Perl 6 - the future is here, just unevenly distributed

IRC log for #moarvm, 2013-11-07

| Channels | #moarvm index | Today | | Search | Google Search | Plain-Text | summary

All times shown according to UTC.

Time Nick Message
01:33 woosley joined #moarvm
04:54 TimToady http://blog.booking.com/hardening-perls-hash-function.html is probably in important read in here, though perhaps with diakopter++'s lock-free hashes it's not an issue
04:54 TimToady for unshared hashes, maybe we should think about stealing 5.18's impl
04:58 TimToady nwc10: opinions?
04:59 TimToady also, interesting second reply regarding distinguishing static EnumMaps from general bullet-proof dynamic hashes
04:59 TimToady p5 doesn't really have the type system to distinguish those well, but p5 does
05:05 tadzik s:2nd/p5/p6/?
05:42 TimToady si.
06:10 johnny5_ joined #moarvm
06:13 johnny5_ joined #moarvm
07:38 FROGGS joined #moarvm
08:37 cognominal joined #moarvm
09:05 FROGGS joined #moarvm
09:50 nwc10 TimToady: in order
09:51 nwc10 -1: I'm not a mathemetician. I'm really not a cryptographer
09:52 nwc10 0: For all that's been reported about the possibility of these attacks, it's not clear than anyone is exploiting them. (Python's hash function is intentionally fast, and hence weak. Even their randomisation is not very good. There's an open bug or two about this, but offhand I don't know the IDs. Despite this, I'm not aware of people taking out django sites for "fun" or profit)
09:52 nwc10 1: If you don't randomise your hashes you're at risk
09:53 nwc10 2) On current hardware, anything less than 40 bits of entropy is easy to brute-force
09:54 nwc10 3) you need to mix in all that entropy into the output hash function, however short the string, else you can attack the hash function using progressively longer strings
09:55 nwc10 4) There isn't any formal cryptoanalysis on the hash function adopted by perl 5, but IIRC there actually isn't any *either* for Siphash. The perl 5 hash function (a) uses both arithmetic and bitwise operators in each hashing round, which as I understand it makes it harder to analyse (so IIRC does SipHash), and by merging in the key 1 byte at a time (rather than 4 or 8 at a time) does more rounds, which hinders analysis
09:56 nwc10 5) The aim of all of this is only to ensure that an attacker can't cheat - to avoid giving an attack a way to DOS that costs less than sending all the data anyway
09:56 nwc10 I think that that's about it
09:57 nwc10 And if there are obvious flaws in what I said, please don't report them here on a publicly logged channel.
09:57 nwc10 I didn't get time to read the article in draft form - I think that there's one part that isn't accurate - the theoretical Perl 5 attack would be with <40 keys. So Apache's 512 limit isn't going to help.
10:32 ssutch_ joined #moarvm
11:00 wsri joined #moarvm
12:16 moritz_ joined #moarvm
12:17 krunen_ joined #moarvm
12:17 rjbs- joined #moarvm
12:17 Util_ joined #moarvm
12:22 nwc10 joined #moarvm
12:23 rblackwe joined #moarvm
14:07 jnap joined #moarvm
14:30 colomon joined #moarvm
14:32 cognominal joined #moarvm
15:11 cognominal joined #moarvm
15:46 jnap joined #moarvm
17:21 FROGGS diakopter: re https://github.com/MoarVM/MoarVM/commit/d10b3fbd99121bac8b160b0da8bcf52882fa1783#commitcomment-4538837
17:21 FROGGS diakopter: these would be MVM_OSHANDLE_FD then I guess?
17:22 FROGGS I can implement uv_close for these...
17:22 diakopter FD?
17:22 diakopter I thought there was a boolean flag
