Show Idle (>14 d.) Chans


← 2018-03-21 | 2018-03-23 →
mircea_popescu: BingoBoingo ftr, it's euphEmisms and venezuEla. are your voewls shifting from all the tuna you're eating or what!
douchebag: Alright, I still haven't written a V implementation. I would like to help, however programming is not my main area of expertise. I feel like writing a V implementation would not waste my time, but yours as well considering d
douchebag: others have written V implementations that would be much better than the one I would write.
mircea_popescu: you're a twenty year old, what "area of expertise".
douchebag: I've been focused on web application security for the past decade, just becase I'm only 20 doesn't mean I'm not skilled.
mircea_popescu: whether you're skilled or not has no bearing on this whole "area of expertise" nonsense. i've been writing for twenty years, doesn't mean i'll sit with my laptop while the girls eat each other out because fucking "isn't my area of expertise".
mircea_popescu: the whole point, not just of the "write a v" task, but of the republic altogether, is to make this sort of non-thinking you're going for both ridiculous and impossible.
mircea_popescu: i get it, it's hard and especially unpleasant in that it requires your getting off your ass, and god forbid confronting the unpleasant side of things. hurr.
douchebag: It would not be unpleasant if it had not already been done before multiple times, what's the point of reinventing the wheel?
mircea_popescu: that it will force you to abandon your current mental rut. hopefully before it does any permanent damage.
mircea_popescu: you understand most people aren't ~born~ stupid, but become stupid through systematic effort over long intervals. do you ?
douchebag: No, I constantly put effort towards learning more and improving my skills as well as my self.
mircea_popescu: good for you.
douchebag: I'd like to be helpful, I am generally a pretty helpful person. However, I just feel like I could be of more use if I focused on something I'm better suited to help with
mircea_popescu: what you're actually saying is "i opt to waste my youth". which is fine, it's yours to waste.
douchebag: How though?
mircea_popescu: because you're sitting there waiting for reality to change so it may be admitted in yoru movie. that's not how reality works, though there's a bunch of people still waiting for bitcoin to be what they thought of it, back in 2015 or 2013 or 2011 or w/e the fuck they first heard of it, formed a fantasy and adhered to it.
douchebag: Well I don't understand how I'm sitting here waiting for reality to change? Are you saying there's absolutely nothing that I could help with here in regards to Information Security?
mircea_popescu: i'm saying that your notion of helping is so constructed so as to preclude helping, yes.
douchebag: Okay, and suppose I do write a V. What's next?
mircea_popescu: i don't know.
douchebag: Like I said, I would like to help. I know how to code but I would be much better at helping w/ security related topics. I would not want to write a V just to find out that the only way for me to help would be for me to code stuff
douchebag: So, do you think I should even bother?
douchebag: or do you think I would just be disappointed
mircea_popescu: i don't think you can be anything but disappointed, in your current state.
douchebag: What is my current state?
douchebag: I love what I do
douchebag: I'm good at what I do
a111: Logged on 2018-03-22 10:46 mircea_popescu: because you're sitting there waiting for reality to change so it may be admitted in yoru movie. that's not how reality works, though there's a bunch of people still waiting for bitcoin to be what they thought of it, back in 2015 or 2013 or 2011 or w/e the fuck they first heard of it, formed a fantasy and adhered to it.
diana_coman: douchebag, learning something is never a waste of time; and learning what you "are not good at" is quite doubly NOT a waste of time; "outcome" as you currently define it doesn't enter into it at all; and for that matter: http://trilema.com/2015/causes-and-purposes/
douchebag: diana_coman: I agree with you. The reason I'm a bit hesitant is because I know what I'm not good at. I know how to code, I write code almost every single day. However, I don't code for the same reasons most people do
mircea_popescu: what reason is that ?
diana_coman: what are the "same reasons most people do" and ..how did you figure out "most people" in there and why they do what they do?
douchebag: I write code for the simple purpose of making my life easier. 95% of the code I write will never be ran by anyone else except myself
mircea_popescu: im pretty sure that's how it goes for most everyone here.
diana_coman: douchebag, why do you concern yourself with what other people do or not do *after* something you didn't even yet do; it's a recipe for insanity this
diana_coman: mircea_popescu, heh, remember WHY I wrote foxybot?
diana_coman: out of frustration with click-click-click
diana_coman: douchebag, your problem still seems to have as root the approach "towards purpose" instead of from causes; try and digest that post
douchebag: Okay, to clarify what I meant by saying "most people" is that people write code to publicly release and be used by others ect..
diana_coman: douchebag, nope
diana_coman: now what?
douchebag: I don't understand what a V is I have read about it, I have looked at examples and I still don't understand
mircea_popescu: diana_coman aha
douchebag: If I understood it completely it would be no problem coding it.
