00:06:15  <ryah>mjr_: i think i got a ix
00:06:24  <mjr_>nice
00:07:16  <ryah>cellphone sucks... having trouble uploading.
00:09:12  <ryah>mjr_: https://gist.github.com/1536827
00:09:58  <ryah>fuck still has printf.. one sec
00:12:00  <ryah>mjr_: fixed
00:12:05  <pquerna>this query string attack is another reason to log the event loop time
00:17:15  <bnoordhuis>ah, so we have a test - good
00:17:32  <ryah>mjr_: please test this one
00:17:37  <mjr_>OK, one sec
00:18:28  <ryah>bnoordhuis: oh youre here. what do you think of that patch?
00:19:48  <ryah>bnoordhuis: test only shows a problem with valgrind - it doesn't segfault
00:19:53  <ryah>but there is definitely a bad read happening
00:20:06  <bnoordhuis>yep, running it now
00:20:07  <ryah>durin gthe memcpy in Update
00:20:54  <bnoordhuis>re patch: looks good, i think
00:21:01  <mjr_>handy that you had that on_heap_ flag.
00:21:37  * piscisaureus_quit (Ping timeout: 240 seconds)
00:24:57  <ryah>ok. im going off line. my connection is very bad. i look forward to hearing if this fixed your stuff mjr_ , in the morning
00:25:14  <mjr_>I'll see if I can get it pushed today.
00:26:00  * piscisaureus_joined
00:27:07  <ryah>bnoordhuis: im still doing uv_pipe_pair - be done tonight. sorry it's taking so long
00:27:25  <bnoordhuis>ryah: np, take your time
00:44:33  * piscisaureus__joined
00:45:40  <piscisaureus__>mraleph: if you're there, can you explain to me how v8's heap layout works? What is the meaning of Object*, position, storage cell?
00:46:21  <piscisaureus__>mraleph: I was digging through the serializer code but it looks like the entire snapshots consists of pointers
00:46:27  <piscisaureus__>which I know cannot be true
00:47:04  <mraleph> piscisaureus__: of course not. but pointers are major part of snapshot
00:47:50  <mraleph>piscisaureus__: what are you planning to do?
00:48:05  <piscisaureus__>mraleph: I don't know :-) I am just curious
00:48:28  <piscisaureus__>mraleph: maybe we could just regenerate hash tables after the snapshot has loaded
00:48:39  <piscisaureus__>which obviously is not great for performance
00:48:55  <piscisaureus__>but I have no clue where to look in the first place
00:51:05  <mraleph>piscisaureus__: honestly I don't know serializer code well. but know I also started wondering how deserialization works :-)
00:51:20  <mraleph>especially I am interested how it handles misaligned pointers
00:51:28  <piscisaureus__>mraleph: let me tell you its a fucking mess :-)
00:51:32  <mraleph>which can happen only in code objects but can still happen.
00:51:46  <mraleph>I think it's pretty well organized, just a big complex :-)
00:52:14  <mraleph>it's dark magic man, believe me I've seen it before :-)
00:52:47  <piscisaureus__>:-)
00:53:38  <piscisaureus__>mraleph: I am especcially interested in the part where string contents and heap numbers and dictionaries are (de)serialized
00:53:43  <piscisaureus__>not to be found
00:53:50  <piscisaureus__>dark magic for real
00:54:18  * piscisaureus__changed nick to piscisaureus
00:55:27  <mraleph>piscisaureus: well the great part of snapshoting is that snapshot knows next to nothing about things it deserializes :-)
00:56:19  <piscisaureus>well I hope that makes it fast
00:56:24  <mraleph>it's just kind of byte code that tells him "allocate foo bytes in that space, write this and that into allocated data"
00:58:38  <piscisaureus>mraleph: but still I am interested in a quick glossary
00:58:56  <piscisaureus>so we have a "map" which is a word. But what's in there?
00:59:12  <mraleph>where in particulary?
00:59:39  <piscisaureus>. // Serialize the map (first word of the object).
00:59:40  <piscisaureus>. serializer_->SerializeObject(object_->map(), kPlain, kStartOfObject);
01:00:02  <mraleph>in V8 map is pointer to a type decriptor, hidden class or whatever you decide to call it.
01:00:08  <mraleph>we call in Map.
01:00:16  <mraleph>first word of any object is Map
01:00:20  <piscisaureus>aha
01:00:22  <mraleph>any heap object
01:00:34  <mraleph>obviously first word of map is also map :-)
01:00:55  <piscisaureus>and at some point the first word of map == NULL ?
01:01:16  <mraleph>no why?
01:01:22  <mraleph>should not happen :-)
01:01:37  <mraleph>unless we are very early at V8 life when there are no maps yet.
01:01:45  <mraleph>map is always not NULL.
01:01:50  <mraleph>otherwise.
01:02:06  <mraleph>but map()->map() == map()->map()->map()
01:02:12  <piscisaureus>so object->map()->map()->map()->map()->()
01:02:14  <piscisaureus>yeah
01:02:23  <piscisaureus>I was exactly thinking that... where does that end?
01:02:28  <mraleph>so there is a meta map which points to itself.
01:02:43  <mraleph>it's all in objects.cc/objects.h
01:02:49  <piscisaureus>aha
01:03:22  <piscisaureus>so what other types of heap objects exist?
