00:07:16 *** probably has quit (Ping timeout) 00:07:25 *** probably (asdf@cryto-356016C3.greenhost.nl) has joined #crytocc 00:08:54 *** anonnews363 (anonnews36@ADF293E4.9DC7CC28.F7DDBEB5.IP) has joined #crytocc 00:09:20 * anonnews363 slaps ElectRo` around a bit with a large fishbot 00:20:48 *** anonnews363 has quit (User quit: Page closed) 01:24:50 *** probably has quit (Client exited) 01:27:19 *** probably (asdf@F0845C18.5982FCB.42C12FD2.IP) has joined #crytocc 01:45:49 *** x (foobar@C35CA8A8.589C91BA.8F6A2B14.IP) has joined #crytocc 02:29:25 *** x has quit (Input/output error) 02:29:34 *** joepie91 (joepie91@cryto-3E6002EF.direct-adsl.nl) has joined #crytocc 03:38:53 *** pzuraq has quit (Connection reset by peer) 03:39:12 *** pzuraq (pzuraq@cryto-D2623541.hsd1.ca.comcast.net) has joined #crytocc 03:41:52 *** dpk has quit (User quit: My MacBook Pro has gone to sleep. ZZZzzz…) 04:27:22 hehe 04:27:25 sent the ZOOM guy an email 04:27:28 response: "Oh, congratulations! It's been a few years since I had one of these messages :-)" 05:25:54 *** Sprinbit (Sprinbit@BF9503E0.95108C33.5B0695F1.IP) has joined #crytocc 05:55:12 *** Sprinbit has quit (Client exited) 06:30:01 joepie91 06:30:12 I gave a girl an orgasm officaly with my voice 06:30:19 like 06:30:36 CHALLAGE ACCEPTED AND ACCOMLESHED ON THE SAME SECONDS 06:30:36 CHALLAGE ACCEPTED AND ACCOMLESHED ON THE SAME SECOND 06:30:47 CANT TEST ME IM ALITE 06:35:21 wat 06:41:41 *** LapAnon has quit (Ping timeout) 06:42:56 * cayce sleeps 06:54:33 http://timekoin.org/index.php?option=com_content&view=article&id=53&Itemid=56 06:54:34 wat. 06:59:07 *** aHlTat has quit (Ping timeout) 07:05:04 *** T0R_till (T0R_till@cryto-8765C062.us-west-1.compute.amazonaws.com) has joined #crytocc 07:06:25 *** T0R_till has quit (User quit: Connection closed) 08:13:31 *** Cryto890 (Cryto890@8A5DD160.E9ECA7EA.B3E8AFF.IP) has joined #crytocc 08:14:11 *** Cryto368 (Cryto368@8A5DD160.E9ECA7EA.B3E8AFF.IP) has joined #crytocc 08:14:23 *** Cryto890 has quit (User quit: Page closed) 08:35:12 Zekka: there? 08:36:48 *** Goochy has quit (Ping timeout) 08:37:11 joepie91 - YEs, what's up? 08:37:37 Zekka: you should have a look at Timekoin 08:37:41 it's laughably bad 08:37:59 it's a "cryptocurrency" with a reference implementation in PHP using mysql_ 08:38:04 that claims to be better than Bitcoin 08:38:07 Well this pitch looks familiar 08:38:15 I'll watch their video, that will sell me on it 08:38:22 except it looks like they purposefully tried to fuck up every single aspect of crypto and security they could find 08:38:43 rand() for 'random' data, crafted key attack, peer majority attack 08:38:54 sorting ambiguity 08:39:04 race conditions / edge cases 08:39:05 But crypto's supposed to be easy! 08:39:19 not to mention that they even managed to fuck up their bounty program 08:39:27 because their bug bounty doesn't actually cover any of the flaws that exist 08:39:38 even though they are protocol-breaking 08:39:38 lol 08:39:43 This system, described in the very rough terms of the video, seems slightly familiar 08:39:53 Zekka: have a read: http://timekoin.org/images/documents/timekoin_technical.pdf 08:39:57 let me quote some gems 08:40:05 "the software is open source, so code review is easy" well at least we can figure out for ourselves that it doesn't work 08:40:26 Why couldn't they just fork the Bitcoin codebase? 08:40:53 It's scummy but at least the results would probably be comparably secure 08:41:43 "This file contains static variables such as Program Version and Transaction Epoch, along with other functions that 08:41:45 might be shared by other scripts. 08:41:48 " 08:42:01 variables and functions are not the same 08:42:28 The language in this whitepaper is garbled enough that I'm having a little trouble parsing it 08:42:53 Zekka: the idea being that "Bitcoin mining requires computing power and that's bad" 08:42:54 incoming paste 08:42:55 "100 Transaction queue limit. Each peer may only queue 100 transactions to be processed by the network for each 5 minute transaction cycle. This insures the network is not flooded with bogus transactions." 08:42:55 --- 08:42:55 "The random selection process grabs the current time and uses it to generate a list of random characters (a ?? z) and then counts the number of randomly selected characters that exist in the public key of the peer. The peer with the ??highest score? wins the election. This pseudo-random selection is necessary to make sure all peers come up with the same score for each key to insure they all ??elect? the same peer at the same time." 08:42:55 read: it would be possible to predict the 'random' characters 08:42:58 and build a key that is likely to 'win' 08:42:59 --- 08:43:00 "Next, the 3 encrypted fields are checked for tampering by building a SHA256 hash out of the data from all 3 fields and comparing it to the SHA256 hash that was sent along with the transaction. If the built hash and the hash sent with the transaction match, the transaction will be recorded into the transaction history table of the database and considered complete." 