mircea_popescu: so then there youi go.
diana_coman: douchebag, that already sounds healthier at any rate
diana_coman: douchebag, write somewhere a summary of what you understand of it and what you don't - it will help you formulate some clear questions to...ask in here, so people can help you understand
douchebag: I literally do not understand anything. I don't know what a vpatch is or anything. The concept just does not make sense
douchebag: From what I can tell
diana_coman: what concept?
diana_coman: there are plenty of vpatches around - have a look at them for "what a vpatch is"
douchebag: It just appears to be way of updating code, pgp signing the updates
douchebag: and displaying the difference
diana_coman: so it does make some sense after all
douchebag: that's all that I understand
douchebag: if that is even correct
diana_coman: douchebag, it's fine, you just need to expand now from that
douchebag: Alright
douchebag: So here's the next thing
douchebag: If I do this and I am successful, am I going to be expected to work on programming projects or could I find something that I would be able to help with in regards to information security
mircea_popescu: depends what you mean by the latter.
douchebag: I can identify security flaws & help with properly remediating the issue
douchebag: I primarily focus on web application and network based penetration testing
douchebag: So, would those skills be of use here?
douchebag: Also, I would be interested in starting a security firm
douchebag: Offering remote & in person security solutions both offensive and defensive
douchebag: That was a plan of mine to do later down the road
douchebag: However, if you guys would be interested in doing that sort of thing I would be more than happy to help.
mircea_popescu: you really think you're going to eat out of blabla.php?=<alert whatever ?
douchebag: Can you elaborate?
mircea_popescu: information security is what apeloyee's been doing on alf's blog, or ave1 on diana_coman 's or so on and so forth.
douchebag: Could I read the blogs?
douchebag: Link pls
mircea_popescu: do you read the logs douchebag ? or just stumble in this window now and again and that's it ?
a111: Logged on 2018-02-04 18:21 asciilifeform: !~later tell apeloyee http://www.loper-os.org/?p=2118&cpage=1#comment-19228
douchebag: I've read the logs partially, however I haven't finished them
douchebag: Alright, yes that is some very interesting research. However, that's not exactly the same area of InfoSec that I have been studying.
mircea_popescu: certainly not.
douchebag: Yes, and that's one of the reasons why I'm not too sure if the areas I focus would even be relevant to the projects you guys work on
douchebag: For instance, what you mentioned in regards to XSS. XSS is the sort of thing that would have little to no impact on a site like trilema.com
douchebag: However, if it was found on an online banking platform it would be very serious.
mircea_popescu: for some definitions of serious.
diana_coman: I can't help but read that as "I'm not too sure if my focus on finding rats in take-aways would even be relevant to your actual cooking"
douchebag: Well, I've stated previously that I intend on learning more about some of the more low level attack vectors
douchebag: Most of the work I currently do is focused around protecting customers
douchebag: Perhaps I would be able to help w/ Pizzaro ISP?
a111: Logged on 2018-03-22 10:34 douchebag: It would not be unpleasant if it had not already been done before multiple times, what's the point of reinventing the wheel?
asciilifeform: douchebag are you ok with eurolangs or do you need this englishized
asciilifeform: !~ticker --market all
jhvh1: asciilifeform: Bitstamp BTCUSD last: 8552.65, vol: 14072.22693838 | Bitfinex BTCUSD last: 8550.8, vol: 60153.85681754 | Kraken BTCUSD last: 8558.0, vol: 12690.6100365 | Volume-weighted last average: 8552.15078783
douchebag: englishized i guess
asciilifeform: i'ma let mircea_popescu give the one-troo summary if he feels like ( it's his article ) but will say, it was about the archetypical f-student schoolbois's canonical lament 'what good will learning square roots do for me'
mod6: I would say, douchebag, that if you don't know how to, at minimum, ~use~ V, you'll find it very difficult to participate.
mod6: I've said this to others, I'm sure, that before even contemplating writing a V, you should be well versed in it ~use~.
mod6: *its
asciilifeform: ftr this applies to everybody. incl. asciilifeform , who had been 'using v' by hand-crank for year+ prior to writing the actual one
mircea_popescu: asciilifeform can't say i'm tempted. the structure still can not be predicated on the meaning, what am i going to do, argue with the "rationally skeptical" http://btcbase.org/log/2014-02-16#509012 ?
a111: Logged on 2014-02-16 22:04 asciilifeform: old man: 'drown him, father, drown, drown.'
