00:01:49 -!- augur has joined. 00:02:42 -!- augur has quit (Remote host closed the connection). 00:03:43 Hey pikhq_? 00:04:09 Remember that company we thought owned the world until we looked closer and realised they only owned like a percent of it? 00:04:13 What was it called again? 00:05:30 Don't remember at all. 00:08:17 Argh. 00:08:37 I remember that 'deposit-" and "company" were there somewhere. 00:36:40 -!- augur has joined. 00:45:34 -!- kinoSi has quit (Read error: Connection reset by peer). 00:45:44 zzo38: "just intonation" is a tricky thing for sufficiently complex music. 00:46:01 -!- kinoSi has joined. 00:46:22 You might in some cases have a lot of similar notes that are all approximated by the same eqaul-temperament note. So maybe that would compress worse? 00:46:25 i don't see why it should be so tricky, it's just intonation 00:46:28 (But why do you care?) 00:46:36 oerjan++ 00:47:36 "Then there's the nondescript design, and the marriage of necessity to business features like the TrackPoint (the red nub in the middle of the keyboard). The nub especially feels extraneous for most users now that the trackpad actually works the way it should, but business being business, alienating a mass of outmoded users isn't going to fly." -- gizmodo 00:47:41 wow gizmodo you did not just say that 00:48:34 Man that's a lot of needless Latinate. 00:49:11 kmc: I didn't know I was a business user. :-( 00:49:25 apparently anyone who types a lot and dosen't want to get RSI from reaching to the mouse is "outmoded" 00:49:25 * shachaf doesn't use a ThinkPad at all anymore, actually. 00:49:37 But when I did I preferred the TrackPoint® to the touchpad. 00:50:19 what do you use now? 00:51:17 Urgh. Trackpoint's really kinda handy if you need small amounts of mouse movement. 00:51:41 yes 00:51:43 A touchpad's a bit better if you're going to be primarily mousing. Or, y'know, a real mouse. 00:51:45 -!- Rain777 has joined. 00:51:47 Yeah, the Thinkpad nipple is awesome. 00:52:04 A Dell XPS 15. It's not as good as the ThinkPad but it works. 00:52:17 Of course, you can just use *both* depending on what's optimal for your current task. 00:52:48 yeah, my current machine has both 00:52:49 good evening !! 00:52:55 Small touchpads are horrible. Tap-to-click is horrible as well. Apple touchpads are almost as good as nipples, though. 00:53:17 Heck, for a wasd-style game the Trackpoint is pretty awesome I'd imagine... 00:53:24 i use the trackpoint when i need a bit of mousing in the middle of writing something 00:53:36 i use the touchpad when i'm just reading websites, mostly because it does the right edge scroll thing 00:53:48 Given that there the mouse is being used more as directional input rather than pointing. 00:54:05 I used the hold-middle-mouse-button-down-and-move-nipple thing for scrolling. 00:54:08 I would like to change the way I use computers to require minimal mouse input. 00:54:11 the X1 Carbon is pretty expensive :/ 00:54:19 Much nicer than the side scroll thing with a touchpad IMO. 00:54:22 shachaf: Have you considered using a tiling WM? 00:54:28 though computers overall keep getting cheaper 00:54:30 A mouse is good for analog things, but very few of the things I do are analog. 00:54:41 i remember when any halfway decent computer (for its time) would be at least $2000 00:54:44 pikhq_: I have used a tiling WM! 00:54:58 pikhq_: But I barely use the mouse with my current non-tiling WM. 00:55:41 if you want to use the mouse more efficiently, you should switch to a toroidal mouse geometry 00:55:44 seriously 00:55:48 I like how Ubuntu’s Unity project has enabled much more keyboard accessibility than before. 00:56:01 $2000 practically buys you a behemoth nowadays. 00:56:21 `welcome Rain777 00:56:28 ion: It has? 00:56:31 Rain777: Welcome to the international hub for esoteric programming language design and deployment! For more information, check out our wiki: http://esolangs.org/wiki/Main_Page. (For the other kind of esoterica, try #esoteric on irc.dal.net.) 00:56:37 kmc: What’s toroidal mouse geometry? 00:56:41 shachaf: yeah 00:56:53 when you move the mouse off the edge of the screen, it teleports to the opposite edge 00:57:02 i have synergy configured to do this 00:57:42 -!- Rain777 has left. 00:57:44 You can launch programs by hitting Windows™ and typing a part of the program name; you can select menu items by hitting Alt and typing a part of the menu item name; you can switch to a specific window with Windows™-{1,2,3,…} etc. 00:58:12 ion: Wasn't it more application-oriented like Mac OS X? 00:58:24 Except done even worse. 00:58:27 Sorry, yeah, a specific application. 00:58:47 Dunno about worse since i’m not that familiar with OSX, but i’ve certainly liked Unity. 00:58:48 i have a program which lets me launch programs by typing part of the name 00:58:51 it's called a terminal ;) 00:59:06 * kmc http://twitter.com/1990sLinuxUser mode 00:59:23 Yeah, “setsid fire && exit” is convenient indeed. 00:59:31 Just about every mainstream X11 desktop environment has had Alt-F2 bound to that for quite a while. 00:59:50 ion: why setsid? 00:59:51 Alt-F2 doesn’t know about applications’ descriptions and keywords. 01:00:15 xmonad is not mainstream :/ 01:00:16 kmc: To have the terminal window go away immediately. 01:00:20 obviously because it involves monads 01:00:26 xburrito 01:00:27 ion: isn't «firefox & exit» good enough? 01:00:36 zsh: you have running jobs. 01:00:38 % 01:00:46 kmc: xmonad has never claimed to be mainstream. 01:00:57 oh, zsh 01:01:08 ...It's too mainstream for me, though. 01:01:19 Remember back when xmonad was called "thunk"? 01:01:23 i should finish that window manager i started writing 01:01:28 then i could be a cool kid 01:01:34 kmc: Do it! 01:01:34 shachaf: was it really? 01:01:35 I would use it. 01:01:39 What window manager did you start to writing? 01:01:45 kmc: Yep, that was the name before "xmonad". 01:01:49 a static tiling wm in haskell 01:01:55 with nicer code than xmonad ;) 01:02:01 not that xmonad's code is terrible, but mine is nicer :) 01:02:11 The nicest code is code that you don't write in the first place. 01:02:15 Therefore kmc's WM has the nicest code. 01:02:37 -!- oerjan has quit (Quit: Good night). 01:02:38 no, i have almost 500 lines of code 01:02:42 but they do not a window manager make 01:02:49 and we all know xmonad is only 500 lines of code except not at all 01:03:01 Is it as good as xmonad 0.1? 01:03:20 kmc: You should put your code up! 01:03:27 Since it's basically a WM already. 01:03:37 much of that is a SDL-based mockup of the keyboard UI 01:03:48 designing a good UI for static tiling operations is not that easy 01:03:55 i should look at what other WMs do 01:03:58 * shachaf has no idea how the keyboard UI would work for a WM that works the way he wants. 01:04:35 I don't know if the way I want is the same as the way you want, but it seems close enough. 01:04:43 You used to use Ion3, right? 01:04:45 in my model, each workspace is a tree where branching nodes are horizontal or vertical splits 01:04:47 Hehe, 1990sLinuxUser is awesome. 01:04:58 ion: i know, right? my favorite part is the background image 01:05:03 kmc: Indeed! 01:05:25 i think the conceptually simplest UI for navigating this tree is to have a key for parent, child 1, child 2 01:05:30 but i think this kinda sucks to use 01:05:42 probably you also want keys for in-order traversal of the leaves 01:05:49 Is there a reason to special-case workspaces? 01:06:10 well, each split is binary, except the split into workspaces 01:06:18 As opposed to them just being the root of an xmonad "Full"-style thing. 01:06:23 Oh. 01:06:25 and each split has a parameter to say how space is divided, except the split into workspaces 01:06:35 * shachaf was thinking of n-ary splits. 01:06:44 you could have those, but the second point would remain 01:06:52 In Ion3 any window can be a "workspace" of its own. 01:06:59 You can have floating workspaces and so on. 01:07:04 yeah, that's cool 01:07:40 And also any "window" can have multiple windows inside it as tabs. 01:08:04 My opinion is how the keyboard UI works would be: All window and widgets are hover focus, and you can push the key to switch between widgets (such as TAB) and key to switch between windows (such as the window manager's key and TAB together), and doing so move mouse pointer to that position. 01:08:24 zzo38: I'm mainly concerned with how you create, adjust, and delete splits 01:08:29 I would think it would be best to have both tiled and floating windows. 