Show Idle (>14 d.) Chans
← 2014-04-07 | 2014-04-09 →
assbot: [MPEX] [S.MPOE] 20400 @ 0.00099701 = 20.339 BTC [-] {3}
ozbot: ClubOrlov: Business as usual
asciilifeform: 'With small businesses and private enterprise made illegal, most people will be forced to resort to illegal activities, under the watchful eye of the NSA. But since putting even more people in jail will be prohibitively expensive, a new, streamlined process of dispensing justice will be put into place: the NSA and the Justice Department will link computer systems, and verdicts of fraud and suspended sentences
asciilifeform: will be issued by a computer program, in absentia. In keeping with current practice, both the charge and the evidence will be kept secret. The newly minted felons will be dropped from voter rolls, their passports cancelled, their bank accounts confiscated, and their employment (if any) terminated. They will receive form letters informing them of their sentence but most of them will be unable to read it because
asciilifeform: functional illiteracy rates will go from the current 40% to 80-90%.'
asciilifeform: pure gold.
decimation: ascii - secret electronic evidence is a perfect fit for the US confession-based legal system
asciilifeform: decimation: 'n strikes' warez users rule, precedent.
assbot: [MPEX] [S.MPOE] 34350 @ 0.00100076 = 34.3761 BTC [+] {2}
assbot: [MPEX] [S.MPOE] 4300 @ 0.00100324 = 4.3139 BTC [+]
ozbot: I am going to build a true random number generator ...
kakobrekla: artifexd , asciilifeform
kakobrekla: a well i might have jumped the gun, nothing particularly interesting except for the fact of recognizing the problem.
artifexd: I've learned that the raspberry pi has a hardware rng. My current plan is to build use that. I'll Von Neumann it if necessary. Regardless, as soon as I get one, I'll use the tools asciilifeform recommended to measure the entropy.
asciilifeform: artifexd: see if you can learn why the raspi rng is unsuitable for cryptography.
asciilifeform: (hint: same reason as intel's)
artifexd: Backdoored?
kakobrekla: i wonder what the numbers will show.
asciilifeform: the numbers will show... beautiful entropy
asciilifeform: just as the digits of pi, if run through 'diehard', would.
asciilifeform: no statistical test will reveal a malicious rng
asciilifeform: unless the malefactor is dumb as a brick
kakobrekla: how do you eval such result correctly then
asciilifeform: exercise: encipher a consecutive stream of nulls, with aes, using whatever you want as init vector
asciilifeform: run the result through 'diehard'
asciilifeform: you'll get 'better' stats than any genuine rng.
asciilifeform: kakobrekla: the statistical tests are for determining sources of 'natural' bias, not enemy action.
asciilifeform: e.g. a bit in a register that's stuck on
asciilifeform: or, when testing prng, any periodicity in the output
asciilifeform: this and related topics have been beaten to death elsewhere.
kakobrekla: and the diehard is exempt from this?
asciilifeform: 'diehard' is just a collection of statistical tests
asciilifeform: there is no mathematical test for 'evil'
asciilifeform: i cannot emphasize this enough
kakobrekla: so you are saying diehard will show a nice numbers on rpi as well
asciilifeform: it will!
asciilifeform: and on the digits of pi
asciilifeform: and 'e'
kakobrekla: thats what im asking.
asciilifeform: it will show beautiful numbers
asciilifeform: but rpi is still unsuitable for cryptography
kakobrekla: so how do you know, for the particular case of rpi, that it is indeed fucked?
asciilifeform: because you cannot, except at great expense, determine what is inside.
artifexd: Hence your recommendation to build my own?
kakobrekla: im not using it myself but i am curious
asciilifeform: correct
asciilifeform: i cannot in good conscience recommend anything that is presently available for sale
asciilifeform: (this will change soon)
asciilifeform: building rng is not hard, and is educational
kakobrekla: so as of now there is no direct evidence "look here rpi is fucked" just a general concern over all products on the shelfs
asciilifeform: how do you know ... that it is indeed fucked << all crypto hardware, especially of the single-chip variety, is to be thought of as 'guilty until proven innocent'
kakobrekla: but it is (near?) impossible to prove its good
kakobrekla: you might just not see the bug
asciilifeform: it is indeed impossible to prove, with mathematical rigour, damn near anything
asciilifeform: we don't even know (to this standard of proof) if a pill against rsa requires factoring
asciilifeform has to sleep
kakobrekla: good night
artifexd: Thanks for your expertise!
assbot: [MPEX] [S.MPOE] 9132 @ 0.00099642 = 9.0993 BTC [-]
dub_: ;;later tell nubbins` whats a trusted canukistani buttcoin shop? hashtag lazyweb
gribble: The operation succeeded.
nubbins`: i know almost all of those words
nubbins`: you trying to exchange btc for cad?
dub: cad->btc yes
dub: not me, friend
nubbins`: cavirtex changed their verification rules recently, can't recall the details
nubbins`: they're the only place i've used in the past, but honestly i don't feel too great about them these days
nubbins`: vault of satoshi is another, but i think lower volume and they trade in doge, so...
dub: damn, if you think of somewhere gribble me, gotta go catch a boat, not sure when ill be back on-grid
nubbins`: no sweat. wish i could give ya better advice
nubbins`: meantime, it's somehow 4am, so i'm off
assbot: [MPEX] [S.MPOE] 16140 @ 0.00099614 = 16.0777 BTC [-] {2}
twizt: lol
twizt: everyday same shyt
twizt: mjr2
ozbot: Heartbleed Bug
punkman: fucking openssl
assbot: [MPEX] [S.MPOE] 8450 @ 0.00099476 = 8.4057 BTC [-] {2}
bounce: hmm... wonder how those bugs ended up in openssl and gnutls.
bounce: asciilifeform: I forgot who mentioned to hook a 10k resistor to a mike in, turn up the gain, and feed that to the entropy pool. how suitable an entropy source is that in your opinion?
kakobrekla: its crappy unless you are fucking 5 hookers at same time to gather the noise
kakobrekla: was discussed before.
keonne: ThickAsThieves: missed opportunity to call it scAMEX
keonne: i lold
keonne: mircea_popescue: I actually havent met Dan Held in person, and my intel is lacking in the hot or not space
keonne: He has a very deep and masculine voice though.
keonne: omg if I see mpoe-pr at the conf, I so am going to get her autograph and ask hope she emasculates me
jurov: i *am* using rpi as a wallet (with electrum), however:
jurov: sd card is encrypted and i always use keyboard connected directly to rpi for passphrase
jurov: i don't connect it to switch, but with patch cable directly to notebook
keonne: ;;gpg info keonne
gribble: User 'keonne', with keyid 7EECABD58314C40C, fingerprint 1EECFCBA5A9A5470B2149FA37EECABD58314C40C, and bitcoin address None, registered on Tue Apr 8 05:18:18 2014, last authed on Tue Apr 8 05:18:18 2014. http://b-otc.com/vg?nick=keonne . Currently authenticated from hostmask keonne!~abdul@snugglenets.com .
kakobrekla: jurov over ethernet?
Guest45980: hey guys, do you know a chart of the hashpower of the whole altcoin space?
Guest45980: sum of all hashpowers of all altcoins
assbot: [MPEX] [S.MPOE] 20100 @ 0.00099417 = 19.9828 BTC [-]
assbot: [MPEX] [S.MPOE] 2412 @ 0.00099531 = 2.4007 BTC [+]
jurov: dexX7: there is much property leftovers from cold war
dexX7: ah
jurov: and it is certainly continuously maintained
jurov: the picture looks like koenigswarte hill here near bratislava
jurov: yea it definitely is. the photo is made from tourist lookout tower next to the installation
assbot: [MPEX] [S.MPOE] 4298 @ 0.00099531 = 4.2778 BTC [+]
keonne: mircea_popescu: put in a good word for me
mircea_popescu: sec writing brb
keonne: np
jurov: CoinBr going under maintenance, brb in couple hours
bitesak: ;;ticker
gribble: Bitstamp BTCUSD ticker | Best bid: 449.0, Best ask: 450.95, Bid-ask spread: 1.95000, Last trade: 450.95, 24 hour volume: 8774.11284429, 24 hour low: 446.0, 24 hour high: 461.17, 24 hour vwap: 452.12891933
assbot: [MPEX] [S.MPOE] 9750 @ 0.00099756 = 9.7262 BTC [+]
mircea_popescu: ThickAsThieves obviously it's just a draft, i wouldn't expect to be filmed verbatim.
mircea_popescu: trilema looks for two things to find bots : whether you've actually loaded the page you're commenting on (which can throw it for a loop if the page you load gets expired while you try to comment, but this is indeed rare) and whether youve loaded it very recently (like a few seconds sort of recently).
mircea_popescu: decimation:
mircea_popescu: the real problem is that it makes it impossible to differentiate talented managers of resources from fools who happen to be friends with the bezzle-kings << HARDLY :)
mircea_popescu: this is like saying it's impossible to use the wot
mircea_popescu: in fact, exactly the same problem.
mircea_popescu: Mats_cd03 i imagined that's what you probably meant, but i discarded it because it made 0 sense. you don't care what the channel is like, you encrypt the message not the conduit.
mircea_popescu: i can somehow send you email perfectly safely by pastebining it. do the same, alter the firmware to use gpg signed packets.
mircea_popescu: you don't need new hardware for this in any snese.
punkman: you care what the channel is like, or it might just offer up DMA access to the other end
mircea_popescu: that's not the channel :)
mircea_popescu: but anyway, if the thing actually offers dma to all comers, idun see why you'd buy one
mircea_popescu: just you know, redirect as many as you need.
jurov: kakobrekla yes. if someone is in my machine *and* knows what i'm doing on the ethernet port, i'm having bigger problem that some warm wallet
mircea_popescu: asciilifeform orlov definitely has a point there. bnw style stratification is a definite future available.
mircea_popescu: kakobrekla maybe point out to him that cardano will likely beat him to market and it'll be cheaper to just wait ?
mircea_popescu: o wait, you're banned, i got no pr and gerald hasn't yet enough of a clue to be here.
mircea_popescu: i guess he gets to waste some more resources.