01:03:38  <piscisaureus>Double, String?
01:03:43  <piscisaureus>or are these also objects?
01:05:01  <piscisaureus>So the inheritance chain is also very interesting
01:05:25  <piscisaureus>MaybeObject -> Object -> HeapObject
01:05:44  <piscisaureus>How does that relate to Value and Handle ?
01:05:56  <mraleph>well
01:06:13  <mraleph>Value is Object*
01:07:16  <piscisaureus>well, afaict Value is Data :-)
01:08:51  <mraleph>I mean that value of type v8::Value or any other API visible type is basically casted value of type v8::internal::Object*
01:09:25  <piscisaureus>ah ok
01:10:37  <mraleph>well you can't have Value so it's v8::Value*
01:11:00  <mraleph>otherwise it makes no sense what I've said
01:11:24  <mraleph>so it's Value* -> Object**
01:11:31  <mraleph>because Value* is handle
01:11:38  <mraleph>and internal handle is Object**
01:12:52  <piscisaureus>so Value is basically a pointer to an Object that's stored somewhere?
01:13:07  <piscisaureus>that makes sense
01:13:29  <mraleph>piscisaureus: Value is just opaque thingy that hides implementation details
01:14:24  <piscisaureus>ok
01:14:41  <piscisaureus>mraleph: ok now this: so we have Object and HeapObject
01:14:50  <mraleph>piscisaureus: yeah
01:14:56  <piscisaureus>Subclasses of Object of are Date, String etc
01:15:07  <mraleph>yeah
01:15:08  <piscisaureus>oh hmm not String
01:15:17  <mraleph>String is subclass of HeapObject
01:15:24  <piscisaureus>so what's the distinction?
01:15:25  <mraleph>Object is either HeapObject or a Smi
01:15:42  <mraleph>Smi is obviously not sitting in the heap
01:15:49  <mraleph>HeapObject is object that sits in the heap
01:15:56  <piscisaureus>yeah
01:15:58  <piscisaureus>that makes sense
01:16:20  <piscisaureus>so Array does not live on the heap?
01:17:26  <piscisaureus>and Regexp and NumberObject?
01:17:32  <piscisaureus>where do they live then?
01:24:06  <mraleph>why do you think they don't?
01:24:14  <mraleph>they are HeapObject descendants.
01:27:33  <piscisaureus>mraleph: class NumberObject : public Object
01:27:54  <piscisaureus>also, class Array : public Object
01:28:01  <piscisaureus>not HeapObject descendants
01:28:10  <mraleph>ah
01:28:20  <mraleph>you are mixing v8::Object and v8::internal::Object
01:28:27  <mraleph>they are different beasts
01:28:37  <mraleph>http://www.youtube.com/watch?v=CL2YqoVBxOE&feature=related
01:30:02  <piscisaureus>mraleph: you describe my feelings very well
01:33:10  <piscisaureus>mraleph: but then, what is the difference between those. Also, the fact that this distinction exists still doesn't explain why Array is not a HeapObject but lives on the heap nonetheless.
01:36:13  <mraleph>again.
01:36:24  <mraleph>v8::Object is different from v8::internal::Object
01:36:34  <mraleph>v8::Object corresponds to v8::internal::JSObject
01:36:40  <mraleph>which inherits from HeapObject
01:36:52  <mraleph>(from v8::internal::HeapObject)
01:37:46  * bnoordhuisquit (Ping timeout: 240 seconds)
01:40:08  <piscisaureus_>mraleph: ah, I see
01:40:09  <piscisaureus_>thanks
01:40:21  <piscisaureus_>mraleph: I will stop this interrogation now :-)
01:40:53  <mraleph>haha
01:41:11  <mraleph>really it's all in the source :-)
01:41:31  <mraleph>if it was not there it would not work
01:42:35  <piscisaureus_>mraleph: yes I know :-)
01:42:52  <piscisaureus_>mraleph: the thing is, the source is difficult to navigate
01:43:12  <piscisaureus_>and comments and variable names make no sense without this bigger picture
01:49:50  * ericktquit (Ping timeout: 248 seconds)
02:06:21  * TooTallNatequit (Quit: Linkinus - http://linkinus.com)
02:12:21  * piscisaureusquit (Ping timeout: 255 seconds)
02:14:34  * mralephquit (Quit: Leaving.)
02:15:46  * piscisaureusjoined
02:21:26  * mralephjoined
02:33:55  * piscisaureus__joined
02:34:02  * piscisaureusquit (Read error: Connection reset by peer)
02:34:57  <piscisaureus__>anyway, what I did today: https://gist.github.com/1537383
02:35:04  <piscisaureus__>hopefully we can make it work with snapshots
02:36:44  <piscisaureus__>^-- mraleph
02:40:25  <mraleph>piscisaureus__: well you can make seed build specific :-)
02:40:51  <piscisaureus__>mraleph: well
02:41:16  <piscisaureus__>mraleph: that is not really a great solution for people who use a precompiled node
02:41:33  <piscisaureus__>mraleph: but it seems that v8 actually just works fine
02:41:54  <piscisaureus__>mraleph: so I wonder if there are any HashMaps at all in a typical snapshot
02:43:12  <piscisaureus__>mraleph: we could also make it HashMap specific
02:43:18  <piscisaureus__>and just store the seed in the hasmap
02:43:24  <mraleph>yeah that would work
02:43:43  <piscisaureus__>mraleph: I don't like the extra indirection
02:43:52  <piscisaureus__>it will make lars bak cry
02:44:34  <piscisaureus__>but yeah if we can't fix the deserializer then I guess it's the only solution
02:44:36  <mraleph>ah no that would not work, what am I saying
02:44:48  <piscisaureus__>mraleph: why?
