verisimilitude: http://logs.nosuchlabs.com/log/asciilifeform/2021-07-29#1049331 https://www.cloudflare.com/learning/ssl/lava-lamp-encryption
dulapbot: Logged on 2021-07-29 15:23:59 asciilifeform: but i've yet to see someone who is using camera as trng do this. (btw if you must do so, copper foil over the objective.)
verisimilitude: This may be found interesting enough.
cgra: !w probe 188.8.131.52
watchglass: 184.108.40.206:8333 : Could not connect!
cgra: asciilifeform: this time a getdata exploit, but based on the same vector "capacity" leak
cgra: umm no, actually. not a capacity leak in same sense. but a straight stale peer data abuse
cgra: bloated vSend of hundreds of stale, abrutply disconnected peers (all from same address)
asciilifeform: cgra: 'EXCEPTION: St9bad_alloc' as in the previous.
asciilifeform: cgra: seems to me that the correct pill would be a per-peer memory odometer.
asciilifeform revives the noad, for if cgra has moar of these
asciilifeform: http://logs.nosuchlabs.com/log/asciilifeform/2021-08-01#1049618 << brazen ripoff of well-known 'lavarand'.
dulapbot: Logged on 2021-08-01 00:11:02 verisimilitude: http://logs.nosuchlabs.com/log/asciilifeform/2021-07-29#1049331 https://www.cloudflare.com/learning/ssl/lava-lamp-encryption
dulapbot: (trilema) 2017-11-22 asciilifeform: phf: consider the sheer degree of unabashed cargocultism in the endless rehash of the lava lamp thing
asciilifeform: !w poll
watchglass: Polling 17 nodes...
watchglass: 220.127.116.11:8333 : Could not connect!
watchglass: 18.104.22.168:8333 : Could not connect!
watchglass: 22.214.171.124:8333 : Could not connect!
watchglass: 126.96.36.199:8333 : Alive: (0.081s) V=99999 (/therealbitcoin.org:0.9.99.99/) Jumpers=0x1 (TRB-Compat.) Return Addr=0.0.0.0:8333 Blocks=693637
watchglass: 188.8.131.52:8333 : (172-6.core.ai.net) Alive: (0.149s) V=99999 (/therealbitcoin.org:0.9.99.99/) Jumpers=0x1 (TRB-Compat.) Return Addr=0.0.0.0:8333 Blocks=693637
watchglass: 184.108.40.206:8333 : (172-4.core.ai.net) Alive: (0.150s) V=70001 (/therealbitcoin.org:0.7.0.1/) Jumpers=0x1 (TRB-Compat.) Blocks=693735
watchglass: 220.127.116.11:8333 : (ns562940.ip-54-39-156.net) Alive: (0.143s) V=99999 (/therealbitcoin.org:0.9.99.99/) Jumpers=0x1 (TRB-Compat.) Blocks=693658
watchglass: 18.104.22.168:8333 : (pool-71-191-220-241.washdc.fios.verizon.net) Alive: (0.153s) V=99999 (/therealbitcoin.org:0.9.99.99/) Jumpers=0x1 (TRB-Compat.) Blocks=693735 (Operator: asciilifeform)
watchglass: 22.214.171.124:8333 : Alive: (0.149s) V=99999 (/therealbitcoin.org:0.9.99.99/) Jumpers=0x1 (TRB-Compat.) Return Addr=0.0.0.0:8333 Blocks=693735 (Operator: whaack)
watchglass: 126.96.36.199:8333 : Alive: (0.148s) V=99999 (/therealbitcoin.org:0.9.99.99/) Jumpers=0x1 (TRB-Compat.) Blocks=693735
watchglass: 188.8.131.52:8333 : Alive: (0.234s) V=70001 (/therealbitcoin.org:0.7.0.1/) Jumpers=0x1 (TRB-Compat.) Blocks=693735
watchglass: 184.108.40.206:8333 : (ns3140226.ip-54-38-94.eu) Alive: (0.264s) V=88888 (/therealbitcoin.org:0.8.88.88/) Jumpers=0x1 (TRB-Compat.) Blocks=693735
watchglass: 220.127.116.11:8333 : Alive: (0.394s) V=99999 (/therealbitcoin.org:0.9.99.99/) Jumpers=0x1 (TRB-Compat.) Blocks=693614
watchglass: 18.104.22.168:8333 : (terebe.ns01.net) Alive: (0.773s) V=99999 (/therealbitcoin.org:0.9.99.99/) Jumpers=0x1 (TRB-Compat.) Blocks=693657
watchglass: 22.214.171.124:8333 : Alive: (0.739s) V=99999 (/therealbitcoin.org:0.9.99.99/) Jumpers=0x1 (TRB-Compat.) Blocks=693735 (Operator: asciilifeform)
watchglass: 126.96.36.199:8333 : Violated BTC Protocol: Bad header length! (Operator: jurov)
watchglass: 188.8.131.52:8333 : Busy? (No answer in 100 sec.)
