asciilifeform: ( there were attempts but pc arch made it very painful to do this )
asciilifeform: to move the complexity into proggy.
asciilifeform: but rather with 'ancestral' (photodiode or two) stick.
asciilifeform: the mega-achievement would be not only to encode these, but to read WITHOUT a high end camera & special optics
asciilifeform: kBytes ! of theoretical capacity
asciilifeform: in theory
asciilifeform: reading simply consists of waving the wand across the page, in various directions, for as many swipes as it takes.
asciilifeform: continuing the optical code thing, i have a possible pill :
asciilifeform: i must admit that i dun see the appeal, Framedragger
Framedragger: loads fine here... root cert is "USERTrust RSA" CA, then gandi
Framedragger: i think he had some sentiments for delicious users, + perhaps expects some of them to migrate to his paid service. who knows
Framedragger: "As for the ultimate fate of the site, I'll have more to say about that soon. Delicious has over a billion bookmarks and is a fascinating piece of web history. Even Yahoo, for whom mismanagement is usually effortless, had to work hard to keep Delicious down. I bought it in part so it wouldn’t disappear from the web."
asciilifeform: lol, delicious?! the ancient bookmark-storage thing no one's used in ~decade ?!
asciilifeform: ^ surprisingly nonidiotic response to a popular schneierism going around at the time
asciilifeform: ( ideally you oughta be able to smudge most of the image and still recover payload )
asciilifeform: http://blog.liw.fi/posts/qr-backup << state of the art unsatisfying, because no raptor code
asciilifeform: ( such that it'd be READABLE 100% of the time )
asciilifeform: ( and, importantly , optically, rather than promisetronically )
pete_dushenski: asciilifeform: this the paste you're refering to for bsd box ? http://btcbase.org/log/2017-06-01#1664112
asciilifeform: imho the correct implication, is excrement-packaged-for-human-consumption, rather than just any ol' pile-o'shit
pete_dushenski: all these from asciilifeform 's fertile mind ?
jhvh1: pete_dushenski: The bezzle-USD and the tide-USD on Trilema - A blog by Mircea ...: <http://trilema.com/2014/the-bezzle-usd-and-the-tide-usd/>; NEXT: 26-02-2016 - #bitcoin-assets log: <http://log.bitcoin-assets.com/%3Fdate%3D26-02-2016>; Trilema - Pete Dushenski: <http://www.contravex.com/wp-content/uploads/2016/03/2016-04-01-logs-trilema.txt>
pete_dushenski: wtf kind a braindeads are pumping eth to these levels anyways. do govs really have that much fiat left to wash trade with ?
trinque: really meant $republic there.
asciilifeform: pete_dushenski: i can't comment on the autos of 'less poor' folx, never bought mclauren parts.
trinque: look in 2040, if bitcoin doesn't sling enough dick that there are sane parts to be had, better seppuku
pete_dushenski: omg be less poor then
pete_dushenski: asciilifeform: but you did shift the goalposts a fair but there : 'inspected & licensed' quickly became 'only toyota'. problem ?
asciilifeform: pete_dushenski: 'parts plentiful' while junkyard still has'em, and then suddenly goes to 0
asciilifeform: unless you want to fit a 1980s motor in there.
asciilifeform: trinque: my thought was that if you want that toyota to run in 2040 you will probably have to buy the factory that made the, e.g., oxygen sensors, ignition comp, whatever digital crud (and its analogue tendrils) that the thing demands in order to run
trinque: these I don't know why anyone would buy, unless he has the money to buy the manufacturer when he wants something.
pete_dushenski: these are!!1
asciilifeform: the kind that get inspected & licensed
asciilifeform: pete_dushenski: speaking here of street, rather than race, cars
asciilifeform: ( you will get new comp for them where ? new chemical sensors ? )
pete_dushenski: asciilifeform: au contraire http://www.contravex.com/2017/02/28/the-contemporary-classic-car-phenomenon-explained/
asciilifeform: eventually you either buy it or learn to machine parts for your vintage auto.
