Cryto! 7 November 2013

00:07:16 probably has quit (Ping timeout)
00:07:25 probably ( has joined #crytocc
00:08:54 anonnews363 (anonnews36@ADF293E4.9DC7CC28.F7DDBEB5.IP) has joined #crytocc
00:09:20 * anonnews363 slaps ElectRo` around a bit with a large fishbot
00:20:48 anonnews363 has quit (User quit:  Page closed)
01:24:50 probably has quit (Client exited)
01:27:19 probably (asdf@F0845C18.5982FCB.42C12FD2.IP) has joined #crytocc
01:45:49 x (foobar@C35CA8A8.589C91BA.8F6A2B14.IP) has joined #crytocc
02:29:25 x has quit (Input/output error)
02:29:34 joepie91 ( has joined #crytocc
03:38:53 pzuraq has quit (Connection reset by peer)
03:39:12 pzuraq ( has joined #crytocc
03:41:52 dpk has quit (User quit:  My MacBook Pro has gone to sleep. ZZZzzz…)
04:27:22 <joepie91> hehe
04:27:25 <joepie91> sent the ZOOM guy an email
04:27:28 <joepie91> response: "Oh, congratulations! It's been a few years since I had one of these messages :-)"
05:25:54 Sprinbit (Sprinbit@BF9503E0.95108C33.5B0695F1.IP) has joined #crytocc
05:55:12 Sprinbit has quit (Client exited)
06:30:01 <DrWhat> joepie91
06:30:12 <DrWhat> I gave a girl an orgasm officaly with my voice
06:30:19 <DrWhat> like
06:30:47 <DrWhat> CANT TEST ME IM ALITE
06:35:21 <joepie91> wat
06:41:41 LapAnon has quit (Ping timeout)
06:42:56 * cayce sleeps
06:54:33 <joepie91>
06:54:34 <joepie91> wat.
06:59:07 aHlTat has quit (Ping timeout)
07:05:04 T0R_till ( has joined #crytocc
07:06:25 T0R_till has quit (User quit:  Connection closed)
08:13:31 Cryto890 (Cryto890@8A5DD160.E9ECA7EA.B3E8AFF.IP) has joined #crytocc
08:14:11 Cryto368 (Cryto368@8A5DD160.E9ECA7EA.B3E8AFF.IP) has joined #crytocc
08:14:23 Cryto890 has quit (User quit:  Page closed)
08:35:12 <joepie91> Zekka: there?
08:36:48 Goochy has quit (Ping timeout)
08:37:11 <Zekka> joepie91 - YEs, what's up?
08:37:37 <joepie91> Zekka: you should have a look at Timekoin
08:37:41 <joepie91> it's laughably bad
08:37:59 <joepie91> it's a "cryptocurrency" with a reference implementation in PHP using mysql_
08:38:04 <joepie91> that claims to be better than Bitcoin
08:38:07 <Zekka> Well this pitch looks familiar
08:38:15 <Zekka> I'll watch their video, that will sell me on it
08:38:22 <joepie91> except it looks like they purposefully tried to fuck up every single aspect of crypto and security they could find
08:38:43 <joepie91> rand() for 'random' data, crafted key attack, peer majority attack
08:38:54 <joepie91> sorting ambiguity
08:39:04 <joepie91> race conditions / edge cases
08:39:05 <Zekka> But crypto's supposed to be easy!
08:39:19 <joepie91> not to mention that they even managed to fuck up their bounty program
08:39:27 <joepie91> because their bug bounty doesn't actually cover any of the flaws that exist
08:39:38 <joepie91> even though they are protocol-breaking
08:39:38 <joepie91> lol
08:39:43 <Zekka> This system, described in the very rough terms of the video, seems slightly familiar
08:39:53 <joepie91> Zekka: have a read:
08:39:57 <joepie91> let me quote some gems
08:40:05 <Zekka> "the software is open source, so code review is easy" well at least we can figure out for ourselves that it doesn't work
08:40:26 <Zekka> Why couldn't they just fork the Bitcoin codebase?
08:40:53 <Zekka> It's scummy but at least the results would probably be comparably secure
08:41:43 <Zekka> "This file contains static variables such as Program Version and Transaction Epoch, along with other functions that
08:41:45 <Zekka> might be shared by other scripts.
08:41:48 <Zekka> "
08:42:01 <Zekka> variables and functions are not the same
08:42:28 <Zekka> The language in this whitepaper is garbled enough that I'm having a little trouble parsing it
08:42:53 <joepie91> Zekka: the idea being that "Bitcoin mining requires computing power and that's bad"
08:42:54 <joepie91> incoming paste
08:42:55 <joepie91> "100 Transaction queue limit. Each peer may only queue 100 transactions to be processed by the network  for each 5 minute transaction cycle. This insures the network is not flooded with bogus transactions."
08:42:55 <joepie91> ---
08:42:55 <joepie91> "The random selection process grabs the current time and uses it to generate a list of random characters (a â?? z) and then counts the number of randomly selected characters that exist in the public key of the peer. The peer with the â??highest scoreâ? wins the election. This pseudo-random selection is necessary to make sure all peers come up with the same score for each key to insure they all â??electâ? the same peer at the same time."
08:42:55 <joepie91> <joepie91_>read: it would be possible to predict the 'random' characters
08:42:58 <joepie91> <joepie91_>and build a key that is likely to 'win'
08:42:59 <joepie91> ---
08:43:00 <joepie91> "Next, the 3 encrypted fields are checked for tampering by building a SHA256 hash out of the data from all 3 fields and comparing it to the SHA256 hash that was sent along with the transaction. If the built hash and the hash sent with the transaction match, the transaction will be recorded into the transaction history table of the database and considered complete."