17:22 diakopter last I knew
17:22 diakopter as to whether it's a standard one of the 3
17:23 FROGGS MVM_OSHANDLE_FD
17:23 FROGGS err
17:23 FROGGS https://github.com/MoarVM/MoarVM/blob/master/src/6model/reprs/MVMOSHandle.c#L54
17:23 diakopter yeah, that's different from how I did it
17:24 diakopter wth is the difference between a _HANDLE and a _FD
17:24 diakopter and what happened to the dir handle type?
17:24 TimToady well, technically, an FD should be an integer
17:25 FROGGS yes, open_fh sets type to MVM_OSHANDLE_FD
17:25 FROGGS and getstd* sets MVM_OSHANDLE_HANDLE
17:25 diakopter sigh.
17:25 diakopter you'd think someone was reviewing those libuv commits :P
17:26 FROGGS diakopter: dir_open sets MVM_OSHANDLE_DIR
17:26 diakopter ok, but that's not listed in that switch/case
17:26 FROGGS true
17:27 diakopter .oO( two eyes are better than zero.. )
17:27 * TimToady winks
17:28 diakopter jnthn: GREETINGS FROM THE ONLINE REALMS OF NOT_QUITE_REAL_LIFE_BUT_REALLY_REAL_LIFE
17:45 * TimToady gets a num feeling
17:52 * diakopter gets a float feeling
17:52 * jnthn gets a long feeling
17:53 * lizmat gets a double feeling
17:54 * timotimo gets a string feeling
17:56 jnthn .oO( and when I get that feeling, I need strongly typed healing... )
17:56 colomon joined #moarvm
17:58 cognominal joined #moarvm
17:58 TimToady r: say "string" ~~ Real
17:59 camelia rakudo-jvm 882e33: OUTPUT«(timeout)»
17:59 camelia ..rakudo-parrot 158e90: OUTPUT«False␤»
17:59 TimToady r: say num ~~ Real
17:59 camelia rakudo-jvm 882e33: OUTPUT«(timeout)»
17:59 camelia ..rakudo-parrot 158e90: OUTPUT«False␤»
17:59 TimToady hmm
17:59 TimToady p: say Num ~~ Real
17:59 camelia rakudo-parrot 158e90: OUTPUT«True␤»
18:00 TimToady meseemeth that num should ~~ Real
18:00 diakopter meesa cold beans
18:00 diakopter r-j: ;
18:01 camelia rakudo-jvm 882e33: OUTPUT«(timeout)»
18:01 diakopter r-j: 1
18:01 camelia rakudo-jvm 882e33: OUTPUT«(timeout)»
18:02 diakopter r-j: 1
18:02 camelia rakudo-jvm 882e33: OUTPUT«Can't call method "syswrite" on an undefined value at /home/p6eval/jvm-rakudo/eval-client.pl line 32.␤»
18:02 diakopter -_-
18:09 dalek joined #moarvm
19:12 FROGGS nqp: nqp::shell('echo $PWD', '/tmp', {}); nqp::spawn(['echo', '$PWD'], '/tmp', {})
19:13 camelia nqp-moarvm, nqp-jvm, nqp-parrot: OUTPUT«/tmp␤$PWD␤»
19:13 FROGGS lovely
19:19 jnthn Is that how it's meant to be? :)
19:24 FROGGS jnthn: yes :o)
19:24 jnthn ok, then FROGGS++ :)
19:24 FROGGS spawn is meant to exeute the program directly, which means that shell variables are not recognized
19:24 FROGGS (and it really does not spawn a shell fwiw)
19:25 jnthn ah, gotcha
19:27 FROGGS but it still does a PATH search for the program... the path supplied by the %env hash as the last arg
19:30 FROGGS nqp: say(nqp::shell('true', '/tmp', nqp::hash('PATH', ''))); say(nqp::spawn(['true'], '/tmp', nqp::hash('PATH', '')))
19:30 camelia nqp-moarvm: OUTPUT«execvp(): No such file or directory␤0␤-2␤»
19:30 camelia ..nqp-parrot: OUTPUT«65280␤65280␤»
19:30 camelia ..nqp-jvm: OUTPUT«0␤0␤»
19:30 FROGGS not very consistent nor portable :/
20:39 woolfy joined #moarvm
20:44 ssutch joined #moarvm
20:48 timotimo bleh :(
20:51 FROGGS well, everything is fixable
21:31 diakopter but not everything is fixable with a feasible amount of resources, including time
21:32 diakopter <- spoilsport
21:48 BenGoldberg joined #moarvm
21:59 lue joined #moarvm
23:15 colomon joined #moarvm

| Channels | #moarvm index | Today | | Search | Google Search | Plain-Text | summary