pete_dushenski: this is actualy the legacy of the whole gay right movement innit : everyone and their dog is *-oriented. such human social progress this advent.
pete_dushenski: worx great because plebs don't use keyboards anyways. too ON THE GOGOGO. because mobility-oriented donchaknow.
asciilifeform: ^ these are commercial items! just ask bigphysics-pr-man hawking
pete_dushenski: you joke but laptop-style 'mousepads' are the next 'big thing' in automotive interior design. they're generally placed aft of the gear shifter in the horizontal area of the centre console.
asciilifeform: 'The newest Lexusesiv in particular have the most (Hashem-) forsaken hvac/audio computer systems WITH A MOUSE.' << lol!!!
asciilifeform: it still 'cares' what the baud rate is
asciilifeform: 'synchronous serial' is simply a thing like rs232 but with 2nd pin, for clock, and then machine knows when to read off the bits.
mod6: i think from this little exercise that I can conclude that my tests, on linux, did exactly what they should have done.
mod6: yup, just was gonna do those three. wont litter the logs any more with those.
asciilifeform: mod6: running these on items that already passed diehard is waste of time
mod6: here's the output from hist.py FG#1, run 3: http://p.bvulpes.com/pastes/DwunV/?raw=true (on linux box)
asciilifeform: and it'll pick up something with most of the 1s stuck on.
asciilifeform: if box is misbauded, it will pick up a byte solely by accident, when it gets something that looks like it has the start and stop bits
asciilifeform: now do it to what you got on the bsd box
asciilifeform: it is likely that you have one somewhere in the house already
mod6: but the battery cell is somehow better for this test?
asciilifeform: the other factor, aside from ac mains ripple , is rf ( from the power path being of any appreciable length ) from environment
mod6: isn't that what the Dr. Meter does? you set it to 5v and it's g2g. i've verified with multimeter (Fluke) that it does spit out what it says it spits out.
mod6: instead of the battery pack, can I just use my Dr. Meter DC PS?
mod6: it's USB-TTL direct plugged into machine, wired with the 5v, out, & gnd
asciilifeform: y'know, the kind that drop specific octets.
asciilifeform does not recommend the histogram thing as a firstline test, it was written as diagnostic to ferret out broken os
mod6: yeah, they were collected on linux as such ^
a111: Logged on 2017-06-01 15:35 mod6: but take a look at these results from FG#1 http://p.bvulpes.com/pastes/lGnuD/?raw=true
asciilifeform: ( 'fg plugged into usb hub powered from wall 5v plug, amd crapteron 7.7ghz running shithead linux' etc
asciilifeform: yes but where was the input collected
mod6: im running the ./hist.py on a linux environment amd64
asciilifeform: plz to describe the entire setup
asciilifeform: these from linux or bsd ?
mod6: so back to the bsd-side-quest.... i built `coreutils 8.21' on my openbsd box. now have `gdd` on there. which has a 'fullblock' iflag.
asciilifeform: you will see 'dragons in the clouds'.
asciilifeform: the perhaps worst 'test' ~of a working rng in particular~ is to look at the hex with naked eye
asciilifeform: but it helps to remember what the idea is.
asciilifeform: sorta the point of 'ent', 'dieharder', etc. is so as not to have to do these by hand.
mod6: i went back to my linux output entropy files to see about the 'ff fd' thing; I'm really jammed up on openbsd. and that's a different side-quest we can discuss later. but now i'm wondering about the flow-control/output from collections done on linux
asciilifeform: mod6: still dealing with the bsd thing ?
a111: Logged on 2017-05-30 17:07 asciilifeform: the preponderance of 0xff 0xfd etc is screaming hint
asciilifeform: trinque: they dun have a wall plug ?!
mircea_popescu: depends if you'd rather quit or just announce.