01:09:22 i never put in the effort to learn how ion actually models all this 01:09:33 from the outside it seemed excessively complicated 01:09:44 kmc: At least how I would do is, to adjust splits have one of the mouse buttons assigned for that purpose when you click the border using that button. 01:10:13 My list of "window managers that seemed interesting" also includes Enlightenment, although it's a floating WM. 01:10:16 I don't remember why. 01:11:06 I would have the widgets basically Athena-style except that keyboard commands can also be used instead of or in addition to the mouse. 01:13:11 what are the choices for static tiling wms, anyway? 01:13:12 Some people might not like this of course; some people may prefer programs with Motif or GTK widgets. I prefer SDL. 01:13:25 kmc: You should get the WM to a working state before you're too busy to! 01:14:35 Yes 01:14:44 In one sense all floating WMs are static. 01:14:56 Oh, you did say "tiling". 01:15:26 ion/notion, stumpwm, ratpoison, wmii, ? 01:16:15 i think awesome is dynamic and the name annoys me anyway 01:16:16 wmii is very similar to dwm, isn't it? 01:16:33 “notion” would be an awesome name for a window manager. 01:16:41 ion: "notion" exists. 01:16:43 It's a fork of Ion. 01:16:45 duh 01:16:59 -!- derdon_ has joined. 01:17:01 and wmii is from suckless.org which also annoys me 01:17:13 for me, annoyance is a full time job 01:17:24 shachaf: the thing is, xmonad is Good Enough 01:17:37 kmc: Xfce is also Good Enough. 01:17:37 I would think the window system should instead of X, it should be based on SDL. They can include some built-in commands for clipboard (although it could just be /proc/$WINPID/userfs/clipboard if you have that kind of user filesystem mode), fix 8x8 and 8x12 whatever monochrome fonts, etc 01:17:49 At least, the difference between xfce and xmonad is small enough that I haven't bothered to set it up. 01:17:57 i get by fine in xmonad with just full and two-column layouts 01:18:18 btw, gimp now has a "one window" mode which works pretty well 01:18:29 xmonad's floating window support is pretty wonky 01:18:45 I used GIMP with xmonad. 01:18:53 me too 01:19:08 zzo38: Oddly enough, I think you'd at least somewhat like Wayland. 01:19:15 The idea of having a WM inside an application kind of annoys me. 01:19:27 Even though the application knows more about its windows. 01:19:30 pikhq_: Yes I do somewhat like Wayland. 01:19:50 -!- derdon has quit (Ping timeout: 252 seconds). 01:20:10 yes 01:20:56 the window managers i use are xmonad, screen, irssi, chromium, and finch 01:20:57 If it’s made into a library that *everything* uses so that all the windows behave the same way and look alike and if you can still move and close windows owned by processes that are stuck, i’m totally happy with it. 01:20:59 -!- augur has quit (Remote host closed the connection). 01:21:18 i don't do splits with any except the first 01:21:34 finch supports overlapping windows of any size, it's completely ridiculous 01:21:45 Also vim. 01:22:56 i don't use vim for window management 01:26:02 ok we're trying out the "irssi.so" window manager for GNT, the curses tooklit used by Finch 01:27:56 trip report forthcoming 01:28:16 We? 01:28:59 I, the royal "we"... you know, the editorial 01:31:27 A magazine I read when I was much younger had an editoral, which was called something like "words of the editor". 01:31:42 Except it had a handwritten font in which "editor" looked a lot like "crow". 01:31:55 So I thought it was "words of the crow". 01:34:49 I’d like to have a horizontally looping desktop of arbitrary width and a height equal to the monitor’s height. I’d like to be able to place windows to the desktop side-by-side (never overlapping and never with space between them) and to scroll horizontally whenever its width is greater than that of my monitor. The desktop should grow and shrink automatically to fit the windows. Scrolling should snap 01:34:51 windows’ left-hand edges to the monitor’s left-hand border, and moving windows’ right-hand edges to resize them should snap to the monitor’s right-hand border. 01:35:51 There should be keyboard shortcuts to scroll to the next/previous window (so that their left-hand edge will match with the monitor’s left-hand border). 01:36:57 kmc: what's wrong with suckless.org? 01:37:33 One could have e.g. a browser and a terminal side-by-side so that they fill the monitor exactly, but also a music player next to the terminal so that if you scroll to the right, the terminal and the music player will fill the monitor exactly. 01:38:38 ion: that sounds like an interesting idea 01:39:06 but maybe it'd be even better to be able to have a list of 'views' of the windows 01:39:47 so you could implement that, but you could also be able to, say, always have your IRC client on the left and effectively scroll through what else should appear on the right 01:40:34 obviously you'd want to embed a scripting language (perhaps Python? A mini-Lisp?) to programmatically define the views 01:40:44 rather than just having a set of canned modes 01:41:33 Then again, all this might have been done already 01:48:20 soundnfury: oh, i'm probably biased because of the person who complained that mosh doesn't work in st, and talked like a cult member 01:49:32 kmc: You have a lot of biases. :-( 01:49:35 yeah 01:49:46 yeah, maybe you should join #lesswrong and get them to fix it ;) 01:50:19 in general i feel like all this "suckless" "minimalist" stuff means "works only for the author, comes with a screed about how this is all anyone should need" 01:50:24 I just wondered if there was anything I should know about suckless, since they listed my IRC client on their "Stuff that rocks" page 01:50:48 (that's not a criticism of suckless.org specifically, just of the attitude they are latching onto) 01:51:12 Ok, now I understand... because I have an attitude that could be characterised that way too 01:51:48 any feature you do not personally use is "bloat" 01:52:05 and 10 half-baked solutions to the same problem is better than 1 complete solution 01:52:11 because the half-baked solutions are each "minimalist" 01:52:30 The other extreme is perhaps more dangerous. 01:52:36 both extremes are dangerous, yes 01:53:18 the best is software which has many features, but which is architected in such a way that you don't pay for the features you don't use 01:53:30 don't pay in terms of performance, but most importantly in terms of code complexity and bugs 01:53:46 that is, the features you aren't using should not cause bugs in the parts you are using 01:53:49 obviously this is very hard 01:53:56 What's an example of that? 01:54:04 beats me 01:54:34 Ah, kmc. 01:54:54 maybe a programming language interpreter 01:55:01 i'm not affected by bugs in python modules i haven't loaded 01:55:18 Many people describe C++ that way. 01:55:28 Though I don't think that's quite right. 01:55:28 and module maintainers have relatively little ability to force the core python interpreter to adopt bad design decisions 01:55:37 the language itself is a pretty resiliant abstraction barrier 01:55:51 shachaf: yeah, but they're talking only about space/time usage and not about cognitive burden 01:55:57 Right. 01:56:43 -!- DHeadshot has joined. 01:56:53 Depending on the program and how it is, some things can be external files and separate programs that can be processed separately or piped or whatever. 01:57:30 Incidentally, since we're on the subject of software development... 01:57:36 Uh-oh. 01:57:47 I'm currently trying to decide how to implement scripting in quIRC 01:58:17 Invent your own language which is backwards-compatible with IRC commands. 01:58:18 I have some ideas (and a half-finished spec) for a scripting language, but I had another idea too: symbionts 01:58:24 -!- DHeadshot has quit (Read error: Connection reset by peer). 01:58:43 -!- DHeadshot has joined. 01:58:44 soundnfury: Probably it depend what you are doing with? There are a few possible ways. 01:58:45 that is, make quIRC invoke symbiont processes (the scripts) and talk an application protocol to them 01:59:35 that way you gain the ability to write scripts in any language, but otoh you can only do things there are hooks for 02:01:20 * Phantom_Hoover notes that the present phase of the moon is a waxing gibbous. 02:01:30 That's like the worst one for Armstrong to die during. 02:01:59 At least what I have done in PHIRC is the script commands and local commands are like IRC except you put a slash in front; since PHIRC is written in an interpreted language you can also use that interpreter too, though. So, partially your choice will depend what programming language you use, what user interface, and what operating system. 