08:43:05 <joepie91> <joepie91_>very useful, given the SHA256 is transmitted as plaintext
08:43:05 <joepie91> <joepie91_>and to answer that criticism, this is the next point:
08:43:07 <joepie91> Last, you will notice nothing was done with the encrypted SHA256 hash in the 3rd encrypted data field; why is that? This field is actually used to screen out invalid transactions before they even arrive in the transaction queue for Timekoin. The queueclerk.php script already performs this scan on all inbound transactions that are being inserted into the queue by extracting the SHA256 hash from this field and using
08:43:10 <Zekka> it also describes the reference implementation, not the actual technical requirements
08:43:13 <joepie91> it to compare if the â??destination public keyâ? from the 1st and 2nd field for the transaction has been tampered with or modified from its original value. For this reason, it did not seem logical to process the same security feature twice since modifying any of the 3 encrypted fields would fail the first hash test in the previous step also."
08:43:18 <joepie91> <joepie91_>... okay, so why include it in the first place if it's not useful anyway?
08:43:19 <joepie91> ---
08:43:19 <joepie91> "First, the transaction sender's public key and transaction hash are checked for duplicates in the database. All  Timekoin transactions are unique and even if sending the same amount to the same person (public key) will  always generate a different SHA256 hash due to the time difference encoded into the transaction itself. For  this reason, no duplicate transactions are allowed from the start."
08:43:26 <joepie91> <joepie91_>read: if you send two identical transactions in the same second, the second one will mysteriously fail
08:43:27 <joepie91> ---
08:43:28 <joepie91> "The reason that the encrypted data is broken up into 3 fields is due to the limited size of the encrypted blocks. Each block can only have 181 characters encrypted into it with a 1,536 bit key."
08:43:32 <joepie91> <joepie91_>... yeah, and that's why you encrypt data with a block cipher, not directly with the private key...
08:43:33 <joepie91> ---
08:43:34 <joepie91> and one of my favourites:
08:43:35 <joepie91> <joepie91_>the SHA256 hash is created by concatenating all previous transaction hashes and the last cycle hash
08:43:37 <joepie91> <joepie91_>never mind sorting ambiguities!
08:43:38 <joepie91> (EOF)
08:43:39 <joepie91> and this isn't even -everything- I found, just a selection
08:43:42 <joepie91> and I'm not even a cryptographer!
08:43:50 <Zekka> Hm, let me start from the top
08:44:04 <Zekka> Out of curiosity, do the timekoin people have any credentials or anything?
08:44:57 <joepie91> Zekka: not as far as I can determine, no
08:45:02 <Zekka> A lot of their security seems like bogus rules of thumb to try and prevent potentially undesirable transactions without much actual insight into how currency is used
08:45:56 <joepie91> ... or how crypto works, for that matter
08:46:43 <Zekka> Did they mention why they decided to use PHP?
08:46:55 <joepie91> I don't think so
08:48:13 <Zekka> Not liking their election process for about the reason you described: it's easy to cheat.
08:49:33 <Zekka> "This file also does random checks to for a time reading. If the internal clock is too far off from the
08:49:36 <Zekka> reading, displays a warning for the user in the web based GUI.
08:49:39 <Zekka> "
08:49:44 <Zekka> Nice decentralized cryptocurrency there
08:50:08 <Zekka> "Another responsibility of the file is to check on the peer IP usage to determine if an IP should be banned for flooding
08:50:11 <Zekka> with queries or an attack.
08:50:14 <Zekka> "
08:50:21 <Zekka> why is this necessary again?
08:50:40 <Zekka> "Each task done by the main.php file will reference the database to determine the current program “state”. The active
08:50:43 <Zekka> state of 0 means that it is inactive and will not run any other scripts. An active state of 1 represents an online state that
08:50:46 <Zekka> is ready to process. An active state of 2 means that the file is currently running in memory and thus processing
08:50:49 <Zekka> commands and other scripts. An active state of 3 means that it is time to shutdown this file and revert back to state 0
08:50:52 <Zekka> for an offline mode. No further processing will take place. A table arrangement below will outline how this file
08:50:55 <Zekka> processes Timekoin for a better visual representation.
08:50:57 <Zekka> "
08:51:00 <Zekka> I'm sorry, *what*?
08:51:19 <Zekka> At this point you didn't consider that maybe PHP, especially the way you're writing it, is a bad language for this task?
08:51:34 <joepie91> hehe
08:51:54 <Zekka> I don't feel qualified to critique the security but fortunately there are plenty of other things wrong with it
08:52:05 <Zekka> well, I may make comments but I doubt I'll catch as much as you
08:52:29 <Zekka> Also, I'll reiterate: they're not specifying the protocol, but describing the reference implementation
08:52:42 <Zekka> that makes this vey unuseful as a spec
08:53:01 <joepie91> yup
08:53:10 <joepie91> same criticism was raised in ##crypto on freenode
08:53:17 <Zekka> If I wanted to I should be able to write my own implementation
08:53:21 <joepie91> (where everybody had a hearty laugh about this)
08:53:53 <Zekka> timestamps are a stupid way to automatically identify transactions, already covered
08:54:12 <Zekka> er, to uniquely*
08:55:14 <joepie91> yes :/
08:55:42 <Zekka> They seem to be using a weird multiprocessing-based concurrent system if I'm reading this right
08:55:53 <Zekka> but it's really bad and it probably creates tons of race conditions
08:56:14 <Zekka> Have they looked into Erlang or Rust? Those languages probably do what they actually want in a way that isn't horrible
08:58:09 <Zekka> LOts of this is really vague
08:58:48 <Zekka> "When a peer conflict occurs, it means that one peer has transaction data for
08:58:49 <Zekka> a specific cycle and another peer has different data for the same transaction cycle. This cycle of conflict is
08:58:50 <Zekka> resolved by contacting different peers and examining what data they might have for the same transaction
08:58:53 <Zekka> cycle. The data is sorted out so that the majority peers (51% or higher) with the same data is considered
08:58:56 <Zekka> correct.