BingoBoingo: In other news, appear to have successfully quit smoking. Last nicotine was Saturday at 1:15 PM. Turns out it works better if you wait until afterwards to announce to the world
asciilifeform: also the 'nsa not involved, shuddupterrorists' lulz.
jhvh1: BingoBoingo: The operation succeeded.
mod6: Ladies and Gentlemen of the Republic: http://therealbitcoin.org/ml/btc-dev/2017-June/000265.html
asciilifeform: ^ check out the photo of judge !
asciilifeform: meanwhile, in monkeystan, https://archive.is/moE9o >> 'The ruling found no legal grounds for reversing Ulbricht's conviction or 2015 sentence for founding and operating Silk Road' << BingoBoingo / qntra ?
shinohai: For a less terse SoBA, participate and build your own. The voices in thy head will fill in the blanks
mircea_popescu: i suppose when he was alive they weren't letting her get close enough ?
mircea_popescu: there is that.
asciilifeform: whether lenin, saddam, whoever. nothing pissant, esp in a crowd, loves more than to throw down symbol of ~his~ utter insignificance
asciilifeform generally barfs at photos of 'pulled down statue' given as they figure prominently in orangerevolutionary material, of pissants kicking dead lions
mircea_popescu: ~what the common libertard thinks hitler is, basically.
asciilifeform: statues don't fight back, either
trinque: kids can't stand up straight; objects that can't but otherwise, naturally offensive
asciilifeform: so much easier to turn over a statue than to actually accomplish something other than being piece of shit
asciilifeform: hey, the ukrs TO THIS DAY haven't run out of lenins to topple
mircea_popescu: i don't think they go by what could be described as criteria.
BingoBoingo: So in other local lulz, Marxist aggitators want to remove Confederate memorial from park in StL city. Same aggitators love/ignore local "farmer's" market that used to hold "Pick-a-Nigger Sunday" sales.
BingoBoingo: But how many 1 in 100 doing the time also were Preetlings appointed by Hussein Bahamas?
asciilifeform: recall, this is the country where every pub has a PARKING LOT
asciilifeform: and maybe 1 in 100 does the time
BingoBoingo: n Courtney Cox, who was appointed to the position in 2007.
BingoBoingo: Wigginton refused to take a Breathalyzer, according to the report. He posted $100 bail and was released. Wigginton resigned as U.S. attorney for the Southern District of Illinois on Nov. 24, 2015, to work for a private law firm. Wigginton became U.S. attorney in August 2010 after former U.S. President Barack Obama nominated him to serve as the top prosecutor in the states southern 38 counties. Wigginton, a Democrat, replaced Republica
BingoBoingo: The driver left the scene of a property damage accident where his vehicle left the roadway. The driver smelled strongly of an alcoholic beverage and his eyes were red and glassy in appearance. The driver admitted to drinking an alcoholic beverage. The driver was unable to complete the field sobriety testing.
BingoBoingo: In other victories for "our democracy" a minor Preetling arrested by local constables http://www.bnd.com/news/local/article153608214.html#wgt=trending
asciilifeform: ( pci etc would make moar sense for 'atomic' trng, as described in older thread, with the scintillator, because there your entropy extraction is limited more or less only by the clock speed of the take-off/debiaser and the dead time of the scintillator (1-5ns) )
mircea_popescu: just pent-up domain to save the environment by publishing more pointless papers.
BingoBoingo: Give it 36 months for TMSR weather service S.CLIMAx to need ruinously high bitrate for "forecasting"
asciilifeform: if there were pent-up demand for ruinously high bit rate, we could do pci version with N analogue boards; but so far i dun see it
asciilifeform: others also.
mircea_popescu: that's the thing with superior technology, the fact that you need 10 tons carried rather than 10kgs is not an argument in favour of oxcarts and against trucks. on the contrary -- the more needs carried, the more you want the trucks to carry it.
a111: Logged on 2017-05-31 19:23 phf: indeed. i'd like for one of these fucks to go "oh, we've tried this solution in 87 and there's reason A and B for why it's not applicable at industrial scale" or "oh we need 10000KB/s which means that blah blah blah"
mircea_popescu: http://btcbase.org/log/2017-05-31#1663994 << 10mbps is still cheaper to make with fuckgoats than through whatever alternative they have.
