place for all time
asciilifeform: and as such is unsuitable for ptron
asciilifeform: ( generating ideal additionchain for a particular exp, incidentally, is np-hard )
mircea_popescu: myeah
mircea_popescu: and a possible candidate for "alt cryptosystem" at that.
mircea_popescu: i think we even spoke of it back in the day
asciilifeform: has same problem as every other nphard
asciilifeform: (no way to prevent 'easy case')
asciilifeform: (problem from 'use as cryptosystem' pov)
asciilifeform: or, more formally, no way to prove the absence of arbitary number of classes of 'easy case'
mircea_popescu: !#s kochanski
a111: 2 results for "kochanski", http://btcbase.org/log-search?q=kochanski
asciilifeform: he's the d00d with the '90s rsa chip
mircea_popescu: yes but also has a reduciton method iirc ?
mircea_popescu: which was serializable
mircea_popescu: http://www.nugae.com/encryption/bin/design.pdf << that
asciilifeform: it's catastrophically slow on general-purpose comp
asciilifeform: AND branches on seekrits.
mircea_popescu: ah is it ?
asciilifeform: aha. wants fast bittwiddle
asciilifeform: ( rather than word arithm )
mircea_popescu: but you serialize and do a whole word's worth of bit diddle as a xor
mircea_popescu: there's no rule you must do the parts in order or anything
asciilifeform: you can , but still have the 'guessing and undo' thing
asciilifeform: ergo much branching. and all of it on seekrit bits.
mircea_popescu: hm
asciilifeform: what is needed is a wholly algebraic process. like my mult. ☟︎
mircea_popescu: no but you write it as a full matrix, you get the undo for free
asciilifeform: where control flow is SAME regardless of what the exponentiation args are.
asciilifeform: it is the only acceptable form for ptron.
asciilifeform: otherwise whole thing is a massive waste.
mircea_popescu: it would take a shitload of memory wouldn't it
asciilifeform: (' a little bit ' of seekrit-branch is same as 'little big pregnant' )
asciilifeform: no reason why it oughta
asciilifeform: now if you were to try to rsa by exping first and THEN mod, the universe could not hold your intermediates
asciilifeform: so that falls out trivially.
asciilifeform: any practical modexp algo has to 'mod as it goes along'
mircea_popescu: im still talking of trying to adapt kochanski's thing
asciilifeform: if you can picture a branch-free form, lemme know
asciilifeform: i dun see it
mircea_popescu: asciilifeform he is doing this D-to-k table thing
asciilifeform: ( the infallible litmus for ffability : 'can this be UNROLLED TO DEATH?' if not -- no go )
mircea_popescu: but you don't have to use a table, you should be able to make it work in a matrixc
asciilifeform: also his thing uses carry-save form
asciilifeform: which dun work with conventional machine arithm
mircea_popescu: i am telling you, his thing is ripe for rewritting in a more apt notation. he is misrepresenting it because thinking in therms of fucking logic gates
asciilifeform: understand, that's how he makes the ops independent ( rather than chained )
asciilifeform: by ignoring the carry, and reconstituting later
asciilifeform: we cannot do this. because the simplicity of ffa comes from using strictly ordinary machineword arithmetic.
asciilifeform: where, e.g., word addition, is sequential.
mircea_popescu: you can add the words in any order you wish and you can keep whichever intermediates you feel like
mircea_popescu: he -- cant
asciilifeform: mno.
asciilifeform: there is carry.
asciilifeform: can't 'add in any order you wish'
mircea_popescu: there is carry
asciilifeform: nor subtract
mircea_popescu: hm
asciilifeform: incidentally various heathen bignumtrons use carry-save form. it is one of the reasons why they are 10,000s of lines, and mine is ~1k.
asciilifeform: it was the most effective optimization i knew, and the one i rejected first and most incurably.
asciilifeform: because antifitsinhead.
mircea_popescu: mgh.
asciilifeform: the sad and slow constantspacetime solution , is the same exponentiation-by-squaring ffa has now, http://wotpaste.cascadianhacker.com/pastes/BVxyN/?raw=true , but after FZ_Square(B, B, C_Sqr); we FZ_Mod(B, M B) every time.
asciilifeform: ( for modexp, that is )
asciilifeform: grr,
asciilifeform: FZ_Mod(B, M, B)
asciilifeform: http://wotpaste.cascadianhacker.com/pastes/HuJDk/?raw=true << for anybody who forgot how division worx.
asciilifeform: sloooow
asciilifeform: division is the single most expensive arithmetic op.
asciilifeform: there is not an equiv of karatsuba for it
mircea_popescu: this is irksome
asciilifeform: aha!
asciilifeform: currently trying to express montgomery reduction ffaically.
asciilifeform: ( for 3 wks or so nao... )
asciilifeform: but if anyone has better idea -- write in
mircea_popescu: heh. the graph of a ^ x mod b looks eheheheheeexactly like the riemann functions / unit covering shenanigans.
mircea_popescu: i know that face glaring back at me. it is the face of unyielding fucking doom.
mircea_popescu: https://www.desmos.com/calculator/9rwwast4jm << example.
asciilifeform: mircea_popescu: if it did not look like this, rsa would not even be useful
asciilifeform: thinkaboitit
mircea_popescu: this is true.
mircea_popescu: i am now very suspicious you can't ever have a good solution, in the sense that if you find it... you'll have found a fine reason not to need it anymore.
asciilifeform: depends what means 'good solution'
asciilifeform: ain't looking for the rsa pill here. but for nonretarded variant of montgomery's algo
asciilifeform: (i.e. always-worstcase)
mircea_popescu: yeah, well...
mircea_popescu: no, see. if you could have a not-always-worstcase fixtime algo you would have in fact found pill.
asciilifeform: we want the opposite
asciilifeform: always-worstcase modexp
mircea_popescu: hm ?
asciilifeform: that's what constanttime is
asciilifeform: alwaysworstcase.
mircea_popescu: but you have that lol, squaring
asciilifeform: elementarily.
asciilifeform: aha. we have one.
asciilifeform: want -- faster.
asciilifeform: recall, constanttime karatsuba did not (afaik) publicly exist before i posted it...
asciilifeform: need same thing here again.
mircea_popescu: yes but...