02:02:05 Phantom_Hoover: Why? 02:02:26 Gibbouses are the dumbest phase. 02:02:53 You can't even describe it very well, it's just "that phase that's a bit more than half full". 02:03:27 Just describe it by the degrees in ecliptic longitude? 02:03:30 Phantom_Hoover: The Moon is Waxing Gibbous (67% of Full). Full moon in NetHack in 5 days. 02:03:46 (from #nethack:!pom) 02:04:06 Thank you soundnfury for telling me something that I had just demonstrated knowledge of. 02:04:08 zzo38: C, curses-like, *nix 02:04:27 Or by percentage? 02:04:38 Phantom_Hoover: I was giving you a more precise description than "a bit more than half full" 02:04:43 You don't need to describe it as "gibbous" if you don't want to. 02:04:59 # Do, do, do, the funky gibbous 02:05:05 # we are here to show you how 02:06:13 Sun ecliptic longitude at 3 Virgo, Moon at 23 Sagittarius, so you subtract 263-153=110 degrees. (180 degrees = full moon) 02:07:07 doesn't that assume the solar and lunar orbits are coplanar? 02:07:09 By the direction you can know the moon is going forward motion (counterclockwise on the diagram) so you can tell on the diagram the direction of wax/wane, and by aspect lines, whether the full moon is slightly before or slightly after or exact. 02:07:38 zzo38: I'm not sure I follow your PHIRC explanation 02:07:46 soundnfury: It would seem so. But actually if they are then it is an eclipse. This orbit is used for measurement. 02:08:04 (So actually it is approximate but you have to use some plane of measurement, so the ecliptic is used.) 02:08:47 but surely what you want to measure is something to do with the proportion of the moon's solid angle that's lit, as viewed from Earth 02:08:53 Because if it is actually moon exactly opposite to the sun, then it will be a lunar eclipse because the Earth is in the way. 02:09:47 So using all the angles it would never actually light the entire face of moon seen by Earth because the Earth is in the way. 02:09:53 yeah but at "new moon" if it's not a solar eclipse then it'll be a (very very slim) crescent 02:10:13 Yes, that too. 02:10:17 ah well, it's not important 02:10:33 Using ecliptic longitude only is what is generally done to calculate the phase of moon, I think. 02:12:02 Another common way to calculate phase of moon is by the time instead of by angle. 02:12:03 maybe this "don't pay for features you don't use" is actually the most important reason to move things out of a language core and into the standard library 02:13:09 kmc: Yes, I agree you should put thing in a library. Even with Forth you can include most of the control structures and a lot of other things including syntactic stuff in a standard library too. With other programming languages the way it is done will differ. 02:14:06 kmc: Do you know the problem "generate a string of the form /[abc]{N}/ such that no substring appears twice in a row"? 02:14:29 i think you mentioned it before 02:14:38 Oh. 02:14:42 de bruijn sequences? 02:14:47 No, unrelated. 02:14:52 (I think?) 02:15:23 hmm, is this going to relate to prime numbers in some way? 02:15:31 (just a hunch) 02:15:32 De Bruijn sequences are sequences such that you can figure out a substring's position from its contents. 02:15:46 right, which means each one appears at most once 02:15:54 And then there is Ecclesiastical phase of moon, which is slightly off from the actual phase of moon and is used to calculate the date of Easter, due to tradition. 02:15:59 but it's for subsequences of a specific length 02:16:12 anyway, please go on about this problem 02:17:27 In this case you're allowed e.g. "abcacbabca" 02:17:41 But you're not allowed a sequence that contains "aa" or "abab" or "abcabc". 02:17:44 oh, twice *in a row* 02:17:46 i missed that 02:17:52 kmc: doesn't "to go on about something" have a meaning /subtly/ different to what you meant? 02:18:13 soundnfury: I think the meaning was clear here. 02:18:20 yeah, but it's still funny 02:18:25 don't my nuts have a meaning subtly close to your face 02:18:32 no, they don't 02:18:54 well then 02:18:56 glad that's settled 02:19:34 Anyway, you can generate arbitrary-length sequences with this property. 02:19:56 how do you generate them? 02:20:01 I think I'll go for the symbiont method, and then _maybe_ implement my scripting language as just one option 02:20:47 kmc: I think you can do a tree search, though there may be a better way 02:21:18 eg. start with an a, now you can have either b or c (isomorphism, doesn't matter which, we'll say b, now there's no further isomorphism left) 02:22:05 now either we have an a next, so it must then be a c (can't have abaa or abab), or we have a c next, so either abac, abca or abcb (we can't have abcc) 02:22:33 and so on, I don't know if the tree keeps getting wider or if the branches start to terminate 02:22:50 You can do it by generating and backtracking. 02:23:02 (ie. if you start getting strings where you can't append any of [abc] without creating a repeat) 02:23:09 okay, i was wondering if there was a better way 02:23:12 It's much trickier to do it without, though it's possible. 02:23:27 There is. 02:23:51 -!- DHeadshot has quit (Read error: Connection reset by peer). 02:24:25 how do you do it? 02:24:36 can you do something recursive, is there some way to take a sequence and modify it so that you can concatenate the original and modified versions, thereby getting another valid string? 02:24:43 https://en.wikipedia.org/wiki/Squarefree_word 02:25:24 heh 02:25:28 ooh, nice 02:29:13 "Thue-Morse sequence" is fun to say. 02:39:41 Yes OK I understand what you mean. Was there something like that on anarchy golf? 02:39:58 -!- augur has joined. 02:42:07 -!- DHeadshot has joined. 02:42:23 -!- Phantom_Hoover has quit (Read error: Connection reset by peer). 02:45:58 -!- augur_ has joined. 02:45:59 -!- augur has quit (Read error: Connection reset by peer). 02:54:27 I looked out the window and I can see the moon. 02:56:42 -!- DHeadshot has quit (Read error: Connection reset by peer). 02:56:47 -!- DH____ has joined. 03:00:32 -!- derdon_ has quit (Remote host closed the connection). 03:06:30 -!- DH____ has quit (Read error: Connection reset by peer). 03:06:46 @ask elliott Apparently "travelling" is the British spelling and "traveling" is the American spelling. 03:06:47 Consider it noted. 03:07:01 @tell elliott Can you make me British? :-( 03:07:01 Consider it noted. 03:14:50 -!- DHeadshot has joined. 03:22:51 -!- ogrom has joined. 03:22:55 -!- pikhq has joined. 03:23:05 -!- pikhq_ has quit (Ping timeout: 260 seconds). 03:25:06 kmc: What is interesting in southern CA? 03:25:45 kelso sand dunes 03:26:48 Hmm, that's rather far inland. 03:28:47 are you going to southern CA? 03:28:56 Possibly. 03:31:01 You know what's remarkable? Is how much of England looks in no way like southern California. 03:32:13 what is your remark, then? 03:32:24 It was a quote 03:32:36 I possibly got it slightly wrong, not watched that for a while 03:33:03 (it's from Austin Powers) 03:33:38 -!- pikhq_ has joined. 03:33:52 ah 03:34:02 it's a joke about how Southern California stands in for lots of places in films and tv 03:34:13 i went to school at a college used frequently for film shoots 03:34:27 -!- pikhq has quit (Ping timeout: 276 seconds). 03:34:46 I know someone who's going to go there soon. 03:34:51 In a few weeks, I guess. 03:35:06 i gather that there are a lot of fun things to do in LA, most of which i have not done 03:35:18 i never even went to the beach, despite living a few minutes' bike ride away for a summer 03:35:44 They say it's a good beach. I've never been. 03:35:48 which one? 03:35:58 The, uh, one in Los Angeles. 03:37:15 there are a few 03:48:42 -!- pikhq has joined. 03:49:10 -!- pikhq_ has quit (Ping timeout: 256 seconds). 04:23:39 we alone on earth can rebel against the tyranny of the selfish replicators 04:31:00 pass it on 04:31:20 Can I pass it on in my genes? 04:31:33 yes 04:32:58 -!- pikhq_ has joined. 04:33:27 -!- pikhq has quit (Ping timeout: 272 seconds). 04:50:38 shachaf: the next CTF should focus on misuse of cryptographic primitives, don't you think? 04:50:45 that would be fantastic 04:52:25 kmc: Oh, that would be fun. 04:52:53 -!- TeruFSX has quit (Read error: Connection reset by peer). 04:52:55 You should tell them! 04:52:59 Or make it. 04:53:03 i told gdb already 04:53:41 -!- TeruFSX has joined. 05:02:27 there are so many exciting ways to misuse cryptographic primitives 05:05:14 Yes. It's one of those things I should know more about. 