mircea_popescu: problem is, when we wake up tomorrow, the dumb cunts will still be dumb cunts ; while fuckgoats will still work.
mircea_popescu: if only we agreed to agree the dumb cunts are important they'd gladly agree fuckgoats works!
a111: Logged on 2017-05-31 19:16 phf: i wonder what they mean by "large amounts", could they just run a handful of FUCKGOATS in parallel? is there some hidden flaw in FUCKGOATS approach that makes the solution non-viable? so many questions!
mircea_popescu: http://btcbase.org/log/2017-05-31#1663991 << yes, there is. it's not hidden, either : it dispenses with any role for or need of the stupid fat old women in "the Commission of the European Communities" not to mention " the Netherlands Organisation for Scientific Research " and etcetera.
mircea_popescu: asciilifeform> and not by 'autodetecting' (validating!111) either, but by actual design << awww, k.
phf: indeed. i'd like for one of these fucks to go "oh, we've tried this solution in 87 and there's reason A and B for why it's not applicable at industrial scale" or "oh we need 10000KB/s which means that blah blah blah"
phf: why is there a need for a "quantum random number generator" (from yesterday's thread)?
phf: i wonder what they mean by "large amounts", could they just run a handful of FUCKGOATS in parallel? is there some hidden flaw in FUCKGOATS approach that makes the solution non-viable? so many questions!
asciilifeform: http://wotpaste.cascadianhacker.com/pastes/oa8cj/?raw=true << whole text, for the truly dedicated entomologist.
asciilifeform: 'Generating large amounts of truly random data is expensive. Fortunately, truly random data can be simulated by pseudorandom data produced by a stream cipher from a much smaller key. (Even better, slight deficiencies in the randomness of the cipher key do not compromise security.) The literature contains several scalable ciphers....' -- djb et al
asciilifeform: d 1513671; and by a gift from Cisco. P. Lou was supported by the Rachleff Scholars program at the University of Pennsylvania. We are grateful to Cisco for donating much of the hardware used for our experiments.'
asciilifeform: 'This work was supported by the Commission of the European Communities through the Horizon 2020 program under project number 645622 (PQCRYPTO) and project number 645421 (ECRYPT-CSA); by the Netherlands Organisation for Scientific Research (NWO) under grant 639.073.005; by the U.S. National Institute of Standards and Technology under grant 60NANB10D263; by the U.S. National Science Foundation under grants 1314919, 1408734, 1505799, an
jhvh1: asciilifeform: The operation succeeded.
asciilifeform: it is solely an excuse for pissing the bed, and never anything else.
asciilifeform: because the alternative is 'oh, shuddup that winblowz is porous, because godel, nyahahaha'
asciilifeform: and if someone wants to mention godel etc -- ethical engineer MAY NOT cite godel, EVER, just as a police detective MAY NOT cite the supernatural and admit a hypothesis of miraculous theft from a safe
asciilifeform: funny bit re metastability -- i did not realize that it was the one and only possible culprit until i confirmed that the logic analyzer in fact saw, on multiple occasions (at least 1 ppm) a variant logic state from what the rest of the circuit saw.
asciilifeform: read the fuckingsource folx!111
asciilifeform: how i solved this -- is exercise for the reader ( i did solve it )
asciilifeform: the practical consequence of this is that when it was connected to TWO of'em, they could easily end up with different impressions of what they saw, breaking 'yokeability')
asciilifeform: (problem was , analogue rng's waveform, while meeting the signal voltage constraint, and even the rise/fall time constraints, sometimes does not meet the hold time constraint! and results in metastable state in digital chip it is connected to
asciilifeform: now in all fairness, the coveted 'information processer' is not found in nature, only the lowly 'physical object' is found there; and to make the former out of the latter is not at all easy,
asciilifeform: ( and leads to terminate-with-epitaph, a perfectly valid state, rather than exploitability )
asciilifeform: where the only 'world ends' operation is div0
asciilifeform: which in fact can be built to validly transition from every possible state to another valid possible state ( see the adder example earlier. )
a111: Logged on 2017-05-31 15:36 mircea_popescu: this i suspect is generally the case, if an item doesn't contain deadly possible states it is more properly a toy than a tool.