mircea_popescu: asciilifeform ok, here's an idea :
asciilifeform: hm?
mircea_popescu: folding ?
asciilifeform: wassat
mircea_popescu: heh apparently injuns got this first. like so : https://www.cse.buffalo.edu/srds2009/escs2009_submission_Gopal.pdf
mircea_popescu: asciilifeform ^
asciilifeform: found it back in may
asciilifeform: it dun go
asciilifeform: branches.
asciilifeform: also uses the same idiotic sliding window thing that makes gpg2 radiate seekritbranchingly for kilometres
asciilifeform: ( because table lookups are nonconstanttime on just about any iron you can get your hands on. caches. )
mircea_popescu: remarkably compact, at that.
asciilifeform: nogood tho. because cannot be expressed as FINITE, KNOWN (for particular ffawidth) sequence of good ol'fashioned word-arithmetic ops.
mircea_popescu: basically, you precompute conveniently chosen powers of 2, and then you get rid of most of the product larger than
asciilifeform: mircea_popescu: this is the sliding window in gpg2.
mircea_popescu: asciilifeform but you don't have to use the crap parts. the idea itself is sound, further reduces any montgomery reduction.,
asciilifeform: it needs branching omfg
asciilifeform: not unrollable.
asciilifeform: therefore rubbish.
mircea_popescu: mgh
asciilifeform: makes the rest of ffa an exercise in complete pointlessness, to use anything of the kind.
asciilifeform: this weekend i'ma see just how sad is key genning with the saddest but proper algo , quoted earlier.
asciilifeform: ( exp-via-squaring, mod after each squaring )
asciilifeform: it'll be pretty sad, because squaring gives a doublewide bitness.
asciilifeform: and division is O(N^2).
mircea_popescu: moreover, doesn't that leak exponent bits ? :D
asciilifeform: how?
asciilifeform: division dun branch on seekrit
asciilifeform: at least mine doesn't
mircea_popescu: well, you do the whole polynomioal thing right ? if exponent is 1101 you do 3 out of 4 squares
asciilifeform: (it subtracts EVERY time, then muxes )
asciilifeform: nope.
asciilifeform: 4
asciilifeform: read mine.
mircea_popescu goes and reads.
asciilifeform: we dun branch!!!
asciilifeform: we do 4 motherfucking squares, and 4 subtracts
asciilifeform: the output is muxed via constanttimemuxer
asciilifeform: ( so sometimes 'not used', but the discarding takes provably same time as nondiscarding )
mircea_popescu: heh
mircea_popescu: nazi.
asciilifeform: aha, very
mircea_popescu: well, at least it was painless to check the code, all of 30 seconda
asciilifeform: aha. sorta whole point of this adventure
asciilifeform: to have mircea_popescu et al go 'wtf this only took 30s to read'
asciilifeform: can you picture, rsa that actually makes sense...
mircea_popescu: no wtf there. the wtf is more in the line of "check him out, he wants to use a computer without the if key"
asciilifeform: it's called algebra, lol
mircea_popescu: lol
asciilifeform: 'computer without if'
asciilifeform: aka closed form
asciilifeform: speeking of which...
asciilifeform bbl, meat
mircea_popescu thinks "well... what if you had a group instead, and you could... o fuck me, discrete logarithms. guess what, another basis for cryptosystems".
asciilifeform: in other veryolds, somehow i missed https://archive.is/Kw78h
asciilifeform: not many folx get to be murdered twice !!
mircea_popescu: lmao
mircea_popescu: how the fuck does the church "decide to terminate the family's lease"
mircea_popescu: in other lulz, some dude drove over a half dozen french whatever they are, soldiers-polizei.
asciilifeform: how does a church , e.g., ordain genderfucked priest
asciilifeform: ... like-so !
mircea_popescu: asciilifeform mno. church can ordain whatever the fuck it pleases ; but a lease is not at-will wtf is the point even.
mircea_popescu: "i'll just dump these remains in your back yard, throw them out whenever you're sick of them" is not what a lease says.
asciilifeform: can't say read d00d's lease
asciilifeform: * i read
mircea_popescu: still. every lease i ever saw/signed had fixed term for leasor at will clause for leaser.
mircea_popescu: because otherwise what the hell, it's not a lease it's a girlfriendizing contract.
asciilifeform: these people shit on contracts, promises, etc whenever it suits'em
asciilifeform: there's a word for such :
asciilifeform: недоговороспособные
asciilifeform: old norse called them 'nithlings'
asciilifeform: modern english, unsurprisingly, has no word...
BingoBoingo: <asciilifeform> modern english, unsurprisingly, has no word... << "Indian Givers"
mircea_popescu: asciilifeform amusingly, that actually translates "incompetent" in english, which is the right word. "without the ability of entering contracts".
mircea_popescu: in other lulz : usg.wikipedia agitprop has an open ended article on propaganda truths : https://en.wikipedia.org/wiki/Russian_financial_crisis_%282014%E2%80%932017%29 ☟︎
mircea_popescu: i expect "scientifically proven" a la "climate change" no less ?
mircea_popescu: in other unintentional lulz / comedy self-crits, https://upload.wikimedia.org/wikipedia/commons/a/a1/Pn-picketing-1998-sept-people.jpg
mircea_popescu: (nemtsov, recently assassinated, was, of course, the guy putin beat for to http://btcbase.org/log/2017-07-21#1687959, yeltsin's chosen successor. ah what a great party it'd have been, for teh pantsuits. clinton forever, herdemocracy herp derp... then gore lost to bush, nemtsov lost to putin, nyc lost to gravity, sads sads sads.) ☝︎☟︎☟︎
a111: Logged on 2017-07-21 00:02 phf: by the time i started figuring out the socioeconomic part of the question it was a year too late (they started tightening the screws some time before putin came to power, which was not so much the beginning but the announcement of the done deal. i remember '99 the situation of a lot of people changed drastically.)
mircea_popescu: great "anti-corruption" guy too. let's preserve say http://nemtsov.ru/2015/02/ura-patrioty-ne-platyat-nalogi/
mircea_popescu: !!up andrei4257
deedbot: andrei4257 voiced for 30 minutes.
andrei4257: eram doar curios daca se mai intampla ceva aici ☟︎
andrei4257: aparent nu
mircea_popescu: andrei4257 who were you again ?