BingoBoingo: mircea_popescu: RE: Negro speak -> The sleeping bag luffa reference most likely refers to the sponges, as most american sleeping bags have cheap synthetic interiors and fillings
mircea_popescu: BingoBoingo yes, but does it feel like the warm comforting feminine touch of the mother, or of the wife ?
mircea_popescu: kakobrekla: so as of now there is no direct evidence "look here rpi is fucked" just a general concern over all products on the shelfs << all PROPRIETARY, closed products.
mircea_popescu: like, you know, i'll never eat something i'm not allowed to look at.
mircea_popescu: it can be chocolate truffles for all i care.
jurov: anything else on the shelf contains magnutide more close code than rpi
jurov: *magnitude
mircea_popescu: a not is enough.
mircea_popescu: i never heard of any practical classification of viruses by... size. what diff does it make, 2kb.
ozbot: BBC News - Paralysed men move again with spinal stimulation
jurov: so what. imma gonna fucked someday one way or other
jurov: the openssl shit today... to be 100% sure one'd need to rebuild everything
dexX7: the guys in -dev said updating openssl only is fine
mircea_popescu: jurov wanna hear something funny ? i just paid the largest bonus today, of my entire history in bussiness
mircea_popescu: do you know to whom ? to the guy who nixed upgrade from 10.04 on all my ubuntu systems, because, he said, "meh".
mircea_popescu: guess who never run any broken openssh. possibly the.only.one.on.the.internet.
jurov: that' s just a luck
mircea_popescu: yeah, the first time people do this sort of shit i call it luck.
mircea_popescu: by the fifth or so the bonuses start coming out.
assbot: [MPEX] [S.MPOE] 15200 @ 0.0009984 = 15.1757 BTC [+] {2}
mircea_popescu: bounce: hmm... wonder how those bugs ended up in openssl and gnutls. << you needn't wonder. examine the matter plainly : for no appreciable reason, the usg muppets posing as "core devs" started work to meld pki into bitcoin protocol.
mircea_popescu: this was no coincidence, this has been a) deliberately inserted and b) widely and systematically exploited.
mircea_popescu: everyone involved is going to his grave with his tail attached.
mircea_popescu: s/his/this.
truffles: Apocalyptic i didnt think i gave a clear picture of how things went down so ill paste relevant lines
truffles: hmm many lines were exchanged heh
keonne: I think there are two K's in grokking mircea_popescu
keonne: also very glad im lazy and never update my shit, take your rolling releases and stuff them.
mircea_popescu: english has double k's ? what is this, wannabe-italian ?
keonne: definetely luck, and not smarts in my case.
keonne: im pretty sure Heinlein made up the word
keonne: back to reading brb
mircea_popescu: good for him but i ain't double k'ing
mircea_popescu: well unless it's moar dakka or something
keonne: fair enough, we all have principles we need to live by - i respect that
truffles: Apocalyptic i'll copy paste when ure around
ozbot: Main/Rainbow Pimp Gear - Television Tropes & Idioms
dexX7: do you have any info about real cases were gpg contracts and similar were binding in a legal matter?
keonne: lol
mircea_popescu: dexX7 pgp per se no, but akc is commonly used.
punkman: dexX7: a contract is a contract, it doesn't matter what kind of paper you use, or how you scribble your signature
mircea_popescu: that aside, yes, the court is not at liberty to disconsider it anyway.
mircea_popescu: ie what punkman said.
dexX7: akc?
mircea_popescu: asymmetric key criptography
dexX7: ah
dexX7: punkman: but a contract is worthless, if it could be easily forged
mircea_popescu: that's repudiation, which is a different matter
assbot: [MPEX] [S.MPOE] 33682 @ 0.00099589 = 33.5436 BTC [-] {2}
mircea_popescu: (ie, to say "i did sign this but it should not bind me because it's a gpg contract" and to say "i never signed this" are different stands in court)
keonne: The point is valid, everyone who’s never tried it before imagines sex in the bushes is a great idea. I know better.
keonne: so true
mircea_popescu: keonne and consider i have the benefit of slaves.
punkman: it's not that bad
punkman: sand is worse
mircea_popescu: "wanna get on your back so as to insulate me from all this shit ? " "sure!"
mircea_popescu: punkman possibly a normal average bath tub is the worst.
mircea_popescu: seawater's pretty bad too.
keonne: yes i lost my virginity on a beach
keonne: besides sand in undesirable locations, pretty sure we were being watched by those who made the beach their home.
truffles: ewww sand in privates
punkman: seawater is weird yeah, screws with the lubrication
keonne: in fact, I know were were being watched, because three came out of the dunes to watch.
keonne: water in general screws with the lubrication
keonne: plus coming in any kind of water is asking for trouble
truffles: not to mention all the parasites that could be in it
keonne: *that are in it
truffles: but for some ppl whats one more disease hehe
mircea_popescu: there's no cunt parasite
mircea_popescu: tho granted that'd be some scary shit.
keonne: the cunt I was with then was a parasite
mircea_popescu: now that's a different story :D
keonne: i really should not be using my real name on here...lol
truffles: thats pretty unique
punkman: I've spotted a nice glass elevaror that's begging for it, only goes 5 floors up though
punkman: *elevator
truffles: to buy or ???
punkman: to fuck in
keonne: ok well i finished the waterfall of an article
truffles: solo?
keonne: now to swim through the river of footnotes
truffles: i just thought its interesting what the house looks like if its 5 floors!
keonne: so is there like a class of people here who do nothing but connect and disconnect all day and never chat? or am I missing something.
truffles: chat rooms are a new concept to some
ThickAsThieves: mjr1 probly uses an android app or something that wakes everytime he checks his phone
keonne: that makes sense ThickAsThieves i already ignored him though
truffles: he's an interesting fellow
keonne: Does he contribute to chat? I dont want to miss anything
keonne: ah ok
truffles: creative mind imo
ThickAsThieves: well if it's the normal mjr, he pops in every couple mos
keonne: I unignored, perhaps I was a bit too hasty, and the android explination makes sense
truffles: he peaked at chatting last yr i guess
keonne: lol
truffles: ya he actually spoke a bunch before
truffles: only has 2 blog posts
keonne: seriously tho, learning to screen session is an important part of irc
truffles: some1 should nudge him to do a 3rd
keonne: god dammit my inbox is filled with heartbleed bullshit
truffles: heartbleed?
ozbot: Heartbleed Bug
keonne: can I borrow your rock truffles ?
keonne: i'd like to hide under it
ThickAsThieves: give an exploit a good name and everyone pays attention
truffles: im stingy
keonne: they even had a logo ready
keonne: lol
dexX7: + a nice landing page
keonne: is it running google analytics
keonne: nope, it would have been hilarious had it been
dexX7: haha yea
truffles: keonne what irc client do u use?
keonne: irssi
keonne: well i connect to a shell, and run irssi inside a screen session
truffles: i prefer mirc
truffles: looks weird
mircea_popescu: punkman make sure you place lookouts outside
mircea_popescu: you'll want the pics
mircea_popescu: keonne guy used to try and organise a ny central park bitcoin group buy thing.
keonne: 5 story elevator doesnt give much time really
keonne: mircea_popescu: mjr ?
mircea_popescu: and the point of fucking is going up and down repeatedly, i thought.
keonne: i already unignored him, again i rather not miss interesting chats, i just havent seen anything but connect/dissconnect
keonne: oooh, that explains what im doing wrong
truffles: push the emergency button when reach 5th?
MisterE: hmm heartbleed is nasty
MisterE: truffles: floor 5 1/2?
truffles: i dont, but id watch :D
MisterE: What movie was that?
truffles: nooo
mircea_popescu: keonne in principle ytou can ignore part/join msgs
truffles: im just saying not something id do
MisterE: Being Mircea Popescu? :D
MisterE: Being John Malkovich I think :)
keonne: i could write a script for irrsi i suppose
keonne: but then mjr wins
truffles: i actually think mp sex would appear boring id skip that
bounce: a script to ignore joins/parts?
keonne: oh wait
keonne: even better
bounce: /ignore * CRAP already takes care of it. not a good idea if you're chanop, but if you're not, well, this is freenode. it's full of CRAP.
keonne: "/ignore -channels #chan1,#chan2,#chan3 * JOINS PARTS QUITS NICKS"
mircea_popescu thinks keonne may be a littrle bit dyslexic :D
keonne: mircea_popescu: highly likely
keonne: or just careless
keonne: lets see if I did that right..
keonne: someone say something ?
mircea_popescu: ;;echo hey keonne you broke the ircernets.
gribble: hey keonne you broke the ircernets.
keonne: mircea_popescu: im curious as to why you say that
mircea_popescu: <keonne> someone say something ? <<
keonne: my father and grandfather are dyslexic
MisterE: [20:58:07] MisterD is now known as MisterE
keonne: yeah i fucked somehting up
keonne: mircea_popescu: no i meant the dyslexic comment lol
mike_c: it feels nice to see somebody besides bitcoin getting a public whipping. thanks openssl!
assbot: [HAVELOCK] [PETA] 39 @ 0.05286545 = 2.0618 BTC [-] {7}
assbot: [HAVELOCK] [AM1] 6 @ 0.6 = 3.6 BTC [-] {5}
assbot: [HAVELOCK] [AM100] 202 @ 0.00571026 = 1.1535 BTC [+] {15}
assbot: [HAVELOCK] [KCIM] 106 @ 0.00154721 = 0.164 BTC [+] {4}
MisterE: heh
assbot: [HAVELOCK] [PETA] 2 @ 0.05400024 = 0.108 BTC [-] {2}
MisterE: I'd rather it be something I dont care about like Java or Flash
assbot: [HAVELOCK] [PETA] 8 @ 0.05400024 = 0.432 BTC [-]
assbot: [MPEX] [S.MPOE] 6268 @ 0.00099158 = 6.2152 BTC [-]
BingoBoingo: MisterE: Java and Flash lack the utility to get hit this hard
assbot: [HAVELOCK] [AM100] 25 @ 0.005845 = 0.1461 BTC [+]
MisterE: true, even a full implosion by either woud be just another meh by now
assbot: [HAVELOCK] [B.SELL] 2 @ 0.052 = 0.104 BTC [-]
assbot: [HAVELOCK] [B.MINE] 8 @ 0.031 = 0.248 BTC [-]
assbot: [HAVELOCK] [B.MINE] 14 @ 0.03099999 = 0.434 BTC [-] {2}
assbot: [HAVELOCK] [B.SELL] 6 @ 0.05299999 = 0.318 BTC [+]
assbot: [HAVELOCK] [B.SELL] 2 @ 0.05299999 = 0.106 BTC [+]
assbot: [HAVELOCK] [PETA] 4 @ 0.05400024 = 0.216 BTC [-]
asciilifeform: in other news, usa is tired of flying to orbit:
ozbot: NASA to end most activities with Russia - CNN.com
BingoBoingo: To be fair the various space weapons treaties and agreements made spaceflight a much more boring prospect
assbot: [HAVELOCK] [PETA] 8 @ 0.05400024 = 0.432 BTC [-]
assbot: [MPEX] [S.MPOE] 11008 @ 0.00100116 = 11.0208 BTC [+] {2}
thestringpuller: ;;later tell mod6 I ptfoed. If/when you get this you aren't busy, pm me.
gribble: The operation succeeded.
mike_c: it is pretty horrible to run this against one of your servers and watch its memory get dumped to screen.
ozbot: [Python] heartbleed ssl test - Pastebin.com
asciilifeform: remaining btc exchanges cleaned in 3, 2, 1...