busybot: The 24-Hour VWAP for BTC is $ 41490.89 USD
asciilifeform: !q uptime
dulapbot: asciilifeform: time since my last reconnect : 46d 13h 28m
asciilifeform: thimbronion: yer far ahead of me atm!
thimbronion: asciilifeform: Hah! Not sure how much is actually "done" considering the quality of the encryption lib. That said - should be interesting to test it out.
thimbronion: Managed to connect to whaack yesterday usng the previous version.
cgra: http://logs.nosuchlabs.com/log/asciilifeform/2021-08-01#1049627 << this is where the stale peers accumulate, and if such a dumpster didn't exist, my previous exploits wouldn't work. re the dumpster, i must get a better grasp of c++ networking to understand the why and the how-to-replace.
dulapbot: Logged on 2021-08-01 12:21:40 asciilifeform: cgra: seems to me that the correct pill would be a per-peer memory odometer.
cgra: still, separately need fixing the issues of 1) unbounded agent string, and 2) std::vector internal capacity not automatically reducing -- because you wouldn't want 125 simultaneous peers to consume >2GB of RAM
cgra: and what's more, std::string afaik has same capacity mechanism, which i intend to eventually review as well
asciilifeform: cgra: imho the Right Thing is a 'peer may use this-many kB and if more, disconnect+permaban'
asciilifeform: rather than prb-style gnarly types with custom alloc logic
asciilifeform: 125 peers oughta be able to use 125MB at a time. 1 each. and not more.
asciilifeform: ( 1 decimal MB, i.e. 1e6byte. given that this is the largest permissible mass of data in trb. )
cgra: http://logs.nosuchlabs.com/log/asciilifeform/2021-08-01#1049664 << and http://logs.nosuchlabs.com/log/asciilifeform/2021-08-01#1049665 << do you mean that likely some kinda odometer is the only 'clean' approach in such swamps as the satoshi's creation?
dulapbot: Logged on 2021-08-01 14:50:07 asciilifeform: cgra: imho the Right Thing is a 'peer may use this-many kB and if more, disconnect+permaban'
dulapbot: Logged on 2021-08-01 14:50:45 asciilifeform: rather than prb-style gnarly types with custom alloc logic
asciilifeform: cgra: correct. adding specialcases will only make the thing weigh more and even less (if can imagine this) fits-in-head than the existing horror.
asciilifeform: the 'cleanest' approach is the one which adds the least moving parts (or preferebly ~removes~ existing)
asciilifeform: ... while closing the hole
cgra: yeah, i'm thinking of an acceptable solution that replaces parts with smaller ones
cgra: one more trb observation: if there's an easy way to make a tx upwards from 55kB in weight, that trb will accept, the wedging issue is still present, because no odometry for tx data, and the attacker could easily request 49990 times the same tx, in one 'getdata'
cgra: for extra impact and pedantry, could request ~1MB blocks for the rest of the 50000 allowed inv's
asciilifeform: cgra: indeed no one's fixed the tx odometer yet. as for the latter, that oughta trigger the blox odometer, neh
cgra: asciilifeform: yeah, but 10 blocks prolly under the 10MB mark
cgra: (the default red area in sendbuffer odometer)
asciilifeform: cgra: the common theme here is that a peer ought not to be able to eat arbitrary ram. and that the correct end of the funnel to plug, is to actually measure the consumption, and kickban mercilessly. rather than trying to find each and every one of 'over 9000' places where shitoshi&co defined a type that can stretch to infinity
cgra: asciilifeform: the analogy lingering in my mind is 'still could be worth looking for the bottom-most funnel, and finding the only pointy end to plug', but i keep your words in mind. also i currently have difficulty in understanding how to reliably measure -- copper wiring each and every spaghetto?
cgra: measure as in 'just measure, otherwise let the pile keep stinking'
whaack: cgra: nice findings mate, thank you
whaack: ugh sorry, new keyboard muscle memory is still weak
whaack: thimbronion: nice job re second vpatch :)
cgra: whaack: ty!