shinohai: Morning mircea_popescu
mircea_popescu: heya
shinohai: http://archive.is/MT7G8 <<< lulzy
mircea_popescu: oh and speaking of http://btcbase.org/log/2017-08-09#1696188 and faux ngos : the "organized crime and corruption reporting project", owned by a maryland state dept offshoot, is this "github for retarded euro-orks willing to journalism for free in furtherance of us "anti-corruption" anti-sovereignity agenda'. ☝︎
a111: Logged on 2017-08-09 22:47 mircea_popescu: in other lulz : obviously there's a "foundation" and a "code of conduct" (the usgistani nonsense copy/pasted) and a freenode chan, why not. ~600 accounts logged in (specifically : http://p.bvulpes.com/pastes/yDU6G/?raw=true ) , ZERO anyone has to say at all whatsoever. most are related to matrix.org, which is a pile of nonsensical lulz which you're more than welcome to try and make sense of by yourself. in any case, it's an "
mircea_popescu: mostly used to launder "leaks" in the vein of "russian hackers" would have obtained had the leaks pointed the other way.
mircea_popescu: possibly the largest end product of the whole mechanical orange revolutions effort of rice's dept of state.
mircea_popescu: https://www.occrp.org/en/spooksandspin/how-macedonias-scandal-plagued-nationalists-lobbied-americas-right-and-pulled-them-into-an-anti-soros-crusade/ rather typical offering.\
mircea_popescu: meanwhile, amusingly enough, soros' long standing tax evasion conviction or any mention of his decades on the lam have somehow entirely disappeared from all usg's wikipedias. NEVER OCCURED!!!
mircea_popescu: shinohai cnn / politico / etc displaying a knowledge of physics entirely typical of http://btcbase.org/log/2017-07-24#1689742 ☝︎
a111: Logged on 2017-07-24 17:53 mircea_popescu: "Oakley is among a growing number of educators who view intermediate algebra as an obstacle to students obtaining their credentials — particularly in fields that require no higher level math skills." << teh confusion of ideas ffs.
mircea_popescu: "acoustic attacks", really. because why, we don't know how to calculate the energy carried by a wave of specified frequency, or anything whatsoever about flow in fluids, and so on.
mircea_popescu: for the record : a decibel is the log10 of the ratio between a measured sound energy density and 10^-12 J/m^3. consequently the energy of sound at 150 decibels (such as the sonic blast of a jet taking off at 25m, capable of rupturing eardrums) corresponds to an energy density of 10 ^ (150/10) * 10 ^ -12 = 1000 J/m^3.
mircea_popescu: for comparison, a 100 gram tennisball capable of giving a pretty girl a nasty bruise would be going sa 100 km/h and thereby hit for .1 * (100/3.6)^2/2 ~= 40 J over its 0.001 cubic metre space, ie about 40 times more than the jet's "acoustic attack". a 8-gram 9mm round perfectly capable of making a whole new hole hits for 0.008 * 300 ^ 2 / 2 = 360 J over its 20 * 2*4.5*pi = 5.65 * 10^-7 volume, ie about 650`000 times the jet's
mircea_popescu: "acoustic attack".
mircea_popescu: of course, the acoustic energy saturation dampens with distance (by the cube) and with obstacles. the jet needs something to the tune of 100 MW to take off, and all this buys you at close range and in open air is bleeding from the ears, not magical symptoms such as bruises, concussions or other mysteries.
mircea_popescu: not to mention, of course, that everyone in the area can also hear it, there's nothing mysterious about it. yes there are ways to carry sound over inaudible ultrasound as a modulation, but guess what ? that takes even more energy! a lot more, in fact.
mircea_popescu: meanwhile the entire capacity of cuba's electricity network is what, 8 MW or so ?
shinohai just assumed the "acoustical attack" was having American pop music piped through the PA system ....
mircea_popescu: maybe they got cancer from listening to ustardian daytime tv.
shinohai: lolz
mircea_popescu: !!up PeterL
deedbot: PeterL voiced for 30 minutes.
mircea_popescu: shinohai maybe russian hackers did it. they messed with cuba's sound.dll
mircea_popescu: or something.
asciilifeform: mircea_popescu: recall the french 7hz riot controller ?
mod6: mornin
mircea_popescu: asciilifeform yes ? though it was israeli iirc, and worked irl abou as well as the recently reported stink bombs.
asciilifeform: practicaljoakes with sound aint about joules, they're about resonances in body
mircea_popescu: asciilifeform this works better in theory than in practice.
mircea_popescu: anyway, the kenyan's legacy is one of the lulziest lulzfests in lulzhistory. so, he came to power on a mandate to close down gitmo, which he didn't do, and to roll back bush era power grabs which he didn't do. instead of doing what he promised he decided to do other things!
mircea_popescu: such as : epochal switch on cuba! it... didn't survive his term.
mircea_popescu: new ally : iran!!! it... didn't survive his term.
mircea_popescu: obamacare!!!! it...
mircea_popescu: and so on.
asciilifeform: mircea_popescu: the 7hz thing works, but quite useless because... not directional
mircea_popescu: and because other problems with it.
mircea_popescu: all this wunderwaffen is just like the railgun, if you recall that discussion.
mircea_popescu: "we're running out of oil, letr's find fun things to do with electricity"
asciilifeform: moar like the microwave blaster
mircea_popescu: except... oh noes! oil was actually pretty fucking irreplaceably cool ?!?!!?
mircea_popescu: asciilifeform recall back when the various uss self-destroyers got equipped with "LRAD" for great bezzles ? 90s fad.
asciilifeform: i thought it was marketed to cargo lines
asciilifeform: as ersatz pirate repellent
mircea_popescu: afaik only buyer was usg.
asciilifeform: maersk iirc bought
mircea_popescu: right.
asciilifeform: ( did the expected amt , lol, of good )
mircea_popescu: http://btcbase.org/log/2017-08-06#1694588 << bears repeating. ☝︎
a111: Logged on 2017-08-06 16:42 mats: https://www.rt.com/news/397724-israeli-stink-bombs-india
asciilifeform: i saw one on ebay recently
asciilifeform: ( lradtron )
PeterL: Hi everybody, here is my gossipd with the changes suggested yesterday http://p.bvulpes.com/pastes/pf24N/?raw=true
mircea_popescu: ~only known use for item comes from the 90s, have nympho take a seat on overturned woofer.
mircea_popescu: PeterL what did you end up putting in, wrote keccak variant ?
asciilifeform: mircea_popescu: normal hardwarestore woofer tho
PeterL: I just put in the crc32 as a checksum
mircea_popescu: yeah.
mircea_popescu: PeterL you can't use unpadded rsa. it du nwork that way.
mircea_popescu: asciilifeform anyway, afair the threshold for ultrasound biodetectable effects (in rats) was 180db or so.
mircea_popescu: pretty much only danger is if you're submerged.