danielpbarron: made my trilema credit payment back and then some by betting on MPOE :D
BingoBoingo: congrats danielpbarron
assbot: [HAVELOCK] [B.EXCH] 2 @ 0.08299776 = 0.166 BTC [-]
assbot: [HAVELOCK] [B.MINE] 5 @ 0.032099 = 0.1605 BTC [+]
assbot: [HAVELOCK] [B.SELL] 2 @ 0.0515 = 0.103 BTC [-]
assbot: [HAVELOCK] [B.SELL] 4 @ 0.05075 = 0.203 BTC [-] {2}
assbot: [HAVELOCK] [B.MINE] 10 @ 0.032099 = 0.321 BTC [+]
keonne: java? give oracle some time, it is inevitable
assbot: [HAVELOCK] [B.MINE] 4 @ 0.032099 = 0.1284 BTC [+]
thestringpuller: who needs ssl when you have gpg?
assbot: [HAVELOCK] [B.SELL] 7 @ 0.04921785 = 0.3445 BTC [-] {4}
asciilifeform: re: openssl - perhaps time for repost:
ozbot: Loper OS » Don’t Blame the Mice.
keonne: Russia raises price on gas for Ukraine
keonne: See U.S., Russia crew lift off into space
keonne: Russia could invade 12 hours after order
keonne: In 2011, NASA retired its space shuttle fleet, its only means of getting to and from the station.
keonne: "This has been a top priority of the Obama Administration's for the past five years"
keonne: how to math
keonne: if top priority over the last 5 years, why retire the fleet 3 years ago
assbot: [HAVELOCK] [B.MINE] 10 @ 0.032099 = 0.321 BTC [+]
keonne: soon to buy stinky cheese and wine for bitcoin
Mats_cd03: "FBI says Russians Out to Steal Ideas From Tech Firms"
keonne: monoprix is huge - if you read french i suggest reading that, that CEO knows whats going on
blackwhite: hey guys
keonne: he isnt CEO sorry, he is director of ecommerece
keonne: thanks Mats_cd03
Mats_cd03: the magic of technology, i dont has to read french
keonne: lol
BingoBoingo: I think the most terrifying prospect I could imagine for Bitcoin would be MP moving Trilema to French... So resistant to machine translation.
keonne: lol!
Mats_cd03: We do not yet understand the magnitude of the subject. Yet I am convinced that not to believe, it would be like not to believe in social networks there some time. Certainly there is no transaction in social networks, but there are relational in transactional ... and social networks contribute greatly. Do not believe the contribution of bitcoin in the
Mats_cd03: transaction, it is also a mistake.
Mats_cd03: any french speakers have a clue wat hes actually saying
assbot: [HAVELOCK] [B.SELL] 8 @ 0.04775 = 0.382 BTC [-] {4}
assbot: [HAVELOCK] [B.SELL] 11 @ 0.04622746 = 0.5085 BTC [-] {4}
assbot: [HAVELOCK] [B.MINE] 28 @ 0.032099 = 0.8988 BTC [+]
keonne: one second Mats_cd03
keonne: my french isnt good, but I am currently in France with a native speaker
BingoBoingo: Mats_cd03: You seem. It seems like a language where the vocabulary is statutorally restricted would be especially amenable to machine translation, but practice is different
Namworld: I can speak french too.
keonne: I think something along the lines of 'the french dont get it yet, they think its a thing for crooks and money launderers, but not believing in bitcoin is like not beliving in social networks a few years ago
keonne: and you cannot say that they are different because social networks too deal with transactions (though of a different kind), and indeed social networks will have a big impact on bitcoin
keonne: something along those lines anyway
Namworld: Wait, what is this about? Not translating apparently.
keonne: Monoprix to accept bitcoin end of 2014 apparently
keonne: Namworld: please excuse if I butchered that, like I said, my french is garbage
keonne: give me it in esperanto and i'd be fine, lol
Namworld: idk why esperanto, seems counter productive. English is already so widely used (Not as native language but all combined)
Namworld: Although yes Mandarin is at the top, but not really used outside of China.
benkay: i'm testing a strategy for location selection over the next ten years: prefer big network pipe installations and electricity generation sites over pretty much anything. theory being that people with money invested in internet hardware will deploy capital to protect it, need lowly others to run the machines, and provide the armed convoys of food that the big cities won't be enjoying.
benkay: in my region this is Prineville and Bonneville.
Mats_cd03: im paying down a place in SLO, CA atm
benkay: hanky basis for investment thesis is that in the way rivers were important to US city site locations once upon a time internet and power will be bastions of order in mad-max future.
Mats_cd03: theres a 550w sol farm in the district
benkay: ugh but all that human flesh
Mats_cd03: mw, that is (we're on the same wavelength apparently)
keonne: Namworld: Its very useful to learn before learning other languages
keonne: especially if you are a native english speakers
Mats_cd03: theres no point to learning mandarin
keonne: you are quickly familiarised with different grammatical structures and sounds, while still being easily learned due to its entirely constructed base
keonne: Overall you are correct though, and almost no one speaks or understands it
thestringpuller: Mats_cd03: you really waiting for a cardano to get into WoT?
Mats_cd03: im not in a rush
assbot: [HAVELOCK] [AM100] 39 @ 0.005795 = 0.226 BTC [-]
assbot: [HAVELOCK] [AM100] 888 @ 0.0055105 = 4.8933 BTC [-] {10}
assbot: [HAVELOCK] [AM1] 1 @ 0.6 BTC [-]
keonne: What is a cardano?
ozbot: S.NSA first product - The Cardano pe Trilema - Un blog de Mircea Popescu.
keonne: thank you Mats_cd03
keonne: trilema is seriously the best thing I have ever spent money on, online.
keonne: oh i want
Mats_cd03: ascii is going to need a lot of units
Chris_Sabian: I can use a bit of help: can anyone get the raw transcation from this tx id: df74678b86bdf78656b92a1fd7da70aa35ecba12847decd684485fb0a79e728c
Chris_Sabian: i know you can do it in bitcoinQT but I dont have access to it right noww
Chris_Sabian: and i dont know where it find it online
robwhiz22: Does anyone know when Mirceau tends to be online?
mike_c: you need to run with -txindex to get access to transactions not in your wallet
mike_c: and rescan the blockchain.
jurov: blockchain.info shows raw tx in advanced mode, no?
Chris_Sabian: so I need access to my wallet at the moment to do it?
dignork: lol
keonne: was just gonna link that mike_c :)
robwhiz22: I will be on later.
truffles: blocks spamme
keonne: robwhiz22: you decide to ask in chat instead of pm this time?
keonne: aw he left
truffles: bad idea to pm ppl
keonne: indeed
keonne: he asked first, Mircea said no, and then he complained about it
truffles: more interesting ppl to pm though :D
Chris_Sabian: ok. so if im trying to manually push the transcation via https://blockchain.info/pushtx , were is the raw hex then??
truffles: keonne u were supposed to say right, i know ure a blast
mike_c: um. blockchain already saw it :)
mike_c: what is the point?
keonne: oh sorry truffles
keonne: i wouldn't know, i never pm'd you
keonne: unless you are also moiety
truffles: i acept all pms
truffles: dunno who that is
Chris_Sabian: ok then. just saw that. I guess that I was confused that blockchain didnt see it because it didn't confirm. :)
dexX7: blockchain.info tends to be broken for some time now
mike_c: well, it's not confirming because no tx fee.
Chris_Sabian: isn't there some room in blocks for 0 fee transcation though? but it would take a long time to confirm though?
keonne: dexX7: whats broken? besides some charts? anything I need to expedite?
keonne: API should be back, we moved over to bitcoinj, and overall things are a lot quicker now. If there is something specific please let me know
dexX7: transactions were missing. not like an unconfirmed as in this case, but also historical ones
keonne: still? I thought we fixed all those
dexX7: hm
dexX7: not sure, if this is still an issue
dexX7: but it was over the last weeks
keonne: I think it has been resolved.
dexX7: ah nice
keonne: yeah it was a major issue
keonne: not in terms of functionality or people losing btc, but in a scaring the shit out of people way
dexX7: and a strange one ;) blockhashes were all fine, but tx count was wrong and as mentioned, txs missing
keonne: yeah the database corrupted, it was a very bad week
keonne: none of us slept very much
keonne: again if you see anything weird, just ping me here and ill get eyes on it asap
dexX7: good to know
keonne: One good thing out of all that, I didn't realize that android wallet users PIN codes are stored on bchain servers. As a result during the outage people weren't able to get into their android wallet with PIN only password. That is totally incorrect, from now on, your PIN will never be sent to our servers, it is hashed and stored locally instead
keonne: or will be
mike_c: Chris_Sabian: yes. just takes longer.
keonne: with that being said, im off for a bit to grab some coffee, later
dexX7: cya
assbot: [HAVELOCK] [B.MINE] [PAID] 3.12926208 BTC to 7`616 shares, 41088 satoshi per share
assbot: [HAVELOCK] [NEOBEEQ] 1509 @ 0.000135 = 0.2037 BTC [+]
assbot: [HAVELOCK] [COG] 10 @ 0.01700001 = 0.17 BTC [-] {2}
assbot: [HAVELOCK] [B.MINE] 5 @ 0.03199887 = 0.16 BTC [+] {3}
assbot: [HAVELOCK] [AM100] 38 @ 0.00580999 = 0.2208 BTC [+] {2}
truffles: some1 tell that guy coffee is bad for u
jurov: life is deadly anyway
truffles: is it though
benkay: keonne: you run blockchain.info?