08:43:05 very useful, given the SHA256 is transmitted as plaintext 08:43:05 and to answer that criticism, this is the next point: 08:43:07 Last, you will notice nothing was done with the encrypted SHA256 hash in the 3rd encrypted data field; why is that? This field is actually used to screen out invalid transactions before they even arrive in the transaction queue for Timekoin. The queueclerk.php script already performs this scan on all inbound transactions that are being inserted into the queue by extracting the SHA256 hash from this field and using 08:43:10 it also describes the reference implementation, not the actual technical requirements 08:43:13 it to compare if the ??destination public key? from the 1st and 2nd field for the transaction has been tampered with or modified from its original value. For this reason, it did not seem logical to process the same security feature twice since modifying any of the 3 encrypted fields would fail the first hash test in the previous step also." 08:43:18 ... okay, so why include it in the first place if it's not useful anyway? 08:43:19 --- 08:43:19 "First, the transaction sender's public key and transaction hash are checked for duplicates in the database. All Timekoin transactions are unique and even if sending the same amount to the same person (public key) will always generate a different SHA256 hash due to the time difference encoded into the transaction itself. For this reason, no duplicate transactions are allowed from the start." 08:43:26 read: if you send two identical transactions in the same second, the second one will mysteriously fail 08:43:27 --- 08:43:28 "The reason that the encrypted data is broken up into 3 fields is due to the limited size of the encrypted blocks. Each block can only have 181 characters encrypted into it with a 1,536 bit key." 08:43:32 ... yeah, and that's why you encrypt data with a block cipher, not directly with the private key... 08:43:33 --- 08:43:34 and one of my favourites: http://owely.com/06xrLq 08:43:35 the SHA256 hash is created by concatenating all previous transaction hashes and the last cycle hash 08:43:37 never mind sorting ambiguities! 08:43:38 (EOF) 08:43:39 and this isn't even -everything- I found, just a selection 08:43:42 and I'm not even a cryptographer! 08:43:50 Hm, let me start from the top 08:44:04 Out of curiosity, do the timekoin people have any credentials or anything? 08:44:57 Zekka: not as far as I can determine, no 08:45:02 A lot of their security seems like bogus rules of thumb to try and prevent potentially undesirable transactions without much actual insight into how currency is used 08:45:56 ... or how crypto works, for that matter 08:46:43 Did they mention why they decided to use PHP? 08:46:55 I don't think so 08:48:13 Not liking their election process for about the reason you described: it's easy to cheat. 08:49:33 "This file also does random checks to timekoin.net for a time reading. If the internal clock is too far off from the 08:49:36 timekoin.net reading, displays a warning for the user in the web based GUI. 08:49:39 " 08:49:44 Nice decentralized cryptocurrency there 08:50:08 "Another responsibility of the file is to check on the peer IP usage to determine if an IP should be banned for flooding 08:50:11 with queries or an attack. 08:50:14 " 08:50:21 why is this necessary again? 08:50:40 "Each task done by the main.php file will reference the database to determine the current program “state”. The active 08:50:43 state of 0 means that it is inactive and will not run any other scripts. An active state of 1 represents an online state that 08:50:46 is ready to process. An active state of 2 means that the file is currently running in memory and thus processing 08:50:49 commands and other scripts. An active state of 3 means that it is time to shutdown this file and revert back to state 0 08:50:52 for an offline mode. No further processing will take place. A table arrangement below will outline how this file 08:50:55 processes Timekoin for a better visual representation. 08:50:57 " 08:51:00 I'm sorry, *what*? 