Show Idle (>14 d.) Chans

← 2021-07-28 | 2021-07-30 →
raw_avocado: asciilifeform: i read in some of your posts that you dont think whitening entropy is a good idea. Why?
raw_avocado: I failed to find anywhere any mention of this thing, and in the logs there dosent seem to be a detailed explanation, or maybe i am using the search function wrongly.
asciilifeform: more discussion of this than probably anyone could want.
dulapbot: (trilema) 2015-10-29 mircea_popescu: you want to fuck your computer, that's all there is to it.
verisimilitude: I'd like mine added as well, PeterL:
verisimilitude: On that note, I'll link to my latest book review; despite the popular book, I think it turned out rather nice.
punkman: recently read autobiographical book from famous greek bank robber. quite the character. pulled off helicopter escape twice from same prison. interestingly never killed anyone, even after countless armed encounters with police.
punkman: apparently english version is coming out this year. will share if I get pdf.
punkman: "“I never showed disdain for the value of human life; yet I found the act of taking a life perfectly legitimate and acceptable, under certain circumstances and with good reason, as when “wider” freedom was concerned. Because death is the inescapable consequence of life. On the contrary, causing pain by torturing is something horrible,
punkman: something heinous.”"
punkman: "once you are an outlaw, an ever-increasing amount of resources are required to maintain your freedom". as the banks made the robbing less lucrative, kidnapped a rich dude. "When they dropped him off, Vassilis remembers, Haitoglou left them with a joke: “Guys, if only it didn’t cost that much, I’d very much like to have another adventure with
punkman: you!”"
punkman: fun opsec tale from the book: after another kidnapping, they cracked open a prepaid sim phone. you had to activate this by calling a number. they were driving down the road, guy saw pizza billboard, called pizza place.
punkman: they called in for ransom, eventually got the ransom, let the guy go. many months later they had rented a villa, buried some money in the yard, laying low etc. cops do raid, catch everyone.
punkman: turns out they had later activated a 2nd prepaid phone, accidentally using same pizza place number. so cops were tracing ransom phone that had made only two phone calls before being discarded, pizza place and asking for ransom.
PeterL: << Hmm, it is not doing the one thing it is supposed to do. I will hack on this a bit and see what is going on.
dulapbot: Logged on 2021-07-28 23:09:45 whaack: PeterL: Not sure scoopbot is scoopin'
dulapbot: Logged on 2021-07-29 00:26:03 raw_avocado: 10x
punkman: PeterL: tenx -> thanks
PeterL: sorry about spam, I think it is almost there
PeterL: scoopbot was just really excited to talk, should be calmer now
PeterL: Aha! Now it works
PeterL: asciilifeform: bug report for watchglass: irc_dbg = cfg.get("irc", "irc_dbg") <-- this should get wrapped in an int()
asciilifeform: PeterL: ty
billymg: asciilifeform: i finally got around to manually importing the logs for this channel starting from the split:
billymg: asciilifeform: do you mind if i have my bot idle in here so that i can keep the logs on my www in sync?
asciilifeform: billymg: please do. keep in mind that you'll need to patch the logotron.
dulapbot: Logged on 2021-06-16 13:46:57 asciilifeform: << i had to commit this kludge warcrime to get the bot to talk to 'unreal irc'.
asciilifeform: billymg: lemme know if need help with this.
billymg: ok, will give it a shot and let you know if i run into anything
PeterL: asciilifeform: can you add scoopbot to the list of bots for colorizing in the logs?
asciilifeform: PeterL: will do, 1s
PeterL: k, thanks
asciilifeform: PeterL: done
billymg: test
bitbot: Logged on 2021-07-29 18:13:51 billymg: test
billymg: excellent, gonna just restart it to change its command trigger
billymg: !. uptime
bitbot: billymg: time since my last reconnect : 0d 0h 0m
billymg: neat
billymg: i wanted that nick on freenode but it was already taken
billymg: i started getting this error from freenode sometime this morning as well, although it didn't seem to kick me from the network
billymg: it was, however, annoying enough that i turned off that network in my znc config
raw_avocado: asciilifeform: some people telling me that selfies are a good source of entropy, and of course they hash these images
raw_avocado: I am thinking, that cameras reduce noise when taking pictures, and thus reducing entropy, no?
raw_avocado: And if cameras would apply some kind of filer(like reduce brithness or something) that would actually make it easy for an attacker to reduce the space?
punkman: camera sensors and software introduce a lot of bias
punkman: you'd want to take multiple photos or video frames
mats: raw_avocado: how long are you gonna go on crowd sourcing information from reddit and quizzing the poor souls in here about the content
raw_avocado: mats: i am coming into contact with this a lot of these topics for the first time, and i am trying to understand whats happening in fact.
asciilifeform: raw_avocado: let's take an elementary failure case and work it out :
raw_avocado: asciilifeform: please do so
asciilifeform: raw_avocado: suppose the camera fails in such a way that you get a stream of zeros instead of the usual frames.
asciilifeform: ( or, equivalently, /dev/whatevercamera is replaced in your program, somehow, with /dev/zero )
asciilifeform: raw_avocado: will you be able to tell that the output is now easily predictable ?
asciilifeform: so then.