asciilifeform: at the risk of abusing proverb -- teacher can lead horse to water, but cannot make him take square roots
shinohai: !!invoice danielpbarron 0.016496929 Ecu trade (ecu not settled yet )
shinohai: !!v 24A9E807E62D1F734080DD09045384C75311E123677AB55D72CB6BC4EB21F2AA
deedbot: Invoiced danielpbarron 0.016496929 << Ecu trade (ecu not settled yet )
asciilifeform: mircea_popescu: my impression is, some folx like 'pumping' their head, like muscle men pump muscles, others -- not. and who's who, is apparent from early childhood.
mircea_popescu: i do however believe the foregoing statement, that high quality, sterling stupidity is always manufactured, never inborn. most people are poorly socialized from birth.
asciilifeform: fwiw asciilifeform does a few things (not really worth writing about) in his ( not overly abundant ) sparetime that wouldn't make any sense whatsoever to a 'la ce imi serveste mie...' pov , strictly to 'stretch muscle'
BingoBoingo: http://btcbase.org/log/2018-03-22#1788483 << Vowels shift, R's roll faster, but still trying to find an ethnic slur that can stick to the Uruguayos (fucking self delusion of white priviledge)
a111: Logged on 2018-03-22 06:11 mircea_popescu: BingoBoingo ftr, it's euphEmisms and venezuEla. are your voewls shifting from all the tuna you're eating or what!
mircea_popescu: the unsustainable, unacceptable etc systematically misrepresented to them as socially acceptable, the necessary, correct etc equally systematically misrepresented as socially unacceptable... it's true that this is grade A child abuse, but then again it's also true the children so abused carry on the sad smoldering stumps of what's left of their lives
mircea_popescu: in turn perpetuating the abuse cycle upon others.
asciilifeform: most folx are no more capable of conceiving an ~original~ abuse than of original symphony or theorem, lol
asciilifeform: so naturally propagates.
mircea_popescu: not even sure how original the whole "nopenopenope" thing is.
mircea_popescu: or could be, at that.
ben_vulpes: i'm going to hand crank ^^ for now
ben_vulpes: http://logs.bvulpes.com/trilema?d=2018-3-22#317063 << you showed up, said 'help, what do i do', and i said 'go, son, and this thing.' it's a severalfold test: can you wrap your head around the concepts in v? can you take orders when you ask for them? it's a layered pile of crash course in not flunking out of the republic. in re 'what am i expected to do', look either you eventually grow up and start picking
mimisbrunnr: Logged on 2018-03-22 11:17 douchebag: If I do this and I am successful, am I going to be expected to work on programming projects or could I find something that I would be able to help with in regards to information security
ben_vulpes: your own research targets in which case you're a man and can make your own decisions or you need orders and will be told what to do. picking your own targets is an act of *creativity*, which i muchly doubt i'll see much of from a metasploit crank-puller. as it stands i don't really expect you to do anything but it's a low bar and a single task to show me wrong.
mircea_popescu: now on to the issue of the vps. is pizarro coming up with something in short enough order it's worth having the whole genesis mp-wp wait on it, or rather should more business go away and hanbot pick herself yet another rando vps host ?
douchebag: ben_vulpes: Like I've said, I focus primarily on web application exploitation and I do everything manually.
douchebag: Where did you get this notion that I am a 'metasploit crank-puller'
ben_vulpes: mircea_popescu: working with asciilifeform to vpsify the idle box now
mircea_popescu: so the eta is on the order of days ?
ben_vulpes: i'll get you an eta mircea_popescu
mircea_popescu: can the eta on the eta be today-ish then, plox/
ben_vulpes: yessir
ben_vulpes: douchebag: well it's what it looks like from here, take the ad hominem and show me it's wrong yeah?
mircea_popescu: douchebag if 13 yo kid comes to psychologist's office because insomnia, and after some hymenlick maneouvering on the part of the professional comes out with the story that has "terrifying and disturbing dreams", thereuponwhich recounts numerous instances of dreamed tits, nipples and areola but 0 clits, labia or vaginal openings, the psychologist can safely thereby infer 13yo kid is a virgin.
ben_vulpes: in unrelated "mouths of babes", "what's daddy doing? having a penis?" "every day, kiddo"
mircea_popescu: should however same kid in same situation describe anal beads with nubbins on them and other arcana 13yo kids notably (and notedly, throughout history of civilisation) can NOT on their own come up with, psychologist similarily has a solid child abuse referral case.
douchebag: Well, I've been paid thousands of dollars in bug bounties. All of which I have found manually.
douchebag: I also work for a security firm at the moment.
mircea_popescu: there is no certificate of ontology.
ben_vulpes: douchebag: you realize you're "telling and not showing" and that nobody cares about your fiatland sekyooridee credentialing?
mircea_popescu: ben_vulpes in fairness he tried to show, and inexplicably it didn't work.