08:51:19 At this point you didn't consider that maybe PHP, especially the way you're writing it, is a bad language for this task? 08:51:34 hehe 08:51:54 I don't feel qualified to critique the security but fortunately there are plenty of other things wrong with it 08:52:05 well, I may make comments but I doubt I'll catch as much as you 08:52:29 Also, I'll reiterate: they're not specifying the protocol, but describing the reference implementation 08:52:42 that makes this vey unuseful as a spec 08:53:01 yup 08:53:10 same criticism was raised in ##crypto on freenode 08:53:17 If I wanted to I should be able to write my own implementation 08:53:21 (where everybody had a hearty laugh about this) 08:53:53 timestamps are a stupid way to automatically identify transactions, already covered 08:54:12 er, to uniquely* 08:55:14 yes :/ 08:55:42 They seem to be using a weird multiprocessing-based concurrent system if I'm reading this right 08:55:53 but it's really bad and it probably creates tons of race conditions 08:56:14 Have they looked into Erlang or Rust? Those languages probably do what they actually want in a way that isn't horrible 08:58:09 LOts of this is really vague 08:58:48 "When a peer conflict occurs, it means that one peer has transaction data for 08:58:49 a specific cycle and another peer has different data for the same transaction cycle. This cycle of conflict is 08:58:50 resolved by contacting different peers and examining what data they might have for the same transaction 08:58:53 cycle. The data is sorted out so that the majority peers (51% or higher) with the same data is considered 08:58:56 correct. 08:58:59 " 08:59:00 Note how the system to negotiate the conflict out is left unspecified 08:59:38 "Even with a 100% network sync transaction history, Timekoin continues to do random transaction cycle 08:59:41 checks of the database on a regular basis to spot tampering, corruption of data, or missing data to be corrected. 08:59:44 " What does it do? 09:00:03 "This file functions as a process monitor for the other scripts. Should any of the other scripts take more time to process 09:00:06 the task than what is allowed, the watchdog will attempt to reset their status in the database. Other scripts that 09:00:09 encounter some unknown bug or exploit can be restarted this way by the watchdog and the problem recorded in the 09:00:12 log files for the user to examine later if the problem becomes a major issue. 09:00:14 "A 09:00:21 Not just race conditions, but sometimes our scripts will randomly terminate in the middle of execution for no reason! 09:00:36 We don't even check what's going on! 09:01:11 lol 09:01:35 Zekka: see what I mean with laughably bad? :P 09:01:43 I can't help but notice how much ascii there is in their protocol 09:01:46 and "trying to do everything wrong that they possibly can" 09:02:14 It seems like most of the reason they even need three fields of 'crypt_data' is because of the deranged mix of character and numeric encodings they use 09:02:28 Why doe the public key need to be in base 64 if you're just going to base 64 the whole block again? 09:02:50 Why do you even use all these formats that are designed for human-readable or characterset-safe transmission? 09:02:51 *** Sprinbit (Sprinbit@BF9503E0.95108C33.5B0695F1.IP) has joined #crytocc 09:04:13 I think I'l peek around their site a little more 09:05:37 http://timekoin.org/index.php?option=com_content&view=article&id=67&Itemid=61 <- really asking for it 09:05:58 It's a pity that just documenting security holes doesn't count, evidently 09:07:26 This is just a sidenote, but I'm a little curious 09:07:59 It seems to me like by default, the Timekoin software runs as a web server listening on port 80 and because it uses HTTP as a primary communication method, it exposes the pages to most other clients 09:08:09 I wonder if it exposes index.php 09:08:15 Because that would be really sad. 09:08:59 I kind of suspect that they'd forget to make it impossible to just request user actions from another computer by requesting index.php like you were running it yourself 09:09:31 It looks like there is a login screen, I have no idea whether it prevents just making direct POST requests to the relevant pages though 09:10:41 Sometime later I might look into what attacking rand() would take 09:11:38 I know some theoretical attacks exist, I don't know how hard they would be 09:12:13 I imagine they would probably be pretty simple though, from what it sounds like they set the seed with the timestamp immediately before generating the characters 09:12:36 they seem to want the random series of characters to be a function of the timestamp 09:12:42 (head meets desk) 09:13:11 I mean, from what I can tell, it is literally a requirement of the protocol that the random series of characters be a function of the timestamp 09:13:22 because they want it to be reproducible by every client 09:13:37 (Also, for some reason, they seem to think every client will have the same timestamp, don't ask me why they think this) 09:14:13 If there's a single canonical timestamp determined somewhere it would probably be pretty easy to use the transaction history to determine the delta between the local timestamp and the canonical one 09:14:40 The 'shared calculated point' is, well, calculated in advance so you could just calculate the series of random characters for the rand() at that point 09:14:51 joepie91 - Is there something I'm missing or is it literally that stupid? 