05:06:14 (Though the right answer is generally "use higher-level primitives", not "know how to use low-level primitives correctly".) 05:10:05 yeah 05:10:55 The situation with Haskell and cryptography libraries seems kind of terrible. :-( 05:10:56 i wonder if that message would come across 05:11:58 What cryptographic primitives? 05:13:01 i found it entertaining and enlightening to witness a discussion where each side accused the other of advocating the cardinal sin of "rolling your own crypto" 05:13:19 and each side had valid arguments as to why their solution is less "rolling your own" 05:13:28 zzo38: I heard Julius Caesar was pretty cryptographically primitive. 05:13:35 kmc: I think I remember you mentioning that. 05:13:39 Was it with mosh? 05:13:41 yeah 05:13:59 mosh already rolls more crypto than is desirable 05:14:05 * shachaf doesn't remember the exact arguments. 05:14:29 it would be nice to use something higher level like DTLS, but there are a few problems with doing so 05:14:41 the argument in question was about OCB vs. CTR+HMAC, i.e. two block cipher modes 05:15:00 Ah. 05:15:02 and plenty of comments from the peanut gallary about "if you have to pick a block cipher mode, you're doing it wrong" 05:15:12 I read somewhere that combining multiple ciphers is sometimes weak; however, I do not think it will be weak if the keys used for each are guaranteed not to be related. 05:15:20 which is fair enough, but again, I don't think there was a suitable higher-level alternative 05:16:02 http://nacl.cr.yp.to/ looks like a nice high-level cryptography library. 05:16:16 I don't know enough to know whether it's actually good. 05:16:27 Can you do backward and forward, side effect, stream and block, superencrypted initialization vectors, with a suitable compression in many steps with long keys which do not repeat? 05:16:50 It uses the author's own encryption and authentication primitives, which is generally worrying. 05:17:12 zzo38: What's a superencrypted initialization vector? 05:17:53 In addition, optimize it to run fast and less memory but use a slow algorithm and insert random delays and RAM scrambler 05:18:24 i don't trust random delays, statistics can still win out 05:18:50 the library shachaf linked is based around the idea of "no data-dependent branches or memory addresses" which seems solid 05:19:01 shachaf: You have an initialization vector of a random length, which is then scrambled with the rest of the code and encrypted again using a different algorithm and with an unrelated key (it because insecure if you use related keys) 05:19:04 or you can pick a fixed time that each operation should take, and wait the remainder 05:20:03 kmc: But then you need to also deal with power usage 05:20:38 I think situations where you have to deal with power usage are pretty rare. 05:20:50 shachaf: RE: NaCl, I *think* DJB is more qualified than most to actually do crypto well. 05:21:05 pikhq_: Of course. 05:21:28 pikhq_: But even so. 05:21:31 but the number of eyeballs looking for dumb implementation bugs may well be as important as a solid understanding of the theory 05:21:33 Also, they're only a few years old. 05:21:40 I mean, crypto and crypto attacks is what his math career largely is. :) 05:21:51 tarsnap guy is also qualified to do crypto well, and yet he had a catastrophic dumb implementation bug ;) 05:22:01 Still, yeah. 05:22:26 pikhq_: I'd rather use a stupid algorithm that a lot of smart people have failed to break than a smart algorithm that only one smart person has failed to break. 05:22:32 Crypto is one of those fields where minor bugs are nearly as catastrophic as "dur, rot13 is good". 05:22:53 (Not that that's the situation here.) 05:22:56 security in general 05:23:03 because it's about worst case rather than average case 05:23:23 i love how many linux root exploits involve subsystems nobody ever uses, and/or code which never worked in the first place 05:23:33 they finally removed econet 05:24:22 What does econet mean? 05:24:34 zzo38: Funny, it's just the sort of thing I'd expect you to use. 05:24:39 econet is a networking protocol used by Acorn home computers from the 1980's 05:24:41 yes 05:24:44 gopher over econet 05:25:00 Linux had an implementation of it, which is mostly famous for a number of security holes 05:25:19 it's unclear this implementation ever actually worked, and if so how long ago it was last used 05:25:47 In that case I suppose it is a good idea to remove it; whoever will use it can make a new implementation which has a better quality. 05:25:59 another example is the code for loading 32-bit Video4Linux1 firmware onto a Video4Linux2 device on a 64-bit machine 05:26:23 turns out, nobody had ever tried to do this, the code in the kernel had no chance of working but was easily abused to get root 05:26:47 * shachaf wonders whether the Firefox gopher code has security bugs. 05:26:54 zzo38: yeah; what's worse is that many distributions shipped the econet module by default 05:27:09 and even worse, they would automatically load it if you tried to use the protocol from an unprivileged program 05:27:11 shachaf: Maybe. It's not there anymore though. 05:27:20 They should just remove most of the stuff in the kernel since a lot of it too complicated 05:28:27 zzo38: also, any remaining users of Econet are almost certainly tunneling it over UDP, and might as well do that in userspace 05:28:31 No, I don't think the Firefox gopher code had security bugs; the Microsoft gopher code has many security issues, though. 05:29:15 zzo38: What about the Plan 9 gopher code? 05:29:40 kmc: No, the problem is using too complicated operating systems (whether it is Windows or Linux or something else, it is still too complicated). 05:29:43 shachaf: I don't know. 05:29:59 Hmm, I guess Glenda isn't a gopher. :-( 05:30:15 Is the golang mascot a gopher? 05:30:31 I don't know but I do not think it is relevant. 05:31:35 zzo38: True. But neither is gopher. 05:34:50 I make up the new computer system to not have all this complexity, it can be a single tasking system (if you need tasking switch you can store it on the hard drive) and not involving such complicated things as PDF and USB. 05:35:20 there are many old computer systems with these properties 05:35:56 The old one is too slow and it is out of sale. 05:36:33 you can run FreeDOS on your modern PC 05:36:38 and there are free development tools for it 05:37:00 Pretty certain he finds x86 objectionable. 05:37:09 (as well he should) 05:37:40 fair enough 05:37:53 if you are talking about hardware and not just software, then yes it's much harder to remake everything to be simpler 05:38:11 I do happen to think FreeDOS is OK. There are certainly problems with x86 (I don't like the existence of CPUID command is one thing, and modern extensions to the instruction set tend to confuse everything) 05:38:23 kmc: That is why I have to try. 05:38:37 i too find x86 objectionable 05:38:51 though i disagree with the more specific claim that x86 assembly is so much harder to write by hand 05:38:59 18:17 for me, annoyance is a full time job 05:39:27 x86 assembly is in a lot of ways designed to be nice to write by hand. 05:39:42 Some of the later addons less so. 05:39:50 But certainly, at its core it's meant that way. 05:40:02 x87 code is not nice to write by hand :( 05:40:40 Then what *was* it designed for? 05:40:53 A register-stack sure isn't good for compilers. 05:41:01 i think it's just bad 05:42:01 i don't know why it's designed the way it is 05:42:10 It's bad for all involved. 05:42:18 Daniel Bernstein pointed out that 8-element stack + free swap can sometimes to more than an eight-register instruction set. 05:42:42 what about an eight register instruction set with free swap 05:43:11 shachaf: Way back when, that swap wasn't free. :) 05:43:43 -!- asiekierka has joined. 05:43:49 shachaf: in what way is it better? 05:43:58 kmc: http://cr.yp.to/qhasm/20050210-fxch.txt 05:44:03 zzo38: why don't you like CPUID 05:46:02 kmc: Because a program might not run if you replace the processor. In my idea one thing they could be able to do is, you can store the state of the program to disk and then replace all the components (including the disk) and turn on the program will still continue same as the other one (and if you copy it, both will run identically), is my idea of computer. 05:46:39 shachaf: interesting 05:46:42 Including if all the parts are different manufacturer from what it was before. 