08:58:59 <Zekka> "
08:59:00 <Zekka> Note how the system to negotiate the conflict out is left unspecified
08:59:38 <Zekka> "Even with a 100% network sync transaction history, Timekoin continues to do random transaction cycle
08:59:41 <Zekka> checks of the database on a regular basis to spot tampering, corruption of data, or missing data to be corrected.
08:59:44 <Zekka> " What does it do?
09:00:03 <Zekka> "This file functions as a process monitor for the other scripts. Should any of the other scripts take more time to process
09:00:06 <Zekka> the task than what is allowed, the watchdog will attempt to reset their status in the database. Other scripts that
09:00:09 <Zekka> encounter some unknown bug or exploit can be restarted this way by the watchdog and the problem recorded in the
09:00:12 <Zekka> log files for the user to examine later if the problem becomes a major issue.
09:00:14 <Zekka> "A
09:00:21 <Zekka> Not just race conditions, but sometimes our scripts will randomly terminate in the middle of execution for no reason!
09:00:36 <Zekka> We don't even check what's going on!
09:01:11 <joepie91> lol
09:01:35 <joepie91> Zekka: see what I mean with laughably bad? :P
09:01:43 <Zekka> I can't help but notice how much ascii there is in their protocol
09:01:46 <joepie91> and "trying to do everything wrong that they possibly can"
09:02:14 <Zekka> It seems like most of the reason they even need three fields of 'crypt_data' is because of the deranged mix of character and numeric encodings they use
09:02:28 <Zekka> Why doe the public key need to be in base 64 if you're just going to base 64 the whole block again?
09:02:50 <Zekka> Why do you even use all these formats that are designed for human-readable or characterset-safe transmission?
09:02:51 Sprinbit (Sprinbit@BF9503E0.95108C33.5B0695F1.IP) has joined #crytocc
09:04:13 <Zekka> I think I'l peek around their site a little more
09:05:37 <Zekka> <- really asking for it
09:05:58 <Zekka> It's a pity that just documenting security holes doesn't count, evidently
09:07:26 <Zekka> This is just a sidenote, but I'm a little curious
09:07:59 <Zekka> It seems to me like by default, the Timekoin software runs as a web server listening on port 80 and because it uses HTTP as a primary communication method, it exposes the pages to most other clients
09:08:09 <Zekka> I wonder if it exposes index.php
09:08:15 <Zekka> Because that would be really sad.
09:08:59 <Zekka> I kind of suspect that they'd forget to make it impossible to just request user actions from another computer by requesting index.php like you were running it yourself
09:09:31 <Zekka> It looks like there is a login screen, I have no idea whether it prevents just making direct POST requests to the relevant pages though
09:10:41 <Zekka> Sometime later I might look into what attacking rand() would take
09:11:38 <Zekka> I know some theoretical attacks exist, I don't know how hard they would be
09:12:13 <Zekka> I imagine they would probably be pretty simple though, from what it sounds like they set the seed with the timestamp immediately before generating the characters
09:12:36 <Zekka> they seem to want the random series of characters to be a function of the timestamp
09:12:42 <Zekka> (head meets desk)
09:13:11 <Zekka> I mean, from what I can tell, it is literally a requirement of the protocol that the random series of characters be a function of the timestamp
09:13:22 <Zekka> because they want it to be reproducible by every client
09:13:37 <Zekka> (Also, for some reason, they seem to think every client will have the same timestamp, don't ask me why they think this)
09:14:13 <Zekka> If there's a single canonical timestamp determined somewhere it would probably be pretty easy to use the transaction history to determine the delta between the local timestamp and the canonical one
09:14:40 <Zekka> The 'shared calculated point' is, well, calculated in advance so you could just calculate the series of random characters for the rand() at that point
09:14:51 <Zekka> joepie91 - Is there something I'm missing or is it literally that stupid?
09:14:55 Sprinbit has quit (Client exited)
09:16:47 <joepie91> Zekka; no, your assessment seems accurate
09:17:25 <Zekka> It kind of blows my mind that they want a random number but their protocol requires it to be a function of information that every client must have in order to participate in transactions
09:18:22 <Zekka> I'm kind of tempted to, if they've got working infrastructure in place, hack away at the codebase and implement an attack
09:19:40 <Zekka> The '1m challenge' probably 1) isn't legit and 2) would take longer than is practical but I'd enjoy seeing hubbub
09:19:56 <Zekka> and if nothing else it means that they're asking for it, so I wouldn't have to feel guilty
09:20:23 <joepie91> lol
09:20:55 <Zekka> it's not really cracking if they're saying "really, exploit our software, we're cool with it"
09:22:31 <Zekka> I guess nobody told them about 'hard to solve, easy to verify'
09:22:56 <Zekka> I should probably get to bed for now though, but I'll pick up a copy of the source code first
09:24:23 <Zekka> joepie91 - If I were to actually do that, are there any VPS hosts you recommend other than ramnode? I can't run a server from here (school network) and ramnode prohibits *coin mining.