09:14:55 *** Sprinbit has quit (Client exited) 09:16:47 Zekka; no, your assessment seems accurate 09:17:25 It kind of blows my mind that they want a random number but their protocol requires it to be a function of information that every client must have in order to participate in transactions 09:18:22 I'm kind of tempted to, if they've got working infrastructure in place, hack away at the codebase and implement an attack 09:19:40 The '1m challenge' probably 1) isn't legit and 2) would take longer than is practical but I'd enjoy seeing hubbub 09:19:56 and if nothing else it means that they're asking for it, so I wouldn't have to feel guilty 09:20:23 lol 09:20:55 it's not really cracking if they're saying "really, exploit our software, we're cool with it" 09:22:31 I guess nobody told them about 'hard to solve, easy to verify' 09:22:56 I should probably get to bed for now though, but I'll pick up a copy of the source code first 09:24:23 joepie91 - If I were to actually do that, are there any VPS hosts you recommend other than ramnode? I can't run a server from here (school network) and ramnode prohibits *coin mining. 09:26:30 Timecoin's system requirements are basically null so I think it's separate in nature from bitcoin but I wouldn't want to ruffle any feathers 09:27:19 Zekka: should probably just ask in #ramnode 09:27:49 Hm, you think they'd make an exception if I pointed out that all it would really be doing is making calculations every few hours and making http requests to other clients? 09:28:49 maybe, idk :P 09:28:59 also 09:29:00 technically 09:29:03 it's not *coin mining 09:29:06 it's a koin, not a coin :) 09:29:38 I have a feeling that stodgy sysadmins would be less than sympathetic 09:29:42 I'll probably ask about it tomorrow 09:29:51 also 09:29:52 http://arstechnica.com/information-technology/2013/11/the-best-way-to-take-control-of-bitcoin-rally-other-greedy-selfish-miners/?comments=1&post=25639673#comment-25639673 09:30:24 I imagine I'll get more sympathy if I say 'I'm demonstrating a security flaw in this protocol and it involves passively remaining connected to the network but performing very little calculation' 09:30:30 :P 09:31:54 And yeah, his thoughts are similar to mine: there's no way they would ever deliver on the $10,000 promise but if I did this it might bother a few people who need to be bothered 09:32:22 As an alternative, I could write the exploit and then publish it to github rather than running it myself 09:32:40 I'd have to find some way to test it but I wouldn't have to keep it running in the long term 09:33:49 Zekka: that comment I linked to is mine 09:33:50 :P 09:34:08 Oh, good, we're on the same side then 09:34:36 (as if there were much doubt in this case) 09:36:01 It's about 2:35 AM now, I have class in the morning 09:36:06 I'll probably get back to you on this tomorrow 09:36:16 this could be fun 09:37:46 :) 09:38:00 I might whip up a blog post 09:38:01 in the meantim 09:38:03 meantime * 09:38:05 not sure yet 09:38:36 I'm kind of tempted to reimplement their client in a language I like more because I have a feeling their implementation will just be fighting me the whole way 09:40:35 Night 10:00:43 OH 10:01:44 http://www.reddit.com/r/Bitcoin/comments/1hfn75/ 10:01:45 ! 10:02:58 hey joepie91 10:03:16 joepie91: Please stay online so I can survive through a bullshitted last day ITIL training 10:03:29 joepie91: right now the educator is talking about IT security 10:03:34 joepie91: I am hurt... 10:03:36 Big time 10:03:41 just by listening 10:04:26 STAY WITH ME!! 10:04:32 Let's talk about anything 10:06:28 norbert79: lol 10:06:28 hai 10:06:30 ITIL? 10:06:35 yes 10:06:58 ITIL is not the problem... it's the fact, that the educator is fucking text-book 10:07:50 scientifical bullcrap 10:10:53 Oh god, he is finished with the topic on IT security 10:11:03 * joepie91 not sure what 'ITIL' is 10:11:04 finally 10:11:10 also, amusing: https://bitcointalk.org/index.php?topic=88467.msg996781#msg996781 10:11:10 .g ITIL 10:11:16 errr 10:11:19 wait 10:11:38 https://en.wikipedia.org/wiki/ITIL 10:11:56 *** botpie91 (botpie91@botpie91.users.cryto) has joined #crytocc 10:11:58 .wik itil 10:11:58 "Atil or Itil, the ancient capital of Khazaria" - http://en.wikipedia.org/wiki/Itil 10:12:03 .wik ITIL 10:12:03 "The Information Technology Infrastructure Library (ITIL) is a set of practices for IT service management (ITSM) that focuses on aligning IT services with the needs of business." - http://en.wikipedia.org/wiki/ITIL 10:12:11 .. what? 10:12:16 * joepie91 just sees buzzwords 10:12:26 it's a manegement system 10:12:31 for companies 10:12:38 doing what? 10:12:42 mostly huge/multi national companies do it 10:13:04 how to prepare a project, risk calculations, change management, risk management, etc 10:13:09 loggy, pointer? 