BingoBoingo: truffles: Death is the only certain outcome of life
truffles: boingo for sure
truffles: no need to speed it up
BingoBoingo: No need to live to be 200 if you've never done anything either
truffles: sure could
truffles: just not things leading to possible bad times
thestringpuller: ;;gettrust keonne
gribble: WARNING: Currently not authenticated. Trust relationship from user thestringpuller to user keonne: Level 1: 0, Level 2: 0 via 0 connections. Graph: http://b-otc.com/stg?source=thestringpuller&dest=keonne | WoT data: http://b-otc.com/vrd?nick=keonne | Rated since: never
truffles: so why are nerds offended about being called nerds eh
cgcardona_: There is no such thing as strong coffee—only weak men.
truffles: truth bombs
cgcardona_: top of tha mornin everyone
truffles: ive already made dinner ..
cgcardona_: heh. Around tha world—around tha world (daft punk theme)
truffles: nerd comment wasnt that random, other chat was qualifiying what it is to be one
cgcardona_: I don't think nerds are offended at being called nerds. I think true nerds/geeks/etc own that shit
truffles: id think its a good thing to be smart but u never know
cgcardona_: smart/clever/knowledgable/wise <---at some crossroads of those
benkay: can be a handicap, truffles. makes sucking at ones craft very painful when you start hitting that competence threshold that only lots of deliberate practice can get one over.
assbot: [HAVELOCK] [B.SELL] 4 @ 0.045 = 0.18 BTC [-]
truffles: well one cant know everything
benkay: in the same way men tell each other "smart/pretty/sane, pick two", managers are always looking for some combination of "smart/well-practiced/hard working".
cgcardona_: interesting insight
assbot: [HAVELOCK] [B.MINE] 6 @ 0.03209899 = 0.1926 BTC [+] {3}
benkay: well-practiced and hard working is super valuable, well-practiced and smart is super valuable, smart and hard working comes in at the bottom untempered by practice.
benkay: and of course just plain old smart is completely worthless.
truffles: i actually rank in reverse
cgcardona_: i'm just dumb and lazy
benkay: ;;google why i never hire brilliant men
gribble: From the Stacks: Why I Never Hire Brilliant Men | TaoYue.com: <http://taoyue.com/stacks/articles/brilliant-men.html>; The Joel on Software Discussion Group (CLOSED) - Why I Never Hire ...: <http://discuss.joelonsoftware.com/default.asp?joel.3.558118.24>; The Old Joel on Software Forum - Hiring superstars?: <http://discuss.fogcreek.com/joelonsoftware/?cmd=show&ixPost=17864>
truffles: slow pony
cgcardona_: oddly enough I had somehow never heard "smart/pretty/sane, pick two" until today
truffles: provided the brilliant doesnt come with lazi, id go brilliant every time
jurov: nonlazy brilliant eventually go crazy
cgcardona_: well there are meds for that...
truffles: we're all a lil crazy
cgcardona_: </partial joke>
benkay: funny how people go for the meds first and never think to go run in circles for thirty minutes...
truffles: i feel like any other option is purposely handicapping urself
cgcardona_: dude I just got an email from heroku about the ssl bug w/ this as my list of potentially affected apps: Here are your affected applications:
cgcardona_: {list of apps}
cgcardona_: the old variable in the email fail
cgcardona_: been a while since I seen that one
BingoBoingo: benkay: A jog can't do the things Lithium can though
truffles: how about drinking some tea, sitting doing a sudoku
benkay: most medicated people i've met don't jog 3 times a week, or even picking up heavy things until sweaty that many times a week. some variant of which is a prerequisite for stable mental chemistry.
benkay: <strike>ing</strike>
truffles: might take a lil more than that for the clincially insane
benkay: i'm not saying that mental health is purely a function of workout frequency. i've been larned better than that by the DSMi. it's just all too frequent that people resort to drugs without actually putting in the work to get their physical health dialed.
benkay: granted, it can be hard to get up in the morning much less work out when catatonically depressed.
Rick__: arij is here?
truffles: what would u suggest to the jocks then
los_pantalones: read a book
truffles: haha
assbot: [HAVELOCK] [PETA] 18 @ 0.0523161 = 0.9417 BTC [-] {5}
BingoBoingo: MP > Scheier
asciilifeform: wait since when ssl on trilema?
mike_c: i checked trilema & coinbr this morning, both were clear.
Mats_cd03: trilema cpanel i guess?
BingoBoingo: Well, No SSL == NotHeartBleed
BingoBoingo: www.thedrinkingrecord.com/2014/04/08/the-big-rock-candy-foundation/
mike_c: trilema.com will do ssl connections, but you can't get the blog.
benkay: BingoBoingo: start urls with http:// for log url inclusion
ozbot: Bingo Blog | - of Bitcoin and Boingo
TomServo: BingoBoingo: The title of that article is for some reason missing from the frontpage
BingoBoingo: www.thedrinkingrecord.com/2014/04/08/the-big-rock-candy-foundation/
BingoBoingo: TomServo: Yeah, I dunno why
mike_c: too much css
truffles: boingo u have blog also?
BingoBoingo: truffles: Where have you been since September
truffles: well if its random link without saying "in my blog ..." i dont click..
BingoBoingo: truffles: You also advertise how much you hate reading at all
truffles: u misunderstand
BingoBoingo: mike_c: Fixed, was actualy too much CSS
benkay: "Bingo Blog"
truffles: if its boring id rather not
benkay: how fucking hard is that?
benkay: being linked by BingoBoingo
truffles: ok ok i skimmed
BingoBoingo: Reading moar is the best prevention against getting buggered sore
truffles: i have small chat window so..
ozbot: Twitter / gavinandresen: Expect a 0.9.1 Bitcoin Core ...
mike_c: BingoBoingo: much better. good post. although not apples to apples, it is interesting to compare their activity #'s against http://stats.bitcoin-assets.com/
assbot: [HAVELOCK] [AM100] 63 @ 0.00555318 = 0.3499 BTC [-] {3}
truffles: oh oh i dont like ur writing style eeek
benkay: 48.) mjr___ 1023
danielpbarron: I got two irl contacts to join the WoT :D
benkay: which handles, danielpbarron ?
benkay: unless that's a rude question. is that a rude question?
truffles: tis rude
benkay: ;;gettrust truffles
gribble: WARNING: Currently not authenticated. Trust relationship from user benkay to user truffles: Level 1: 0, Level 2: 0 via 0 connections. Graph: http://b-otc.com/stg?source=benkay&dest=truffles | WoT data: http://b-otc.com/vrd?nick=truffles | Rated since: never
benkay: you don't count in this conversation apparently.
danielpbarron: one hasn't signed up yet, the other is 'againbackson'
benkay: ;;gettrust againbackson
gribble: WARNING: Currently not authenticated. Trust relationship from user benkay to user againbackson: Level 1: 0, Level 2: 0 via 0 connections. Graph: http://b-otc.com/stg?source=benkay&dest=againbackson | WoT data: http://b-otc.com/vrd?nick=againbackson | Rated since: Tue Apr 8 11:58:58 2014
danielpbarron: ;;gettrust againbackson
gribble: WARNING: Currently not authenticated. Trust relationship from user danielpbarron to user againbackson: Level 1: 1, Level 2: 0 via 0 connections. Graph: http://b-otc.com/stg?source=danielpbarron&dest=againbackson | WoT data: http://b-otc.com/vrd?nick=againbackson | Rated since: Tue Apr 8 11:58:58 2014
BingoBoingo: mike_c: Thx, Well I figure for all of the porn there is less unpleasant buggery happening here
truffles: doesnt seem like too many r authenticated
danielpbarron: he's not online now :p
truffles: monologue commence?
truffles: boingo what percent of the blog is about u vs btc?
truffles: oh id so crush u in fantasy sports :D
BingoBoingo: truffles: Only one way to find out the log's contents...
truffles: i have harsh comments that i will hold to myself
BingoBoingo: I dunno that your comments can be sharp enough to cut deep...
truffles: oh, feel like ppl get sensy on the nets though
benkay: projecting much?
truffles: no wai, im like toughest person itc
BingoBoingo: truffles: There is a difference between people and "ppl"
truffles: ppl do picky
BingoBoingo: truffles: I don't think your wit is sharp enough to draw meaningful offense.
truffles: ouch!
truffles: well i tend to push buttons instead :(
BingoBoingo: That isn't even a very good emoticon
truffles: whats a good one
BingoBoingo: The horns show its malevolence
assbot: [HAVELOCK] [AM100] 53 @ 0.00579979 = 0.3074 BTC [+] {3}
truffles: sure
BingoBoingo: And its square jaw shows it is strong
truffles: so guess we should all work out more
ozbot: Gay Seal - Imgur
MisterE: anyone understand chinese?
MisterE: supposedly an interview with a Chinese bank manager that was taken with an iphone has been posted where he confirms PBOC will drop the hammer on RMB
MisterE: excellent, would you mind having a look if its credible Mats_cd03 ?
Mats_cd03: link it
MisterE: there's this too but not sure if related: https://www.fxbtc.com/news?id=3
Mats_cd03: sounds like thats what theyre talking about
MisterE: does it sound like they are who they are?
MisterE: and any date mentioned?
MisterE: err rather does it sound like they are credible?
Mats_cd03: the bank they're referring to is
ozbot: Star Trek Captain Narrates Insane Documentary About Geocentrism
Mats_cd03: and my pinyin (romanization) is rough here...
MisterE: yea it's not easy
Mats_cd03: lingyun (inaudible) agricultural bank
MisterE: hmm
Mats_cd03: lingyun (inaudible) branch agricultural bank of china
truffles: kaku is in every modern doc!
Mats_cd03: oh and its by the 15
Mats_cd03: of this month
MisterE: well that's inline with rumors
assbot: [HAVELOCK] [AM1] 6 @ 0.590984 = 3.5459 BTC [-] {3}
assbot: [HAVELOCK] [AM1] 6 @ 0.59 = 3.54 BTC [-]
mike_c: PBOC will drop the hammer on RMB << what do you mean by this? will let the exchange rate float more?
Mats_cd03: seems more like theyre trying to restrict btc institutions from peddling to the masses
MisterE: yes
MisterE: stopping rmb from being used to buy crypto
Mats_cd03: an amusing effort
MisterE: Mats_cd03: what is your impression of the people's credibility? Do they seem like a branch manager of one of the biggest Chinese banks?
MisterE: their language, is it proper formal business?
Mats_cd03: yeah
MisterE: thanks for doing that
MisterE: oh anything about that post / notice? https://www.fxbtc.com/news?id=3
MisterE: I guess I can just plug it into google translate
Mats_cd03: they're shutting down due to the accounts being blocked (or something)
Mats_cd03: and some other things about pursuing legal action if dudes keep accusing them of running with the money
Apocalyptic: what are they shutting down ?
Mats_cd03: the bank received a directive to shut down fxbtc's bank account
MisterE: intersting
Mats_cd03: so the funds are frozen i imagine
MisterE: I didnt get that from google translate heh
MisterE: so their customers' funds are too
MisterE: Are you Chinese or live in China Mats_cd03? I recall one regular here at least lives there
Mats_cd03: i'm an .hk expat
MisterE: ahh ok yes it's you
MisterE: I'm in SE Asia also expat
Mats_cd03: i live in the us now
MisterE: mostly BKK / .sg pbased
Mats_cd03: is nice
MisterE: ahh nice to be back :)
MisterE: green grass and open space!
Mats_cd03: what is the living standard like there
MisterE: well like everything depends on money
Mats_cd03: well i lived in hk back when it was still green and open
MisterE: business opportunity abounds in Singapore but it's expensive as hell
MisterE: English is excellent there
assbot: [HAVELOCK] [AM1] 6 @ 0.6 = 3.6 BTC [+] {2}
MisterE: most of the multis that dont want to go intot he emerging markets in SE Asia service them from .sg
Mats_cd03: i left just as some of the high speed rails were being built
MisterE: wow thats a wile ago
MisterE: I imagine is sucked a bit before then heh
Mats_cd03: in tsuen wan
MisterE: country so damn big
Mats_cd03: literally two months after i completed a purchase on a number of properties
MisterE: oh yea that will make you move
MisterE: I was in real estate in the US
MisterE: commercial zoning plannign and permitting
MisterE: worked inland SF bay area
MisterE: and Seattle
MisterE: did a lot of 1031 exchanges
Mats_cd03: ive lived in san jose
Mats_cd03: is nice
MisterE: Oh yea we built a datacenter build there, it is nice area
MisterE: perfect weather for me, best in US
Mats_cd03: san diego has the best weather
assbot: [MPEX] [S.MPOE] 24092 @ 0.00100306 = 24.1657 BTC [+] {2}
Mats_cd03: when i lived there the temperature fluctuated 20 degrees at most
Mats_cd03: 90% of days were 60-80F
Mats_cd03: id still be there if it wasnt ungodly expensive
bounce: waitwaitwait, bitcoind is vulnerable to heartbleed?