09:26:30 <Zekka> Timecoin's system requirements are basically null so I think it's separate in nature from bitcoin but I wouldn't want to ruffle any feathers
09:27:19 <joepie91> Zekka: should probably just ask in #ramnode
09:27:49 <Zekka> Hm, you think they'd make an exception if I pointed out that all it would really be doing is making calculations every few hours and making http requests to other clients?
09:28:49 <joepie91> maybe, idk :P
09:28:59 <joepie91> also
09:29:00 <joepie91> technically
09:29:03 <joepie91> it's not *coin mining
09:29:06 <joepie91> it's a koin, not a coin :)
09:29:38 <Zekka> I have a feeling that stodgy sysadmins would be less than sympathetic
09:29:42 <Zekka> I'll probably ask about it tomorrow
09:29:51 <joepie91> also
09:29:52 <joepie91>
09:30:24 <Zekka> I imagine I'll get more sympathy if I say 'I'm demonstrating a security flaw in this protocol and it involves passively remaining connected to the network but performing very little calculation'
09:30:30 <joepie91> :P
09:31:54 <Zekka> And yeah, his thoughts are similar to mine: there's no way they would ever deliver on the $10,000 promise but if I did this it might bother a few people who need to be bothered
09:32:22 <Zekka> As an alternative, I could write the exploit and then publish it to github rather than running it myself
09:32:40 <Zekka> I'd have to find some way to test it but I wouldn't have to keep it running in the long term
09:33:49 <joepie91> Zekka: that comment I linked to is mine
09:33:50 <joepie91> :P
09:34:08 <Zekka> Oh, good, we're on the same side then
09:34:36 <Zekka> (as if there were much doubt in this case)
09:36:01 <Zekka> It's about 2:35 AM now, I have class in the morning
09:36:06 <Zekka> I'll probably get back to you on this tomorrow
09:36:16 <Zekka> this could be fun
09:37:46 <joepie91> :)
09:38:00 <joepie91> I might whip up a blog post
09:38:01 <joepie91> in the meantim
09:38:03 <joepie91> meantime *
09:38:05 <joepie91> not sure yet
09:38:36 <Zekka> I'm kind of tempted to reimplement their client in a language I like more because I have a feeling their implementation will just be fighting me the whole way
09:40:35 <Zekka> Night
10:00:43 <joepie91> OH
10:01:44 <joepie91>
10:01:45 <joepie91> !
10:02:58 <norbert79> hey joepie91
10:03:16 <norbert79> joepie91: Please stay online so I can survive through a bullshitted last day ITIL training
10:03:29 <norbert79> joepie91: right now the educator is talking about IT security
10:03:34 <norbert79> joepie91: I am hurt...
10:03:36 <norbert79> Big time
10:03:41 <norbert79> just by listening
10:04:26 <norbert79> STAY WITH ME!!
10:04:32 <norbert79> Let's talk about anything
10:06:28 <joepie91> norbert79: lol
10:06:28 <joepie91> hai
10:06:30 <joepie91> ITIL?
10:06:35 <norbert79> yes
10:06:58 <norbert79> ITIL is not the problem... it's the fact, that the educator is fucking text-book
10:07:50 <norbert79> scientifical bullcrap
10:10:53 <norbert79> Oh god, he is finished with the topic on IT security
10:11:03 * joepie91 not sure what 'ITIL' is
10:11:04 <norbert79> finally
10:11:10 <joepie91> also, amusing:
10:11:10 <norbert79> .g ITIL
10:11:16 <norbert79> errr
10:11:19 <norbert79> wait
10:11:38 <norbert79>
10:11:56 botpie91 (botpie91@botpie91.users.cryto) has joined #crytocc
10:11:58 <joepie91> .wik itil
10:11:58 <botpie91> "Atil or Itil, the ancient capital of Khazaria" -
10:12:03 <joepie91> .wik ITIL
10:12:03 <botpie91> "The Information Technology Infrastructure Library (ITIL) is a set of practices for IT service management (ITSM) that focuses on aligning IT services with the needs of business." -
10:12:11 <joepie91> .. what?
10:12:16 * joepie91 just sees buzzwords
10:12:26 <norbert79> it's a manegement system
10:12:31 <norbert79> for companies
10:12:38 <joepie91> doing what?
10:12:42 <norbert79> mostly huge/multi national companies do it
10:13:04 <norbert79> how to prepare a project, risk calculations, change management, risk management, etc
10:13:09 <joepie91> loggy, pointer?
10:13:09 <loggy>
10:13:09 <joepie91> ah
10:13:14 <joepie91> sounds boring
10:13:29 <norbert79> Well, meh, I have done management like work and regular geek too
10:13:46 <norbert79> so it's not unknown for me
10:14:09 <norbert79> and lol @ link
10:14:21 <joepie91> IT'S QUANTUM TECH MAN
10:14:26 <norbert79> hahaha
10:14:28 <norbert79> nice
10:17:07 <norbert79> the issue is, that it's the forth day... the first three was good, because we had a different teacher with real experience
10:17:15 <norbert79> and he kept is common sense
10:17:19 <norbert79> this guy is just bad
10:31:57 <joepie91> lol
10:33:14 pzuraq has quit (Input/output error)
10:33:36 pzuraq ( has joined #crytocc
10:36:47 pzuraq has quit (Ping timeout)
10:39:23 <norbert79> I bought Portal for Linux yesterday...