10:13:09 http://wire.cryto.net/logs/crytocc/2013-11-07#T10-13-09 10:13:09 ah 10:13:14 sounds boring 10:13:29 Well, meh, I have done management like work and regular geek too 10:13:46 so it's not unknown for me 10:14:09 and lol @ link 10:14:21 IT'S QUANTUM TECH MAN 10:14:26 hahaha 10:14:28 nice 10:17:07 the issue is, that it's the forth day... the first three was good, because we had a different teacher with real experience 10:17:15 and he kept is common sense 10:17:19 this guy is just bad 10:31:57 lol 10:33:14 *** pzuraq has quit (Input/output error) 10:33:36 *** pzuraq (pzuraq@cryto-D2623541.hsd1.ca.comcast.net) has joined #crytocc 10:36:47 *** pzuraq has quit (Ping timeout) 10:39:23 I bought Portal for Linux yesterday... 10:39:31 My first time with Portal I must say 10:39:52 And I am impressed, although had to upgrade to Nvidida Driver 331 10:40:08 aaaand I wnet to bed at 3 am 10:40:17 had to get up at 7 10:40:20 so yeah 10:40:25 Fucked up my sleep :D 10:42:38 * joepie91 tries to figure out his finances 10:42:53 they don't match up :| 10:43:11 Not good 10:43:21 how much difference? 10:44:45 I don't keep explicit track, but from a rough guess I'm some 200 euro off from what I should have 10:44:54 currently trying to figure out what happened 10:45:18 ouch 10:45:22 thats a lot 10:46:16 *** bipolar (me@3EDF425A.9BC0A1B3.7FF41FDC.IP) has joined #crytocc 10:47:50 might have found problem 10:48:06 fuck I hate money 10:48:10 stupid overhead 10:48:18 Agree 10:48:35 It sounds a bit ironic considering you like Bitcoins ;-) 10:48:45 at least in your case :)) 10:49:19 meh 10:49:21 "like" 10:49:32 I would prefer for them to not be necessary 10:49:51 I just find them to be a very good approach until that happens 10:56:35 *** Sprinbit (Sprinbit@BF9503E0.95108C33.5B0695F1.IP) has joined #crytocc 10:58:23 *** Cryto368 has quit (Ping timeout) 11:13:04 *** Sprinbit has quit (Client exited) 11:33:03 http://www.cs.vu.nl/~herbertb/misc/basickernel.pdf 11:47:58 Holland has the highest hacker amount per km2 :)) 11:48:14 and by hacker I mean the classical term, not the hyped one 11:54:33 *** complex (litehode@complex.users.cryto) has joined #crytocc 11:58:35 norbert79: not hard; NL has the highest * amount per km 11:58:36 lol 11:58:47 also NL != holland\ 11:59:55 Alright, alright it is more, than that I know 12:00:32 But still :) 12:00:48 This reminds me I need to contact my Dutch friend about a server 12:00:52 he promised me 12:01:00 err, offered 12:09:16 lol 12:10:29 *** Zekka has quit (Ping timeout) 12:10:52 *** LapAnon (Grep@cryto-812F49C0.carolina.res.rr.com) has joined #crytocc 12:12:26 *** Zekka (zekka@cryto-4AFAE809.arizona.edu) has joined #crytocc 12:13:05 *** crafy_d (crafy_d@crafyd-08896.users.cryto) has joined #crytocc 12:17:12 o/ 12:20:11 *** crafy_d has quit (User quit: Leaving) 12:31:27 .bitcoin 12:31:28 1 BTC = $288.58, 1 BTC = €227.60 13:07:39 .bitcoin 13:07:40 1 BTC = $284.70, 1 BTC = €224.00 13:07:43 :( 13:09:04 let's wait another half an hour 13:09:13 maybe it gets cheap enough to buy a few 13:25:26 .bitcoin 13:25:41 ValueError: No JSON object could be decoded (file "/usr/lib/python2.6/json/decoder.py", line 338, in raw_decode) 13:25:44 wha 13:25:52 .bitcoin 13:25:53 1 BTC = $284.00, 1 BTC = €223.11 13:25:56 lol 13:31:42 ogawd 13:31:50 c++ yunoaddtoregistry 13:32:12 even with admin rights it refuses to write to registry 13:38:36 *** mama (me@cryto-E4DC62D1.spacedump.net) has joined #crytocc 13:41:24 .bitcoin 13:41:25 1 BTC = $286.50, 1 BTC = €227.49 13:41:37 when it reaches $300 13:41:42 imma Fuck joepie91 13:44:09 *** Zekka has quit (Ping timeout) 14:00:51 *** dpk (r00t@cryto-A73D5640.skybroadband.com) has joined #crytocc 14:25:33 DrWhat: because then you'll have enough money to take a train/ferry? :P 14:25:36 er 14:25:39 plane/ferry * 14:25:41 words are hard 14:27:39 *** Sprinbit (Sprinbit@BF9503E0.95108C33.5B0695F1.IP) has joined #crytocc 14:41:16 ugh I'm almost crying already 14:41:35 so completely burnt out I can't even speak accurately lol 14:42:36 people burnt out not intellectually burnt out e.e 14:42:40 *** Sprinbit has parted #crytocc (None) 14:42:46 and I have class today! :| gonna die :| 14:42:51 *** Sprinbit (Sprinbit@BF9503E0.95108C33.5B0695F1.IP) has joined #crytocc 14:43:07 * cayce hopes thermos of coffee can help 14:50:41 *** Sprinbit has quit (Ping timeout) 15:05:04 *** tmbucky (tmbucky@cryto-EB10B4AE.us-west-1.compute.amazonaws.com) has joined #crytocc 15:06:26 *** tmbucky has quit (User quit: Connection closed) 15:08:14 *** Zekka (zekka@Zekka.users.cryto) has joined #crytocc 15:29:48 *** Zekka has quit (Ping timeout) 15:40:25 *** Zekka (zekka@cryto-4AFAE809.arizona.edu) has joined #crytocc 15:48:06 *** Goochy (coolstory@1EDA8799.3D60A02.1AB8F98B.IP) has joined #crytocc 15:50:19 *** mama_ (me@676770E8.7FABF9B8.573B367D.IP) has joined #crytocc 15:51:57 *** mama has quit (Ping timeout) 15:52:04 *** mama_ is now known as mama 16:00:43 *** dumnut (me@cryto-381869B9.dsl.milwwi.sbcglobal.net) has joined #crytocc 16:00:44 *** bipolar has quit (Connection reset by peer) 16:08:14 *** Pandora (Pandora@cryto-6806BAD.ighost.se) has joined #crytocc 16:12:34 *** zest (zest@60F0BC49.9144D476.78C94033.IP) has joined #crytocc 16:19:34 *** achus (achus@cryto-61E72864.ighost.se) has joined #crytocc 16:23:06 *** aHlTat (aHlTat@aHlTat.users.cryto) has joined #crytocc 16:43:46 *** Pandora has quit (Connection reset by peer) 16:47:29 .bitcoin 16:47:30 1 BTC = $296.09, 1 BTC = €232.00 16:49:43 *** Pandora (Pandora@cryto-9B07CF8C.ighost.se) has joined #crytocc 17:04:29 .bitcoin 17:04:30 1 BTC = $294.99, 1 BTC = €228.08 17:32:53 http://www.rtlnieuws.nl/nieuws/binnenland/politie-breekt-bij-groningse-studenten - "Police officers have broken into 30 student houses yesterday morning, to show that these are often badly secured. If the students weren't home, the officers left behind proof in the form of a polaroid photo of them posing in the room. Some photos were also put on Facebook." 17:36:29 *** Zekka has quit (Ping timeout) 17:36:45 *** Zekka (zekka@Zekka.users.cryto) has joined #crytocc 17:51:24 *** Zekka has quit (Ping timeout) 17:58:49 *** Zekka (zekka@Zekka.users.cryto) has joined #crytocc 18:25:30 *** Zekka has quit (Ping timeout) 18:42:45 *** Riddler (Riddler@5FD71087.11DC8350.1A26DB37.IP) has joined #crytocc 18:42:48 hello 18:51:19 *** Riddler has parted #crytocc () 18:52:45 *** joepie91 has quit (Ping timeout) 18:58:05 *** macbeth (Macbeth@Macbeth.users.cryto) has joined #crytocc 18:58:09 Oi 19:01:04 hi macbeth 19:02:06 Hey tintin 19:02:08 What's new? 19:02:57 no idea, i'm out of touch :/ 19:03:03 he he 19:07:18 *** Zekka (zekka@Zekka.users.cryto) has joined #crytocc 19:07:54 joepie91 - Just so you know, the TimeKoin codebase is horrible 19:08:04 total spaghetti, everything is a race condition 19:09:43 If you haven't read it you should probably give it a look, right now I'm specifying the original implementation in detail along with attempting to specify the intended behavior 19:09:54 because the original spec fails at both of those things 19:12:06 Of course, when I say 'everything is a race condition', I mean it literally 19:12:26 Huh 19:12:33 every subprocess which has any effect on global state has the chance to spontaneously die and never update it again 19:12:50 meaning that there is no guarantee that any part of the code actually finishes its task before the other parts that depend on it act 19:13:33 It's also filled with hardcoded sql and concatenation 19:13:42 haven't seen any injection attacks yet but it probably won't be long 19:14:33 (Most of the sql I've seen so far is only used internally, I haven't gotten to the parts that actually respond to p2p messages yet) 19:15:29 (From what I can tell so far though, they're not fans of string escaping) 19:21:35 *** tintin has quit (User quit: leaving) 19:25:51 *** zest has quit (Client exited) 19:44:38 *** dumnut has quit (Ping timeout) 19:47:36 *** dpk has quit (Ping timeout) 19:52:32 *** Goochy has quit (Ping timeout) 19:53:14 *** pzuraq (pzuraq@cryto-D2623541.hsd1.ca.comcast.net) has joined #crytocc 19:56:16 *** pzuraq has quit (Connection reset by peer) 19:56:36 *** pzuraq (pzuraq@cryto-D2623541.hsd1.ca.comcast.net) has joined #crytocc 20:16:52 *** TheFlashITA (theflash@7D686231.D2D1D1DF.AEB828E7.IP) has joined #crytocc 20:17:19 *** TheFlashITA has parted #crytocc (None) 20:23:50 *** Zekka has quit (Ping timeout) 20:25:42 *** pzuraq has quit (Connection reset by peer) 20:26:04 *** pzuraq (pzuraq@cryto-D2623541.hsd1.ca.comcast.net) has joined #crytocc 20:31:47 *** Zekka (zekka@cryto-2ABA7CDD.arizona.edu) has joined #crytocc 20:39:11 *** Zekka has quit (Ping timeout) 20:51:14 *** schism (NSA.gov@schism.users.cryto) has joined #crytocc 20:51:41 quick question, using linux whats the best text editor for html 20:52:11 You mean web dev? 20:52:28 making html pages mainly 20:52:37 An awesome editor for HTML, JavaScript and CSS that is cross platform and available on Linux is brackets 20:52:37 learning it 20:52:42 Awesome 20:52:43 Good for you 20:52:54 Make sure you learn CSS too, HTML looks shit with out it 20:52:56 ok will check it out thanks 20:53:06 here: http://brackets.io 20:53:07 yeah im doing both 20:53:15 Awesome, good for you. 20:53:27 heard that linux was not great fro html 20:53:36 was recommended emac 20:53:54 Linux is totally open source and meant for creators and people who don't like the shackles of other operating systems, so that's not true at all 20:53:59 What distro are you using? 