now if only we had an ec2 account and hundreds of machines to distribute it over :P
ianmcorvidae
heh
ocharles
running it in one script would take about 8 hours with the current cost I'm using, so instead I stick all the usernames in a pgq and the script iterates that queue
ianmcorvidae
how much work are we requiring? (assuming this is for the plaintext password bit)
ocharles
cost factor is 8 atm
we can ramp that up later if we need
8 hashes about 3 passwords/second on my laptop
ianmcorvidae
oof
ocharles
and also nearly melts it
ianmcorvidae
we'll probably want that higher then IMO, but it'll do for the first pass
ocharles
I don't think we want it much higher than that
ianmcorvidae
understanding the "we're not a bank" caveat, the recommendation for really really good security is for it to do more like 1/2 a hash per second
ruaok
omfg a new pope. they like the white smoke out of the sistine chapel.
probably too much voltage applied to the cardinals.
warp
haha
ianmcorvidae
haha
ruaok
*let
warp is watching a live stream
ocharles
ianmcorvidae: you want users to wait two seconds to login?
i mean, i get the tradeoff, but essentially you move password security to a new DoS attack point :P
ianmcorvidae
haha
I guess my point is also that your laptop is not as beefy as our servers, either
ocharles
note that we might want basic authentication in the future, which means you make the WS take 2 seconds for authenticated calls
ianmcorvidae
ah, true, hm
ocharles
my laptop is 3GHz and seeing as this is almost entirely cpu bound it's not that much out
ianmcorvidae
I guess that makes oauth look better for people, but obviously that's not the point here ;)
okay, okay
ocharles
I really wouldn't go higher than 8. a cost of 2 is really enough to make me happy, and 8 shows we have really done due diligence :)
alastairp joined the channel
but i still have more work to do anyway, but proof of concept is looking good
ianmcorvidae
whoo :)
ocharles
plan is to fire up the hashing worker which will hash into a `bcrypt` column in editor, along with triggers to catch editors who change their password in the meantime. then at upgrade time, we can flip the columns and almost atomically roll this out
I have some more schema change work ready to share, but I still can't push to bitbucket because it won't accept my key
if support don't reply tomorrow i'll make a temporary new key
man, I don't remember the last time I received a cheque
reosarevok
heh
I was paid by cheque when I was doing translation
It sucks :(
ianmcorvidae
I prefer it to paypal, for sure
direct deposit is best, but
reosarevok
Heh, yeah
Once they wrote my name wrong
On the envelope
And the thing sat there because the post office refused to give it to me :p
warp
I don't think cheques exist anymore here.
reosarevok
Luckily I didn't need the money fast...
warp
I remember "Eurocheques" being popular when I was a teenager, but those have not been issued since 2002.
ianmcorvidae: bitcoins!
ocharles
i'm not sure i'm ready to be paid my living wages in bitcoins just yet :)
ianmcorvidae
haha
warp
ocharles: likewise.
ianmcorvidae
I'd probably be okay with it with a very quick dump to USD (coinbase has a setting for daily payouts)
but daily might not be quite fast enough given how volatile bitcoin can be
reosarevok
Maybe not the living wages, but a percentage might be interesting :p
warp
I recently read this thread about the block size being reached or something
ianmcorvidae
ah, the 0.7-incompatible block?
warp
... there are still some technical issues they need to solve
ianmcorvidae
yeah
warp
ianmcorvidae: the thread consisted mostly about people complaining that SatoshiDice is spamming the blockchain and people claiming that if we cannot even take that little amount of spamming bitcoin is not ready for mainstream.
ianmcorvidae
for those following along who don't read things about bitcoin on hacker news or such: 0.8 changed the DB format, which allowed blocks to be bigger than before, which meant some miner or another found a block that was too big to work with 0.7, which means there's now two block chains
haha
ocharles
warp: it's a fair critiscm I think
ianmcorvidae
I think that my take on bitcoin for payment would be
ocharles
it's nice that it can handle it, but should it have happened in the first place?
ianmcorvidae
I'd be perfectly happy to be paid in bitcoin for as much as metabrainz foundation actually *gets* in bitcoin (once I implement that)
which is presumably less than $10/month, so :P
ocharles
i'd take a share of them too, up to a limit
ianmcorvidae
yeah
certainly not entire paychecks though :)
ocharles
:)
warp
ocharles: which side is fair criticism?
reosarevok
warp: it doesn't sound like sides from what you say? You can certainly complain about spamming *and* think it should be dealt with better at the same time :p
ocharles
warp: that if it can easily be derailed by another blockchain, it might not be ready for prime time
warp
ocharles: the SatoshiDice stuff is not about another blockchain, it is just that one .. agent? is responsible for a relatively large chunk of the total transactions per time unit.
sivoais joined the channel
ocharles
oh, i guess i'm not familiar with that then
sivoais joined the channel
sivoais joined the channel
ruaok
reosarevok: ping
reosarevok
ruaok, pong
ruaok
so, wanna move the blog over?
reosarevok
Do we have a style now?
ruaok
oh, right.
damn.
ianmcorvidae
heh
hawke_1 joined the channel
hawke joined the channel
ruaok
lets look for a simple theme we can just very minor tweaks to.
Ben\Sput has left the channel
ocharles
well we did that last time, we need to package it up properly - i think that's the main pain point
the theme we have is just a tweaked vanilla wordpress theme