PeterL: well, it is not unpadded, it uses the random byte string as the pad
mircea_popescu looks.
asciilifeform: mircea_popescu: ideally you fire converging ultra at victim, with infra beat result
mircea_popescu: PeterL you have a max nick size now ? it is a bad idea to specify protocol semantics at transport level. let me sign my lines whichever way i want, not care about it.
asciilifeform: ( also great for 'madness voices' )
mircea_popescu: asciilifeform if victim were spherical and resided in vacuum...
mircea_popescu: PeterL also there's specifically no allowance for "time" to be transferred. receiving station timestamps with its own time.
PeterL: well, I guess I should put in something, I guess your nick can't be longer than the message size or there would be no room for any message
mircea_popescu: wtf, ever got a card in the mail, "this card was received at 3:55 pm" penciled in by sender ?
mircea_popescu: PeterL you really don't give a shit. whatever the message is, you truncate it to 220 or what was it and send.
mircea_popescu: modularize, let each part worry about its own domain.
PeterL: hrm, when you get it it prints the time recieved and who from, then prints the message that was sent "time, who, message"
mircea_popescu: not what teh spec says!
PeterL: I will review that again
mircea_popescu: PeterL incidentally, did oyu rebase instead of patching ?
PeterL: didn't sign anything yet, nothing to patch off of
mircea_popescu: true. the obvious advantage of patching is that it makes it easier for readers of code to review deltas. but then again, rebasing makes it easier for writer, less shit to maintain. balancing act.
mircea_popescu: PeterL can you explain this ping mechanism ?
PeterL: yes, I see
PeterL: actually, I was going to put in a ping but then didn't get around to it yet
mircea_popescu: why do you want it ?
PeterL: the idea being that you could keep track of who is getting your messages
PeterL: sort of a "who is online right now" thing
mircea_popescu: yes, but it ruins the security of the scheme, as i don't expect you will be sending pings to ips associated with bogus keys ?
PeterL: but then I was thinking maybe we wouldn't want that anyway
mircea_popescu: there's no real concept of "online" i can form in my mind. for instance, am i online when i'm not online ? i do read the logs... in what sense am i not online ?
PeterL: the idea would be to ping everybody, and have an option for wther or not you respond to pings
mircea_popescu: if the machine is on and i'm long dead, am i online cuz it pings ?
mircea_popescu: it just makes no sense.
asciilifeform recalls naggum's box... it still runs
mircea_popescu: PeterL is there any security contemplated for the data, such as i dunno, encrypt the lists of peers / keys / history etc ? or simply a case of "fuck you secure your machine" ?
mircea_popescu: asciilifeform aha!
asciilifeform: ^ p works same
mircea_popescu: asciilifeform huh ?
PeterL: at the moment there is no securing of data. that would be something to add before battlefield use.
asciilifeform: privkeys are plaintext ( you can cipher them via some other cmdline util, or even another piped p, but no nonsense re 'bitcoin-style' enter-aes-pw etc )
mircea_popescu: i expect at least one's own history should be kept encrypted to a key of his.
mircea_popescu: asciilifeform gpg does teh same thing.
asciilifeform: aha, and it's placebocin
mircea_popescu was a major, and in fact for a year or so the only proponent of encrypted wallets for btc.
mircea_popescu: once implemented, "theft" dropped like 90%. which is more than any usgstani effort has, or ever will do.
asciilifeform: at any rate user can make his key , e.g., nextprime(rngolade-kept-ondisk) * nextprime(hash(pw)) if he explicitly wants
asciilifeform: um no,
asciilifeform: nextprime(h(another rngoladd on disk + pw))
asciilifeform: lol
mircea_popescu: lol
PeterL: also, my question re crc32 yesterday, I meant to say: given a (random) string of 250 chars, what is the proability that (random four byte string) will pass the crc32 test? which I think is just 1/256^4
asciilifeform: mircea_popescu: you get the idea. no reason to standardize the diddle.
mircea_popescu: PeterL if your string is 250 chars, there is 0 probability that an up to 32 bit setcion being altered in any way will not be caught up
mircea_popescu: this is what crc does : for blasts up to its size, 100%. for larger blasts, proportionate.
mircea_popescu: !!up PeterL
deedbot: PeterL voiced for 30 minutes.
PeterL: not trying to catch changes, trying to catch random string accidentally passing the check
mircea_popescu: that is not something crc does ?
mircea_popescu: crc checks that the string is the same now as it was when crc was originalyl computed
mircea_popescu: if you're asking "what is the probability of a 4000 bit string being randomly generated so it matches an arbitrary crc32", the answer is you know, 1 in infinity.
asciilifeform: aaactually chance of computing randomturd-cum-crc is no lower than 1/bitness-of-crc
asciilifeform: which is rather high
asciilifeform: *randomturd that passes
asciilifeform: think..
mircea_popescu: asciilifeform in my model the crc was also random.
asciilifeform: well yes
mircea_popescu: literally, "came out of rsa as garbage".
asciilifeform: aha
asciilifeform: still holds
mircea_popescu: are you trying to say that since there's only 2^32 possible values for the crc, it then follows that 1 in 4bn will match ?
asciilifeform: hint: consider payload P and crc C as indep. vars
asciilifeform: aha!!
mircea_popescu: a cheap improvement would be to write down also the LZW compression ratio.
mircea_popescu: (and in any case, this is also a major improvement over gpg, which realloy only uses 2^16, and worked ok in the field for many years)
mircea_popescu: PeterL + padlen = min(keya.l, keyb.l) - 1 # make sure that the strings will not overflow the key mods << i don't get it, why do you have variable length keys ?
