1 2013-07-23 00:01:10 <midnightmagic> Does anyone have an archive of the pre-bitcointalk forum that was hosted on sourceforge?
  2 2013-07-23 00:01:17 <gmaxwell> I don't.
  3 2013-07-23 00:01:49 <midnightmagic> Satoshi said he moved over some messages but..
  4 2013-07-23 00:01:52 <gmaxwell> I really wish SSL were designed in such a way that you could pre-sign the site and keep the keys offline.
  5 2013-07-23 00:02:37 <gmaxwell> it would be pretty neat if the bitcoin.org site could be secured in such a way that short of ordering a CA to make a fake cert you couldn't just order any party to change the content.
  6 2013-07-23 00:03:17 <gmaxwell> There is even a way to securely multi-party split an RSA private key... so if it were just an RSA signature it could be done. alas.
  7 2013-07-23 00:13:07 <gmaxwell> https://github.com/grayleonard/bitcoin/commit/bd8420dda743c36940d3986fb7e81a2f195495f8#L0R488
  8 2013-07-23 00:13:30 <gmaxwell> I'm so sad that this apparently _isn't_ our first case of someone trying to slip in a really obvious backdoor.
  9 2013-07-23 00:14:10 <Krellan_> getting a backdoor into bitcoin would be second only to getting a backdoor into ssh
 10 2013-07-23 00:14:21 <Krellan_> as far as financial incentives go
 11 2013-07-23 00:15:01 <midnightmagic> lol
 12 2013-07-23 00:15:28 <midnightmagic> that's pretty hilarious.
 13 2013-07-23 00:17:24 <jgarzik> its. freakin. Basic. auth.  sigh.
 14 2013-07-23 00:17:47 <jgarzik> why backdoor something that's already a door swinging wide open ;p
 15 2013-07-23 00:18:08 <gmaxwell> jgarzik: 'cause someone who could query it could still crack it even if you _never_ used it, which is a little surprising.
 16 2013-07-23 00:18:39 <turboroot> reminds me of this included in a wordpress pull request: https://github.com/maxymax/WordPress/commit/2fa93590c7881fab043be7b8b51358894dbc1466
 17 2013-07-23 00:18:53 <jgarzik> gmaxwell, I just meant in terms of social engineering.  It's not a place in the code someone would patch for a timing attack.
 18 2013-07-23 00:19:11 <Luke-Jr> IMO hash the correct password, the password attempt, and compare that
 19 2013-07-23 00:19:16 <gmaxwell> midnightmagic: it's not actually a backdoor, unless I'm misreading the code, but I had to cross my eyes to convince myself of that.
 20 2013-07-23 00:19:22 <Luke-Jr> and hash the correct one at startup
 21 2013-07-23 00:19:24 <jgarzik> Luke-Jr, HTTP Digest auth
 22 2013-07-23 00:19:35 <Luke-Jr> jgarzik: yes?
 23 2013-07-23 00:19:39 <Luke-Jr> I'm just addressing timing attack
 24 2013-07-23 00:20:09 <Luke-Jr> if you're hashing the passwords to check, the timing is not quite as useful
 25 2013-07-23 00:20:11 <jgarzik> RPC: Avoid cleartext passwords by default    https://github.com/bitcoin/bitcoin/pull/1986
 26 2013-07-23 00:20:57 <Luke-Jr> jgarzik: yep, it's in next-test although you closed it..
 27 2013-07-23 00:21:25 <jgarzik> gmaxwell, Changes of this sort, even if correct, fall into the category of pointless microoptimization at best
 28 2013-07-23 00:21:42 <gmaxwell> jgarzik: so right now there are some (crazy, stupid) people with the rpc exposed to the internet.  Assuming I have good enough connectivity to them I can crack the RPC.
 29 2013-07-23 00:21:52 <gmaxwell> I don't think fixing that is pointeless microoptimization.
 30 2013-07-23 00:22:56 <gmaxwell> Though, uh, I'm certantly not willing to take a sketchy fix for it.
 31 2013-07-23 00:22:57 <jgarzik> gmaxwell, you don't address it with a hack. the root problem is addressed with turning off Basic auth for Digest and similar, stronger measures.
 32 2013-07-23 00:24:03 <petertodd> gmaxwell: back
 33 2013-07-23 00:24:53 <jgarzik> I think with sufficient messaging we can turn off Basic auth by default
 34 2013-07-23 00:25:18 <gmaxwell> jgarzik: I'm ducky with digest auth.