02:44:50  <piscisaureus__>oh wait
02:44:52  <piscisaureus__>of course
02:45:02  <mraleph>how do you suggest mixing that seed into string hash?
02:45:08  <piscisaureus__>yes
02:45:19  <piscisaureus__>the key stores its own hash
02:45:34  <piscisaureus__>so if you would use a symbol twice *boom*
02:45:35  <piscisaureus__>although
02:45:56  <piscisaureus__>you could just XOR the hash with the per-hashmap seed before you use it
02:46:02  <piscisaureus__>that would work right?
02:46:26  <piscisaureus__>hmm
02:46:34  <piscisaureus__>that doesn't avoid collisions :-/
02:47:57  <mraleph>of course
02:48:03  <mraleph>hash ^ seed
02:48:10  <mraleph>is unsurprisingly equal to
02:48:13  <mraleph>hash ^ seed
02:48:23  <piscisaureus__>:-)
02:48:27  <piscisaureus__>that
02:51:53  <mraleph>I am out
02:52:04  <piscisaureus__>mraleph: good night
02:52:29  <mraleph>people in netherlands never sleep apparently
02:52:56  <mraleph>but same to you nevertheless :-)
02:58:13  * mralephquit (Quit: Leaving.)
03:05:14  * mralephjoined
03:09:37  * mralephquit (Ping timeout: 244 seconds)
03:49:25  * piscisaureus__quit (Ping timeout: 240 seconds)
04:06:57  * piscisaureus_quit (Ping timeout: 240 seconds)
06:28:39  <ryah>whew - back on the internet
06:28:41  <ryah><#
06:28:42  <ryah><3
06:29:28  <sh1mmer>you were off?
06:29:56  <ryah>i canceled our DSL as an experiment last month
06:30:03  <ryah>awful
06:30:26  <sh1mmer>ew
06:30:32  <ryah>1 month of ircing threw my cellphone
06:30:34  <sh1mmer>feel free to come around and leech mine if you need
06:30:49  <ryah>we got it back now :)
06:30:50  <sh1mmer>oh! that explains that xmas conversation
06:31:02  <sh1mmer>I'm actually thinking about putting in another line to have faster internets
06:31:48  <sh1mmer>ryah: want to get coffee tomorrow?
06:32:08  <ryah>sh1mmer: lunch?
06:32:16  <sh1mmer>are you in the mission?
06:32:19  <ryah>yeah
06:32:19  <sh1mmer>or going to the office
06:32:23  <sh1mmer>yeah that sounds awesome
06:32:53  <ryah>can we eat a bit late? 2 or 3?
06:33:11  <sh1mmer>fine by me
06:33:16  <ryah>cool ill sms you
06:33:26  <sh1mmer>my gf is getting me to eat breakfast now so I'm eating lunch later
06:33:48  <sh1mmer>oh we are having a bbq if you guys want to come
06:33:54  <sh1mmer>it's gris' birthday
06:41:54  <CIA-111>libuv: Ryan Dahl master * r3dd4ecb / (src/unix/internal.h src/unix/process.c): unix: expose uv__make_socketpair, uv__make_pipe in unix/internal.h - http://git.io/WOiyjg
06:41:54  <CIA-111>libuv: Ryan Dahl master * r5cc6090 / (6 files in 5 dirs):
06:41:55  <CIA-111>libuv: Add uv_pipe_pair for communication between threads
06:41:55  <CIA-111>libuv: This is only the Unix implementation and test. - http://git.io/NtoVWg
06:43:31  * travis-cijoined
06:43:32  <travis-ci>[travis-ci] joyent/libuv#18 (master - 5cc6090 : Ryan Dahl): The build is still failing.
06:43:32  <travis-ci>[travis-ci] Change view : https://github.com/joyent/libuv/compare/0db56ea...5cc6090
06:43:32  <travis-ci>[travis-ci] Build details : http://travis-ci.org/joyent/libuv/builds/460346
06:43:32  * travis-cipart
06:58:30  * isaacsquit (Quit: isaacs)
07:00:18  * isaacsjoined
07:01:39  * isaacsquit (Client Quit)
07:29:09  <mjr_>ryah: pushing your latest patch to the production cluster over the next couple of hours.
07:32:13  <ryah>mjr_: great
07:32:20  <ryah>mjr_: im hopeful about this one
07:46:53  <ryah>https://github.com/jckarter/clay/wiki/Clay-for-C%2B%2B-programmers <-- i love this
07:47:26  <ryah>fast server :P~
07:47:40  <ryah>this clay has no runtime overhead
07:47:42  <ryah>no gc
08:00:38  <pquerna>this looks nice. more like C than Go.
08:01:55  <ryah>yes
08:02:09  <ryah>the generics are fucking SICK!
