now if only we had an ec2 account and hundreds of machines to distribute it over :P
2013-03-13 07212, 2013
ianmcorvidae
heh
2013-03-13 07234, 2013
ocharles
running it in one script would take about 8 hours with the current cost I'm using, so instead I stick all the usernames in a pgq and the script iterates that queue
2013-03-13 07235, 2013
ianmcorvidae
how much work are we requiring? (assuming this is for the plaintext password bit)
2013-03-13 07248, 2013
ocharles
cost factor is 8 atm
2013-03-13 07253, 2013
ocharles
we can ramp that up later if we need
2013-03-13 07205, 2013
ocharles
8 hashes about 3 passwords/second on my laptop
2013-03-13 07219, 2013
ianmcorvidae
oof
2013-03-13 07220, 2013
ocharles
and also nearly melts it
2013-03-13 07231, 2013
ianmcorvidae
we'll probably want that higher then IMO, but it'll do for the first pass
2013-03-13 07244, 2013
ocharles
I don't think we want it much higher than that
2013-03-13 07230, 2013
ianmcorvidae
understanding the "we're not a bank" caveat, the recommendation for really really good security is for it to do more like 1/2 a hash per second
2013-03-13 07236, 2013
ruaok
omfg a new pope. they like the white smoke out of the sistine chapel.
2013-03-13 07250, 2013
ruaok
probably too much voltage applied to the cardinals.
2013-03-13 07257, 2013
warp
haha
2013-03-13 07201, 2013
ianmcorvidae
haha
2013-03-13 07203, 2013
ruaok
*let
2013-03-13 07216, 2013
warp is watching a live stream
2013-03-13 07219, 2013
ocharles
ianmcorvidae: you want users to wait two seconds to login?
2013-03-13 07241, 2013
ocharles
i mean, i get the tradeoff, but essentially you move password security to a new DoS attack point :P
2013-03-13 07249, 2013
ianmcorvidae
haha
2013-03-13 07202, 2013
ianmcorvidae
I guess my point is also that your laptop is not as beefy as our servers, either
2013-03-13 07203, 2013
ocharles
note that we might want basic authentication in the future, which means you make the WS take 2 seconds for authenticated calls
2013-03-13 07213, 2013
ianmcorvidae
ah, true, hm
2013-03-13 07225, 2013
ocharles
my laptop is 3GHz and seeing as this is almost entirely cpu bound it's not that much out
2013-03-13 07225, 2013
ianmcorvidae
I guess that makes oauth look better for people, but obviously that's not the point here ;)
2013-03-13 07254, 2013
ianmcorvidae
okay, okay
2013-03-13 07215, 2013
ocharles
I really wouldn't go higher than 8. a cost of 2 is really enough to make me happy, and 8 shows we have really done due diligence :)
2013-03-13 07222, 2013
alastairp joined the channel
2013-03-13 07240, 2013
ocharles
but i still have more work to do anyway, but proof of concept is looking good
2013-03-13 07202, 2013
ianmcorvidae
whoo :)
2013-03-13 07222, 2013
ocharles
plan is to fire up the hashing worker which will hash into a `bcrypt` column in editor, along with triggers to catch editors who change their password in the meantime. then at upgrade time, we can flip the columns and almost atomically roll this out
2013-03-13 07251, 2013
ocharles
I have some more schema change work ready to share, but I still can't push to bitbucket because it won't accept my key
2013-03-13 07200, 2013
ocharles
if support don't reply tomorrow i'll make a temporary new key
man, I don't remember the last time I received a cheque
2013-03-13 07237, 2013
reosarevok
heh
2013-03-13 07246, 2013
reosarevok
I was paid by cheque when I was doing translation
2013-03-13 07255, 2013
reosarevok
It sucks :(
2013-03-13 07223, 2013
ianmcorvidae
I prefer it to paypal, for sure
2013-03-13 07241, 2013
ianmcorvidae
direct deposit is best, but
2013-03-13 07204, 2013
reosarevok
Heh, yeah
2013-03-13 07209, 2013
reosarevok
Once they wrote my name wrong
2013-03-13 07216, 2013
reosarevok
On the envelope
2013-03-13 07227, 2013
reosarevok
And the thing sat there because the post office refused to give it to me :p
2013-03-13 07239, 2013
warp
I don't think cheques exist anymore here.
2013-03-13 07255, 2013
reosarevok
Luckily I didn't need the money fast...