raw_avocado: Yeah, but cant i say the same thing about the FG or any source of entropu, what if it fails in some way how can you tell the string is not random?
asciilifeform: raw_avocado: failure in iron rng typically happens in the analogue component. if the digitizer/post-processor 'whitens', the failure will not be detectable (via sample & util such as 'ent') because hash makes even /dev/zero into a soup which passes all statistical tests, despite being trivially predictable.
asciilifeform: raw_avocado: if you had actually read the log pointers, would know this.
dulapbot: Logged on 2021-07-29 00:16:25 asciilifeform: raw_avocado:
raw_avocado: Yes i get that part, as in i can hash numbers from 1 to 10^5 and then hash them. If i run tests on that, the statistics pass on the hash function not on the input
raw_avocado: Ive read some of the threads yesturday, not all.
asciilifeform: raw_avocado: camera, in fact, is a fairly good source of entropy. but it gives great temptation to user, to pipe it directly through a hash, so to resemble a MB/s+ rng; but in reality it gives approx. same actual entropy as FG ( < 10kB/s )
asciilifeform: if you apply von neumann debiaser to the bits comprising the frame, as many times as req'd to match the statistical quality of FG's output -- will get similar bandwidth.
asciilifeform: but i've yet to see someone who is using camera as trng do this. (btw if you must do so, copper foil over the objective.)
raw_avocado: Well, the idea was not to use it as an RNG for the box, but use a picture to create a BIP39 seed.
asciilifeform: raw_avocado: lemme get this straight, you simply need what, 256bits of entropy ? once ?
raw_avocado: In this example yes, and the question was if a selfie would serve as a good souce.
asciilifeform: if you had used a coin , would've already been done a while ago, lol
dulapbot: Logged on 2021-07-28 23:05:34 asciilifeform: raw_avocado: if you have nothing but a coin and time -- von neumann's debiasing algo worx just as well with paper and pen as with machines
asciilifeform: raw_avocado: it is still unclear to me whether you are interested in understanding what makes for a 'good source', or simply looking for cookbook recipes
raw_avocado: asciilifeform: i dont need a source of entropy for my use rn. i want to understand how these various methods would work, and how good they would be.
asciilifeform: raw_avocado: moar log pointers, if you're genuinely interested in subj.
raw_avocado: asciilifeform: ok ill do some more reading, and prolly return with dumb questions again
asciilifeform: raw_avocado: i'm happy to answer q's, but would prefer that noobs do some reading 1st and get elementary grasp of the subj.
dulapbot: (trilema) 2017-05-22 asciilifeform: and yes, this is still same old tests, nothing magically different about them, there will ~never~ be a mechanical test for 'good rng'
thimbronion: asciilifeform: I'm looking at adding a hash to the UDP packets sent by my toy. My understanding is that in your design, all UDP packets will have a hash of the cyphertext either prepended or appended. Is this correct?
raw_avocado: asciilifeform: 10x
thimbronion: asciilifeform: in more detail the packet will look something like H(C+S) concatenated to C, where S is some shared secret.
punkman: thimbronion: is this a checksum?
thimbronion: punkman: it's not checking for errors per se, just that it came from a trusted source.
asciilifeform: thimbronion: it's a little moar complicated, but yes.
asciilifeform: thimbronion: i'ma try and get the spec draft out this weekend, described in some detail this and other moving parts.
asciilifeform: ftr keccak is theoretically immune to length extension attacks. however i haven't a fast implementation of it, and leaving it out of the spec, instead using bad old sha512.
asciilifeform: asciilifeform's protocol comes with a 1byte version field, so theoretically can switch hashes later on.
thimbronion: asciilifeform: thanks.
magnus: punkman: interesting story above re: cell usage by kidnappers
magnus: punkman: gotta wonder whether any of'em had burner and non-burner turned on at the same time
magnus: punkman: tight correlation in carrier tower stats could lead to being ID'd and eventually DX'd...
magnus: assuming DX is not automatic at this point, esp. for cheap burner phones...
whaack: billymg: I have a prototype web interface online available here. Some things to note: 1, I've had some issues with my browser giving me security warnings, I think it was because i had a bad virtualhosts file but it may be because points to a different ip than 2) This is a prototype and I wouldn't recommend building off of it right away
whaack: because the api may change from under your feet
billymg: whaack: nice!
shinohai: neato whaack
whaack: ty!
billymg: whaack: is there a way to get a machine readable version of the results? (whether tab, space, semicolon, however delimited)?
billymg: csv, json, whatever is easiest / makes the most sense on your end
whaack: billymg: i'm still thinking about the right answer to this. There is a structure atm, it's just a bit cryptic (i.e. first 6 lines for viwe-txn are always the same, so you can get the hash, block height, index, and size, then next line is inputs, then you do a (while nextline is not OUTPUTS readline ... ) etc.
whaack: When I write out the spec I'm likely going to write a python client that can deserialize the info that you can use.
whaack: Gotta go for now , i'll be back on tomorrow or later
billymg: whaack: ah, neato. a python library for interacting with your api would certainly be useful
billymg: looking forward to reading / trying it out
raw_avocado: whaack: noice
← 2021-07-28 | 2021-07-30 →