20:54:34 IE: Ubuntu, Debian, Fedora, etc 20:55:00 linux lite which is ubuntu based 20:55:12 with xfce 20:55:16 Hmm... 20:56:10 Yeah, Ubuntu is closed source, and totally not what linux was meant for. It was created because people wanted an opensource operating system and then game Gnu and then Linux and then loads of distros of linux and then came Ubuntu and fucked the whole thingup 20:56:40 yeah i know 20:56:53 Oh, alright 20:57:02 was using ubuntu but scrapped it for this 20:57:10 just looks nicer 20:57:20 but stable like ubuntu 20:57:25 You should use Debian. Just like Ubuntu except easier to navigate, better UI, and eith out the shitty useless features 20:57:30 One of the first 20:57:41 Very powerful. It's like the queen mother of all GNU/Linux 20:57:46 yeah a lot of people has said that 20:58:12 well im happy to change it so may look into that 20:58:35 Cool 20:58:59 But there are distros that are just geared for developing in general. What ever, Obj-C to simple HTML. 20:59:51 yeah wont domething i can just use as a os and watch torrents on etc 20:59:59 Got it 21:00:03 like normal people lol 21:00:16 also be able to study code 21:00:33 i will look into debian 21:00:34 Where are you studing code now? 21:00:40 CodeCademy? 21:00:48 just by myself 21:00:59 used codeacademy for a bit 21:01:10 but decided to go through books 21:01:19 Don't just pick up random syntax here and there. You need a book., 21:01:26 Oh, :P 21:01:41 also doing python and java 21:01:44 w3schools has an amazing book on CSS that I recently read. Very through and easy 21:01:50 python in termninal 21:01:57 Java is very verbose, not the first thing you should be learning. 21:02:23 yeah i have kind been studying python more 21:02:29 cool 21:02:42 If you're looking for something a little moar simple, Ruby is nice 21:02:50 *** iceTwy (iceTwy@cryto-610769D0.fbx.proxad.net) has joined #crytocc 21:02:55 Hey ice 21:03:11 Hey there macbeth 21:03:24 yeah i heard ruby is good 21:03:32 *** Zekka (zekka@Zekka.users.cryto) has joined #crytocc 21:03:45 closest i got to ruby is using wpscan 21:03:58 ruby? good? 21:04:04 saywat 21:04:17 convenient for the end-user - why not 21:04:17 We're talking about wht programming language he should begin w/ 21:04:24 schism: Python 21:04:36 Si 21:04:44 schism, iceTwy is fantastic w/ linux, so you should ask him rather then me. 21:04:48 schism: because Python's syntax is easy, you won't spend 13404503450 hours of your time to understand it 21:04:52 yeah i know, i like python 21:04:56 but please understand 21:05:00 it's not about learning a language 21:05:05 it's about learning how to program 21:05:11 (in a general manner) 21:05:26 yeah well thats what i wanna do 21:05:28 I mean, the goal of beginning programming is to learn the basics 21:05:32 True 21:05:37 those basics, will be found in whatever language 21:05:57 schism: one book I love 21:06:08 is 21:06:23 http://www.openbookproject.net/thinkcs/python/english2e/ 21:06:28 .title 21:06:29 iceTwy: How to Think Like a Computer Scientist — How to Think Like a Computer Scientist: Learning with Python 2nd Edition documentation 21:06:40 (Minding that the language constructs you work with can differ between languages to the point where learning one or two languages might not be enough to grok the fundamentals) 21:07:02 ^ indeed 21:07:08 but at least you will know about the basics 21:07:10 (as an example, Java programmers who have no idea how to think without objects) 21:07:24 and how to implement them in a simple way because you'll have learnt those basics with a simple language 21:07:39 the only remaining thing will be to adapt to the language, as Zekka said 21:07:56 i will try to get that book 21:08:23 I'm mostly pointing out that there's a lot more grey area than might be apparent between the concepts expressed by a language and basic fundamentals of programming 21:08:37 schism: it's free! 21:08:39 and open source 21:08:46 the book is free and open source, just like Python 21:08:55 which is a second reason I love this book for 21:08:59 god ffs 21:09:03 my back huuuuuuuurts 21:09:46 ok cool 21:10:01 not that your back hurts but because its free 21:12:42 aye 21:12:43 ok thanks for advice and links 21:13:12 most helpful 21:16:48 *** complex_ (litehode@1FB20456.69AC617A.F6E1C77B.IP) has joined #crytocc 21:18:06 *** complex has quit (Ping timeout) 21:18:42 Does anybody have any idea what the point of this peer scoring system for Timekoin is? (`active_peer_list`.