10:39:31 <norbert79> My first time with Portal I must say
10:39:52 <norbert79> And I am impressed, although had to upgrade to Nvidida Driver 331
10:40:08 <norbert79> aaaand I wnet to bed at 3 am
10:40:17 <norbert79> had to get up at 7
10:40:20 <norbert79> so yeah
10:40:25 <norbert79> Fucked up my sleep :D
10:42:38 * joepie91 tries to figure out his finances
10:42:53 <joepie91> they don't match up :|
10:43:11 <norbert79> Not good
10:43:21 <norbert79> how much difference?
10:44:45 <joepie91> I don't keep explicit track, but from a rough guess I'm some 200 euro off from what I should have
10:44:54 <joepie91> currently trying to figure out what happened
10:45:18 <norbert79> ouch
10:45:22 <norbert79> thats a lot
10:46:16 bipolar (me@3EDF425A.9BC0A1B3.7FF41FDC.IP) has joined #crytocc
10:47:50 <joepie91> might have found problem
10:48:06 <joepie91> fuck I hate money
10:48:10 <joepie91> stupid overhead
10:48:18 <norbert79> Agree
10:48:35 <norbert79> It sounds a bit ironic considering you like Bitcoins ;-)
10:48:45 <norbert79> at least in your case :))
10:49:19 <joepie91> meh
10:49:21 <joepie91> "like"
10:49:32 <joepie91> I would prefer for them to not be necessary
10:49:51 <joepie91> I just find them to be a very good approach until that happens
10:56:35 Sprinbit (Sprinbit@BF9503E0.95108C33.5B0695F1.IP) has joined #crytocc
10:58:23 Cryto368 has quit (Ping timeout)
11:13:04 Sprinbit has quit (Client exited)
11:33:03 <joepie91>
11:47:58 <norbert79> Holland has the highest hacker amount per km2 :))
11:48:14 <norbert79> and by hacker I mean the classical term, not the hyped one
11:54:33 complex (litehode@complex.users.cryto) has joined #crytocc
11:58:35 <joepie91> norbert79: not hard; NL has the highest * amount per km²
11:58:36 <joepie91> lol
11:58:47 <joepie91> also NL != holland\
11:59:55 <norbert79> Alright, alright it is more, than that I know
12:00:32 <norbert79> But still :)
12:00:48 <norbert79> This reminds me I need to contact my Dutch friend about a server
12:00:52 <norbert79> he promised me
12:01:00 <norbert79> err, offered
12:09:16 <joepie91> lol
12:10:29 Zekka has quit (Ping timeout)
12:10:52 LapAnon ( has joined #crytocc
12:12:26 Zekka ( has joined #crytocc
12:13:05 crafy_d (crafy_d@crafyd-08896.users.cryto) has joined #crytocc
12:17:12 <crafy_d> o/
12:20:11 crafy_d has quit (User quit:  Leaving)
12:31:27 <joepie91> .bitcoin
12:31:28 <botpie91> 1 BTC = $288.58, 1 BTC = €227.60
13:07:39 <DrWhat> .bitcoin
13:07:40 <botpie91> 1 BTC = $284.70, 1 BTC = €224.00
13:07:43 <DrWhat> :(
13:09:04 <norbert79> let's wait another half an hour
13:09:13 <norbert79> maybe it gets cheap enough to buy a few
13:25:26 <joepie91> .bitcoin
13:25:41 <botpie91> ValueError: No JSON object could be decoded (file "/usr/lib/python2.6/json/", line 338, in raw_decode)
13:25:44 <joepie91> wha
13:25:52 <joepie91> .bitcoin
13:25:53 <botpie91> 1 BTC = $284.00, 1 BTC = €223.11
13:25:56 <joepie91> lol
13:31:42 <probably> ogawd
13:31:50 <probably> c++ yunoaddtoregistry
13:32:12 <probably> even with admin rights it refuses to write to registry
13:38:36 mama ( has joined #crytocc
13:41:24 <DrWhat> .bitcoin
13:41:25 <botpie91> 1 BTC = $286.50, 1 BTC = €227.49
13:41:37 <DrWhat> when it reaches $300
13:41:42 <DrWhat> imma Fuck joepie91
13:44:09 Zekka has quit (Ping timeout)
14:00:51 dpk ( has joined #crytocc
14:25:33 <joepie91> DrWhat: because then you'll have enough money to take a train/ferry? :P
14:25:36 <joepie91> er
14:25:39 <joepie91> plane/ferry *
14:25:41 <joepie91> words are hard
14:27:39 Sprinbit (Sprinbit@BF9503E0.95108C33.5B0695F1.IP) has joined #crytocc
14:41:16 <cayce> ugh I'm almost crying already
14:41:35 <cayce> so completely burnt out I can't even speak accurately lol
14:42:36 <cayce> people burnt out not intellectually burnt out e.e
14:42:40 Sprinbit has parted #crytocc (None)
14:42:46 <cayce> and I have class today! :| gonna die :|
14:42:51 Sprinbit (Sprinbit@BF9503E0.95108C33.5B0695F1.IP) has joined #crytocc
14:43:07 * cayce hopes thermos of coffee can help
14:50:41 Sprinbit has quit (Ping timeout)
15:05:04 tmbucky ( has joined #crytocc
15:06:26 tmbucky has quit (User quit:  Connection closed)
15:08:14 Zekka (zekka@Zekka.users.cryto) has joined #crytocc
15:29:48 Zekka has quit (Ping timeout)
15:40:25 Zekka ( has joined #crytocc
15:48:06 Goochy (coolstory@1EDA8799.3D60A02.1AB8F98B.IP) has joined #crytocc
15:50:19 mama_ (me@676770E8.7FABF9B8.573B367D.IP) has joined #crytocc
15:51:57 mama has quit (Ping timeout)
15:52:04 *** mama_ is now known as mama
16:00:43 dumnut ( has joined #crytocc
16:00:44 bipolar has quit (Connection reset by peer)
16:08:14 Pandora ( has joined #crytocc
16:12:34 zest (zest@60F0BC49.9144D476.78C94033.IP) has joined #crytocc
16:19:34 achus ( has joined #crytocc
16:23:06 aHlTat (aHlTat@aHlTat.users.cryto) has joined #crytocc
16:43:46 Pandora has quit (Connection reset by peer)
16:47:29 <zxcvbnm> .bitcoin
16:47:30 <botpie91> 1 BTC = $296.09, 1 BTC = €232.00
16:49:43 Pandora ( has joined #crytocc
17:04:29 <zxcvbnm> .bitcoin
17:04:30 <botpie91> 1 BTC = $294.99, 1 BTC = €228.08
17:32:53 <joepie91> - "Police officers have broken into 30 student houses yesterday morning, to show that these are often badly secured. If the students weren't home, the officers left behind proof in the form of a polaroid photo of them posing in the room. Some photos were also put on Facebook."