Namworld: What nonsense is this?
Mats_cd03: 'heartbleed', who knew security researchers had a flair for the dramatic
MisterE: www.heartbleed.com
Namworld: lel, what? "The Heartbleed bug allows anyone on the Internet to read the memory of the systems protected by the vulnerable versions of the OpenSSL software. This compromises the secret keys used to identify the service providers and to encrypt the traffic, the names and passwords of the users and the actual content."
midnightmagic: bounce: Only if you've allowed rpc connections from random douches, have turned on ssl, aren't limiting it based on IP, *and* they have your wallet.dat already and have been able to query your bitcoind constantly over time and caught you using the rpc command that unlocks your wallet.
Apocalyptic: it is bounca
Apocalyptic: *bounce
bounce: "the industry" is made up out of at least 90% deliberate FUDmongering
Apocalyptic: midnightmagic only describe the scenario when they would have all your privkeys
midnightmagic: Apocalyptic: Or your encrypted wallet and access to query your rpcssl port arbitrarily.
Apocalyptic: but yes bitcoind with rpcssl is vulnerable to memory leak of some memspace
midnightmagic: (and did so in between your wallet passphrase rpc command, and whatever you typed next)
midnightmagic: the leak is minimal
midnightmagic: (so far as we currently know)
Namworld: What kind of bug allows anyone to just read the memory?
midnightmagic: it's not just any memory, it's a specific chunk
Namworld: yes, yes, still
midnightmagic: and the answer is, "One that needs patching immediately. If you're on ubuntu: apt-get update ; apt-get install openssl"
bounce: not all of your assumptions are going to be reasonable, actually. ssl is fairly logical when enabling rpc ("instant security" amirite or amirite), but restricting IPaddresses only so if either you have enough clue or someone in your vicinity does. similarly, plenty reasons why you'd leave the wallet unlocked.
assbot: [HAVELOCK] [CBTC] 800 @ 0.00014994 = 0.12 BTC [+]
midnightmagic: You have to specifically turn on rpcbind access to the outside world. You have to have specifically taken an action to expose yourself.
midnightmagic: and even if your wallet is unlocked, your privkeys aren't vulnerable. Only (so far) the last rpc command used in the server.
assbot: [HAVELOCK] [CBTC] 700 @ 0.00014995 = 0.105 BTC [+]
bounce: AFAIK you get a random 64k block back, so whatever's in there you can get
bounce: s/AFAIK/AIUI/ but anyway
assbot: [HAVELOCK] [CBTC] 700 @ 0.00014995 = 0.105 BTC [+]
thestringpuller: cron job yoyo
assbot: [HAVELOCK] [SFI] 1000 @ 0.00081495 = 0.815 BTC [-] {4}
assbot: [MPEX] [S.MPOE] 14050 @ 0.00100503 = 14.1207 BTC [+] {2}
asciilifeform: which one of you folks runs btcalpha.com ?
thestringpuller: what is that?
Apocalyptic: asciilifeform, mike_c does
mike_c: now i'm nervous..
asciilifeform: stumbled across it by accident.
thestringpuller: ;;gettrust mike_c
gribble: WARNING: Currently not authenticated. Trust relationship from user thestringpuller to user mike_c: Level 1: 0, Level 2: 4 via 2 connections. Graph: http://b-otc.com/stg?source=thestringpuller&dest=mike_c | WoT data: http://b-otc.com/vrd?nick=mike_c | Rated since: Sun Nov 24 21:18:22 2013
thestringpuller: nice btcalpha is pretty good
MisterE: bounce: it is not a random 64k block and you can continue requesting them until you get all the info you want
MisterE: www.heartbleed.com
midnightmagic: bounce: No, it's not a random 64k block. It's the same block each time you run the attack.
midnightmagic: MisterE: It's just a chunk of the heap. to get different data, the heap contents must change in between attacks. That is, you can't just dump the process' entire memory space.
mike_c: "There is no total of 64 kilobytes limitation to the attack, that limit applies only to a single heartbeat. Attacker can either keep reconnecting or during an active TLS connection keep requesting arbitrary number of 64 kilobyte chunks of memory content until enough secrets are revealed."
assbot: [MPEX] [S.MPOE] 48000 @ 0.00100609 = 48.2923 BTC [+]
taub: http://puu.sh/8189e.jpg fascinating and true
Apocalyptic: mike_c, is that django btw ?
mike_c: yeah
mike_c: how did you guess? what am i leaking?
assbot: [HAVELOCK] [PETA] 2 @ 0.05499193 = 0.11 BTC [-]
mike_c: this was more fun when it was me probing trilema.
assbot: [HAVELOCK] [PETA] 4 @ 0.05499195 = 0.22 BTC [+]
assbot: [HAVELOCK] [PETA] 2 @ 0.05499195 = 0.11 BTC [+]
assbot: [HAVELOCK] [KCIM] 135 @ 0.00148 = 0.1998 BTC [-]
jurov: some douche filed "illegal intrusion report" against simpleshell.com
jurov: just cause it "exceeded connection attempt threshold to tcp:22 81 times in a 30 minute period"
assbot: [MPEX] [S.MPOE] 11550 @ 0.00100531 = 11.6113 BTC [-] {2}
jurov: as if they fear two login attempts per minute
jurov: guess i'll axe it for now
mike_c: filed it with who?
jurov: with amazon
thestringpuller: ;;ticker
gribble: Bitstamp BTCUSD ticker | Best bid: 454.55, Best ask: 455.5, Bid-ask spread: 0.95000, Last trade: 455.88, 24 hour volume: 5617.14157162, 24 hour low: 446.24, 24 hour high: 459.8, 24 hour vwap: 453.022093956
assbot: [MPEX] [S.MPOE] 88208 @ 0.00101 = 89.0901 BTC [+]
benkay: Apocalyptic: how'd you run down that mike_c's running django? i too am curious.
assbot: [HAVELOCK] [CBTC] 1000 @ 0.00014576 = 0.1458 BTC [-] {3}
Apocalyptic: it was just a guess
assbot: [HAVELOCK] [CBTC] 825 @ 0.0001451 = 0.1197 BTC [-] {5}
mircea_popescu: mike_c: it is pretty horrible to run this against one of your servers and watch its memory get dumped to screen. << now imagine if hearn & co had their way and openssl was bundled in every "reference" bitcoin client.
mike_c: it is, right? hence 0.9.1
mircea_popescu: someone actually downloaded 0.9.1 ?
mircea_popescu: i mean other than to point and laugh.
mike_c: it's not released yet. it is the fix for 0.9, which is vulnerable
mircea_popescu: o o i c.
mircea_popescu: keonne wtf is it with dyslexics and esperanto
mircea_popescu: it's like goth music and fat girls for crying out loud
mircea_popescu: Chris_Sabian it's unconfirmed as of yet and i can't conveniently see it. you dun goofed ?
mircea_popescu: and .9 was the fix for .8.x, which was... broken.
mircea_popescu: then when i say satoshi quit mostly because he didn't want to be involved with these fucktards anymore people act as if this is somehow controversial.
bounce: well, there's a new chief developer guy now. everything gonna be better now, right?
mircea_popescu: an' im working on the killshot as we speak.
bounce: so we're how many years on and I haven't looked but am I to understand there's still not much of a protocol spec? looks like the foundation sure set some useful priorities.
ThickAsThieves: i spoke with the reporter today about the Narcotic Checkpoint issue, went pretty well, she's gonna do more research
benkay: HeySteve2 was having epic problems with 0.9 and a wallet.
ThickAsThieves: offered to have me get a Letter to the Editor published
ThickAsThieves: we'll see
thestringpuller: mircea_popescu: goth music and fat girls...wow that's very astute, i thought it was just an american phenonmenon
benkay: ;;gettrust thestringpuller
gribble: WARNING: Currently not authenticated. Trust relationship from user benkay to user thestringpuller: Level 1: 1, Level 2: 3 via 3 connections. Graph: http://b-otc.com/stg?source=benkay&dest=thestringpuller | WoT data: http://b-otc.com/vrd?nick=thestringpuller | Rated since: Mon Oct 15 18:46:37 2012
ozbot: The sins of the group of posers behind the so called “Bitcoin Foundation” pe Trilema - Un blog d
mircea_popescu: now someone dump that on reddit, let's have some fun here.
ozbot: Lynchings: a collective mental condition - BuenosAiresHerald.com
mircea_popescu: benkay either that or a good idea.
benkay: you're a fan of the lynching?
mircea_popescu: i know for a fact that upon lynching a legal system can be built.
mircea_popescu: upon the derpage fashionable in the us today, no legal system can be built.
mircea_popescu: kalifornia at most. and that's really not good enough.
ThickAsThieves: typo: "on the othe rhand"
ThickAsThieves: i'm tempted to get picky with your often-missing commas and hyphens, but it reads okay so whatever
mircea_popescu: i have my own (admittedly nutty) comma scheme
Naphex: upboat ^^
ThickAsThieves: Karpeles is a fugitive now?
mircea_popescu: not exactly keeping office hours is he ?
mircea_popescu: same deal as danny.
mircea_popescu: Naphex say what ?
ThickAsThieves: i thought Mark was cooperating n all that jazz
ThickAsThieves: i havent been following lately though
ThickAsThieves: cuz he was appearing in public and filing bankruptcies and finding coins in his couch, etc
mircea_popescu: he did not personally file anything,
mircea_popescu: and w/e, irc appearances in public ? hardly counts.
mircea_popescu: judge ordered him to show up in court if he intends to ask the court to protect him from his creditors.
mircea_popescu: the message there's pretty much this : civil court does not protect fugitives. ancient principle, too.
ThickAsThieves looks up definition of "fugitive"
ThickAsThieves: 4. being of transient interest
mircea_popescu: well it doesn't reduce to car chases :p
thestringpuller: so why do fat girls love goth music?
thestringpuller: i'm still intrigued by this phenomenon
Naphex: mircea_popescu: upboat for the reddit post ;]
ThickAsThieves: because they are sad
thestringpuller: sad because guys don't want to touch them?
ThickAsThieves: all the reasons that come with being fat
mircea_popescu: thestringpuller maybe because they resonate with people inconvenienced by reality, being themselves inconvenienced by same ?
mircea_popescu: Naphex you like the only other romanian in here ?
mircea_popescu: o nm, cads sorta counts too
assbot: [MPEX] [S.MPOE] 41208 @ 0.00100189 = 41.2859 BTC [-] {2}
ThickAsThieves: maybe it's too options for the morbidly obese, outward depression, or a carreer in comedy
mircea_popescu: hardly. name a fat woman that was ever funny.
mircea_popescu: i mean, fat guys, i get it, it can happen.