mircea_popescu: all keys same size. ideally as per http://btcbase.org/log/2016-08-18#1524210 discussion at that ☝︎
a111: Logged on 2016-08-18 12:32 mircea_popescu: asciilifeform since we're on this btw, the way i want tmsr-rsa key generation to work is as follows : a contains a number of entropy bytes specified by user in tmsr-rsa.conf read whenever tmsr-rsa.conf specifies (such as urandom); b contains a base-tmsr string specified by user. c = base-tmsr(a).b ; p = nextprime(cut(sha512(c),257)) ; process is repeated for q = nextprime (cut(sha512(c'),258));
mircea_popescu: 257, 258, 515. ☟︎
PeterL: ah, originally I had it written to allow user to change key sizes, that is a holdover just in case
asciilifeform: lzw is neither here nor there, you can't rely on payload being compressible
asciilifeform bbl, meat
mircea_popescu: asciilifeform most very likely will be.
mircea_popescu: PeterL no case ; key size is fixed.
PeterL: oh, and I was trying to make the functions more general, avoid putting in magic numbers as much as possible
mod6: Hi, I've updated the howto, it's not "finalized" yet. Please take a look and let me know if this doesn't read quite right, or if I've left something out: ☟︎
mod6: http://thebitcoin.foundation/trb-howto-new.html
shinohai: ^ looks good mod6
mod6: Thanks for taking a look shinohai
mod6: maybe i aught to add 'diff' on that list. it is inexplicable to me that it wouldn't be there, but then again, lol.
mod6: updated
shinohai: Yeah I forgot you had a guy with some sort of linux that didn't have diff
mod6: I think it was patch, but yeah, maybe I'm mis-remembering that.
mod6: my V doesn't use diff anyway, only patch, gpg, sha512sum, and wget -- and otherwise just standard shell tools such as echo, mkdir, rm, cat, etc.
mod6: But wouldn't be a bad idea to throw it on there in the case where someone, decides to use the linked vdiff script, which uses diff. ☟︎
mod6: Updated the formatting too.
mod6: ugh, something went sideways, standby
mod6: Ok, I think it's better now.
mod6: alright, I have published those changes to : http://thebitcoin.foundation/trb-howto.html
deedbot: http://www.contravex.com/2017/08/10/unboxing-and-set-up-of-nosuchlabs-fuckgoats-on-macos-openbsd-linux/ << » Contravex: A blog by Pete Dushenski - Unboxing and set-up of NoSuchlAbs FUCKGOATS on MacOS? OpenBSD? LINUX!!
edivad: hallo
edivad: i promise that this will be the last emergency troubleshooting about TRB
edivad: i feel that i'm very near of a succesful compiling of bitcoind, especially after the update of the guide
mod6: hi, how goes ?
edivad: is going very well for a beginner
edivad: you know, a satisfacting terminal try & die till everything works
edivad: so, this is the last error mod6
mod6: alright
edivad: https://pastebin.com/4JsG5uTN
edivad: since gcc is present i think that is some kind of env problem
mod6: yeah, it does not seem to understand where 'c' is located.
edivad: but i really cannot figure out what i could try before running again the make command
mod6: did everything press alright with V ?
edivad: :) please tell me that the solution is right around the corner, like adding a CC=/path/to/something into the makefile
asciilifeform: !~later tell pete_dushenski http://www.contravex.com/2017/08/10/unboxing-and-set-up-of-nosuchlabs-fuckgoats-on-macos-openbsd-linux/#comment-58669
jhvh1: asciilifeform: The operation succeeded.
edivad: yes V had no problems
mod6: ok good deal.
shinohai: ^ That pthread issue I solved on Debian by going to /usr/share/cmake and changing a line in CheckIncludeFiles.cmake ☟︎
edivad: lemme try
edivad: ok, in ubuntu no /usr/share/cmake dir for me
edivad: even in /usr/local/share no presence of cmake dir
mod6: yeah, this looks like it might be something with your /etc/alternatives or something
mod6: im not sure. digging...
shinohai: Find the line: `CMAKE_CONFIGURABLE_FILE_CONTENT}\n\nint main(){return 0;}\n")` and put `void` in the parentheses after int main()
edivad: into the makefile.unix under src?
shinohai: No in the file CheckIncludeFiles under your cmake installation ☟︎
shinohai: (modules folder)
edivad: going to check on ubuntu where is located
edivad: seems different from debian
asciilifeform: edivad: could you paste your makefile plz ?
edivad: under src or the main?
asciilifeform: both
edivad: https://thepasteb.in/p/zmh8oRpVm2nHZ
edivad: this is under src ^
asciilifeform: other one
edivad: https://thepasteb.in/p/wjh03Lzr23ofv
edivad: this is the main
asciilifeform: mod6: i think his buildroot failed
edivad: so should i delete everything and start from scratch?
mod6: yes
mod6: start over.
edivad: ok
edivad: no problem
edivad: can i keep the .wot folder?
asciilifeform: ( it failed, and from the posted barf it is not possible to yet say why )
edivad: since is a hell lot of copy paste?
asciilifeform: edivad: yes
edivad: ok nice
mod6: i would blow everything away and start over following exact instructions in the howto
edivad: i'm gonna leave the actual dir for future forensics analysis when i'll be moar expert and now i'm going to create another one
edivad: is now downloading again boost, meanwhile i would like to ask some questions about the fuckgoats device
edivad: that maybe someone can answer later and i will check on the logs
edivad: basically, i recently learned how to generate private keys with a D16 + paper and pencil, and i thought that was a great way to have low cost true entropy
mod6: edivad: are you doing the online or offline build?
edivad: now online mod6
mod6: ok, that /is/ a bit less steps, so a decent place to start until you get the hang of the process.
edivad: exactly
asciilifeform: edivad: it's pretty expensive to use dice if your time has value.
asciilifeform: per-byte.
edivad: so, back to the question, is the fuckgoats device meant to be, for instance, if i run a bitcoin service that constantly need to generate private keys, let's say, for example, for an hot wallet?
asciilifeform: for instance.