a111: Logged on 2017-05-31 15:43 mircea_popescu: http://btcbase.org/log/2017-05-31#1663769 << yet procreation works whether you wash your dick or don't. scandalously, it seems it actually works better if you don't.
asciilifeform: http://btcbase.org/log/2017-05-31#1663925 << the direct equiv of unwashedcock is the winblowz box plugged directly into public net
a111: Logged on 2017-05-31 15:37 mircea_popescu: in any case, the problem of the 110/220 swich is not, to this day, solved.
asciilifeform: and not by 'autodetecting' (validating!111) either, but by actual design
a111: Logged on 2017-05-31 15:36 mircea_popescu: http://btcbase.org/log/2017-05-31#1663763 << this i'm affraid is wishful thinking. consider the simple case of the 110/220 volt switch on most desktop power supplies. it... does contain such a state, as part and parcel of why it even exists in the first place.
asciilifeform: http://btcbase.org/log/2017-05-31#1663919 << screamingly bad example -- all current ps lack the switch, and in fact designed to make use of 90-300volt, wherever in the world
a111: Logged on 2017-05-31 14:41 erlehmann: asciilifeform by that standard, everything is insane (i might even agree). LANGSEC is not planet-wide asepsis, it is washing hands before walking to the operating table.
mircea_popescu: http://btcbase.org/log/2017-05-31#1663769 << yet procreation works whether you wash your dick or don't. scandalously, it seems it actually works better if you don't.
a111: Logged on 2017-05-31 14:41 phf: validating input is the security community mantra that i remember since i joined it in 99 or so
mircea_popescu: this i suspect is generally the case, if an item doesn't contain deadly possible states it is more properly a toy than a tool.
mircea_popescu: http://btcbase.org/log/2017-05-31#1663763 << this i'm affraid is wishful thinking. consider the simple case of the 110/220 volt switch on most desktop power supplies. it... does contain such a state, as part and parcel of why it even exists in the first place.
asciilifeform: erlehmann: finished, aside from a few of the higher arithm ops
erlehmann: i bet you read that at the orange wobsite
erlehmann: Framedragger to the moon with it!
erlehmann: but back to the GCC example, i think someone said “a computer can not recognize meaninglessness” or similar
erlehmann: that only the human brain can do
erlehmann: (… because they have no meaning)
erlehmann: i think part of the room was sufficiently disoriented by the fact that GCC drops loops without side effects
mircea_popescu: of all the gone traditions of the academic citadel, the one mp most regrets is mercilessness.
mircea_popescu: phf and then you ask him why he continues to pretend like he has something to say in plenum and he breaks down and cries before 200 students.
phf: i wonder if this creates significant cognitive dissonance in these people. it took me a while to learn how to scale elegance (and how incredibly costly it is, hence gems like tex.web ARE gems), but here you have a prof, drinking own koolaid of whatever best practices, attempts to write a non-trivial project and ends up with unmanageable complexity
erlehmann: game is also there in english
Framedragger: thanks for the pointer, will actually check. i know a bit of german but too little. may make it even more fun, tho
Framedragger: signed by her majesty the queen
erlehmann: Framedragger if you know german, i suggest to play unteralterbach. i also suggest to not visit commonwealth countries and others with weird sex laws (comic sex = real punishments) when having that.
Framedragger: (not sure what "good philosopher" would even mean these days, most of "modern philosophy" is same ol' "research journal" printolade anyway)
phf: Framedragger: it's probably shit code that professor was planning on fixing "eventually". i've managed to acquire a number of these "secret" sources while at umd and most of them were horrendous.
erlehmann: Framedragger the author of http://unteralterbach.net did not want to give source immediately to not enable shitlords to spoil the game's easter eggs.
mircea_popescu: most oracles also discover they're much better cooks than oracles.
mircea_popescu: natural language is useless for any serious rational purpose without endless washing and starching. math does not suffer from the same problem.