Naphex: mircea_popescu: might as well be two, chilling around. might as well check this place out. has entertaining discussions from what i figured from chat logs
ThickAsThieves: the girl on SNL isnt that bad
Naphex: :p
ThickAsThieves: roseanne?
ThickAsThieves: that fat girl in the movies now is horribl ethough
ThickAsThieves: but yeah
ThickAsThieves: it's much more common in men
ThickAsThieves: fat guys can be a good time (no homo)
mircea_popescu: which is kinda weird, i always thought fat kinda goes with jolly
ThickAsThieves: i picked up jogging again, all this bitcoining made me buy new clothes
ThickAsThieves: i always do this, gain enough to buy new clothes, then that triggers me losing the weight so those dont fit either
ThickAsThieves: i got a system!
cazalla: hey me too, legs are killing me from doms, had to take a few days break lol
ThickAsThieves: most i ever ran was a half-marathon, which gave me my knee injury
ThickAsThieves: goes to the point of that 50-mile bitcoin runner guy being absolutely delusional or scamming
cazalla: i use to do 10km every morning but then i got fat and lazy when it was no longer a challenge
mircea_popescu: hmm, anyone know andre renard ? i find it quite palatable
mircea_popescu: cazalla so now it's a challenge again, see ? nature fixes all.
bounce: heartbleed, not beedingheart, and a plurality mismatch in the last paragraph or so
mircea_popescu: bounce i was trying for a libertard jab.
mircea_popescu: doesn't work huh
bounce didn't get it. doesn't mean others won't.
mircea_popescu: cause bleeding heart liberal see
bounce: clearly not american enough to appreciate that as a style figure
bounce: brb, there's a tree here as needs hugging
mircea_popescu: well im not either, so... you know. shootin' in the darklo;
ThickAsThieves: so now Texas has a bill to edit IRS to call bitcoin currency?
ThickAsThieves: can we just make it it's own thing?
mircea_popescu: i msta missed that one ?
TomServo: mircea_popescu | hardly. name a fat woman that was ever funny. << Lisa Lampanelli has some good stuff, but it's basically a female version of Don Rickles act
ThickAsThieves: if neither shoe fits, maybe it doesnt where shoes
mircea_popescu: TomServo minus the funny. and btw, rickles was fat his whole life.
ThickAsThieves: you me a coke!
Naphex: beat me to it
mircea_popescu: oh, well. "seeks to introduce you know ?
mircea_popescu: that's the garbage bin of parliaments.
ThickAsThieves: it's written up, seems itll be introduced
mircea_popescu: ThickAsThieves "where shoes" ?!
ThickAsThieves: where what?
mircea_popescu: dude you wanna correct MY commas ?
ThickAsThieves: wear shoes
mircea_popescu: <ThickAsThieves> if neither shoe fits, maybe it doesnt where shoes <<
ThickAsThieves: i'm super retarded today
mircea_popescu: have a drink, have a straw.
ThickAsThieves: funny thing is when you said that, i didnt check "where", i checked the comma
mircea_popescu: keonne so what are the details re the right hash but wrong block composition thing ? cause yeah it got me scratching my head.
ThickAsThieves: ugh "Actually, what is needed is to leave it as property but add an exemption for the first $X0,000 of gain, which is what other countries are doing, particularly in Europe. That way it can effectively function as a currency, but investors who go long also get favorable tax treatment."
ThickAsThieves: apply this law to specifically what i want plz
ThickAsThieves: wtf does US care whether people go long on bitcoin
mircea_popescu: actually the us needs people long on bitcoin. many of them.
ThickAsThieves: you mena in the same way that a child needs to be slapped sometimes
mircea_popescu: more like in the way a poor farmer with 13 kids needs one in school.
ThickAsThieves: but encouraging people to go long on it, means it eats away at its own financial system, no?
mircea_popescu: upgrading is the only economically rational form of cannibalism.
ThickAsThieves: well i agree, but i doubt the USG would intentionally do encourage it
mircea_popescu: that system is getting et. best you be doin' most of the etin'.
mircea_popescu: who knows, it's like an earthworm. it sorta slugs away but not as a direct result of any of the ganglions.
ThickAsThieves: i can see that much i guess
mircea_popescu: anyway, just sayin'. who's to know really. in point of fact, you can probably find a *state* senator trying to put in a bill on any given topic.
ThickAsThieves: nonetheless, i doubt any of the intent of these IRS rulings or bills is to get people to go long
mircea_popescu: there's probably some trying to put in bills to make women wear burkas
fluffypony: or give ponies an actual place in office
mircea_popescu: i doubt any of this shit can really HAVe an intent in the first place. people, esp on the forum, keep ascribing intent to large organisational actors
fluffypony: I'd vote for that if I was American
mircea_popescu: if it fucking worked that way...
ThickAsThieves: if there's no intent, wtf is a bill?
mircea_popescu: what's el nino's intent you know ?
mircea_popescu: a bill is a product. of a system. like snail trails.
ThickAsThieves: a bill is built, not shat
ThickAsThieves: more like a web than a trail
mircea_popescu: benkay smart hardworking isn't as bad as you think.
mike_c: the intent of a bill with no chance of passing is PR.
mircea_popescu: ThickAsThieves i'd say the converse. a bill is shat, not anything else.
ThickAsThieves: mike_c i can see that
mircea_popescu: that's solid too, yeah.
fluffypony needs to watch more House of Cards
ThickAsThieves: but i think bitcoin bills have chances still
mircea_popescu: maybe someone should talk to him, i guess. anyone in his district ?
ThickAsThieves: Ukyo might be
benkay: mircea_popescu: more of a comment on myself than the world
benkay: but you know, any of the two are great to have around, right?
ThickAsThieves: i could see a bill being passed as being closer to "shat"
ThickAsThieves: maybe bills are more like cumshots
mircea_popescu: ThickAsThieves i guess i was thinking more about "passed"
mircea_popescu: otherwise, we two could write a bill in that sense, right now. what of it.
ThickAsThieves: well we were speaking of intent
mircea_popescu: a but unrelatedly, as the possibility of intent in large institutional actors.
ThickAsThieves: but i'll write a bill with you anytime baby. I'll hold your commas, and you can diddle my phonetic abortions
mircea_popescu: there's no such thing, a government/agency/etc is quite incapable of intent.
mircea_popescu: supreme court peering into "the intent of congress" is perhaps the largest inside joke in the us legal profession.
ThickAsThieves: 's frustrating
fluffypony: ok so I have a question that has nothing to do with bills
mircea_popescu: fluffypony shoot
fluffypony: if I'm looking to raise BTC-denominated funds privately as a company (angel investing, really) and don't want to go the IPO route in order to at least somewhat stave off the general discovery of trade secrets (for want of a better term), is there a generally accepted way of doing so? proposal has been drawn up already, just not really sure how one goes about finding BTC angel investor types
ThickAsThieves: coins, bills, what's the difference?
mircea_popescu: fluffypony one first gets into the wot.
fluffypony: mircea_popescu: already there
mircea_popescu: then that one establishes his credibility, over time.
mircea_popescu: then it just sorta happens by itself.
nubbins`: ;;gettrust fluffypony
gribble: WARNING: Currently not authenticated. Trust relationship from user nubbins` to user fluffypony: Level 1: 0, Level 2: 0 via 1 connections. Graph: http://b-otc.com/stg?source=nubbins%60&dest=fluffypony | WoT data: http://b-otc.com/vrd?nick=fluffypony | Rated since: Sat Apr 6 08:20:32 2013
mircea_popescu: im not a psychopath! i'm just an asshole!
mircea_popescu: fluffypony a cool, look at that.
fluffypony: well rg's positive rating on my wot profile still stands
fluffypony: but because everyone's changed their rating of him to a negative
fluffypony: it means the trust graphs to me are all unhappy pandas
fluffypony: thanks a lot, rg
mircea_popescu: lol not exactly how it works.
ozbot: Heartbleed + Bitstamp API (hash on key only) : Bitcoin
mircea_popescu: anyway, stick around, no rush
Naphex: wot schmot, fluffypony , go do your thing make some money, things will happen ;]
mircea_popescu: "so if you were to perform the request over an unsecured network, you could easily intercept and send a different payload without having to generate a new signature"
mircea_popescu: holy hell batman
mircea_popescu: WHO WROTE THIS CODE
fluffypony: Naphex: the company is already making money, just not enough for the next lot of things we're doing :)
mircea_popescu: kakobrekla i hold you personally responsible!
mircea_popescu: why didn't you warn us in time!
mircea_popescu: fluffypony well what company is it ?
mircea_popescu: o so you make rigs ? that's a pretty cool idea!
fluffypony: mircea_popescu: well, frames for rigs
fluffypony: but yes, peripheral services for miners is the primary aim of the business
mircea_popescu: yes yes is what i meant, metal rig frames
BCB: mircea_popescu, tells us how you really feel about the BCF
mircea_popescu: BCB no need to, because gavin did the right thing and quit.
mircea_popescu: rage partially averted.
Naphex: mircea_popescu: i'm guessing any decent programmer that implemented the bitstamp API noticed that they do HMAC all wrong, also the guy who posted that, total douche imho :)
mircea_popescu: Naphex bit of an inside joke :p
Naphex: mircea_popescu: guy probably had a short on bitfinex trololol
mircea_popescu: fluffypony so what are you planning to expand into ?
BCB: mircea_popescu, he's still being paid by them
fluffypony: mircea_popescu: I'll gladly send you the proposal if you have a bit of time to take a glance at it, just not too keen on sharing it publicly for all and sundry;)
mircea_popescu: a well then no need.
mircea_popescu: just curious if you wanted to say anything in public.
assbot: [HAVELOCK] [B.SELL] 8 @ 0.04512574 = 0.361 BTC [-] {4}
assbot: [HAVELOCK] [B.MINE] 11 @ 0.03219009 = 0.3541 BTC [+] {2}
mircea_popescu: fluffypony how much did you sell so far ?
mircea_popescu: kinda curious because the appalling situation of mining rig arrangements is a bit of a historical lolpoint
mircea_popescu: if you ever read buttcoin.org etc
fluffypony: mircea_popescu:1500 orders, 3000 frames
fluffypony: since Nov 2013
fluffypony: but we've also had customers that aren't miners
mircea_popescu: o hey. so 3k frames closer to sanity, that's a public service.
fluffypony: OCLHashCat users and the GPGPU/GPUGrid crowd
mircea_popescu: do you build them in your garage like ? or got a little warehouse somewhere ?
nubbins`: my square cc reader showed up in the mail today, woo
fluffypony: got a fabrication facility, and then it's packed and shipped from a picking/qc floor
Aquent: Why you saying Mark Karpels is a fugitive?
mircea_popescu: pretty cool.
mircea_popescu: Aquent because that's what you call people who avoid showing up in court.