05:47:01 zzo38: but that's also true if different CPUs have different features, regardless of whether you have an explicit way to identify them 05:48:04 this is a real problem though 05:48:13 Xen can virtualize CPUID 05:48:22 so that you can indicate a baseline set of features that all your VM hosts support 05:48:26 That is why it would be made to not have different features, or, if they do have different features have a pin which you can connect to ground to indicate to use compatibility mode or not, so that you can activate the new features or you can turn them off by hardware. 05:49:12 (this is a problem for code that uses CPUID as a memory barrier) 05:49:36 Yes those may be some of the problems. 06:02:55 -!- pikhq_ has quit (Ping timeout: 240 seconds). 06:03:07 -!- pikhq has joined. 06:07:46 -!- pikhq has quit (Remote host closed the connection). 06:08:04 -!- pikhq has joined. 06:12:13 gotta sleep, ttyl all 06:14:51 -!- zzo38 has quit (Remote host closed the connection). 06:18:54 I hate Clojure protocols. 06:33:05 -!- ogrom has quit (Quit: Left). 06:39:08 -!- pikhq_ has joined. 06:39:42 -!- pikhq has quit (Ping timeout: 264 seconds). 06:46:13 -!- pikhq has joined. 06:46:28 -!- pikhq_ has quit (Ping timeout: 244 seconds). 07:03:19 ,(apply (partial some identity) '(true true false)) 07:03:25 &(apply (partial some identity) '(true true false)) 07:03:30 oops 07:03:56 -!- Vorpal has joined. 07:32:43 -!- DHeadshot has quit (Read error: Connection reset by peer). 07:32:48 -!- DH____ has joined. 07:50:45 -!- pikhq_ has joined. 07:51:01 -!- pikhq has quit (Ping timeout: 244 seconds). 08:26:04 -!- AnotherTest has joined. 08:26:45 Hello 08:34:55 -!- DH____ has quit (Read error: Connection reset by peer). 08:35:00 -!- DHeadshot has joined. 08:37:02 -!- asiekierka has quit (Ping timeout: 244 seconds). 08:40:48 -!- sirdancealot7 has joined. 08:45:09 -!- DHeadshot has quit (Read error: Connection reset by peer). 08:49:04 -!- mig22 has joined. 08:56:26 -!- pikhq has joined. 08:56:40 -!- pikhq_ has quit (Ping timeout: 268 seconds). 09:10:14 -!- AnotherTest has quit (Read error: Connection reset by peer). 09:10:29 -!- AnotherTest has joined. 09:22:34 -!- ais523 has quit. 09:46:49 -!- pikhq_ has joined. 09:47:09 -!- pikhq has quit (Ping timeout: 260 seconds). 10:05:21 -!- cheater__ has joined. 10:08:24 -!- cheater_ has quit (Read error: Operation timed out). 10:18:55 -!- ogrom has joined. 10:36:17 -!- Lumpio- has quit (Quit: _o7). 10:36:30 -!- Lumpio- has joined. 10:39:59 -!- DHeadshot has joined. 10:42:19 -!- MoALTz has joined. 10:42:30 -!- MoALTz has quit (Remote host closed the connection). 10:47:21 -!- DHeadshot has quit (Ping timeout: 276 seconds). 10:58:08 -!- derdon has joined. 11:10:37 -!- Phantom_Hoover has joined. 11:20:54 -!- MoALTz has joined. 11:28:00 Hmm, I think I had a dream last night that there was a video on YouTube where some guy was putting some kittens in a glass of water. 11:28:07 I don't think they minded, actually. 11:28:57 kittens love water 11:36:04 I don't remember checking the comments though. 11:37:31 ????? 11:37:36 you didn't check the comments???? 11:37:47 what's the point then 11:40:57 I know! 11:43:36 I'm finally beginning to appreciate the idea of the right tool for the job, rather than one language to rule them all. 11:43:51 As in, I think newLisp's the right language for a codenomic, but not for much else. 11:44:22 >.> 11:45:12 -!- mig22_ has joined. 11:47:12 -!- mig22 has quit (Ping timeout: 252 seconds). 11:47:13 -!- mig22_ has changed nick to mig22. 11:57:06 -!- nooga has joined. 12:04:43 -!- ogrom has quit (Quit: Left). 12:05:08 -!- monqy has quit (Quit: hello). 12:36:34 -!- KingOfKarlsruhe has joined. 12:46:16 -!- kinoSi has quit (Read error: Connection reset by peer). 12:46:45 -!- kinoSi has joined. 13:01:34 -!- pikhq has joined. 13:01:54 -!- pikhq_ has quit (Ping timeout: 264 seconds). 13:14:36 // very readable code from boost 13:14:36 typedef std::string::const_iterator interator_type; 13:14:36 typedef client::employee_parser employee_parser 13:14:36 employee_parser g; // notice this is the first and last use of employee_parser 13:14:47 -!- KingOfKarlsruhe has quit (Quit: ChatZilla 0.9.88.2 [Firefox 14.0.1/20120713134347]). 13:19:00 Why do they always give non-virtual destructors to their classes? 13:20:48 Do the classes have any virtual functions? If not, maybe just to save the vtable costs. 13:21:08 I get an error because of that 13:21:21 I have a class that derives from that class 13:21:30 normally that would only be a warning 13:21:34 but for some reason 13:22:08 Well, maybe "they" don't want you to derive. 13:22:20 Their example does derive 13:23:42 well their example doesn't work 13:23:42 http://www.boost.org/doc/libs/1_51_0/libs/spirit/example/qi/employee.cpp 13:23:42 Doesn't compile for me. 13:24:59 The best %= operator override ever. 13:25:16 -!- AnotherTest has quit (Read error: Connection reset by peer). 13:25:29 -!- AnotherTest has joined. 13:29:03 -!- AnotherTest has quit (Read error: Connection reset by peer). 13:29:19 -!- AnotherTest has joined. 13:31:03 -!- Phantom_Hoover has quit (Remote host closed the connection). 13:32:32 -!- Phantom_Hoover has joined. 13:34:07 -!- AnotherTest has quit (Client Quit). 13:34:17 -!- AnotherTest has joined. 13:41:12 -!- AnotherTest has quit (Quit: Leaving.). 13:42:01 -!- AnotherTest has joined. 13:45:57 -!- AnotherTest has quit (Read error: Connection reset by peer). 13:46:03 -!- AnotherTest1 has joined. 13:58:27 -!- Phantom_Hoover has quit (Ping timeout: 276 seconds). 14:05:45 -!- Phantom_Hoover has joined. 14:19:54 hm. back to spirit classic 14:26:28 -!- pikhq_ has joined. 14:26:42 -!- pikhq has quit (Ping timeout: 252 seconds). 14:54:53 -!- mig22 has quit (Quit: mig22). 15:19:16 -!- cheater__ has quit (Ping timeout: 248 seconds). 15:20:29 -!- ineiros has quit (Quit: leaving). 15:20:58 -!- ineiros has joined. 15:23:51 yeah i used boost::spirit once 15:23:53 never again... 15:26:19 -!- cheater__ has joined. 15:27:02 -!- pikhq has joined. 15:27:07 -!- pikhq_ has quit (Ping timeout: 240 seconds). 15:37:13 http://goo.gl/maps/M9T0H 15:38:43 yup 15:39:02 Elephant Butte, New Mexico 15:39:08 which is next to Truth or Consequences, New Mexico 15:39:27 which is named after a radio show 15:49:07 -!- atriq has joined. 15:55:25 I love it when one of mine comes up in CoaP 15:55:34 Because I'm like, "This sounds familiar" 15:55:40 Followed by, "This is awful" 15:55:48 Then, "Oh, yay, it's one of mine." 16:01:10 CoaP? 16:01:13 Oh, right. 16:01:40 ? 16:01:49 Comments on a Postcard. 16:04:19 The fourth least popular comic of DMM's 16:05:19 After Infinity on 30 Credits a Day, Awkward Fumbles, at that one that never got off the ground 16:07:05 I now understand Clojure enough to be able to comment about it in my post about name conflicts 16:07:06 Maybe. 16:07:12 Actually, no. 16:07:21 lol 16:09:57 -!- Slereah_ has quit (Ping timeout: 265 seconds). 16:13:19 Sgeo you so silly 16:14:16 -!- Slereah has joined. 16:16:24 -!- pikhq_ has joined. 16:16:37 -!- pikhq has quit (Ping timeout: 256 seconds). 16:21:24 -!- pikhq has joined. 16:22:24 -!- pikhq_ has quit (Ping timeout: 260 seconds). 16:26:51 How many Java+other JVM language developers actually stick to the domain name convention, and how many.. well, don't? 16:27:44 I don't see how you could measure that, except by some sort of a silly poll. 16:37:42 Oh god I want to like Clojure but I don't want to start learning Java. 16:39:29 Java is easy 16:39:55 and it's not like Clojure is based on Java, it just has a Java FFI 16:40:39 Well, I have to start learning about classpaths and probably similar things 16:41:10 that's true 16:41:19 i found that aspect to be the worst part of using clojure, by far 16:42:42 JavaScript all the way everywhere 16:43:02 420 smoke javascript everyday 16:43:22 Well, there is ClojureScript 16:44:12 does it have anything to do wi6th Clojure 16:44:33 262 code ecmascript everyday 16:45:02 well if Javascript is Scheme with Java syntax, then presumably ClojureScript is Java with Scheme syntax 16:45:05 obviously 16:46:03 aka the least popular language you could possibly make 16:48:19 kmc, other than classpath stuff, do you generally like Clojure? 16:52:55 -!- ogrom has joined. 17:04:40 -!- asiekierka has joined. 17:51:59 wow 17:52:07 I actually got boost::spirit working 17:52:14 -!- AnotherTest1 has changed nick to AnotherTest. 18:01:26 Sgeo: have only used it a little bit, but yes 18:01:45 -!- aloril has quit (Ping timeout: 244 seconds). 18:11:40 AnotherTest: congratulations 18:11:47 -!