08:02:34  <ryah>i hate to admit but i do love some c++ somtimes
08:02:56  <ryah>var w = Array[Int, 3](9, 18, 27); // w will be an array of the 3 Ints 9, 18, and 27
08:03:11  <ryah>of course that's a bad example
08:03:11  <ryah>var x = [1, 2, 3];
08:06:49  <sh1mmer>ryah: does this accomplish some of your thoughts about a better c?
08:06:59  <sh1mmer>didn't you have some ideas about memory management
08:07:18  <ryah>i dislike gc
08:08:55  <sh1mmer>go always seemed like a weird mix of concepts to me
08:09:00  <sh1mmer>not that I've spent any time with it
08:09:51  <ryah>even?(x) = (x % 2 == 0);
08:09:54  <ryah><3
08:10:09  <ryah>the operating overloading is a little heavy in Clay
08:10:32  <ryah>maybe it doesn't matter too much
08:19:46  <sh1mmer>ryah: so we are having a bbq tomorrow night
08:19:50  <sh1mmer>7
08:19:54  <sh1mmer>feel free to come around
08:20:35  <ryah>sh1mmer: okay sounds good :)
08:32:18  * ericktjoined
09:36:39  * ericktquit (Quit: erickt)
09:59:30  * AvianFluquit (Ping timeout: 248 seconds)
10:05:42  <txdv>you have a bbq on new years?
10:10:09  * AvianFlujoined
10:30:32  <einaros>hm, the effect of hashdos on node.js + express wasn't quite what I'd expected from the numbers for other platforms
10:35:32  <txdv>worse, better?
10:36:59  <einaros>33x time consumed. granted I didn't test anything other than express+bodyparser, but that - at least - isn't as bad as the numbers for python / ruby etc
10:37:13  <einaros>https://gist.github.com/73944170aeb88634c599
10:37:40  * mralephjoined
10:38:32  <einaros>mraleph: https://gist.github.com/73944170aeb88634c599
10:40:11  <mraleph>einaros: and?
10:40:19  <mraleph>einaros: nothing surprising here.
10:40:46  <einaros>I actually don't think that data is that bad
10:41:20  <einaros>considering asp.net's 650 minutes of cpu time for 4MB of data
10:41:38  <mraleph>it's still pretty bad
10:42:16  <einaros>sure, but you'd fill the bw of your target just as soon as you'd tie node up
10:45:04  * AvianFluquit (Ping timeout: 240 seconds)
10:45:28  <mraleph>I wish there were easy way to mitigate it
10:47:18  <txdv>wow
10:47:19  <txdv>this has dos
10:47:26  <txdv>so simple and aeffective
10:48:47  <txdv>I can't believe it that something that simple made it throughoyt the years
10:51:53  <einaros>that's usually the case for most such vulnerabilities
10:51:59  <einaros>devil in the details
10:52:28  <mraleph>yeah, please be using appropriate data structures, as they say.
10:56:29  <txdv>well randomizing these hashes solve much of the problem, but still, java "one of the most secure languages" turns out has one of the worst hash algorithms and security bug
11:07:48  <einaros>3.5MB of data took 52sec to process, 7.2MB .. 1m 6s
11:08:01  <einaros>something is off here
12:19:18  * paddybyersjoined
12:25:29  <ryah>inline overload printTo(stream, a, b, ..rest) {
12:25:30  <ryah> ..for (x in a, b, ..rest)
12:25:30  <ryah> printTo(stream, x);
12:25:30  <ryah>}
12:25:40  <ryah>orgasm
12:26:10  <ryah>this is a nice language
12:31:49  <mmalecki>ryah: what language is that?
12:34:03  <ryah>clay
12:35:19  <mmalecki>ryah: hm, nice!
12:35:25  <einaros>I wish I looked into the v8 code before trusting the hashdos guys' description of the hashing algorithm .. that was a huge waste of time
12:40:20  * piscisaureus_joined
12:59:10  <mraleph>einaros: so did you reverse wrong hash?
12:59:22  <einaros>yes and no
13:00:31  <einaros>the hash function they linked was for symbol logging. the actual hashing function looks similar, but I'm guessing there's more to it than just a plain hash of symbol name
13:03:26  * `3rdEdenjoined
13:09:23  * piscisaureus__joined
13:10:11  <piscisaureus__>well, continuing work on https://gist.github.com/1537383
13:11:03  <ryah>piscisaureus__: how's it going?
13:11:12  <ryah>piscisaureus__: i just noticed the mailing list post about this
13:11:15  <piscisaureus__>ryah: wow you're still awake :-/
13:11:32  <piscisaureus__>ryah: this works but snapshotting gets in the way
13:11:39  <ryah>hax0ring
13:12:02  <ryah>piscisaureus__: hm
13:12:25  <piscisaureus__>ryah: so either we build v8 w/o snapshots, or I have to find a way to regenerate hash maps on snapshot deserialization
13:12:36  <piscisaureus__>I think the latter is doable but it is pretty hairy :-)
13:13:07  <ryah>for the hashes created during serialization?
13:13:14  <ryah>er - during init
13:13:17  <ryah>or whatever they call it
13:13:37  <piscisaureus__>ryah: so the trick is that we preseed the hash computation with a random number
13:13:47  <piscisaureus__>ryah: the random number is per-run and per-isolate
13:14:11  <piscisaureus__>ryah: but if we deserialize a snapshot, it's gonna have hash maps in them that were created with another seed
13:14:14  <piscisaureus__>so they are invalid
13:15:15  <ryah>i see..