Aquent: no you dont
Aquent: thats what you call people who avoid criminal law
Aquent: not civil
nubbins`: ^ he got ya on a technicality
Aquent: anyway, do you have any info where he is?
nubbins`: rumor has it he committed seppuku
fluffypony: !seen MagicalTux
mircea_popescu: i do not.
Aquent: some article is saying he's gone to taiwan
mircea_popescu: a situation eerily similar to that of a fugitive.
Aquent: is that what you were refering to or....
fluffypony: I bet he'll turn up in a StarBucks somewhere
bounce: went on a hike with that neobee guy?
nubbins`: hike?!
mircea_popescu: they are visiting meta-graceland, for a party hosted by elvis
Aquent: lol
bounce: starbucks crawl, whatever
mircea_popescu: the crispy mille
Aquent: right ok I would kindly and very respectfully ask you to change the wording
Aquent: fugitive creates panic
Aquent: especially considering some other rumours
mircea_popescu: panic about what ?!
ThickAsThieves: Aquent is Mark?
Aquent: its just a suggestion - take it or leave it is of course entirely your choice
benkay: ;;gettrust Aquent
gribble: WARNING: Currently not authenticated. Trust relationship from user benkay to user Aquent: Level 1: 0, Level 2: 0 via 0 connections. Graph: http://b-otc.com/stg?source=benkay&dest=Aquent | WoT data: http://b-otc.com/vrd?nick=Aquent | Rated since: never
mircea_popescu: ThickAsThieves no it's really me. you know how it goes, everyone's me.
ThickAsThieves: it's not easy being you
ThickAsThieves: i should know!
benkay: fascinating, danielpbarron
mircea_popescu: just promise me you don't come up with this nutty ritual of eating "my flesh and blood" later on.
fluffypony: Aquent: because all the mtgox bagholders might panic and sell their coins on mtgox?
Duffer1: change the wording to what though? "a situation eerily similar to that of a fugitive" how is that different?
fluffypony: oh...wait...
ThickAsThieves: i'm vegan, so we're good
mircea_popescu: ThickAsThieves you mean we're god.
mircea_popescu: harharhar
BCB: mircea_popescu, how many ipo have you done
ThickAsThieves: kinda a weird question
mircea_popescu: bout a dozen give or take
mircea_popescu: and contrary to whatever you may have heard, ive done in fewer than that.
mircea_popescu: ThickAsThieves better larger number.
mike_c: forum lulz @ neobee: "The financial report that you all have been waiting for is ready. Total revenue from date of incorporation to date: ZERO."
mircea_popescu: mike_c is this also me posting ?
nubbins`: is that you, john wayne?
mike_c: undoubtably
nubbins`: is this me?
mircea_popescu: hello this is you.
mircea_popescu: i have no idea what you are doing.
mircea_popescu: wait dudes! do you realise god spelled backwards is dog, and so the black lab meme and the bitcoin jesus meme just came together in a total and complete
mircea_popescu: MEMPOCALYPSE ?!?!
ozbot: A gas cloud collides with the black hole at the center of our galaxy, and we get to watch | PBS News
nubbins`: apocaleme
nubbins`: please keep all gods on a leash
BCB: mircea_popescu, you have any numbers posted market caps, exits (beisdes the very suspicious satoshi dice)
ozbot: The list of discontinued assets on MPEx pe Trilema - Un blog de Mircea Popescu.
mircea_popescu: there's that.
mircea_popescu: the rest's on teh exchange.
BCB: mircea_popescu, what was the kluge scam?
mircea_popescu: ;;google trilema kludge the musical
gribble: Bitcoin Lolcows, the musical. Today, Kludge pe Trilema - Un blog de ...: <http://trilema.com/2012/bitcoin-lolcows-the-musical-today-kludge/>; How does one list on MPEx ? pe Trilema - Un blog de Mircea ...: <http://trilema.com/how-does-one-list-on-mpex>; Bitcoin pe Trilema - Un blog de Mircea Popescu.: <http://trilema.com/category/bitcoin/>
mircea_popescu: first one
assbot: [HAVELOCK] [RENT] 100 @ 0.0075 = 0.75 BTC [+]
mircea_popescu: BingoBoingo: benkay: A jog can't do the things Lithium can though <<< actually, afaik it does.
mircea_popescu: oldest and still strongest remedy for all mental issues is exhaustion.
mircea_popescu: BingoBoingo: MP > Scheier << lol
mircea_popescu: asciilifeform https://trilema.com/2014/the-sins-of-the-group-of-posers-behind-the-so-called-bitcoin-foundation/ neh ? works if you want it, just, doesn't default to it. compatibility ftw.
ThickAsThieves: jogging produces cannabinoids
ThickAsThieves: free high!
mircea_popescu: coolabuttoids too
assbot: [MPEX] [S.MPOE] 28650 @ 0.00099824 = 28.5996 BTC [-] {2}
mircea_popescu: 1.) assbot 228202 2.) mircea_popescu 72397
mircea_popescu: so take that!
asciilifeform: mircea_popescu: beautiful piece - but the fact that the phoundation will still be revered and fellated in the world media tomorrow tells us how firmly the buggers are still in control.
Naphex: i heard BlockChains.info CoinJoin has been stealthing some BTC's lately
mircea_popescu: asciilifeform a meta-nsa may or may not exist. a meta-media definitely does exist.
asciilifeform: 'bob the bridge builder' fucks goat after goat, has done a whole herd, but remains listed in the phone book under 'bridge builder'
mircea_popescu: Naphex keonne was sayin' earlier they got it fixed, waiting for him to pop back in cause i wanted to grill him a little
Naphex: i heard it around 'town'
mircea_popescu: asciilifeform and by bob you mean bruce ?
Naphex: messing up their TX tables and getting bitcoins locked in addresses
mircea_popescu: MisterE that bank shutdown/issue seems by and large unrelated to btc in any sense. just part and parcel of larger fin sector chinese woes.
assbot: [HAVELOCK] [COG] [PAID] 6.17987915 BTC to 13`595 shares, 45457 satoshi per share
tg2: benkayyyyyyyyyyyyyyyyyyyyyy
mircea_popescu: midnightmagic actually, it's pretty much all the memory. in 64k chunks, yes, but trivial to map it all out.
asciilifeform: process memory
asciilifeform: (unless poor chumper ran with 'root' privs)
mircea_popescu: all process memory, yes
mircea_popescu: let's not even go into what exactly "process memory" means on windows
tg2: is it only the process space for the webserver?
mircea_popescu: or into how things such as the vidcard can be leveraged for this purpose./
benkay: cavirtex is sponsoring the caconf
benkay: nice
mircea_popescu: tg2 the process memory for the process running the openssl code
mike_c: it is the process space for whatever is handling ssl connections.. so all ur keyz belong to us
benkay: scamhavior universal
asciilifeform: the basics of priv elevation on common os variants is a subject beaten to death elsewhere on the net
asciilifeform: no need to re-tell it here.
tg2: inb4 noobs not using perfect forward
asciilifeform: unless, of course, someone wants
mircea_popescu: exactly. i just include it by reference.
tg2: out of bounds and native c go hand in hand
mircea_popescu: tg2 afaik pfs is so rare you might as well call it exotic
tg2: pfs is pretty easy to set up
tg2: and it has been around for a while
mircea_popescu: nevertheless.
mircea_popescu: nevertheless.
midnightmagic: mircea_popescu: No; that doesn't appear to be accurate. Ask whoever it is who is telling you that to describe how to target specific memory regions, because I'm fairly sure they're wrong.
mircea_popescu just keeps on pasting "nevertheless"
tg2: i'm sure it's adoption will increase in light recent events ;)
tg2: benkay, what was your site
tg2: candiansomething?
mircea_popescu: midnightmagic "There is no total of 64 kilobytes limitation to the attack, that limit applies only to a single heartbeat. Attacker can either keep reconnecting or during an active TLS connection keep requesting arbitrary number of 64 kilobyte chunks of memory content until enough secrets are revealed."
ozbot: Heartbleed Bug
mircea_popescu: some of teh doods that reported it.
mircea_popescu: tg2 yeah. or maybe it won't.
midnightmagic: mircea_popescu: That is from the heartbleed site. It implies more information is available, but it's information which is sitting in that specific area. It's a busy area, but it's just that specific area.
bounce: and named it, and registered a domain for the name
midnightmagic: It's an abitrary number of 64k chunks, but it's not arbitrary *locations*.
mircea_popescu: midnightmagic this, ~as far as we know~ is probably true.
mircea_popescu: nevertheless.
bounce: if there's multiple code paths you can get there it gets more interesting still
Naphex: gn o/
midnightmagic: mircea_popescu: Well the wording in that section is slippery. My current understanding is to vary the information requires being able to manipulate program execution in other areas of the program.
mircea_popescu: at this stage i don't see how any negative statements can really be made.
midnightmagic: The attack is just a heartbeat with a size modifier different; it's an overrun read-only flaw. Unless the attack is expanded to something else, there is no targetting. It's "whatever's sitting 64k behind the heap."
mircea_popescu: but since you can in principle repeat it indefinitely it's in principle anything.
asciilifeform: i specifically mentioned 'openssl' in 'don't blame the mice.' well, nobody want to read a crackpot blog, they will have to learn the lesson on their own arse.
mircea_popescu: asciilifeform you know you're in the footnotes for that reason :)
asciilifeform: and when people realize the actual root of the problem (as eventually must) they will piss themselves.
fluffypony: before I patched our local server this morning (not behind CloudFlare as CloudFlare don't have a node in South Africa) I played around with it
fluffypony: it bleeds tons of cookies from the httpd's memory space
fluffypony: some of them are broken, but enough weren't
mircea_popescu: fluffypony mike_c was liveircing wowmoments with it earlier too
fluffypony: mircea_popescu: I still maintain that the damage from something like this could be reduced by mitigating session hijacking
mircea_popescu: asciilifeform: stumbled across it by accident. << haha mike_c you be famous nao.
mircea_popescu: fluffypony there's many ways to mitigate a known attack, by the very definition of "known".
fluffypony: but locking a session to an IP is also fraught with issues, so that's not a good technique
mircea_popescu: the point here is that this attack spent most of the past two years unknown.
fluffypony: yeah I'm not talking about mitigating the heartbleed attack
fluffypony: just mitigating session hijacking
fluffypony: if POST/GET vars bleed that's one thing
Naphex: mircea_popescu: you can basically sniff whole SSL trafic with Heartbleed.
bounce recalls an irc discussion going on 15 years back, where someone speculated that a nsa backdoor might look like "int foo;" instead of "long foo;". and you just can't tell. well, here we have such an innocuous thingy. and you never can tell. but spectacular, that the effects certainly are.
mircea_popescu: Naphex all the poor souls arguing with me over tor's safety a few months ago. awww.