17:36:29 Zekka has quit (Ping timeout)
17:36:45 Zekka (zekka@Zekka.users.cryto) has joined #crytocc
17:51:24 Zekka has quit (Ping timeout)
17:58:49 Zekka (zekka@Zekka.users.cryto) has joined #crytocc
18:25:30 Zekka has quit (Ping timeout)
18:42:45 Riddler (Riddler@5FD71087.11DC8350.1A26DB37.IP) has joined #crytocc
18:42:48 <Riddler> hello
18:51:19 Riddler has parted #crytocc ()
18:52:45 joepie91 has quit (Ping timeout)
18:58:05 macbeth (Macbeth@Macbeth.users.cryto) has joined #crytocc
18:58:09 <macbeth> Oi
19:01:04 <tintin> hi macbeth
19:02:06 <macbeth> Hey tintin
19:02:08 <macbeth> What's new?
19:02:57 <tintin> no idea, i'm out of touch :/
19:03:03 <macbeth> he he
19:07:18 Zekka (zekka@Zekka.users.cryto) has joined #crytocc
19:07:54 <Zekka> joepie91 - Just so you know, the TimeKoin codebase is horrible
19:08:04 <Zekka> total spaghetti, everything is a race condition
19:09:43 <Zekka> If you haven't read it you should probably give it a look, right now I'm specifying the original implementation in detail along with attempting to specify the intended behavior
19:09:54 <Zekka> because the original spec fails at both of those things
19:12:06 <Zekka> Of course, when I say 'everything is a race condition', I mean it literally
19:12:26 <macbeth> Huh
19:12:33 <Zekka> every subprocess which has any effect on global state has the chance to spontaneously die and never update it again
19:12:50 <Zekka> meaning that there is no guarantee that any part of the code actually finishes its task before the other parts that depend on it act
19:13:33 <Zekka> It's also filled with hardcoded sql and concatenation
19:13:42 <Zekka> haven't seen any injection attacks yet but it probably won't be long
19:14:33 <Zekka> (Most of the sql I've seen so far is only used internally, I haven't gotten to the parts that actually respond to p2p messages yet)
19:15:29 <Zekka> (From what I can tell so far though, they're not fans of string escaping)
19:21:35 tintin has quit (User quit:  leaving)
19:25:51 zest has quit (Client exited)
19:44:38 dumnut has quit (Ping timeout)
19:47:36 dpk has quit (Ping timeout)
19:52:32 Goochy has quit (Ping timeout)
19:53:14 pzuraq ( has joined #crytocc
19:56:16 pzuraq has quit (Connection reset by peer)
19:56:36 pzuraq ( has joined #crytocc
20:16:52 TheFlashITA (theflash@7D686231.D2D1D1DF.AEB828E7.IP) has joined #crytocc
20:17:19 TheFlashITA has parted #crytocc (None)
20:23:50 Zekka has quit (Ping timeout)
20:25:42 pzuraq has quit (Connection reset by peer)
20:26:04 pzuraq ( has joined #crytocc
20:31:47 Zekka ( has joined #crytocc
20:39:11 Zekka has quit (Ping timeout)
20:51:14 schism ( has joined #crytocc
20:51:41 <schism> quick question, using linux whats the best text editor for html
20:52:11 <macbeth> You mean web dev?
20:52:28 <schism> making html pages mainly
20:52:37 <macbeth> An awesome editor for HTML, JavaScript and CSS that is cross platform and available on Linux is brackets
20:52:37 <schism> learning it
20:52:42 <macbeth> Awesome
20:52:43 <macbeth> Good for you
20:52:54 <macbeth> Make sure you learn CSS too, HTML looks shit with out it
20:52:56 <schism> ok will check it out thanks
20:53:06 <macbeth> here:
20:53:07 <schism> yeah im doing both
20:53:15 <macbeth> Awesome, good for you.
20:53:27 <schism> heard that linux was not great fro html
20:53:36 <schism> was recommended emac
20:53:54 <macbeth> Linux is totally open source and meant for creators and people who don't like the shackles of other operating systems, so that's not true at all
20:53:59 <macbeth> What distro are you using?