13:42:30  <einaros>piscisaureus__: I have *no* insight into the snapshot deserialization process, but isn't there some state stored along with an snapshot, which can be used to also hold the isolate's seed?
13:42:57  <piscisaureus__>einaros: of course
13:43:04  <piscisaureus__>einaros: but then we don't fix the problem
13:43:15  <piscisaureus__>because v8 will use the same seed every time
13:44:31  <einaros>right, *that's* the serialized data
13:47:11  <einaros>does an isolate have only one symbol table, or are they nested / per object / other?
13:48:59  <einaros>leading to: is it at all possible to store such state along with a symbol table? (obviously dead end if there's only one, or the deserialized table is expanded)
13:51:05  <piscisaureus__>einaros: it doesn't help. Hashes are cached together with the string value so the assumption is that a string has the same hash no matter where you use it
13:52:08  <einaros>a clever optimization, at least
13:55:24  <einaros>it feels somewhat unpleasant to beat a sub-optimal solution (which a random seed arguably is) into place with a wrench
14:10:21  <piscisaureus__>einaros, so you were able to actually trigger the DOS behaviour in v8?
14:10:43  <piscisaureus__>einaros, can me show me your collision generation code (or just everything)
14:10:52  <piscisaureus__>it'd be great if you could pm it
14:14:52  <einaros>well I did generate collisions based on the supposed hashing algo posted by the hashdos guys, but the slowdown wasn't all that bad (and also not linear)
14:15:11  <einaros>so I'm guessing there's more to the hashing sequence than I first thought
14:17:27  <piscisaureus__>einaros: what algorithm did you use?
14:17:53  <einaros>https://gist.github.com/4a8d873c040b5659edbc
14:17:59  <piscisaureus__>einaros: afaict from the v8 source code they're using textbook jenkins one at a time
14:20:01  <einaros>int hash() { ... } is more or less the hashing algo they suggested for v8 in the pdf
14:21:08  <piscisaureus__>einaros: yes that's jenkins one at a time
14:21:25  <piscisaureus__>einaros: minus the final bit shuffling but it doesn't matter for collision finding
14:23:36  <einaros>I haven't found time to look into the actual hashing sequence in the v8 code, but I'm guessing there are optimizations applied to the symbol storage / lookup
14:24:13  <einaros>3.5MB of non-colliding data took 1.5 sec to parse, 3.5MB of colliding data 56 sec, 7.2MB 1min 6sec
14:26:48  <piscisaureus__>well, that makes a good dos attack
14:26:59  <piscisaureus__>given that I can easily upload 3.5mb per minute :-)
14:29:53  <einaros>true. I just found it curious, but really can't afford spending time looking into how v8 really works (although I desperately want to)
14:30:13  <`3rdEden>piscisaureus__ you got a relatively show upload speed then ;)
14:30:21  <piscisaureus__>:-p
14:30:52  <piscisaureus__>somehow I think that 1.5s to parse 3.5mb of data is pretty bad
14:31:20  <piscisaureus__>I hope that code isn't in production anywhere
14:32:13  <einaros>express.bodyParser
14:34:32  <`3rdEden>einaros the new one, or the old one? The new one uses felixge's formidable
14:35:03  <einaros>fresh from npm
14:35:06  <einaros>https://gist.github.com/bac23f077b90f835f0a7
14:35:41  <piscisaureus__>looks that it needs some patches
14:35:55  <piscisaureus__>you can easily DOS that without any hash collisions
14:36:17  <einaros>yep
14:37:50  <`3rdEden>einaros was that 1.5 sec blocking the event loop, or total time it took to process the data?
14:38:43  <einaros>time curl -d @postdata http://localhost:9999
14:39:17  <einaros>so that would be curls start time, transmit of 3.5 MB to localhost, and transfer of an "OK" response
14:41:23  <`3rdEden>ok, that's pretty pad for localhost
14:41:27  <`3rdEden>bad*
14:41:49  <einaros>blame connect.urldecode
14:42:02  <einaros>270k keyvalues
14:43:03  <`3rdEden>yes that pretty bad
14:43:58  <`3rdEden>einaros but it uses the qs module under the hood, which is port again from the node's querystring.js if I recall it correctly
14:44:10  <einaros>yes, that's right
14:44:29  <mraleph>just limit input size and you are done. you are trying to find complex solutions for simple problems. nobody ever would want to parse bazillion of keyvalue pairs.
14:44:55  <`3rdEden>sure that is only one part of the issue, parameters
14:45:04  <`3rdEden>but you can simulate the same attack parsing a json structure
14:46:07  <mraleph>if (str.length > 1024) throw new Error("I am not going to parse this JSON");
14:46:09  <einaros>the same kind of limit should be enforced for anything accepting data from random people
14:46:23  <mraleph>yes it should be
14:46:32  <einaros>I'm leaning towards that being a better solution than completely borking v8
14:46:36  <einaros>in light of the deserialization
14:47:20  <einaros>I doubt that the rest of the world will appreciate that, though
14:48:11  <mraleph>I am still trying to figure out if simple randomization is possible, but it seems some really dirty tricks are required.