Framedragger: source code.. wonder if there's a good reason possible if intention was to give source eventually. prolly not...
erlehmann: the only person who would not give complete corresponding source and supplementary materials for stuff was a neuroscientist i think. something about having done lots of work to collect the data and analyze it.
Framedragger long ago got a "you're not yet ready to read kant, read this about kant", which in retrospect may have been a misjudgement (you can kinda sorta just read Kant, esp. if you're read hume), but i just went along with it. worked in the end. maybe not comparable situation, but anyway
erlehmann: i moved to berlin to study philosphy at humboldt university. different climate there. especially regarding bad teaching.
erlehmann: Framedragger 1. prof demoed some program he wrote (?) in linear algebra course 2. i asked about source code. 3. answer was like “you do not get source code, you would not understand anyway” 4. no other student thought it ridiculous for a teacher to not give source. 5. i found out implementation was really simple.
mircea_popescu: ahh, recall the grand old days when this terminology was getting established ?
Framedragger: erlehmann: just idly curious, why did you not continue studying at TUM? i'm only curious because i considered that once, too, and "heard it was good" (well they also seemed to be offering solid-looking courses when i visited them in ~2013). just in case answer pertains to objective details
erlehmann: “forced/forcing german” → “zwangs deutsch” → losing the “w”, sounding like the word for forceps → “zangen deutsch”
erlehmann: in german the calque word for a german calque is “zangendeutsch”
mircea_popescu: sounds very "we in europe have 60% taxes and think women should talk at the table."
erlehmann: asciilifeform where does the tron(ic) suffix come from? versionatron? chumpatronic?
erlehmann: the former boss of my boss, when asked about ethereum, was like “my investment strategy is: i hope you get rich with ether and then give me some of it”
erlehmann: but i have not yet found out why people are unaffected. and why i do not feel the same as they do.
phf: erlehmann: well, i said "parsing" i didn't say grammar. there are different ways to write a parser. btcbase uses a readtable dispatch based parser to construct an in memory vpatch structure, i just checked, in about 90 lines of lisp. presumably if somebody wanted to write a parser using yacc, they'd have to write a lalr grammar for a vpatch
erlehmann: they no longer write roguelikes where you can shit yourself to death
erlehmann: idiots reimplemented it themselves using infix notation
phf: erlehmann: i think what we're saying is that validation for the sake of validation is an incomplete solution for various reasons. you come from a position where you need to convince people that parsing is important, we're saying that ~we know~ and ~we do it~, but we also think that it's not the whole solution.
a111: Logged on 2016-12-11 23:00 asciilifeform: i was not going to expand on the 'p' thread until the proggy is done, but this is probably a good time to say 1 more
asciilifeform: this is the abbatoir, erlehmann , where we butcher it.
asciilifeform: but the future contains no such
asciilifeform: these 'a lot of exit condition'
erlehmann: i do not understand the question, care to elaborate?
erlehmann: ad-hoc validation creates a lot of exit conditions that interact with each other
erlehmann: anti-pattern “shotgun parser”. draw the processing diagram on to the wall. shoot at it with a shotgun. everywhere the bullets hit, validate stuff.
erlehmann: asciilifeform mixing validation and processing code makes it harder to reason about possible code paths. after the recognizer you can be sure that the rest of the system does not have to handle anything.
asciilifeform: the implication is that it is acceptable for processor to be vulnerable
mircea_popescu: Framedragger the whole notion of "rsa keygen efficiency" is a little bit in the vein of "cheapest wedding dress".
phf: these days it has additional twist of haskelization and provable grammars and such
erlehmann: asciilifeform by that standard, everything is insane (i might even agree). LANGSEC is not planet-wide asepsis, it is washing hands before walking to the operating table.
phf: validating input is the security community mantra that i remember since i joined it in 99 or so
asciilifeform: because so long as you stay in the voltage and hold time constraints ( and you won't be violating these over internet ) it will give correct answer, now and 1000 yrs from now, to all physically possible inputs.