edivad: i thought that dice was great for cheap and safe cold storage, if done it right ☟︎
edivad: but yes, asciilifeform, is very time consuming if you need to do repeatedly
edivad: and one thing that i haven't learnt yet is how to generate a bip 44 compliant seed with dice
asciilifeform: it's a dumb idea
edivad: because you know, with a bip 44 compliant seed, you then generate your extended public key, and you can leave your dice in the drawer
edivad: wasn't able to learn because those damn seeds have a last checksum word (that maybe is a perfectly ok security feature, but it cuts out manual experiments with dice)
asciilifeform: !#s bip44
a111: 0 results for "bip44", http://btcbase.org/log-search?q=bip44
asciilifeform: !#s bip 44
a111: 2 results for "bip 44", http://btcbase.org/log-search?q=bip%2044
asciilifeform: !#s deterministic wallet
a111: 10 results for "deterministic wallet", http://btcbase.org/log-search?q=deterministic%20wallet
edivad: ok going to check the results
edivad: > the state-of-the-art among thinking folk is that pre-generated tx are stored on paper and fed into a hot node when necessary
edivad: absolutely true
asciilifeform: http://btcbase.org/log/2016-02-04#1396046 << see thread ☝︎
a111: Logged on 2016-02-04 01:12 asciilifeform: why the FUCK would i
asciilifeform: why would you do this to yourself
asciilifeform: enemy only needs to steal ONE seed to get every privkey your ever generate
asciilifeform: ( and possibly he can also set up a lattice and derive your key from N signatures ) ☟︎
edivad: so basically, tell me if I'm wrong
edivad: using deterministic shit, I'm reducing the entropy of my keys, correct?
asciilifeform: elementarily
mircea_popescu: http://btcbase.org/log/2017-08-10#1696617 << very minimally just in case tho, you know. ☝︎
a111: Logged on 2017-08-10 15:39 mod6: But wouldn't be a bad idea to throw it on there in the case where someone, decides to use the linked vdiff script, which uses diff.
asciilifeform: and not simply 'reducing entropy', but introducing a relationship between all of them
edivad: that's some good warning that should be public in many places
mircea_popescu: edivad the public wants entertainment not education.
edivad: but you know, user friendliness is going to fuck hard security perception of mainstream users
edivad: that's quite sad, but there's nothing that will stop this general trend
edivad: imo
mircea_popescu: yes. there's isn't, nor is there going to be a way, manner, instrument or device through which to protect the passive from the active.
edivad: since i'm not yet capable to remember my 64 characters hex private key, there is a way to convert it in a seed without decreasing the security, and maybe being able to memorize it?
edivad: i mean, not in a seed
edivad: in some random words that can be converted into the 64 hex original key
mircea_popescu: why not just use dicelist method.
asciilifeform: edivad: ever read about mnemonists ? the stage magicians.
edivad: do you mean with paper and pencil, and then storing the paper in some hole very distant from NSA eyes? mircea_popescu
mircea_popescu: http://trilema.com/2012/romanian-dicelist/ << see there.
edivad: thanks
mircea_popescu: write yourself one in veneto for max lulz.
edivad: well veneto is quite far from where i live
edivad: mod6: You need at least one UTF8 locale to build a toolchain supporting locales
edivad: this is where i'm stuck now
mircea_popescu: edivad whatever local dialect you speak.
edivad: yes i know what you mean
edivad: i could even try with pornstar names
mircea_popescu: aha.
edivad: at these times porn industry should have generated enough pornstar name entropy
asciilifeform: keep in mind that forgetting your 'alphabet' is just as good as forgetting the key
mircea_popescu: only need ~6.6k. there's about 100k total whores in the pron records.
mircea_popescu: asciilifeform nobody ever forgets a whore!!!11
asciilifeform: lol
edivad: mod6: auto-solved the last problem with sudo locale-gen en_US.UTF-8
edivad: this time google has figured out
mod6: strange, im not sure what you mean.
edivad: i was in a mint system without generated locales
edivad: so had to generate it
mod6: it's ok now?
edivad: apparently is going forward well
shinohai: In pantsuit lulz: http://archive.is/b3RTa
mircea_popescu: asciilifeform re 2 weeks, i readily believe.
mod6: and when you say 'mint' you don't mean 'linux mint' right? just a *new/clean* ubuntu sys?
edivad: yes, a fresh installation
mod6: ok good to denote. thanks. let us know if it all builds fine for ya.
edivad: to be complete, is an lxc container that is running over proxmox
edivad: and i must admit, i grown up with deterministic wallets in my heart and in just a couple of minutes realized how a dumb move it was
mircea_popescu: a deterministic wallet can have its uses, but they typically aren't "user trying to cheat on running a node".
hanbot: http://btcbase.org/log/2017-08-10#1696608 << looks crisp, though imho "To build TRB, you are going to need some basic requirements on your system environment." is spurious unless said requirements are specified...the next line about packages and list of same seem sufficient. ☝︎
a111: Logged on 2017-08-10 15:31 mod6: Hi, I've updated the howto, it's not "finalized" yet. Please take a look and let me know if this doesn't read quite right, or if I've left something out:
edivad: mod6: same error again
edivad: https://thepasteb.in/p/DRhjlB5vA00cy
mircea_popescu: http://btcbase.org/log/2017-08-10#1696649 << are you saying cmake ships broken ?! ☝︎
a111: Logged on 2017-08-10 18:19 shinohai: No in the file CheckIncludeFiles under your cmake installation
edivad: going to do the third clean run, since i have generated the locale in the middle of the process
mircea_popescu: edivad wouldja use p
hanbot: http://btcbase.org/log/2017-08-10#1696464 << primo dunning-kruger this morning. no awareness of logs, doesn't keep him from expecting the chicken coop chatter of "things are happening!" at expected rate. ☝︎
a111: Logged on 2017-08-10 11:35 andrei4257: eram doar curios daca se mai intampla ceva aici
mircea_popescu: edivad wouldja use p.bvulpes.com like sane people ?
edivad: i'm abusing of it in some way that i haven't noticed?
mircea_popescu: you keep coming up with random pastebins.
mircea_popescu: hanbot heh. i expect it's deeper than that, though. dork is romanian, and that country had a ~50 year period of enforced equality-through-poverty the likes of which the us can only dream of. this has the side benefit of every kid expecting every other kid be you know, a goat of ~same size. maybe this other guy has a slightly newer car, that's the accepteable limit of it.
