<OriansJ>Hagfish: the email address bit doesn't work as one can buy a domain for $5/year and one can setup an infinite number of email addresses on a single domain that they own. <OriansJ>now adding a financial cost can reduce the number of people with x+ number of files but it doesn't stop people having more than one file. <Hagfish>i'm not sure how websites deal with that issue, to stop someone registering millions of fake accounts <Hagfish>some probably block signups from Tor and VPNs, but most probably don't <OriansJ>also that wouldn't work as there are organizations that rent access to IP blocks <OriansJ>most of it is black market but some is grey <Hagfish>that sounds like a VPN, but more work <OriansJ>well intelligence agencies need a way to hide but appear legit <OriansJ>so you tor into your provider, who hijacked a bunch of comcast routers and now you are effectively (your desired identity block) <OriansJ>China and Russia buy from the same providers as the US government; so IP doesn't mean shit to someone willing to spend money <OriansJ>Local browser fingerprints don't work as virtual machines are cheap to spin up <OriansJ>Basically anyone willing to spend money can game any metric of what you have or what you are. <OriansJ>Fake IDs can be ordered through black markets; governments forge IDs all the time. <OriansJ>Blockchains based on proof of work are controlled by whoever is willing to spend enough money on crunching hardware. <OriansJ>Blockchains based on proof of ownership are rigged by default <OriansJ>chain of trust however has an interesting possiblity to work <OriansJ>but only so long as those signing keys of new members actually do checking that the person they are signing are not duplicates (which is a problem) <OriansJ>Hagfish: how about proof of storage? <OriansJ>as in you can store as many files as you want; provided you are storing a greater number of files for others. <vagrantc>duiniter attempts to implement a web-of-trust in that way <vagrantc>but ... slow to grow, if you have only one web of trust <OriansJ>vagrantc: not if government issued; like all ID cards having a private key and public key embedded (signed by that said government) <vagrantc>because you implicitly trust all goverments? <OriansJ>vagrantc: absolutely not, I only work for the State of Michigan. I don't trust them to do things right by default. <OriansJ>but governments are the most important invention for human survival in history. <OriansJ>They are responsible for more saved lives than any invention in history (and more dead bodies too) <OriansJ>(usually when people are declared non-citizens or enemies of the state) ***dongcarl1 is now known as dongcarl
<OriansJ>So we are struck trusting something we know will be abused or we are struck trusting something we know has a process for how it will be abused. <vagrantc>most government-issued IDs with cryptography i'm aware include backdoors for the secret keys <OriansJ>vagrantc: well they generate the secret keys, so there is no need for backdoors <OriansJ>it is kinda like saying The Post office has a backdoor for knowing what your zipcode is. No they just assigned it to you and know what it is <vagrantc>well, sure, but that's not a property of a cryptographic system one might trust <vagrantc>or at least, you know the limits of trust <OriansJ>vagrantc: one must remember half of the NSA's mandate is secure communication technologies for use in the United States and the other half is to break the secure communication technologies of other countries. <OriansJ>So for a long time their efforts in the crypto space was largely helpful. S-boxes were not readily trusted but here we are. <OriansJ>also Government ID cryptography has nothing to do with you keeping secrets from the government but rather allow you to identify yourself for common business trust. (like open bank accounts, vote online, etc) <vagrantc>it sure beats non-cryptographic IDs for such things <vagrantc>as those have all the same problems, but are largely trivial to compromise <OriansJ>anyone who uses the State issued secret key to transmit data they want to keep secret from the government that issued them that key. clearly needs a class in basic common sense. <OriansJ>all systems can be compromised. Soviet rectal-thermal cryptography proved that. <OriansJ>(They basically shove a soldiering iron up the subject's but and turn it on; usually spilling the secrets before it gets hot enough to do serious damage) <V>I randomly switch to this channel's buffer and that's the first thing I see being discussed <OriansJ>All security is a question of what is the weakest link in the chain and the answer is usualy the humans. <V>okay, but also that doesn't work on masochists <OriansJ>V: fair but there are other ways on them. Like a "coupon plugin" for their browser. Or a "Sales app" for their phone. <V>the attacker is *always* at an advantage <OriansJ>It is amazing what people will do for $5 off