14:48:46  <einaros>and even if you randomize it, it'd be trivial to recover the seed
14:48:53  <mraleph>like marking string dictionaries that go into snapshot as "rehash on access" and reseting strings to "hash not computed state"
14:49:25  <einaros>it'd take all of ten minutes to write something that pokes you with random bucket crash attempts until the seed is found
14:49:39  <mraleph>I doubt it's as trivial as just sending same precomputed data to all nodejs servers
14:50:10  <einaros>no, but a directed attack would be relatively easy (ie. just take time)
14:50:53  <mraleph>well you have to send considerable amount of stuff to the server to distinctively see timing change.
14:51:03  <einaros>at most 429GB :P
14:51:07  <mraleph>haha
14:51:21  <einaros>hey I said "just take time" :P
14:52:38  <mraleph>also if a single frontend passes data to several nodejs workers without parsing it… it gets more difficult :-)
15:10:51  * AndreasMadsenjoined
15:39:54  * AndreasMadsenquit (Remote host closed the connection)
15:48:41  * bradleymeckjoined
15:54:24  * mraleph1joined
15:54:36  * mralephquit (Read error: Connection reset by peer)
15:59:08  <piscisaureus__>mraleph: something along these lines for recomputing hash fields? https://gist.github.com/21111d7639e97f3db4cb
15:59:23  <piscisaureus__>mraleph1: there's no logic for reinitializing hashmaps yet
16:00:22  * bnoordhuisjoined
16:01:04  <mraleph1>I would just iterate hole heap before taking snapshot and reset hash fields.
16:01:10  <mraleph1>but still it's spooky
16:01:27  <mraleph1>especially rehashing hashmaps part.
16:01:34  <piscisaureus__>yes
16:04:49  * AndreasMadsenjoined
16:05:08  * bradleymeckquit (Quit: Leaving)
16:09:57  * piscisaureus_quit (Ping timeout: 240 seconds)
16:12:09  <CIA-111>node: Ben Noordhuis v0.6 * r8b2abed / benchmark/http_simple.js :
16:12:09  <CIA-111>node: bench: add /echo endpoint to http_simple
16:12:09  <CIA-111>node: Copies the POST request data verbatim into the response body. - http://git.io/K5uIpA
16:13:18  <piscisaureus__>mraleph1: HashMap objects don't derive from v8::internal::Object
16:13:46  <piscisaureus__>mraleph1: so how does the pointer visitor know how to find pointers inside a hashmap?
16:16:23  <mraleph1>hashmap is for malloced stuff
16:16:38  <mraleph1>look at dictionaries.
16:16:41  * AvianFlujoined
16:16:47  <mraleph1>they derive from fixedarray
16:17:55  <piscisaureus__>ah
16:18:19  * AndreasMadsenquit (Ping timeout: 252 seconds)
16:19:59  * travis-cijoined
16:19:59  <travis-ci>[travis-ci] joyent/node#166 (v0.6 - 8b2abed : Ben Noordhuis): The build was fixed.
16:19:59  <travis-ci>[travis-ci] Change view : https://github.com/joyent/node/compare/432a2e4...8b2abed
16:19:59  <travis-ci>[travis-ci] Build details : http://travis-ci.org/joyent/node/builds/461820
16:19:59  * travis-cipart
16:46:48  * AndreasMadsenjoined
16:49:53  * AndreasM_joined
16:51:55  * AndreasM_quit (Remote host closed the connection)
16:52:07  * AndreasM_joined
17:03:15  <piscisaureus__>my snapshot has 1302 strings in them
17:13:52  * TooTallNatejoined
17:17:24  <mraleph1>not much thanks god
17:17:33  <mraleph1>what about number of dictionaries?
17:20:46  <piscisaureus__>mraleph1: it's hard to detect dictionaries :-/
17:21:02  <piscisaureus__>mraleph1: well it's hard to distinguish NumberDictionaries from StringDictionaries
17:21:17  <piscisaureus__>mraleph1: if that would be possible I think we're almost there
17:27:43  <piscisaureus__>bnoordhuis, ryah: ever seen this:
17:27:53  <piscisaureus__>. /System/Library/Frameworks/Carbon.framework/Frameworks/SecurityHI.framework/Headers/KeychainHI.h:316: error: ‘KCItemRef’ has not been declared
17:27:53  <piscisaureus__>Waf: Leaving directory `/Users/janjongboom/repos/node/build'
17:27:53  <piscisaureus__>Build failed: -> task failed (err #1):
17:27:53  <piscisaureus__> {task: cxx platform_darwin.cc -> platform_darwin_4.o}
17:27:53  <piscisaureus__>make: *** [program] Error 1
17:28:03  <piscisaureus__>building 0.4.12 on lion
17:31:11  * `3rdEdenquit (Quit: Linkinus - http://linkinus.com)
17:34:35  * `3rdEdenjoined
17:35:24  * piscisaureus__quit (Quit: ~ Trillian Astra - www.trillian.im ~)
17:36:12  * AndreasM_quit (Remote host closed the connection)
17:36:20  * piscisaureus_joined
17:50:54  * paddybyersquit (Quit: paddybyers)
17:54:05  * AndreasMadsenquit (Quit: Leaving)
17:55:27  * AndreasMadsenjoined
17:56:46  * piscisaureus__joined
17:57:34  <piscisaureus_>mraleph1: I think the serializer should generate a list with StringDictionary pointers
17:57:55  <mmalecki>when I fork a child, is lack of child.stdout expected?