20:54:34 <macbeth> IE: Ubuntu, Debian, Fedora, etc
20:55:00 <schism> linux lite which is ubuntu based
20:55:12 <schism> with xfce
20:55:16 <macbeth> Hmm...
20:56:10 <macbeth> Yeah, Ubuntu is closed source, and totally not what linux was meant for. It was created because people wanted an opensource operating system and then game Gnu and then Linux and then loads of distros of linux and then came Ubuntu and fucked the whole thingup
20:56:40 <schism> yeah i know
20:56:53 <macbeth> Oh, alright
20:57:02 <schism> was using ubuntu but scrapped it for this
20:57:10 <schism> just looks nicer
20:57:20 <schism> but stable like ubuntu
20:57:25 <macbeth> You should use Debian. Just like Ubuntu except easier to navigate, better UI, and eith out the shitty useless features
20:57:30 <macbeth> One of the first
20:57:41 <macbeth> Very powerful. It's like the queen mother of all GNU/Linux
20:57:46 <schism> yeah a lot of people has said that
20:58:12 <schism> well im happy to change it so may look into that
20:58:35 <macbeth> Cool
20:58:59 <macbeth> But there are distros that are just geared for developing in general. What ever, Obj-C to simple HTML.
20:59:51 <schism> yeah wont domething i can just use as a os and watch torrents on etc
20:59:59 <macbeth> Got it
21:00:03 <schism> like normal people lol
21:00:16 <schism> also be able to study code
21:00:33 <schism> i will look into debian
21:00:34 <macbeth> Where are you studing code now?
21:00:40 <macbeth> CodeCademy?
21:00:48 <schism> just by myself
21:00:59 <schism> used codeacademy for a bit
21:01:10 <schism> but decided to go through books
21:01:19 <macbeth> Don't just pick up random syntax here and there. You need a book.,
21:01:26 <macbeth> Oh, :P
21:01:41 <schism> also doing python and java
21:01:44 <macbeth> w3schools has an amazing book on CSS that I recently read. Very through and easy
21:01:50 <schism> python in termninal
21:01:57 <macbeth> Java is very verbose, not the first thing you should be learning.
21:02:23 <schism> yeah i have kind been studying python more
21:02:29 <macbeth> cool
21:02:42 <macbeth> If you're looking for something a little moar simple, Ruby is nice
21:02:50 iceTwy ( has joined #crytocc
21:02:55 <macbeth> Hey ice
21:03:11 <iceTwy> Hey there macbeth
21:03:24 <schism> yeah i heard ruby is good
21:03:32 Zekka (zekka@Zekka.users.cryto) has joined #crytocc
21:03:45 <schism> closest i got to ruby is using wpscan
21:03:58 <iceTwy> ruby? good?
21:04:04 <iceTwy> saywat
21:04:17 <iceTwy> convenient for the end-user - why not
21:04:17 <macbeth> We're talking about wht programming language he should begin w/
21:04:24 <iceTwy> schism: Python
21:04:36 <macbeth> Si
21:04:44 <macbeth> schism, iceTwy is fantastic w/ linux, so you should ask him rather then  me.
21:04:48 <iceTwy> schism: because Python's syntax is easy, you won't spend 13404503450 hours of your time to understand it
21:04:52 <schism> yeah i know, i like python
21:04:56 <iceTwy> but please understand
21:05:00 <iceTwy> it's not about learning a language
21:05:05 <iceTwy> it's about learning how to program
21:05:11 <iceTwy> (in a general manner)
21:05:26 <schism> yeah well thats what i wanna do
21:05:28 <iceTwy> I mean, the goal of beginning programming is to learn the basics
21:05:32 <macbeth> True
21:05:37 <iceTwy> those basics, will be found in whatever language
21:05:57 <iceTwy> schism: one book I love
21:06:08 <iceTwy> is
21:06:23 <iceTwy>
21:06:28 <iceTwy> .title
21:06:29 <botpie91> iceTwy: How to Think Like a Computer Scientist — How to Think Like a Computer Scientist: Learning with Python 2nd Edition documentation
21:06:40 <Zekka> (Minding that the language constructs you work with can differ between languages to the point where learning one or two languages might not be enough to grok the fundamentals)
21:07:02 <iceTwy> ^ indeed
21:07:08 <iceTwy> but at least you will know about the basics
21:07:10 <Zekka> (as an example, Java programmers who have no idea how to think without objects)
21:07:24 <iceTwy> and how to implement them in a simple way because you'll have learnt those basics with a simple language
21:07:39 <iceTwy> the only remaining thing will be to adapt to the language, as Zekka said
21:07:56 <schism> i will try to get that book
21:08:23 <Zekka> I'm mostly pointing out that there's a lot more grey area than might be apparent between the concepts expressed by a language and basic fundamentals of programming
21:08:37 <iceTwy> schism: it's free!