 35 2013-07-23 00:27:44 <petertodd> gmaxwell: http://pastebin.com/yYur8wrL
 36 2013-07-23 00:27:49 <midnightmagic> gmaxwell: n^n=0, |= 0 is 0. what's nResult prior to that snippet? If it's initialized, then ++nResult is always 1; but the comparison is not constant-time so it's just adding a constant to the work done for the length. Also, if it is always 1, then is it possible a compiler would optimize that whole routine away?
 37 2013-07-23 00:28:25 <gmaxwell> midnightmagic: yea I advised above that the compiler would probably optimize that whole thing away.
 38 2013-07-23 00:28:29 <petertodd> gmaxwell: works on my end
 39 2013-07-23 00:28:32 <midnightmagic> oh
 40 2013-07-23 00:28:53 <Luke-Jr> imo, hash the password, compare every byte, incrementing some register whether right/wrong, and then when all done, check if the "correct" register is 32 (perfect match)
 41 2013-07-23 00:29:12 <gmaxwell> Luke-Jr: if we're going to hash, why don't we just force digest auth?
 42 2013-07-23 00:29:18 <Luke-Jr> maybe check that the correct register isn't the incorrect one too
 43 2013-07-23 00:29:20 <midnightmagic> gmaxwell: Aaargh lol you've been training me for so long to assume you're right about things I've stopped verifying.
 44 2013-07-23 00:29:36 <Luke-Jr> gmaxwell: digest requires a challenge-response, no?  not that requiring it is necessarily bad
 45 2013-07-23 00:29:46 <midnightmagic> :)
 46 2013-07-23 00:29:46 <petertodd> midnightmagic: <gmaxwell>: midnightmagic is a stupid head
 47 2013-07-23 00:29:47 <jgarzik> Luke-Jr, correct.
 48 2013-07-23 00:29:56 <jgarzik> Luke-Jr, Amazon S3 (HMAC-based) does not.
 49 2013-07-23 00:30:03 <midnightmagic> 
ACTION mails a bear to petertodd 

 50 2013-07-23 00:30:25 <jgarzik> thus HTTP Digest requires one more round trip than Amazon S3.
 51 2013-07-23 00:30:26 <petertodd> 
ACTION is Canadian, is glad to know his other bear will be less lonely now.

 52 2013-07-23 00:31:08 <midnightmagic> petertodd: lol but what *kind* of Canadian are you!
 53 2013-07-23 00:31:12 <jgarzik> HMAC-SHA1 to be specific: http://docs.aws.amazon.com/AmazonS3/latest/dev/RESTAuthentication.html
 54 2013-07-23 00:31:43 <petertodd> midnightmagic: stereotypical
 55 2013-07-23 00:32:00 <jgarzik> Could also remove all authentication... and !SSL
 56 2013-07-23 00:32:15 <jgarzik> pass the buck ;p
 57 2013-07-23 00:32:15 <Luke-Jr> jgarzik: then I can't allow anonymous SSH to my system!
 58 2013-07-23 00:32:18 <gmaxwell> basically every http library should have support for digest auth so in theory requiring it should create no extra burden. I don't think the extra roundtrip is bad for anyone, or at least the persistance ...
 59 2013-07-23 00:32:19 <petertodd> jgarzik: People who need auth/ssl can always use socat
 60 2013-07-23 00:32:50 <jgarzik> I coded Amazon S3-like, and am happy to code Digest auth
 61 2013-07-23 00:33:08 <gmaxwell> jgarzik: yea, but setting up SSL correctly is going to increase actual compromises from oral-use-of-suppositories.
 62 2013-07-23 00:33:12 <gmaxwell> :P
 63 2013-07-23 00:33:37 <gmaxwell> gotta consider the actual effective security, not the security you get from spherical cow users.
 64 2013-07-23 00:34:32 <gmaxwell> Wanna go much further: fuck this tcp shit, unix domain sockets forever.
 65 2013-07-23 00:34:34 <gmaxwell> :P
 66 2013-07-23 00:34:35 <Luke-Jr> it'd be nice if we didn't need to implement a HTTP server and could just use some library..
 67 2013-07-23 00:34:41 <Luke-Jr> gmaxwell: ooh, I like that idea
 68 2013-07-23 00:35:27 <Luke-Jr> gmaxwell: then we can throw away HTTP too, and just do a persistent JSON-RPC socket <.<
 69 2013-07-23 00:35:43 <Luke-Jr> maybe stratum-compatible
 70 2013-07-23 00:36:14 <Luke-Jr> or protobuf since Gavin's pulling that in anyway (and get rid of JSON)???
 71 2013-07-23 00:36:53 <gmaxwell> our poor users.
 72 2013-07-23 00:39:19 <Luke-Jr> lol
 73 2013-07-23 00:40:31 <Ry4an> there's a protobuff succesor byt he original author that looks pretty good
 74 2013-07-23 00:40:38 <gmaxwell> of course there is.