- pikhq_ has joined. 18:12:05 -!- pikhq has quit (Ping timeout: 244 seconds). 18:12:19 kmc: notice spirit classic; I don't think it's possible to get spirit 2 working 18:13:18 heh 18:15:37 -!- aloril has joined. 18:15:57 mh... semantic actions can take functors 18:16:12 a lambda is a functor in C++... 18:16:20 hm, the X1 Carbon has an optional USB 3.0 "dock" box with two DVI outputs 18:16:26 i wonder how much video you can push through USB 3.0 18:17:27 Well, it's nominally 5 Gbit/s. 18:17:38 C++: annoying people by misusing the word "functor" since 1983 18:17:51 Probably not an awesome video card, but should be acceptable at least. 18:17:54 i know that USB 2.0 video boxes are usually rather shit 18:18:07 anyway yeah, should suffice for business graphics 18:18:12 yes 18:18:23 kmc: function object :D? 18:18:38 Let's go with "closure". 18:18:42 our school has usb2 kvm systems 18:19:07 pkhq_: no, a function object isn't always a closure; a closure is a function object though 18:20:11 reason: a function object does not have a capture 18:21:20 So, you're distinguishing between closures that don't close and closures that do? :) 18:21:45 i like this new topic 18:21:48 kmc: Does it mention whether it has a video chipset on the dock, or just something to feed through the image generated by the computer itself? Single-link DVI maximum data rate is just 4 Gbit/s, you could almost even push that raw over USB, let alone encoded somehow. (Though it'd be weird.) 18:22:01 pkhq_: in C++, yes 18:22:04 i'm not sure, i'm guessing it's a video chipset in the dock 18:22:10 pkhq_: and maybe always 18:22:13 That's a highly arbitrary and meaningless distinction. 18:24:20 -!- donmarquis has joined. 18:25:01 kmc: Google says the dock has a http://www.displaylink.com/usb3/index.php on it, and the spec sheet of that speaks a lot about video compression. 18:25:15 -!- impomatic has joined. 18:26:28 -!- donmarquis has quit (Quit: Leaving). 18:28:26 -!- donmarquis has joined. 18:46:54 -!- atriq has quit (Ping timeout: 240 seconds). 18:53:04 -!- ogrom has quit (Read error: Connection reset by peer). 18:58:59 -!- donmarquis has quit (Quit: Leaving). 19:00:57 https://www.refheap.com/paste/4643 19:07:18 -!- pikhq has joined. 19:07:47 -!- pikhq_ has quit (Ping timeout: 268 seconds). 19:08:24 Sgeo: lol 19:08:40 ? 19:08:44 What's funny? 19:08:48 -!- AnotherTest has quit (Quit: Leaving.). 19:09:05 Incidentally, the "WARNING! UNTESTED!" is now obsolete 19:10:25 -!- FreeFull has quit (Ping timeout: 260 seconds). 19:11:33 Is my code really that bad that it's "lol" worthy? 19:11:39 -!- FreeFull has joined. 19:17:56 -!- zzo38 has joined. 19:33:06 kmc: To be fair, most everybody misuses the word "functor" somehow. 19:47:25 -!- pikhq has quit (Ping timeout: 252 seconds). 19:47:31 -!- pikhq_ has joined. 19:49:32 -!- augur_ has changed nick to augur. 19:49:40 sure 19:56:11 -!- zzo38 has quit (Remote host closed the connection). 19:56:45 -!- oerjan has joined. 19:57:02 -!- ais523 has joined. 19:57:14 -!- pikhq has joined. 19:57:20 -!- pikhq_ has quit (Ping timeout: 246 seconds). 20:03:49 03:35:06: i gather that there are a lot of fun things to do in LA, most of which i have not done 20:03:52 03:35:18: i never even went to the beach, despite living a few minutes' bike ride away for a summer 20:04:58 i have gone through LA twice in my life, just enough to get a horrible sunburn on the beach the second time. (the first time we'd forgot to get visas so we had to stay at the airport, technically under guard) 20:06:24 i think this may have been one of the times i shed 3 layers of skin on my shoulders 20:08:02 i recall it was rather fascinating to watch once the pain got relieved 20:08:51 * oerjan wonders if he should have put a NSFL warning on that 20:09:56 04:23:39: we alone on earth can rebel against the tyranny of the selfish replicators 20:10:07 ... 20:10:39 paradoxical yet probably essential to humanity's survival. 20:11:59 -!- pikhq has quit (Ping timeout: 252 seconds). 20:12:02 -!- pikhq_ has joined. 20:16:36 -!- oerjan has set topic: May contain: soy strawberries, chocolate people, vanilla computer programming, natto esoteric, tarragon THX deep note, mutton ecliptic longitude, camomile tea, some CPU locusts, rutabaga nonsensical analogies and theories, hummus matrices of solidity, pudding lovecraftian horrors, and no Ice-9. | http://codu.org/logs/_esoteric/ | http://esolangs.org/wiki. 20:17:54 Given our topics, it's maybe not so unexpected that people come here looking for the other sort of esoterica. 20:18:02 you think? 20:18:41 also topic of #esoteric-en doesn't help 20:19:05 you think. 20:19:14 You, think! 20:19:30 youth ink 20:19:49 3:18 -!- Topic for #esoteric-en: Visit #esoteric if you want to speak about occultism andvwitchcraft 20:19:58 -!- asiekierka has quit (Remote host closed the connection). 20:20:20 apparently that's a festival 20:21:17 Hunk it, yo. 20:26:52 @quote kmc gentle.introduction 20:26:52 kmc says: i started to read the "tutorial" and it was incomprehensible. makes the Gentle Introduction to Haskell look like Teach Yourself PHP in 24 Hours 20:27:04 kmc: Isn't the Gentle Introduction the "tutorial"? 20:30:12 http://sprunge.us/bEdX - N900 dmesg is the most useful ever. (All the hard keys are hooked to the GPIO pins, and the driver reports all state changes.) 21:11:46 -!- Arc_Koen has joined. 21:15:20 fizzie: grep -v GPIO 21:16:18 `welcome Arc_Koen 21:16:27 hello 21:16:29 Arc_Koen: Welcome to the international hub for esoteric programming language design and deployment! For more information, check out our wiki: http://esolangs.org/wiki/Main_Page. (For the other kind of esoterica, try #esoteric on irc.dal.net.) 21:16:49 a bit quiet here right now 21:16:53 FreeFull: Doesn't help all that much since the GPIO stuff has pushed other things out of the message buffer. (Okay, it only matters for historic matters, but still.) 21:17:42 -!- pikhq has joined. 21:17:44 -!- pikhq_ has quit (Ping timeout: 252 seconds). 21:21:39 -!- nortti has quit (Ping timeout: 252 seconds). 21:24:01 -!- atriq has joined. 21:24:51 darn internet is slow :( 21:25:23 They should build a faster one. 21:25:29 shachaf: the ATS tutorial 21:26:31 Oh. 21:26:45 * shachaf sympathizes. 21:28:04 oerjan: do you know the context of the selfish replicators quote 21:29:37 shachaf: why did you bring up that quote? 21:29:52 It came up in #haskell. 21:30:03 Which for some reason I'm still in. 21:30:12 shachaf: did you think up some entertaining misuses of crypto for the next CTF? 21:30:16 i'm composing a list in an email to gdb 21:30:24 edwardk has a new lens combinator for filtering, called "iwhere". 21:30:33 filter combinators, reinvented 21:31:03 I don't know why I called it a "combinator". 21:31:12 because anything sounds better if you call it a combinator? 21:31:15 Is it a combinator? Why did I even use that word? I don't know what it means. :-( 21:31:48 I was just reading 21:31:49 Instead of taking the bus, take the mobile people combinator. 21:31:58 You could probably take each DON'T line and turn it into a fun CTF challenge. 21:32:14 heh 21:32:23 i got some ideas from http://chargen.matasano.com/chargen/2009/7/22/if-youre-typing-the-letters-a-e-s-into-your-code-youre-doing.html 21:32:35 kmc: Did you mention something about length-extension attacks? 21:32:51 Like the thing Flickr had. 21:33:19 yes 21:33:56 did you finish the web CTF then? 21:34:49 No. :-( I haven't worked on it. 21:34:58 But today is a good day for it, as soon as I finish $THING. 21:37:23 ok 21:38:24 shachaf: huh, that presentation says to use AES-256, despite the related-key attack 21:38:49 also it says not to use combined authentication/encryption modes 21:38:52 but doesn't say why 21:39:18 -!- Vorpal has quit (Ping timeout: 276 seconds). 21:39:56 I think he has a follow-up post that clarifies some of it. 21:40:41 Do related-key attacks generally matter? 21:41:35 http://www.daemonology.net/blog/2009-06-11-cryptographic-right-answers.html 21:42:36 i think this related key attack doesn't matter specifically 21:43:02 Well, the one on AES-256 is only theoretical anyway. 21:43:05 but there is a notion that cryptosystems with known but impractical attacks are more likely to develop practical attacks eventually 21:43:42 "I did mention the issue of authenticated encryption modes, but to elaborate a bit: CTR mode has the very nice property that the attacker has absolutely no control over what operations you perform. This makes a big difference -- almost all side channel attacks require chosen inputs." 