17:57:55  <piscisaureus_>mraleph1: so the deserializer can just walk that and rehash them all
17:58:07  <piscisaureus_>mmalecki: no
17:58:17  <mraleph1>well that depends on how slow it will becomes because of that.
17:58:27  <mmalecki>piscisaureus_: thanks, going to open a bug :)
17:58:59  <piscisaureus_>mraleph1: the only thing is that I cannot distinguish a StringDictionary from a NumberDictionary by looking at the map
17:59:10  <piscisaureus_>mraleph1: you know of any way to find out?
17:59:45  <mraleph1>hmm. I doubt there is one.
18:01:05  <piscisaureus__>mraleph1: there are only 11 dictionaries in my snapshot
18:01:13  <piscisaureus__>mraleph1: including NumberDictionaries
18:01:24  <piscisaureus__>mraleph1: so I think "slow" should be not much of a problem
18:01:49  <mraleph1>good
18:02:56  <mraleph1>I wonder if it's possible to extend snapshot bytecode to rehash as it deserializes to avoid additional allocations after deserialization.
18:03:28  <piscisaureus__>mraleph1: well
18:03:49  <piscisaureus__>mraleph1: that would mean that you would put all the referenced Strings *before* the dictionary object
18:04:01  <mraleph1>most probably it's possible. I'll talk to Erik after new year about that.
18:04:38  <piscisaureus__>mraleph1: serialization is done in opposite order, e.g. referenced objects are put after the dictionary
18:04:43  <piscisaureus__>unless they've been references before
18:04:55  <mraleph1>well we can change that as well
18:05:17  <mraleph1>so keys would be serialized and deserialized before dictionary…
18:05:28  <mraleph1>also string deserialization might compute hash as it goes.
18:06:25  * ljacksonjoined
18:10:32  * `3rdEdenquit (Quit: Linkinus - http://linkinus.com)
18:10:50  * isaacsjoined
18:18:49  * AndreasMadsenquit (Remote host closed the connection)
18:19:08  * AndreasMadsenjoined
18:28:09  * AndreasM_joined
18:36:27  <mmalecki>I think gyp is messed up, it tries to compile bundled OpenSSL
18:41:13  <piscisaureus__>I think that's on purpose
18:41:31  <mmalecki>piscisaureus_: oh? why'd it be?
18:41:46  <piscisaureus__>bundled openssl is newer, more features
18:41:49  <piscisaureus__>like SNI
18:42:04  <mmalecki>oh, fair enough :)
18:44:48  * `3rdEdenjoined
18:44:59  * sh1mmerquit (Quit: sh1mmer)
18:45:27  <mmalecki>tests for current features go to v0.6 or master?
18:45:46  <piscisaureus__>v0.6
18:53:07  <AndreasM_>ryah: hi
18:54:17  * `3rdEdenquit (Quit: Linkinus - http://linkinus.com)
18:58:19  <mmalecki>piscisaureus_: https://github.com/joyent/node/pull/2442
18:58:22  <mmalecki>piscisaureus_: thanks
19:01:43  * ericktjoined
19:08:57  * igorziquit (Ping timeout: 258 seconds)
19:10:41  * mikealjoined
19:19:24  * bnoordhuisquit (Ping timeout: 244 seconds)
19:19:29  * txdvquit (*.net *.split)
19:19:46  * bnoordhuisjoined
19:21:28  * AvianFluquit (Ping timeout: 244 seconds)
19:22:01  * txdvjoined
19:22:30  * AvianFlujoined
19:23:22  * TooTallNatequit (*.net *.split)
19:23:25  * AvianFluquit (*.net *.split)
19:23:25  * ericktquit (*.net *.split)
19:23:26  * ircretaryquit (*.net *.split)
19:23:27  * raggi_quit (*.net *.split)
19:23:27  * AndreasM_quit (*.net *.split)
19:23:28  * einarosquit (*.net *.split)
19:24:14  * AvianFlujoined
19:24:14  * ericktjoined
19:24:14  * AndreasM_joined
19:24:14  * TooTallNatejoined
19:24:14  * einarosjoined
19:24:14  * ircretaryjoined
19:24:14  * raggi_joined
19:24:28  * ericktquit (Quit: erickt)
19:25:36  * ircretaryquit (Remote host closed the connection)
19:25:40  * ircretary1joined
19:25:58  * ircretary1quit (Remote host closed the connection)
19:26:01  * ircretaryjoined
19:32:26  * mikealquit (Quit: Leaving.)
19:35:09  * `3rdEdenjoined
20:06:18  * paddybyersjoined
20:06:57  * paddybyerspart
20:07:09  * paddybyersjoined
20:09:06  * isaacsquit (Quit: isaacs)
20:09:55  * piscisaureus__quit (Ping timeout: 252 seconds)
20:13:52  * piscisaureus__joined
20:18:21  * piscisaureus__quit (Ping timeout: 252 seconds)
20:18:44  <ryah>piscisaureus_: how's the hash fix going?