cgra: whaack: btw, does segwit-bomb tx make it any easier to bake large (byte-wise) transactions? i so far didn't look into your experiments in detail (or whole segwit), so would't know
cgra: (maybe too early to ask, i haven't looked carefully enough yet, how to even bake such cakes traditionally)
whaack: cgra: yes it does make it slightly easier because you don't need to provide signatures and thus don't have to do as much computation
cgra: just that maybe using plenty of 1-sat outputs works
cgra: whaack: is it that you don't even need an address you control?
cgra: can play with the bait money only
whaack: cgra: yes, that's true as well
whaack: normally you would need atleast an address with 1 satoshi to get a valid txn, and atleast a fee's worth of satoshi's to get it accepted to trb's memerypool
whaack doesn't actually know if trb has a min txn fee for accepting to the memory pool
cgra: whaack: it has two, 1000 sats and 10000 sats
cgra: if you cross the latter tier, no questions asked
cgra: lower is "a maybe" type of deal
whaack: cgra: ah ok, ty
cgra: i said it confusingly, i meant <1000 sats is a no-go, but 1000...9999 is 'a maybe', and >=10000 is 'no questions asked'
whaack: heh, fwiw i understood and inferred <1000 was a nogo
thimbronion: ty whaack
verisimilitude: Say, what do ye use for managing email; the Russian and Chinese spam I get has increased over tenfold lately.
signpost: personally, I render onto caesar what is caesar's and use a megacorp provider.
signpost: idgaf about email other than as interface to the damned.
vex: it's exciting to see trb getting tested
vex: I propose a test chain from genesis. needs an interesting fishwrap headline. bank bailouts don't make the frontpage anymore
vex: I'd like to comment on headunfucking too. It's innapropriate, since I still wash my wetware with copious etoh regularly.
vex: I'd suggest to bingoboingo, get a boat, perhaps the seaside hamlet is best for that
vex: I've never found such an sublime experience; it's not thimbronion holding the mainsheet til failure, not asciiliferoms floating apartment
vex: I'd recommend it to punkman too, get some vitamin d sans underwear
signpost: yeah, I definitely start feeling mad the longer I've been out of the sun.
vex: I gotta say signpost, I'm loving your new handle
signpost: ty, been one of mine for a while, harkens to prior to tmsr.
vex: what are you trying to do asciilifeform?
asciilifeform: vex: see link
vex: ask wolf
vex: there he is
vex: hey bingo
vex: tell me about sea wolves
vex: what's the scoop cunt?
vex: fishwrap is going out of fashion
mats: i spent a few hours recently thinking over the two problems in the us, 1) proliferation of light duty vehicles with plastic and high-volume fuel tanks, and 2) EVs and the difficulty of putting out their fires with conventional equipment, like foam and ordinary high pressure firefighting systems
mats: foam won't do shit to an EV fire, and afaict there's no fire depts with the ultra high pressure systems that would enable crews to put out blazes with the water on their rigs
mats: i'm struggling to work out whether there are us mandates for high pressure water misting systems in parking garages, especially those under multistory buildings
asciilifeform: mats: more likely there'll be a mandate to blackout mention of burned garages.
asciilifeform begins to wonder whether mats has fully come to terms with where and when he's living
mats: i needed a light distraction and doing this research was interesting
asciilifeform: the fact that 50+$k auto has mandatory built-in crematorium aint uninteresting, i suppose
mats: doesn't look like usa is ready for this problem and won't force retrofits to fire depts or commercial building owners until there's a mass casualty event
asciilifeform: it'll be blamed on 'terrorists'.
asciilifeform: and so will the 2,3,..nth.
mats: massive production of SUVs and trucks isn't even a US-specific thing anymore, by some accounts its quite taken off in eu
asciilifeform: petrol-engined trucks dun catch fire in garages with any regularity
mats: which is a bit of an annoying arms race since it makes sedans less safe also
mats: that is, occupant survivability in a sedan goes down in a confrontation with light duty vehicle
vex: all the `how to spin a car into a ditch' info refers to sedans
mats: separately, thought it would be interesting if a few EVs with remotely induced thermal runaway could potentially bring down a building
vex: isnt that happening now ?
vex: factoryz fukt?
mats: an ordinary vehicle fire might take 300gals of water to put out with a typical rig's equipment, and teslas are on record requiring up to 32k gals
mats: and the nfpa piece notes that modern cars are quite a bit more combustible than before, due to all the added plastics to save on weight and cost
mats: anyway, that's all i got.
vex: the faster you go the further the flame is
vex: "not on fire, just fast"