21:44:03 fair enough 21:44:38 heh, i had forgotten that using a separate HMAC requires you to choose between Encrypt-and-MAC, MAC-then-encrypt, and Encrypt-then-MAC 21:44:49 and experts don't even agree on which of these is better 21:45:00 this is a point in favor of authenticated encryption modes 21:45:11 I think everyone agrees that encrypt-and-MAC is bad. 21:46:54 There's also the argument that standalone authentication is much cheaper than decryption+authentication, so a system that can reject unauthenticated ciphertexts early is much more resilient to a DoS. 21:47:02 (Assuming you encrypt-then-MAC.) 21:47:11 true 21:47:22 Oh, I guess he wrote about that. 21:47:26 which relates to the side channel argument as well 21:52:10 SSH does encrypt-and-MAC? 21:52:31 "If you're distributing client code which speaks to a server you operate, there is no need to use SSL; instead, you can distribute the server's public RSA key (or its hash) along with the client code, and "bootstrap" the security process that way. I do this in FreeBSD for the FreeBSD Update and Portsnap services, and I also do this in Tarsnap. It's simple; it works; and it's secure." 21:52:52 if you squint right, this endorses what Mosh does 21:53:59 In the sense that "send-key-over-SSL" is similar to "send-key-over-SSH"? 21:54:15 By SSL I mean https when you're downloading the client code, presumably. 21:54:29 yeah 21:54:39 and rejecting the complexity of SSL for the client app itself, when you don't need it 21:54:51 mosh doesn't send an asymmetric key at all, does it? 21:54:56 mosh goes further in having symmetric crypto only 21:54:57 right 21:55:10 obviously this doesn't work if you have multiple mutually-untrusting clients connecting to the same service 21:55:22 On the other hand that makes you more reliant on SSL/SSH, since you have to use it every time rather than just the first time. 21:55:37 well, yes and no 21:56:00 someone could write a special purpose mosh-server-launching daemon using RSA in the manner Tarnsap guy describes 21:56:11 and it would still be a separate component from mosh-server itself 21:57:32 True. 21:58:14 someone already wrote a HTTP-based mosh launcher 21:58:32 with some questionable security properties 21:59:52 Why questionable? 22:00:31 the docs said nothing about the fact that you should run it over HTTPS, and had an example of running it over HTTP-not-S 22:00:44 when i pointed this out, the author said it was "obvious" that you needed to use HTTPS, so why bother putting this in the docs 22:01:15 it had some other problems too, some of which they did fix 22:02:04 it had some homebrew authentication mechanism, and i think v1 of this was vulnerable to a path traversal 22:02:22 I,I ln -s /usr/bin/mosh-server ~/public_html/cgi-bin/ 22:02:34 mosh doesn't contain public-key crypto code but perhaps more importantly, it doesn't contain authentication code 22:03:03 https doesn't really have a mechanism for client-side authentication. 22:03:45 it has client certificates! 22:03:51 these are used extensively at MIT 22:03:56 Oh, true. 22:04:00 I've never heard of anybody using them. 22:04:15 MIT is weird :) 22:05:45 shachaf: did you know that ECB mode is the default for Java crypto APIs? 22:05:57 ECB mode is the default for all crypto APIs that support it. 22:06:10 shouldn't some APIs have no default? 22:06:17 CAcert.org uses SSL client certificates for user login. 22:06:21 "default" in the sense of "requires the fewest parameters" 22:06:26 oh 22:06:31 i mean that if you don't choose one, it uses ECB 22:06:33 If you don't know what you're doing, you'll pick the one that looks easiest. 22:06:34 but i could be wrong 22:06:38 yeah... 22:06:47 And OpenVPN setups use SSL client certificates quite often, I believe. 22:07:00 level 0 of the crypto CTF would involve finding patterns in an ECB-encrypted file, i think 22:07:10 like the Tux image on wikipedia 22:07:52 That's a great image. 22:10:58 Is there ever a reason to use a mode other than CTR mode when you're not doing combined encryption-authentication? 22:13:15 hm 22:13:45 CTR requires a nonce, which could be annoying 22:14:09 What mode doesn't? 22:14:15 "Nevertheless, there are specialized attacks like a Hardware Fault Attack that is based on the usage of a simple counter function as input." 22:14:22 CBC doesn't 22:14:30 CBC has an IV 22:14:38 What's the difference between an IV and a nonce? 22:14:41 er, right, i guess that's the same thing basically 22:14:43 -!- atriq has quit (Ping timeout: 245 seconds). 22:16:07 -!- atriq has joined. 22:16:29 I have a crypto-failure T-shirt bought from Bletchley Park; it's describing the occasion when Germans once resent a message (with different typos) reusing -- against the regulations -- the Lorentz stream cipher settings that had been used for the original message. Both were intercepted, with predictable results: http://www.codesandciphers.org.uk/lorenz/fish.htm 22:16:53 does the nonce have to be secret in either case? 22:17:05 No, it's not supposed to be secret. 22:18:32 Really there's no point in separating the nonce and the counter, as far as I can tell. 22:18:49 Instead of having an n-bit nonce and an n-bit counter, just have a 2n-bit counter that starts at a random point. 22:19:12 'The one snag with Enigma of course is the fact that if you press A, you can get every other letter but A. I picked up this message and—one was so used to looking at things and making instant decisions—I thought: 'Something's gone. What has this chap done. There is not a single L in this message.' My chap had been told to send out a dummy message and he had just had a fag [cigarette] and pressed the last key on the keyboard, the L 22:19:18 So that was the only letter that didn't come out. We had got the biggest crib we ever had, the encypherment was LLLL, right through the message and that gave us the new wiring for the wheel [rotor]. That's the sort of thing we were trained to do. Instinctively look for something that had gone wrong or someone who had done something silly and torn up the rule book.' 22:19:47 shachaf: yeah 22:20:03 ...they had to translate "fag" and "wheel"...? 22:20:05 Good grief 22:20:15 someone objected that the incrementing plaintext nonce in mosh packets makes it easy to identify the traffic as mosh traffic 22:20:27 by someone i mean jacob appelbaum 22:20:39 15:17 challenge/response protocol that is symetrical so that you can pass back the challenge to the remote as if it was your challenge 22:20:42 15:17 and the response you get ack can be used as your response 22:20:44 15:17 diffie-hellman without checking that the challenge you get is in the proper range (ie. so that the attacker can pass in a value that is zero modulu N) 22:20:47 15:18 using number-of-seconds-since-epoch as the seed to a PRNG which is used to generate an important secret. 22:20:50 15:19 using a weak PRNG which can easily be predicted from past values, or alternately one with a very small output space 22:21:09 nice 22:21:19 yes i've seen the srand(time(NULL)) used to generate AES keys 22:21:24 saw this on stackoverflow anyway 22:21:27 Gah! 22:21:54 There is a program running on your system which generates random tokens using time(NULL). :-( 22:21:56 you see on Windows, the OpenSSL PRNG requires seeding 22:21:58 C rand() should only be used for games and such where all the entropy that matters is "eh, looks random I guess". 22:22:14 shachaf: what system? 22:22:43 I should probably report the bug before saying it, or something. 22:22:59 pikhq: it's acceptable but not ideal for situations where the randomness is not as important as the fact that there are arbitrary numbers 22:23:00 15:20 having a buggy challenge-response implementation where you expect to get back Encr(n+1) as a verifier, but due to bug in impl you actualy require Encr(n) as verifier 22:23:05 15:20 (ie. the "n+1" function has bug that makes it a nop) 22:23:05 (hash salts come to mind) 22:23:07 Low bits of old-old C rand()s shouldn't even be used for that. :p 22:23:07 15:22 having a strong RNG, but always using it after a fork() in a server daemon so that the value sent out by the daemon always uses the same random sequence for each session 22:23:11 -!- Nisstyre has quit (Quit: Leaving). 22:23:46 -!- newsham has joined. 22:23:47 hi 22:23:51 hi newsham 22:24:14 can i pass on your suggestions to the people who might be running a crypto-related wargame? 22:24:18 yup 22:24:20 by "might be" i mean "i am trying to convince them to" 22:24:20 thanks 22:24:30 -!- Nisstyre_ has quit (Quit: Leaving). 