`failed_sent_heartbeat`) 21:18:54 I can't find any part of the codebase that actually does anything useful with it 21:18:57 *** complex_ has quit (Input/output error) 21:19:12 (This is mostly a thinly veiled complaint about another hideous design flaw) 21:19:32 It looks like quite a lot of code is dedicated to maintaining scores but the only part of the program that can actually use it for anything is the UI 21:20:14 (and by 'use it', I mean 'it echos the value to stdout') 21:22:45 *** Macbeth_ (Macbeth@cryto-1DE70A98.dyn.optonline.net) has joined #crytocc 21:22:45 *** macbeth has quit (Connection reset by peer) 21:22:51 *** Macbeth_ is now known as invisablecomment 21:23:09 21:23:15 *** invisablecomment is now known as macbeth 21:23:53 This codebase unfortunately didn't become magically better in the time I spent not working on it 21:26:27 *** schism has parted #crytocc () 21:41:49 If it's such a broken thing, why do you even bother with it? 21:42:00 true 21:42:31 Well, it wasn't really a statement ;) 21:43:08 MK_FG - So I can reimplement it and lord my reimplementation over the original author like a massive jerk 21:43:22 and publish all the security holes and design flaws to boot 21:43:28 Heh 21:43:41 (There's no shortage of security holes) 21:44:16 And given what was said above (though I mostly skipped it), I'd think the whole system might be broken? 21:44:29 I.e. shouldn't work even in theory 21:44:32 The impression I get is that it works but it's extremely rickety 21:44:39 it's kind of a miracle of nature 21:44:41 *** iceTwy has quit (Ping timeout) 21:44:42 I haven't tried to run it though 21:44:53 *** iceTwy (iceTwy@cryto-610769D0.fbx.proxad.net) has joined #crytocc 21:44:55 I just know that other people have been able to get it working 21:45:18 Oh well, you sure is one dedicated massive jerk :P 21:45:32 I haven't gone into the large attempt-fault-recovery system 21:45:48 which is probably responsible for it not keeling over and dying even if it's doing definitely wrong things 21:46:21 It uses heavy multiprocessing and will randomly terminate or restart subprocesses clearing parts of their state and basically lobotomizing them if it doesn't think they're working 21:47:59 It's got a pretty extensive life support system for them 21:48:42 it uses a couple DB tables as giant kv stores where each subprocess gets its own (hardcoded) 'active' and 'heartbeat' fields where it can indicate things like 'I died with an error' or 'I'm active, but the heartbeat field indicates that I've mysteriously hung' 21:49:06 fun fact, from what I can tell, if a core process mysteriously hangs it will repeatedly launch instances of that process until it stops 21:49:18 if those instances hang then it will just keep doing this until dead 21:50:12 It's not just so I can lord it over people, it's also because it's kind of fun to read 21:50:44 It has great naming conventions like 'Ambient Peer Restart' 21:50:51 *** Pandora has quit (User quit: Leaving) 21:50:54 which has nothing to do with peers and presumably nothing to do with ambience 21:50:59 and about 97% of the time has nothing to do with restarts 21:56:24 I'd worry for my sanity reading such things 21:57:05 And who knows which eldritch abominations might come out to get you if you try to comprehend it all... 21:57:32 I don't know if I mentioned, but the developers are claiming to be willing to give out a $10k prize to the first person to steal 1mil units of their virtual currency 21:57:44 (I doubt they will actually do this) 21:57:47 Oh! 21:58:00 That certainly explains your dedication :P 21:58:13 Only 2mil units exist right now so you would have to take them from other people, most likely 21:58:41 the exploits I've found are possible sql injection (needs to be explored) which could be used to just steal coins, and a way to rig the mining system in your favor 21:58:58 the last one has been known to exist for a while but I don't think anyone's exploited it yet 21:59:15 *** macbeth has parted #crytocc (GAH!!) 21:59:21 in theory you can win the mining lottery every time through the magic of simple math 21:59:59 Anyway, it makes me feel justified in actively trying to crack their system. 22:01:05 *** tintin (tintin@54DCF7FA.BC88B0C2.A27E456C.IP) has joined #crytocc 22:02:39 Going to go upstairs, I may drop offline 22:05:51 *** Zekka has quit (Ping timeout) 22:13:30 *** Zekka (zekka@cryto-C764314F.arizona.edu) has joined #crytocc 23:05:04 *** MRdjst0rm (MRdjst0rm@cryto-9EE36CB6.us-west-1.compute.amazonaws.com) has joined #crytocc 23:06:27 *** MRdjst0rm has quit (User quit: Connection closed) 23:26:54 *** pzuraq has quit (Connection reset by peer) 23:27:16 *** pzuraq (pzuraq@cryto-D2623541.hsd1.ca.comcast.net) has joined #crytocc 23:31:20 *** complex (litehode@complex.users.cryto) has joined #crytocc 23:50:18 *** x (foobar@C35CA8A8.589C91BA.8F6A2B14.IP) has joined #crytocc 23:52:52 *** iceTwy has quit (User quit: Disconnecting from server)