Framedragger: asciilifeform: alright, will do later. given that you quoted from the concluding section however, makes me doubt whether my opinion will change. but will do.
phf: well, that's why i referred to that djb paper about qmail. he stated both the problem and the solution, and his solution was essentially "compartmentalize", but when it comes to parsers specifically it's something very aggressive. like a fixed length line reader that dispatches on a single prefix character. not even a "grammar"
asciilifeform: the actual curative pill is a system with no nonimmediatelyobviousliketwooplustwo code.
Framedragger: i don't believe they are actually suggesting that doing key gen on third party is a good idea for user. discussion was about performance, no? (granted, did not read whole paper)
a111: Logged on 2017-05-31 14:17 asciilifeform: in recent sads, 'Our batch prime-generation algorithm suggests that, to help reduce energy consumption and protect the environment, all users of RSA—including users of traditional pre-quantum RSA—should delegate their key-generation computa- tions to NIST or another trusted third party. This speed improvement would also allow users to generate new RSA keys and erase old RSA keys more frequently, limiting the damage of key theft.'
Framedragger: http://btcbase.org/log/2017-05-31#1663689 << i believe you misquoted out of context. the purpose of that was to (as you can see if you read till end of para), "The challenge here is to show that secure multi-user RSA key generation can becarried out more efficiently than one-user-at-a-time RSA key generation"
asciilifeform: whole field is ill-conceived : plugs wrong end of the funnel.
asciilifeform: and erlehmann i read the paper you linked.
erlehmann: phf yeah, the results are not palatable to people. “what i can not do ‘<script>document.write('<script>')</script>’ anymore?”
mircea_popescu: there's also the suspicion that the only reason this "appears to work" as a securitizing approach has to do strictyly with it not being in general use.
phf: erlehmann: that is true, but doesn't take into account complete attack surface. i agree that "write a proper parser" should be the first step, but that's also a baseline. problem is that most of these protocols are either non-regular, have types that depend on state (e.g. a fixnum whose range changes based on a flag), or are outright turing complete
erlehmann: and has a functioning bullshit detector. evidence: someone proposed a docker container to run the game “more easily”. linley politely declined.
erlehmann: mircea_popescu i believe linley is creative and knows his theory. but no one ever asked him to clean up his code.
erlehmann: we sometimes bump into each other at conferences. also i made the yellow press (BILD) stylesheet for his blog some time ago.
mircea_popescu: oh, you know the fefe.de guy ?
erlehmann: mircea_popescu if you like RTS without multiplayer, i suggest to try out liberation circuit. the math seems to be fixed-point only, so real-time multiplayer should be possible if you can wade through the abysmal codebase.
mircea_popescu: life these days is muchly reminiscent of 1980s, reading comuniques from disidents behind the iron curtain, trying to judge how genuine, what happened, etc.
erlehmann: phf i have worked on existing protocol. the grammar codifies the assumptions that you as a programmer make. take an ENUM in the input, for example. grammar should only contain values you know you can process right.
mircea_popescu: phf i suspect he's young ; in any case excitable. give the man a moment.
phf: diots" position. what you going to audit ffmpeg? i'm saying that the correct solution is not to run media decoder on a mission critical machine
phf: erlehmann: sure, but the question is, are you designing your protocol from scratch or you're saying something about an existing protocol. and if you're designing it from scratch then there are existing long established solutions that long predate langsec (unless of course they are just an education organization). but if you're saying something about existing solutions, and you mentioned ffmpeg etc., then it's your classical security specialist "y'all i
mircea_popescu: is there more to it ?
mircea_popescu: so far this seems ~same as what led eulora to having open bots. they are programed in... literal c.
erlehmann: phf i believe you misunderstand the problem