mircea_popescu: this was very noticeable even when i was organising conferences for local bloggers / getting romania's new right party a headquarters etc. "oh, this doesn't really happen, mp can't really exist" etc bla bla.
edivad: ok i will use the other pastebin no problem
mircea_popescu: by now the psychological tension is intolerable though, "what, billionaire ?!?!?! what, tmsr ?!?!" etc. there's that little old jewish mother's voice in the back of their skull, "how come this one could and you can't ?" that's utterly killing them.
shinohai: mircea_popescu: The cmake in Debian/Ubuntu repositories used to have that pthread bug, first time I built a trb with `V` that happened.
mircea_popescu: denial very cheap solution to resolve this pressure.
mircea_popescu: shinohai consider reporting on their list ? maybe.
hanbot: mircea_popescu : i seem to remember a period in which the .ro line went that you were "illegal", yeah.
mircea_popescu: o yeah, recall that ? "reality diverged from comfortable model thereof, but it has been denied with appropriate incantations and can now go back to bed. i wonder what's on tv ?"
shinohai: It was fixed apparently: https://cmake.org/Bug/view.php?id=15058
mircea_popescu: a ok then.
edivad: shinohai: may I ask how I can find CheckIncludeFiles under Ubuntu?
edivad: so i can change the line that you have posted
shinohai is happy to no longer suffer from Debian/Ubuntu infection
mod6: <+shinohai> mircea_popescu: The cmake in Debian/Ubuntu repositories used to have that pthread bug, first time I built a trb with `V` that happened. << i don't remember ever having this issue fwiw
mircea_popescu: http://btcbase.org/log/2017-08-10#1696641 << that file. ☝︎
a111: Logged on 2017-08-10 18:16 shinohai: ^ That pthread issue I solved on Debian by going to /usr/share/cmake and changing a line in CheckIncludeFiles.cmake
mircea_popescu: mod6 me either. nfi, prolly cuz of ubuntu packaging.
shinohai: edivad: If it isn't in /usr/share then you may have to grep for it .... tbh I rarely used Ubuntu so
shinohai: I did: shinohai@trb locate CheckIncludeFiles.cmake
shinohai: /usr/share/cmake/Modules/CheckIncludeFiles.cmake
mircea_popescu: http://btcbase.org/log/2017-08-10#1696685 << it's cheap in the sense making your shoes by hand is cheap. it can be fun, but that's as far as it goes. leaving aside problems of how much a pair of aluminum, ruby or w/e dice cost (ie, GOOD dice), a throw provides you with a few bit's worth, FG spits out kB's worth per second. on a per-entropy-bit cost, figuring in capital goods, salary for the thrower, etcetera, FG is about 5 de ☝︎
a111: Logged on 2017-08-10 18:33 edivad: i thought that dice was great for cheap and safe cold storage, if done it right
mircea_popescu: grees of magnitude cheaper.
mod6: edivad: if `locate` doesn't find it, perhaps a simple find will: `find / -name "CheckIncludeFiles.cmake"`
edivad: shinohai: found
edivad: here is mine
edivad: https://pastebin.com/wa99MXm4
edivad: it's pretty much already modded as you have told
mircea_popescu: edivad use p.bvulpes.com not pastebin.com thepasteb.in etc.
edivad: ok
shinohai: Ah ok .... so that must not be your particular issue
mircea_popescu: http://btcbase.org/log/2017-08-10#1696704 >> this is the real concern. ☝︎
a111: Logged on 2017-08-10 18:43 asciilifeform: ( and possibly he can also set up a lattice and derive your key from N signatures )
mircea_popescu: we have some expectations about security, they do not include the self-diddle that is "deterministic signatures", ie, i'll sign with a shitton of mathematically related privkeys.
mircea_popescu: all investigation of cryptosystems involved in bitcoin fundamentally rely on "unrelated keys" assumption.
edivad: can i read something about lattice? i haven't understood well the message
mircea_popescu: it's always been a major lulz for me that the same idiots howling about "don't reuse addresses -- it makes usg's pretense of defungibilizing bitcoin that less tenable" never happened to ever mention "don't deterministic wallets, it's on the level of cesar cipher homebrew".
mircea_popescu: because hey, that's what the public needs "experts" on the level of
mircea_popescu: what the fuck was that name of that poinless douche with a "tv show" and some "assistant" retarded chick masquerading about being me back in 2014ish ? k something
asciilifeform: ( meanwhile from the vintage cryptoidiocies file, http://archives.seul.org/tor/dev/Dec-2014/msg00099.html )
mircea_popescu: http://trilema.com/2013/in-which-noobs-learn-lessons-and-pay-for-the-privilege/ << keiser. whatever happened to him ?
mircea_popescu: see alf, some do go away.
mircea_popescu: asciilifeform do you know what else reuses a hardcoded IV ?
shinohai: Keiser still fawning for camera apparently: http://archive.is/Flk31
mircea_popescu: shinohai heh.
asciilifeform: mircea_popescu: gpg?
mircea_popescu: ding!
asciilifeform: meanwhile from literature search, every article ever, apparently, written re 'constant time modular exponentiation' proposes... tables
asciilifeform: aka death by cache differentials.
mircea_popescu: matrixes! ha-HA!\
asciilifeform: 'we sprayed perfume over the corpse, it is alive'
mircea_popescu: my intuitions while useless are entirely correct! i feel much better about self.
asciilifeform: lol
mircea_popescu: the bitch with any such approach, as i realised last night. there is NO WAY to protect yourself from downstream cache. no way.
asciilifeform: ( for n00bz : indexed load from memory is a leaking operation on ~all extant iron )
mircea_popescu: you don't even have to know it's there, your code with your entire machine could be emulated later (a la bolix on chip say) and you'd suddenly be weak, even if you deliberately included no cache.
asciilifeform: mircea_popescu: cache only comes into play if your memory fetch ~address~ sequence is secret-dependent
asciilifeform: in currently published ffa set, none of the ops do this
asciilifeform: and i ain't about to introduce any.