22:24:37 kmc: You should run it yourself! 22:24:46 too much work 22:24:49 - having a protocol where replaying a transaction can cause somethign bad to happen, and not having any liveness in the protocol that prevents an old message (encrypted/authenticated) to by simply replayed 22:25:27 - having an authenticator that covers a bunch of important fields, but leaves some important field unprotected (and hence tamperable) 22:25:48 possibly due to oversight or possibly due to bug where the authenticator length is incorrect 22:28:51 - using a really small keyspace so that brute force is trivial 22:31:32 hm, i bet you could construct a fun situation where the message length field is the unprotected one 22:31:40 allowing you to send a truncation of any legitimate message 22:31:47 kind of the opposite of a hash extension attack 22:32:39 -!- Arc_Koen has left. 22:33:22 truncation attack.. woot 22:33:56 or like you have an authenticator over the whole msg but not of the pseudodata like what session its from or what IP its from 22:34:01 so that other sessions or other IPs can replay the msg 22:34:43 ps: if this is going to be a public game, i'd love to hear about it.. love even more if its available for use offline after the game is done 22:35:29 Security isn't easy 22:35:33 i'm suggesting it to the people who are currently running https://stripe-ctf.com 22:39:57 -!- nooga has quit (Ping timeout: 260 seconds). 22:41:13 FreeFull: indeed 22:43:25 security is super easy 22:43:29 its just hard to add functionality 22:44:03 its all really turing and church's fault 22:44:58 security was hard before computers too =( 22:45:27 * kmc spent a lot of time performing privilege escalation attacks on pin tumbler lock systems 22:45:45 -!- atriq has quit (Remote host closed the connection). 22:45:53 It'd be really cool to know if one way functions exist 22:46:00 eh.. locks arent designed to be hard to break 22:46:06 they're designed to be cheap and convenient 22:46:40 Feynman did a bit of stuff with locks 22:46:53 well some of these were medeco "high security" locks 22:46:59 i read abou that in "you're full of shit, mr. feynman" 22:47:03 haha 22:47:16 typical house locks are a joke, even i can pick those 22:47:38 Ever heard of bump keys? 22:47:55 yup. nifty when they work.. not always suitable 22:48:06 youtube has a bazillion videos on em 22:48:28 at school we had mailbox locks which were so shitty that basically any key could be used as a bump key 22:49:44 I once tried my house key on a school door lock 22:49:47 And it just happened to work 22:49:55 Just that one lock though 22:49:56 nice 22:50:26 Then I calculated the chances of that happening with a random lock 22:50:29 I forget what they were 22:50:43 But higher than 1 in 70000 22:50:54 I think anyway 22:51:01 yeah 22:51:04 was that in feynman's book, too? 22:51:15 normal house key has 5 pins, with maybe 10 possible heights for each 22:51:40 but if it was at a school they might have made master keys, which increases the odds of a random match 22:51:42 possible the school lock was missing pins or was excessively worn such that more keys would open it 22:51:45 or master keys, yeah 22:51:57 That's 10⁵ 22:52:23 So 1/100000 22:52:25 increases dramatically... if the master key doesn't share any heights with the other key, you now have 2^5 = 32 keys that can open that lock 22:52:29 and many systems have more than one master 22:53:01 the priv esc that i alluded to is that you can disassemble a few locks in low security areas and thereby compute the master key which works on high security areas too 22:53:05 Are you sure about the 10 heights? 22:53:12 I figure it's less than that 22:54:36 schlage locks have 10 heights: http://www.clksupplies.com/shop/schlage-pins-bottom-pins-c-22_33_69.html?osCsid=3c7748ac9175559f241b14333637e96e 22:55:17 and being off by 1/10th of the height results in no-open? 22:55:53 depends 22:56:09 i think a key which is halfway between official heights will open locks of either height, with enough jiggling 22:56:33 you kind of learn the magic wiggle to make each of your handmade master keys open each lock 22:57:04 so more like 5^x than 10^x? 22:57:07 the master and non-master heights in a given pin will never be adjacent, though 22:57:16 because the spacer between them would be too small 22:57:29 well, FreeFull's house key is probably closer to spec 22:57:40 and not exactly halfway between heights 22:58:16 my guess is lazy locksmith at the school didn't fill all the columns 22:58:19 but it could just be luck 22:58:28 I bet luck 22:58:31 if one thing happens to you every second, you should expect a one-in-a-million coincedence about once a month 22:58:32 -!- DHeadshot has joined. 22:59:07 but its never the lotto 22:59:14 its always the clock reading "1234" 22:59:33 -!- MoALTz has quit (Ping timeout: 260 seconds). 22:59:35 or pbs having the mr. rogers neighbhood music video on right as you're flipping 23:02:36 at school we had mailbox locks which were so shitty that basically any key could be used as a bump key 23:02:57 There was a locker in my old school that you could unlock by sticking your thumb in the middle and twisting. 23:03:02 It may have been broken. 23:03:48 also you can "pick" Master brand padlocks just by hitting a metal bit at the back of the lock 23:03:51 ignoring the pins 23:07:34 -!- DHeadshot has quit (Read error: Connection reset by peer). 23:14:45 -!- monqy has joined. 23:15:45 newsham, sadly news-ham is no longer among us 23:21:21 -!- impomatic has left. 23:24:53 -!- pikhq_ has joined. 23:27:13 -!- pikhq has quit (Ping timeout: 244 seconds). 23:27:38 nice, Newegg sells a 21" monitor with 2560 x 2048 resolution 23:27:41 for only $10,599 23:29:21 http://www.bbc.co.uk/news/technology-19370582 Broadcasts in 8K will offer a resolution of 7,680 by 4,320 pixels - roughly the equivalent of a 32 megapixel photo. 23:29:41 "I suspect that we won't see this become available to consumers below $10,000 until 2025," Paul O'Donovan, principal analyst at the tech consultancy Gartner, told the BBC. 23:33:21 I hear those fishy Korean 27" 2560xsomething LCDs are nice. 23:34:29 also cool: outdoors 23:35:58 i'm not sure what this "Large Format Monitor" category is 23:36:18 they seem to be HDTVs, without the tuner? 23:36:38 newsham: Outdoors got way better when I got the high-resolution expansion. 23:36:48 I think kmc got that too recently. 23:36:49 i smell price discrimination 23:36:55 yep 23:47:10 > 7680 * 4320 23:47:11 33177600 23:47:36 Which is cheaper, HDTVs or those? 23:48:56 Appears to be the HDTVs. 23:49:01 Weird. 23:49:16 here's a "Large Format Monitor Built in TV Tuner" 23:50:39 HDTVs are a consumer product, LFMs are a business product, everyone knows a business can't just buy a consumer product even if it does the same exact thing 23:51:16 It's a shame it's near impossible to get reasonably accurate measurements of the performance of displays... 23:51:33 "1000000:1 contrast!" 23:51:34 what sort of performance, and why is it impossible? 23:51:44 oh sure, disregard the manufacturer's claims 23:51:55 Bull fucking crap you're not getting 1000000:1 contrast. 23:51:57 but there are a fair number of websites giving detailed data on contrast, color reproduction, etc 23:52:12 http://www.tftcentral.co.uk/ has some pretty comprehensive tests 23:52:13 Yeah, I was refering to manufacturer's claims. 23:52:19 pikhq_: "our patented blackbody monitors..." 23:52:27 Obviously, if you look for enthusiasts who measure things sanely, you're good. 23:52:29 -!- zzo38 has joined. 23:52:50 oerjan: "We accurately display both the brightness of 0k and the sun!" 23:53:00 actually can even a blackbody get that, at room temperature... 23:53:11 Who said room temperature? 23:53:15 ah. 23:53:20 jolly good then 23:54:30 Safety waiver required for purchase; temperatures of 0K may not be appropriate for corporeal beings. 23:54:46 nor the sun one, incidentally 23:55:05 i think it's much easier for enthusiasts to objectively review monitors compared to (say) laptop battery life 23:55:20 There are actual objective measurements to be made there. 23:55:21 reviewers will come up with battery life numbers differing by 2+ hours on similar-sounding tests 23:55:37 And what's more, the objective measurements map very well to *what you actually care about*. 23:55:57 A monitor with bad contrast will actually look like shit. 23:56:17 "Area Man purchases Large Format Monitor with Built-in TV Tuner" 23:57:09 -!- Nisstyre has joined. 23:57:51 hahaha 23:59:40 sadly that is probably too obscure for the onion?