20:20:30  <AndreasM_>ryah: hi, did you get time to look at cluster, if not it fine :)
20:23:20  * isaacsjoined
20:26:06  <ryah>AndreasM_: nope, i will look at it in a min
20:26:51  <AndreasM_>cool
20:47:04  <piscisaureus_>ryah: won't have it before monday
20:47:19  <piscisaureus_>ryah: if you feel like hacking v8 a little bit, be my guest
20:47:22  <piscisaureus_>:-)
20:48:30  <piscisaureus_>ryah: if you want to talk about it we should skype, I am not really around for slow talk atm
20:51:03  <piscisaureus_>(or phone call if skype doesn't work)
20:53:54  * isaacsquit (Quit: isaacs)
20:58:40  * isaacsjoined
20:59:54  * piscisaureus__joined
21:00:57  * isaacsquit (Client Quit)
21:01:21  * mikealjoined
21:01:37  * bnoordhuisquit (Ping timeout: 252 seconds)
21:16:11  <AndreasM_>ryah: I will make some poor jokes in the code comment next time, so you won't fell asleep again.
21:19:54  * mikealquit (Quit: Leaving.)
21:40:54  <mraleph1>piscisaureus__: if you are going to write the patch until monday then you should probably just wait until monday. everybody will be back in the office and such.
21:41:50  * piscisaureus__quit (Ping timeout: 248 seconds)
21:41:59  <piscisaureus_>mraleph1: ok I will probably do that. I feel I am almost there but getting the Dictionary subtype is still a little problematic
21:42:34  <piscisaureus_>mraleph1: I will try to understand v8 a little better this weekend, and contact you guys on monday
21:46:18  * mikealjoined
21:59:01  * mikealquit (Quit: Leaving.)
22:01:08  * `3rdEdenquit (Quit: Zzzzz)
22:01:51  * AndreasMadsenquit (Ping timeout: 268 seconds)
22:01:53  <ryah>piscisaureus_: sounds like your doing well with it. let's check back on monday and decide what to do
22:02:20  <AndreasM_>ryah: hi
22:02:31  <ryah>AndreasM_: yo
22:03:06  <AndreasM_>It its long discussion please write a github comment, it's 23:00
22:03:22  <ryah>k
22:03:24  <AndreasM_>But just to sleep on whats the next problem
22:04:25  <AndreasM_>EDIT: IF its long discussion
22:06:59  <ryah>AndreasM_: it's difficult to land such a big patch
22:07:13  <ryah>Showing 24 changed files with 2,942 additions and 258 deletions.
22:07:50  <ryah>i guess most of that is tests - which is good
22:08:39  <AndreasM_>I'm showing 11 changed files and 917 add and 166 deletions
22:08:45  <AndreasM_>Checkout: https://github.com/joyent/node/pull/2388
22:08:49  <AndreasM_>ryah: ^
22:09:16  <AndreasM_>ryah: I think you are looking at https://github.com/joyent/node/pull/2038
22:09:41  <AndreasM_>ryah: that is the original
22:09:46  <ryah>oh okay
22:10:24  <ryah>whew
22:10:36  <AndreasM_>ryah: I keep it in sync with the other steps, and every issue is linked to that.
22:10:52  <AndreasM_>whew?
22:11:56  <ryah>a sound that signifies relief
22:12:47  <AndreasM_>Oh, :)
22:15:01  <ryah>AndreasM_: so it's looking good - but you should remove the docs for cluster.worker.send({ cmd: 'notifyRequest' })
22:15:24  <ryah>there should be only one API for communicating
22:15:43  <ryah>ill comment on the issue
22:20:29  <AndreasM_>fixed, but please keep in mind:
22:20:30  <AndreasM_>The old cluster.worker.send and cluster.worker.send('message') do still exist, but are now just simpel relays. They need to exist because the Worker class is isomorphic (used in both master and worker) and the master can't use its process object to send messages to workers.
22:20:41  <AndreasM_>God night
22:20:45  <AndreasM_>Good
22:20:46  * AndreasM_quit (Remote host closed the connection)
22:27:09  * piscisaureus_quit (Quit: ~ Trillian Astra - www.trillian.im ~)
22:38:30  * sh1mmerjoined
22:47:57  * igorzijoined
22:48:55  * paddybyersquit (Quit: paddybyers)
23:14:43  * travis-cijoined
23:14:43  <travis-ci>[travis-ci] joyent/libuv#19 (v0.6 - 4d1d02f : Igor Zinkovsky): The build is still failing.
23:14:43  <travis-ci>[travis-ci] Change view : https://github.com/joyent/libuv/compare/39481b7...4d1d02f
23:14:43  <travis-ci>[travis-ci] Build details : http://travis-ci.org/joyent/libuv/builds/462783
23:14:43  * travis-cipart
23:51:24  * travis-cijoined
23:51:24  <travis-ci>[travis-ci] joyent/libuv#20 (v0.6 - 43e3ac5 : Igor Zinkovsky): The build is still failing.
23:51:24  <travis-ci>[travis-ci] Change view : https://github.com/joyent/libuv/compare/4d1d02f...43e3ac5
23:51:24  <travis-ci>[travis-ci] Build details : http://travis-ci.org/joyent/libuv/builds/462894
23:51:24  * travis-cipart
23:59:15  * mikealjoined