mircea_popescu: asciilifeform the whole fucking point of making a n-dimensional table, be it 1 or whatever else, is to avoid looking at all the cells all the time
asciilifeform: ( effect of caching is to make some addrs load, at particular ( or all ) times faster than others. )
asciilifeform: mircea_popescu: we gotta. look. at. every. cell. every. time.
asciilifeform: algebraic.
mircea_popescu: aha
mircea_popescu: that's not how the real world works tho!
asciilifeform: lol
mircea_popescu: myeah
asciilifeform: forn00bz: an, e.g., rsa modexp, in ffa, must be representable by a long roll of paper, on it are ops for ordinary 4function calculator, with very patient slave. and roll ONLY ROLLS FORWARD and has finite # of instructions on it, known in advance when you decide the ffa width. ☟︎☟︎
mircea_popescu: this terribler / tribler thing is a very amusing read.
asciilifeform: importantly, same roll MUST work for all possible m^d mod n params.
asciilifeform: (of given width.)
asciilifeform: mircea_popescu: linked item was and remains quite typical of subj
mircea_popescu: asciilifeform amusingly, the guy complains about the modular exponentiation not being constant time. maybe write to him ask where he ever saw a sane algo ?
asciilifeform: ( various 'anon' shitchats and various pseudogossiptrons )
asciilifeform: mircea_popescu: nobody knows , afaik, a sane algo. not 1 lib implements anything of the kind
asciilifeform: openssl, for instance, features the one with tables
mircea_popescu: doesn't keep him from complaining about it, so worth an ask.
asciilifeform: and leaks timing on every intel box since 1990s
asciilifeform: mircea_popescu: also why not ask him re philosopher's stone!11
mircea_popescu: myeah.
asciilifeform: while we're on the subj of 'cryptographers' : a constant time gcd is also apparently not known.
asciilifeform: ditto modular inverse
asciilifeform: ditto modular mult
asciilifeform: plenty of nonsense claiming to solve these, entire forests annihilated. but EVERYONE pulled the scam described earlier ( memory indexed by secret value )
asciilifeform: most don't even bother with this pretense. http://archive.is/GNrtB is a more typical idiocy
asciilifeform: contribution to gmp
asciilifeform: observe... ORDINARY BRANCHING!
asciilifeform: claims ' Compute V <-- A^{-1} (mod M), in data-independent time.' in comments tho
asciilifeform: exercise for reader : find the hidden conditionals.
asciilifeform: actually hm, maybe not a lie
asciilifeform bbl, off to torture room
asciilifeform: https://eprint.iacr.org/2014/161.pdf >> for whoever it was who had asked re lattice solving for privkey
edivad: hallo
edivad: i have a super good news, node is compiled, up and running
edivad: thanks again to all of you that have helped me in the troubleshooting
edivad: now instructions are much clearer
shinohai: \o/
shinohai: Nice work edivad
edivad: now that i run a node i can consider myself truly part of tmsr?
shinohai: Tis a start.
edivad: i think that is important to add to the guide that the average joe will need at least 6 gb of space in his hard disk to be able to compile from scratch TRB
edivad: i was doing the process in a 8gb container and at a point i wasn't so confortable continuing refreshing df to check my free space ☟︎
trinque: pittance compared to what you'll need to hold the blockchain, eh?
edivad: problem is this
edivad: i keep the blockchain stored separatedly
trinque: ah well sure, suppose mod6 could mention the build environment is going to be big.
trinque: anyhow wd edivad
edivad: that precious indexed database, with hours of CPU time on his shoulders, won't be mixed with dirty system files
edivad: in my case i've recycled a previous bitcoin core blockchain and fired up TRB ☟︎
edivad: and now is checking every block from the beginning
edivad: other quick questions are rising
edivad: the 1st) when i started for the first time TRB, he was bitching that myip=something wasn't present on my .conf. Is this a TRB specific requirement?
edivad: 2nd) the second time that i've started TRB, it was complaining that wallet.dat was corrupted (this wallet.dat was generated from latest core, so i suppose is deterministic, is this the reason for being rejected?)
mod6: <+edivad> i have a super good news, node is compiled, up and running << yay!
trinque: 1, correct, see asciilifeform_zap_showmyip_crud.vpatch
trinque: it was calling out to some website for external IP, which is nonsense.
edivad: ok perfect
mod6: <+edivad> thanks again to all of you that have helped me in the troubleshooting << You're welcome. Very good of you to have such persistence to keep working through the issues.
trinque: 2, entirely likely the power rangers changed the wallet format
mod6: <+edivad> i was doing the process in a 8gb container and at a point i wasn't so confortable continuing refreshing df to check my free space << oh sure. I didn't even think to ask. Next time I will.
mod6: <+trinque> ah well sure, suppose mod6 could mention the build environment is going to be big. << While I'm at it on the updates; i think, let's say, you need a minimum of what? 20Gb ?
edivad: ok perfect, the third time that i've restarted the node there weren't no problem at all
trinque: looks like my trb dir weighs 4.5gb over here; something like that should be fine
mod6: yeah, that's always what mine is once complete, ~4.5G ☟︎
edivad: i need to ask something more political than technical
mod6: I'll say 20G, that should suffice, for now.
trinque: edivad: don't ask to ask.
edivad: i've understood that TRB = purity
trinque: !#s taint
a111: 141 results for "taint", http://btcbase.org/log-search?q=taint
trinque: edivad: define "purity" before proceeding.
edivad: in the case of segwit, this means that trb won't care about segwit blocks and as long as they will complies with the "hard rules" (I really don't know how to explain myself better) they will be accepted? ☟︎
mod6: ok updated, take another look: http://thebitcoin.foundation/trb-howto.html
edivad: nice mod6
mod6: o7
mod6: Thanks again.
trinque: edivad: can search the logs first, eh? there's lots in there re: segwit and other failures of folks to diddle the definition of bitcoin
trinque: as currently derped, yep, "segwit" shouldn't mean a damn thing to bitcoin proper.
mod6: edivad: yah, it'll really help you out to read at least 6 months of logs. And if you read more, even better. There's a wealth of knowledge in there.
trinque: cept that eventually miners will defect from the thing, and steal everyone's segwit "transactions", much to the lul of all.
edivad: ok I'll read it before asking political questions
shinohai: Also, from here onwards you should refer to Segwit as `Segshit`
trinque: oh I got one: segregated witless
shinohai: lel