a $20 item. <V>they have infinite possibilities, the defender has to slip up only once <OriansJ>V: with the only exception being the trusting trust attack family of security. <OriansJ>where the attacker has to defend from all possible trusted bootstraps and the defender needs only create one that is uncompromised. <V>well... in that situation, the attacker has to hide <V>ultimately it's more pragmatic to just write a rootkit <OriansJ>hence why stage0 is throwing arbitrary hardware; arbitrary operating systems and universal perfect reproducibility at it. <OriansJ>You have to compromise ALL hardware (including that which hasn't even been dreamed of yet) <OriansJ>as every piece above cc_* is universally reproducible. <OriansJ>armv7l, x86, knight, etc all producing identicial binaries. <OriansJ>The steps below cc_* are all easy to do by anyone familiar with basic assembly programming. <OriansJ>and will work on arbitrary hardware. <OriansJ>(We can do z80, 6502, 6809, vax, etc bootstraps if we want) <siraben>rain1: at the moment it takes a detour to (a lazy) Lisp to continue the Haskell bootstrap, this was done as a sanity check on my end. I think the next step is to implement a strict Scheme on top, with FFI and I/O. <OriansJ>siraben: well I look forward to that route taking shape. It would indeed be ironic for a minimal Haskell to bootstrapped before we bootstrap a proper scheme or GCC. <rain1>and this is a tall tower of interpreters? <rain1>so it would end up having a huge slowdown factor? <siraben>rain1: not a tower of interpreters, just a chain of compilers. <siraben>Each compiler compiles to ION assembly which gets assembled and run by the C VM. <siraben>I was concerned about implementing a call-by-value lambda calculus on top of the graph-based VM usually meant for call-by-need LC, but converting to CPS should allow me to emulate CBV in CBN. <siraben>lol why are there no good tutorial implementations of, say, `define-syntax`? At appears easier to implement type inference than macro expansion at this point. <fossy>siraben I assume youre aware of mes-m2? <siraben>i'm aiming to achieve what mes-m2 does but through a different approach <fossy>so, where in your approach do you start? <siraben>fossy: did you see the logs from a few weeks ago when I described this? if not I can explain again <jelle>hmm vagrant has no bouncer :( <fossy>if i understand this Ben Lynn thingo correctly. is it just one c file <fossy>then everything comes from that?? <fossy>all the way to a hskell compiler? <fossy>if so... that is super duper cool <fossy>siraben: are you aware of any (reasonable) r5s5 scheme interpreters in Haskell? <siraben>Doesn't have I/O but correctly implements the semantics of R5RS according to the formal semantics in the report <fossy>right. what am i looking at here <fossy>(sorry if this is a silly question i am not familiar with haskell) <siraben>After a few compilers it becomes readable (basically lambda calculus) <fossy>right, so with some level of mathematics education and knwoledge of this, it is reasonably unhard to reason about, i guess? <siraben>"Ideally, to avoid "trusting trust" issues, all this should have been done manually. Nonetheless, each of the our terms seem short enough that a sufficiently motivated human could verify them." <siraben>Yes, you don't need math knowledge per se but it helps. <fossy>i will be looking through this webpage tomorrow <siraben>You could just syntactically follow the rewrite rules to hand-assemble the first few compilers manually, for instance. <siraben>Yeah. Also Ben Lynn turned this into an IOCCC entry and won last year, heh. <OriansJ>siraben: well it wouldn't be the first time that something we thought was *impossible* or *extremely hard* ended up being easier to implement than the alternatives we try. <OriansJ>anyone know of a *GOOD* introduction to haskell? <siraben>I recommend "Programming in Haskell" by Graham Hutton. It's what I used when I first learned it. <V>isn't the classic one "learn you a haskell"? <siraben>I've heard Learn You A Haskell is somewhat controversial in the way it presents some of the ideas, haha <siraben>from a quick search in Freenode #haskell, "The problem with LYAH is: It's not greatly structured, glosses over some details, and has no exercises (and kinda dated)" <siraben>Also, there's a gap between learning Haskell and using Haskell in a practical manner, similar to the situation in Scheme I suppose. <OriansJ>siraben: well if I know the syntax rules, the rest doesn't matter <siraben>You can do without whitespace sensitivity, Ben Lynn does this for several stages until he implements whitespace sensitive parsing. It remains valid Haskell either way <OriansJ>a lexicial grammer and a seperate context free grammar and I am guessing some common patterns used by Haskell programmers to avoid mixing them in a way that gets you in trouble. <OriansJ>I guess I am going to allocate some time to reading and experiments