Naphex: just write some code and point it
asciilifeform: ;;google underhanded c contest
gribble: The Underhanded C Contest: <http://underhanded.xcott.com/>; The Underhanded C Contest » This Year: <http://underhanded.xcott.com/?page_id=5>; The Underhanded C Contest » About: <http://underhanded.xcott.com/?page_id=2>
mircea_popescu: bounce indeed.
mircea_popescu: im still trying to discern how they got it in.
fluffypony: on that HIGH note, it's bed time here, well as close to bed time as 1:15am is when the wife is fast asleep next to you
fluffypony: cheers all
Naphex: imo, definitely a planted bug.
mircea_popescu: no question about it.
bounce hasn't checked the repo, if any. probably should.
mircea_popescu: question is who were the idiots and who were the patsies.
asciilifeform: still trying to discern how they got it in << this is by far the least surprising part. next, what, ask how the roaches got in the kitchen?
Naphex: i got screwed cause i had to compile from source to get ECDH.
mircea_popescu: bounce maybe you're the last guy on the internet that hasn't made copies.
bounce: there was also that = vs == in a linux syscall a while back
mircea_popescu: asciilifeform yes. i'm exactly that sorta guy.
Naphex: so you go compile from source to get ECDH, to avoid stupid encryption restrictions
Naphex: then you get sniffed for all you have
Naphex: i'm guessing that was the logic behind it
bounce: probably not, but last in this channel, possibly
mircea_popescu: anyway, this suddenly makes tor significantly more useful. at least for a few weeks.
Naphex: until 12.00 GMT+2 mostly everything was vulnerable, and as the sploit went public everyone started sniffing everything.
Naphex: atleast that went right.
bounce: when did they move to git from cvs?
mircea_popescu: actually... they moved just with 1.0.1 didn't they ?
asciilifeform: herr mole couldn't be bothered to learn cvs.
asciilifeform: so, to be kind to him, git, which he was accustomed to.
mircea_popescu: this is fucking it is it ?!
mircea_popescu: holy cow no way.
bounce: apparently 2012-12-30 last cvs entries says timeline
mircea_popescu: this is promising. ty chan, and let it become part of the permanent record : more has been ruined by convenience than by any other sin.
asciilifeform: like germans who carried captured russian 'limonka' grenades by their rings.
asciilifeform: (german grenade had a convenient, almost identical ring that wasn't attached to the pin)
asciilifeform: very convenient.
ozbot: OpenSSL: Source, Repository
mircea_popescu: talk about a product that owns its market. the french f1
ozbot: OpenSSL: Source, Repository
mircea_popescu: well this has been quite the day hasn't it.
bounce: bug introduced in 201112 says heartbleed.com, so in cvs
assbot: [MPEX] [S.MPOE] 14300 @ 0.00099727 = 14.261 BTC [-]
mircea_popescu: bounce they may not be exactly right. this will take a lot of work.
ozbot: OpenSSL: CVS Web Interface
Naphex: for the bug
Naphex: the checkins for 14 Marhc
Naphex: march even
Naphex: http://cvs.openssl.org/chngview?cn=22271 - and this is the changeview
ozbot: OpenSSL: CVS Web Interface
Naphex: pretty sneaky boundary check bug ;o
bounce: that code looks familiar when comparing the attached patch to http://lists.freebsd.org/pipermail/freebsd-security/2014-April/007405.html
assbot: [HAVELOCK] [PETA] 4 @ 0.05499195 = 0.22 BTC [+]
bounce: the guy's an academic with a bunch of publications and two rfcs to his name. time to send in some tin foil hats to check all that, too.
Naphex: who, steve?:)
assbot: [HAVELOCK] [COG] 19 @ 0.01015789 = 0.193 BTC [-] {4}
assbot: [HAVELOCK] [RENT] 35 @ 0.0075 = 0.2625 BTC [+]
dexX7: http://i.imgur.com/5PHeaHu.png << this is what a vulnerable webwallet returns
mircea_popescu: dexX7 ouch.
mircea_popescu: BingoBoingo "To understand this by repeating this, only 20 members have posted on the Big Rock Candy Foundation 's forum in the last six months."
mircea_popescu: i wonder how many of them were me.
assbot: [HAVELOCK] [AM1] 6 @ 0.6 = 3.6 BTC [+]
assbot: [HAVELOCK] [AM100] 60 @ 0.00579955 = 0.348 BTC [+] {4}
assbot: [HAVELOCK] [NEOBEEQ] 1214 @ 0.00012673 = 0.1539 BTC [-] {2}
assbot: [HAVELOCK] [RENT] 30 @ 0.0075 = 0.225 BTC [+]
assbot: [HAVELOCK] [SFI] 572 @ 0.00080963 = 0.4631 BTC [-] {2}
assbot: [HAVELOCK] [B.SELL] 6 @ 0.0477 = 0.2862 BTC [-] {2}
assbot: [HAVELOCK] [PETA] 4 @ 0.05498993 = 0.22 BTC [+]
assbot: [MPEX] [S.MPOE] 23981 @ 0.00099374 = 23.8309 BTC [-] {2}
assbot: [HAVELOCK] [B.SELL] 8 @ 0.04771249 = 0.3817 BTC [-] {3}
assbot: [HAVELOCK] [B.MINE] 12 @ 0.03372473 = 0.4047 BTC [+] {6}
BingoBoingo: mircea_popescu I suspect they must have a seekrit forum, because You have more socks than that everywhere.
thestringpuller: there should be a gpg encrypted bitcoin illuminati forum
thestringpuller: only the cool kids are allowed to read and post
decimation: "This issue did not affect the versions of openssl as shipped with Red Hat Enterprise Linux 5 and Red Hat Enterprise Linux 6.4 and earlier. This issue does affect Red Hat Enterprise Linux 6.5, Red Hat Enterprise Virtualization Hypervisor 6.5, and Red Hat Storage 2.1, which provided openssl 1.0.1e."
decimation: woe to those who upgrade
thestringpuller: $depth mpoe
mpexbot: thestringpuller: S.MPOE Bids: ['200 @ 0.00097812', '1000 @ 0.00096001', '1000 @ 0.00095001', '450 @ 0.00082', '4000 @ 0.0008101']
mpexbot: thestringpuller: Asks: ['8926 @ 0.00098989', '3450 @ 0.00099914', '22218 @ 0.0009995', '16000 @ 0.0010045', '161792 @ 0.00101']
ozbot: 6.120 billion | Next Diff in 1481 blocks | Estimated Change: 1.4776% in 10d 2h 58m 7s
zacm: The SEC has become “an agency that polices the broken windows on the street level and rarely goes to the penthouse floors,” Kidney said, according to a copy of his remarks obtained by Bloomberg News.
zacm: Kidney said his superiors were more focused on getting high-paying jobs after their government service than on bringing difficult cases. The agency’s penalties, Kidney said, have become “at most a tollbooth on the bankster turnpike.”
assbot: [MPEX] [S.MPOE] 200 @ 0.00097812 = 0.1956 BTC [-]
ozbot: SEC Goldman Lawyer Says Agency Too Timid on Wall Street Misdeeds - Bloomberg
zacm: ra, ra, there's your "regulation"
decimation: This is what happens when the USG pays peanuts for 'talent'
TestingUnoDosTre: easy explanation deicimation
decimation: if you could double your income or better, which side of the fence would you play?
TestingUnoDosTre: never getting a job at the SEC
nubbins`: i knew a guy named kidney
nubbins`: his wife was a kidney specialist
nubbins`: no joke
decimation: the other problem the SEC has is that thier lawyers are at best 'C' league compared to Goldman's army
assbot: [HAVELOCK] [AM1] 17 @ 0.58145351 = 9.8847 BTC [-] {6}
assbot: [HAVELOCK] [AM1] 3 @ 0.58 = 1.74 BTC [-] {2}
zacm: what?! Don't Ivy League graduates at the top of their class look forward to that nice, lucrative SEC position?
zacm: lol
TestingUnoDosTre: Thats the thing, they would never go to the SEC in the first place
zacm: better off having the dumber ones there anyway
decimation: and that explains the workings of the USG
zacm: more intelligent doesn't imply more benevolent
TestingUnoDosTre: It's not like the USG can afford, or even needs to pay a high salary
decimation: more intelligent implies more competent
TestingUnoDosTre: think of positions like Senator , which makes like $175k or something.
TestingUnoDosTre: There are MANY other perks
zacm: competent to follow the incentives, like getting through the revolving door to a higher paying job, making deals along the way to do so
TestingUnoDosTre: ok I acn't argue with that
decimation: even ants follow incentives
thestringpuller: !last m s.mpoe
assbot: Last trade for S.MPOE on MPEX was at 0.00097812 BTC [-]
assbot: [HAVELOCK] [AM100] 30 @ 0.0058 = 0.174 BTC [+]
ozbot: STEALTH
asciilifeform: wtf is that
punkman: how do you even do that
benkay: amazing cops
assbot: AMAZING COMPANY!
assbot: [HAVELOCK] [PETA] 10 @ 0.05499195 = 0.5499 BTC [+]
BingoBoingo: So... what Open source alternatives are there to OpenSSL which aren't as much of a bitch to read?
asciilifeform: BingoBoingo: it's a bigger issue than one particular C turd
BingoBoingo: asciilifeform: Of course.
asciilifeform: BingoBoingo: just about anything that involves a book-length standard, esp. with the familiar committees, is an inevitable turd.
BingoBoingo: How is clisp's webserver on the SSL stuff
asciilifeform: clisp as in 'common lisp' or the particular implementation thereof called 'clisp' ?
asciilifeform: they're rather different things
assbot: [HAVELOCK] [COG] 10 @ 0.01499918 = 0.15 BTC [-] {2}
BingoBoingo: asciilifeform: The particular implementation
asciilifeform: never used it.
BingoBoingo: Ah, I have yet to play with SBCL
asciilifeform: 'clisp' is mostly used by people running 'exotica' (machines for which there is no 'sbcl')
asciilifeform: it is dog-slow - exactly what unfortunates who went to uni for 'comp sci' expect a lisp to be like.
BingoBoingo: I see. It's also the implementation "Land of Lisp" supposes for most of its exercises
asciilifeform: most web crap in common lisp uses 'CL+SSL', an FFI wrapper of traditional openssl.
asciilifeform: so they're as hosed as everyone
BingoBoingo: Seems the hardware aspects of Loper are only the beginnings of the mess
asciilifeform: people have this very special facial expression they make when they finally understand what i've been arguing for
asciilifeform: (tldr - pretend the last 40 years, other than semiconductor chemistry, never happened)
BingoBoingo: But they happened because it is easy to "circle the wagons around the cesspool buying time to fish out another turd for sale"
assbot: [HAVELOCK] [AM100] 20 @ 0.00579999 = 0.116 BTC [-]
BingoBoingo: The state of the art from 1980 on 2004 semiconductors would be a hell of a thing to behold
← 2014-04-07 | 2014-04-09 →
Random(trilema) | Download hourly DB snapshot | Get Source Code