21:08:39 <iceTwy> and open source
21:08:46 <iceTwy> the book is free and open source, just like Python
21:08:55 <iceTwy> which is a second reason I love this book for
21:08:59 <iceTwy> god ffs
21:09:03 <iceTwy> my back huuuuuuuurts
21:09:46 <schism> ok cool
21:10:01 <schism> not that your back hurts but because its free
21:12:42 <iceTwy> aye
21:12:43 <schism> ok thanks for advice and links
21:13:12 <schism> most helpful
21:16:48 complex_ (litehode@1FB20456.69AC617A.F6E1C77B.IP) has joined #crytocc
21:18:06 complex has quit (Ping timeout)
21:18:42 <Zekka> Does anybody have any idea what the point of this peer scoring system for Timekoin is? (`active_peer_list`.`failed_sent_heartbeat`)
21:18:54 <Zekka> I can't find any part of the codebase that actually does anything useful with it
21:18:57 complex_ has quit (Input/output error)
21:19:12 <Zekka> (This is mostly a thinly veiled complaint about another hideous design flaw)
21:19:32 <Zekka> It looks like quite a lot of code is dedicated to maintaining scores but the only part of the program that can actually use it for anything is the UI
21:20:14 <Zekka> (and by 'use it', I mean 'it echos the value to stdout')
21:22:45 Macbeth_ ( has joined #crytocc
21:22:45 macbeth has quit (Connection reset by peer)
21:22:51 *** Macbeth_ is now known as invisablecomment
21:23:09 <invisablecomment>
21:23:15 *** invisablecomment is now known as macbeth
21:23:53 <Zekka> This codebase unfortunately didn't become magically better in the time I spent not working on it
21:26:27 schism has parted #crytocc ()
21:41:49 <MK_FG> If it's such a broken thing, why do you even bother with it?
21:42:00 <macbeth> true
21:42:31 <MK_FG> Well, it wasn't really a statement ;)
21:43:08 <Zekka> MK_FG - So I can reimplement it and lord my reimplementation over the original author like a massive jerk
21:43:22 <Zekka> and publish all the security holes and design flaws to boot
21:43:28 <MK_FG> Heh
21:43:41 <Zekka> (There's no shortage of security holes)
21:44:16 <MK_FG> And given what was said above (though I mostly skipped it), I'd think the whole system might be broken?
21:44:29 <MK_FG> I.e. shouldn't work even in theory
21:44:32 <Zekka> The impression I get is that it works but it's extremely rickety
21:44:39 <Zekka> it's kind of a miracle of nature
21:44:41 iceTwy has quit (Ping timeout)
21:44:42 <Zekka> I haven't tried to run it though
21:44:53 iceTwy ( has joined #crytocc
21:44:55 <Zekka> I just know that other people have been able to get it working
21:45:18 <MK_FG> Oh well, you sure is one dedicated massive jerk :P
21:45:32 <Zekka> I haven't gone into the large attempt-fault-recovery system
21:45:48 <Zekka> which is probably responsible for it not keeling over and dying even if it's doing definitely wrong things
21:46:21 <Zekka> It uses heavy multiprocessing and will randomly terminate or restart subprocesses clearing parts of their state and basically lobotomizing them if it doesn't think they're working
21:47:59 <Zekka> It's got a pretty extensive life support system for them
21:48:42 <Zekka> it uses a couple DB tables as giant kv stores where each subprocess gets its own (hardcoded) 'active' and 'heartbeat' fields where it can indicate things like 'I died with an error' or 'I'm active, but the heartbeat field indicates that I've mysteriously hung'
21:49:06 <Zekka> fun fact, from what I can tell, if a core process mysteriously hangs it will repeatedly launch instances of that process until it stops
21:49:18 <Zekka> if those instances hang then it will just keep doing this until dead
21:50:12 <Zekka> It's not just so I can lord it over people, it's also because it's kind of fun to read
21:50:44 <Zekka> It has great naming conventions like 'Ambient Peer Restart'
21:50:51 Pandora has quit (User quit:  Leaving)
21:50:54 <Zekka> which has nothing to do with peers and presumably nothing to do with ambience
21:50:59 <Zekka> and about 97% of the time has nothing to do with restarts
21:56:24 <MK_FG> I'd worry for my sanity reading such things
21:57:05 <MK_FG> And who knows which eldritch abominations might come out to get you if you try to comprehend it all...
21:57:32 <Zekka> I don't know if I mentioned, but the developers are claiming to be willing to give out a $10k prize to the first person to steal 1mil units of their virtual currency
21:57:44 <Zekka> (I doubt they will actually do this)
21:57:47 <MK_FG> Oh!
21:58:00 <MK_FG> That certainly explains your dedication :P
21:58:13 <Zekka> Only 2mil units exist right now so you would have to take them from other people, most likely
21:58:41 <Zekka> the exploits I've found are possible sql injection (needs to be explored) which could be used to just steal coins, and a way to rig the mining system in your favor
21:58:58 <Zekka> the last one has been known to exist for a while but I don't think anyone's exploited it yet
21:59:15 macbeth has parted #crytocc (GAH!!)
21:59:21 <Zekka> in theory you can win the mining lottery every time through the magic of simple math
21:59:59 <Zekka> Anyway, it makes me feel justified in actively trying to crack their system.
22:01:05 tintin (tintin@54DCF7FA.BC88B0C2.A27E456C.IP) has joined #crytocc
22:02:39 <Zekka> Going to go upstairs, I may drop offline
22:05:51 Zekka has quit (Ping timeout)
22:13:30 Zekka ( has joined #crytocc
23:05:04 MRdjst0rm ( has joined #crytocc
23:06:27 MRdjst0rm has quit (User quit:  Connection closed)
23:26:54 pzuraq has quit (Connection reset by peer)
23:27:16 pzuraq ( has joined #crytocc
23:31:20 complex (litehode@complex.users.cryto) has joined #crytocc
23:50:18 x (foobar@C35CA8A8.589C91BA.8F6A2B14.IP) has joined #crytocc
23:52:52 iceTwy has quit (User quit:  Disconnecting from server)