2013-03-13 07226, 2013
warp
I remember "Eurocheques" being popular when I was a teenager, but those have not been issued since 2002.
2013-03-13 07200, 2013
warp
ianmcorvidae: bitcoins!
2013-03-13 07250, 2013
ocharles
i'm not sure i'm ready to be paid my living wages in bitcoins just yet :)
2013-03-13 07256, 2013
ianmcorvidae
haha
2013-03-13 07206, 2013
warp
ocharles: likewise.
2013-03-13 07235, 2013
ianmcorvidae
I'd probably be okay with it with a very quick dump to USD (coinbase has a setting for daily payouts)
2013-03-13 07248, 2013
ianmcorvidae
but daily might not be quite fast enough given how volatile bitcoin can be
2013-03-13 07254, 2013
reosarevok
Maybe not the living wages, but a percentage might be interesting :p
2013-03-13 07256, 2013
warp
I recently read this thread about the block size being reached or something
2013-03-13 07206, 2013
ianmcorvidae
ah, the 0.7-incompatible block?
2013-03-13 07211, 2013
warp
... there are still some technical issues they need to solve
2013-03-13 07223, 2013
ianmcorvidae
yeah
2013-03-13 07202, 2013
warp
ianmcorvidae: the thread consisted mostly about people complaining that SatoshiDice is spamming the blockchain and people claiming that if we cannot even take that little amount of spamming bitcoin is not ready for mainstream.
2013-03-13 07239, 2013
ianmcorvidae
for those following along who don't read things about bitcoin on hacker news or such: 0.8 changed the DB format, which allowed blocks to be bigger than before, which meant some miner or another found a block that was too big to work with 0.7, which means there's now two block chains
2013-03-13 07245, 2013
ianmcorvidae
haha
2013-03-13 07254, 2013
ocharles
warp: it's a fair critiscm I think
2013-03-13 07254, 2013
ianmcorvidae
I think that my take on bitcoin for payment would be
2013-03-13 07207, 2013
ocharles
it's nice that it can handle it, but should it have happened in the first place?
2013-03-13 07221, 2013
ianmcorvidae
I'd be perfectly happy to be paid in bitcoin for as much as metabrainz foundation actually *gets* in bitcoin (once I implement that)
2013-03-13 07231, 2013
ianmcorvidae
which is presumably less than $10/month, so :P
2013-03-13 07244, 2013
ocharles
i'd take a share of them too, up to a limit
2013-03-13 07200, 2013
ianmcorvidae
yeah
2013-03-13 07214, 2013
ianmcorvidae
certainly not entire paychecks though :)
2013-03-13 07219, 2013
ocharles
:)
2013-03-13 07222, 2013
warp
ocharles: which side is fair criticism?
2013-03-13 07207, 2013
reosarevok
warp: it doesn't sound like sides from what you say? You can certainly complain about spamming *and* think it should be dealt with better at the same time :p
2013-03-13 07248, 2013
ocharles
warp: that if it can easily be derailed by another blockchain, it might not be ready for prime time
2013-03-13 07229, 2013
warp
ocharles: the SatoshiDice stuff is not about another blockchain, it is just that one .. agent? is responsible for a relatively large chunk of the total transactions per time unit.
2013-03-13 07245, 2013
sivoais joined the channel
2013-03-13 07257, 2013
ocharles
oh, i guess i'm not familiar with that then
2013-03-13 07245, 2013
sivoais joined the channel
2013-03-13 07226, 2013
sivoais joined the channel
2013-03-13 07237, 2013
ruaok
reosarevok: ping
2013-03-13 07255, 2013
reosarevok
ruaok, pong
2013-03-13 07206, 2013
ruaok
so, wanna move the blog over?
2013-03-13 07222, 2013
reosarevok
Do we have a style now?
2013-03-13 07204, 2013
ruaok
oh, right.
2013-03-13 07205, 2013
ruaok
damn.
2013-03-13 07255, 2013
ianmcorvidae
heh
2013-03-13 07225, 2013
hawke_1 joined the channel
2013-03-13 07249, 2013
hawke joined the channel
2013-03-13 07218, 2013
ruaok
lets look for a simple theme we can just very minor tweaks to.
2013-03-13 07241, 2013
Ben\Sput has left the channel
2013-03-13 07205, 2013
ocharles
well we did that last time, we need to package it up properly - i think that's the main pain point
2013-03-13 07221, 2013
ocharles
the theme we have is just a tweaked vanilla wordpress theme