 75 2013-07-23 00:40:51 <petertodd> Ry4an: link?
 76 2013-07-23 00:40:51 <Ry4an> he's since left google and seems to be enjoying fixing the things he didn't like about protobuf but could no longer change
 77 2013-07-23 00:40:57 <Ry4an> digging
 78 2013-07-23 00:41:07 <Luke-Jr> Anyone know what's up with this? https://en.bitcoin.it/w/index.php?title=Script&curid=106&diff=39730&oldid=39692
 79 2013-07-23 00:41:15 <gmaxwell> This is the great thing about seralizer dohickies: there is an uncountably infinite design space. :P
 80 2013-07-23 00:41:28 <Ry4an> http://kentonv.github.io/capnproto/
 81 2013-07-23 00:41:31 <petertodd> Luke-Jr: weird
 82 2013-07-23 00:41:42 <jgarzik> Satoshi even admitted he would have used a ser lib, if one had been well known and available
 83 2013-07-23 00:41:46 <Ry4an> you can't do worse than bson (Mongo's binary json representation)
 84 2013-07-23 00:41:51 <jgarzik> P2P + protobufs, anyone?
 85 2013-07-23 00:41:52 <jgarzik> 
ACTION runs

 86 2013-07-23 00:42:06 <gmaxwell> petertodd: https://en.bitcoin.it/wiki/Talk:Script
 87 2013-07-23 00:42:08 <Ry4an> (well you can (ASN1) but no one does worse anymore :)
 88 2013-07-23 00:42:11 <gmaxwell> Luke-Jr: ^
 89 2013-07-23 00:42:48 <gmaxwell> jgarzik: if he'd done that we've have a much harder time fixing the @#$#@$  TXID non-canonical encoding stuff. :P
 90 2013-07-23 00:42:52 <petertodd> gmaxwell: gah, that guy obviously didn't actually look at that transaction, although I can see why he might think htat
 91 2013-07-23 00:43:29 <gmaxwell> petertodd: yea, restore the text, update the description to make it clear that the btc isn't in the output.
 92 2013-07-23 00:43:32 <Luke-Jr> Ry4an: little endian. :<
 93 2013-07-23 00:43:54 <gmaxwell> petertodd: well intentioned edit on his part at least.
 94 2013-07-23 00:44:39 <gmaxwell> Ry4an: maybe we can convince that guy to eliminate encoding redundancies if he hasn't already. :P
 95 2013-07-23 00:44:58 <petertodd> gmaxwell: yeah, wording was pretty bad come to think of it
 96 2013-07-23 00:45:16 <Ry4an> Luke-Jr: I'm a network byte order person deep down, but I assume Kenton Varda had his reasons. Sounds like he's thought about this an awful lot
 97 2013-07-23 00:45:37 <gmaxwell> amusing, capnproto sounds like formalizing what bitcoin has done. :P
 98 2013-07-23 00:45:58 <Luke-Jr> Ry4an: "most CPUs are little endian"
 99 2013-07-23 00:46:06 <Luke-Jr> gmaxwell: lol
100 2013-07-23 00:46:16 <gmaxwell> basically "the serialization is the in-memory ordering for some little endian protypical machine"
101 2013-07-23 00:46:46 <petertodd> I'd be more impressed if he made it possible to use either endian as needed...
102 2013-07-23 00:47:10 <Ry4an> sure we all blitted structs to disk in our early days, but numbered fields for backwards compatibility and container objects appearing entirely before their contained items is a step forward.
103 2013-07-23 00:48:20 <petertodd> "However, since all these extra bytes are zeros, when bandwidth matters, we can apply an extremely fast Cap???n-Proto-specific compression scheme to remove them" <- I'll admit that's clever
104 2013-07-23 00:48:22 <gmaxwell> petertodd: sure, it does if you're not native.
105 2013-07-23 00:49:04 <gmaxwell> It's certantly nice to have a library that makes it all well formed and portable.
106 2013-07-23 00:49:13 <petertodd> gmaxwell: where was that? must have missed it, all I see is "and even big-endian CPUs usually have instructions for reading little-endian data."
107 2013-07-23 00:49:24 <jgarzik> Most CPUs we care about in bitcoin-land are little endian.
108 2013-07-23 00:49:44 <jgarzik> "network byte order" is just a Sun marketing slogan.
109 2013-07-23 00:49:46 <gmaxwell> petertodd: they do, what I'm saying is it appears the library will use them for you.
110 2013-07-23 00:50:10 <Ry4an> jgarzik: then they got me when they got stephens
111 2013-07-23 00:50:27 <petertodd> jgarzik: "network byte order" was set in RFC's pre-sun though right?
112 2013-07-23 00:50:30 <gmaxwell> jgarzik: Someone said something about blah blah network byte order to me recently and my response was "and you use portmapper too?"
113 2013-07-23 00:51:11 <gmaxwell> petertodd: "network byte order" is basically dead in the IETF now.  (also as it people caring about byte vs octet)
114 2013-07-23 00:51:52 <petertodd> gmaxwell: right, just saying the term pre-date's Suns marketing AFAIK
115 2013-07-23 00:52:33 <Ry4an> anyway, I can't vouch for cap'n proto from experience except to say that I almost prefer someone's 2nd attempt to solve a problem to their 1st.  /me off to sleep
116 2013-07-23 00:53:09 <Ry4an> +always
117 2013-07-23 00:54:25 <TheUni> are the big-endian problem areas in bitcoin known?
118 2013-07-23 00:55:12 <TheUni> those mind-numbing abstractions are relaxing to me at times, for some reason
119 2013-07-23 00:58:00 <gmaxwell> TheUni: no. Luke started on a patch to make bitcoin run on BE but it wasn't complete.
120 2013-07-23 00:58:12 <gmaxwell> It's not particuarly hard: keep trying until it works.
121 2013-07-23 00:58:38 <gmaxwell> if someone wants to work on it, I can give you a shell on a debian PPC box. But I think mostly no one cares.
122 2013-07-23 00:59:03 <TheUni> i've got a few mips boards around, that's the only reason i was curious
123 2013-07-23 00:59:49 <TheUni> mainly had something like dd-wrt in mind
124 2013-07-23 01:00:35 <gmaxwell> I think fixing it would be a good excercise. In general I think portability is valuable. Forces assumptions in the code to be make more clear, and running on weird systems can make rare bugs more obvious.
125 2013-07-23 01:02:01 <TheUni> yep, we certainly share the same ideas wrt portability. imo it should run everywhere, then let users decide where it's actually useful to run. in the process, bugs get fixed and assumptions broken, and future targets/trends just work
126 2013-07-23 01:02:38 <Luke-Jr> off-topic: anyone know how viable it is to clone a SIM card, if only one is ever active?
127 2013-07-23 01:03:29 <gmaxwell> Luke-Jr: that new sim attack probably makes it viable, though it sounds like you need to construct a des rainbow table to perform it.
128 2013-07-23 01:41:19 <jgarzik> TheUni, picocoin works on BE as well as LE :)
129 2013-07-23 01:46:31 <gmaxwell> Is ThePiachu here?
130 2013-07-23 04:48:30 <Diablo-D3> gmaxwell: https://sites.google.com/site/forgottenemployee/
131 2013-07-23 04:48:48 <Diablo-D3> gmaxwell: ^ and now for your daily fiction
132 2013-07-23 04:48:59 <gmaxwell> Diablo-D3: yes, it's an excellent work.
133 2013-07-23 04:49:08 <Diablo-D3> you already read it? :<
134 2013-07-23 04:49:18 <gmaxwell> I'm glad it's posted there, for years it was a PITA to find it on something awful every time I wanted to show it to someone!
135 2013-07-23 04:49:26 <gmaxwell> yea, like .. uh .. almost a decade ago? :P
136 2013-07-23 04:49:33 <Diablo-D3> #goddamnitsomuch
137 2013-07-23 04:49:40 <gmaxwell> but its good and I recommend it.
138 2013-07-23 04:49:51 <Diablo-D3> yeah I actually wish there was more to it
139 2013-07-23 04:50:36 <Diablo-D3> it almost reminds me of bofh
140 2013-07-23 04:51:27 <gmaxwell> if you figure out a name for the style, ??? its one I enjoy.
141 2013-07-23 04:51:34 <Diablo-D3> yeah
142 2013-07-23 04:52:12 <Diablo-D3> I think if the style is ever named, it should be named after Holden Caulfield
143 2013-07-23 04:52:40 <Diablo-D3> you know, in some way reference that character
144 2013-07-23 05:07:44 <gwillen> that story is hilarious
145 2013-07-23 06:05:39 <deego> <Diablo-D3> gmaxwell: https://sites.google.com/site/forgottenemployee/  <<=== Diablo-D3 lol, thanks for that.
146 2013-07-23 06:49:28 <phantomcircuit> deego, a truly epic story
147 2013-07-23 06:51:48 <Diablo-D3> harry potter and the department of safety
148 2013-07-23 06:51:49 <Diablo-D3> 
ACTION runs

149 2013-07-23 06:52:38 <t7> are bitcoins?