douchebag: I've showed mircea_popescu some of my blogs before
douchebag: Which were SSRF & SSRF + XXE
a111: Logged on 2018-03-08 21:29 mircea_popescu: meditation upon http://btcbase.org/log/2018-03-08#1787343 yields the interesting result that problem spaces are not continuous. problem spaces are discrete, and there exists such a thing as problem spans.
ben_vulpes: mircea_popescu: musta been jarring
ben_vulpes: douchebag: i dunno man, i'm going to weary of picking things for you in short order but maybe try to sidechannel the mpi lib?
shinohai: Here I thougt one got a certificate in monology
ben_vulpes: webshit is just uninteresting, like mcdonalds
mircea_popescu: it's interesting to me, honestly. i expect from his pow we appear as half insane half irresponsible, and the question of where's the hole the day comes in through quite poignant.
ben_vulpes: sure does not look like he's putting any time into figuring out why nobody cares about his boy scout badges.
douchebag: ben_vulpes: It's interesting to me, and considering pretty much any large company or organization has a web application in their infrastructure I feel like it's a pretty good area to focus on in terms of security research.
mircea_popescu: right. i expect it's the first time anyone even said within earshot this whole pantsuit badge collecting isn't even socially accepted, let alone required.
mircea_popescu: douchebag this is not unlike becoming a dermatologist because most people have skin.
mircea_popescu: it's somehow funny when the md says it.
ben_vulpes: douchebag: do you understand why it's uninteresting to this particular group of terrorists?
douchebag: You guys sure do feel great about yourselves don't you?
ben_vulpes: oh baby don't take it personally, sit with the discomfort for an hour and figure out the root of it.
shinohai: douchebag: Project much?
douchebag: How am I projecting? You're the ones who are acting like you're somehow better because you have different interests.
douchebag: "i don't know how you think you know better what to do with your time than mp"
douchebag: "mp is better than you; stop pretending like he isn't"
a111: Logged on 2018-01-23 06:43 douchebag: I can sit in front of my computer for 36 hours straight researching a specific topic
a111: Logged on 2018-01-23 06:53 douchebag: I also have an extremely good memory compared to most people, I can remember very specific details about events and conversations that happened years prior
a111: Logged on 2018-03-22 16:26 douchebag: Well, I've been paid thousands of dollars in bug bounties. All of which I have found manually.
douchebag: danielpbarron said this earlier
shinohai: I could continue, but what do I care? I'm on my way out here myself.
douchebag: Oh yeah, and I'm the one projecting.
ben_vulpes: you did come here and ask for guidance, lol
douchebag: No, I came here so that I could help.
ben_vulpes: this "all hobbies are equally valid" thing ain't gonna carry water fwiw
asciilifeform: douchebag: iirc you came and 'i am very good at finding bugs in php' and found a few and folx said 'thanx' and what do you want now ?
shinohai: A merit badge obviously.
asciilifeform: there is not a future with vastly moar php in it
douchebag: No, I figured that maybe I could help more
asciilifeform: douchebag you trained as a technician and the tubes you trained on are on their way out. sad (for you) but true. consider learning something else.
douchebag: but instead you jerkoffs just told me to write a v implementation
asciilifeform: douchebag: didja ever go to school of any sort ? did they give you Great Unsolved Problems to solve in school ? or old, solved ones ?
douchebag: asciilifeform: I can find bugs in just about any web framework, not just php.
mod6: douchebag: did you ever build trb?
mircea_popescu: douchebag no, actually : we are explicit about the [little] we feel good about ourselves. the "alternative" such as it misrepresents itself, is very successfully implicit about how [grandiosely] it feels good about itself. but somehow you don't go up to some clueless dork pretending to run a "security business" and be "your boss" and ask him whence he feels that insanely overstretchedkly good about himself. for SOME reason.
mircea_popescu: http://btcbase.org/log/2018-03-22#1788651 << amusingly enough, i'm probably a better "website security" dood than you, if that's what you mean, or at least so the folk in the know believe, on the strenght of the various website fuckings / wp ddos writeups etc i've piled up over the years. but this is a little like disputing the sackrunning competition.
a111: Logged on 2018-03-22 16:41 douchebag: "mp is better than you; stop pretending like he isn't"
asciilifeform: douchebag: why limited to 'web framework' ? if you consider yerself fit for work in hard/unsolved problems -- why not go and find remotely exploitable boojum for trb
asciilifeform: douchebag: will be taken seriously quite quickly.
douchebag: trb?
douchebag: link
asciilifeform: douchebag: therealbitcoin.org
mod6: you have never read the logs 'eh
mod6: you can't say that you read the logs, and also do not know where trb is or what it is.
douchebag: mod6: not in full, I don't have a ton of time on my hands to read 6 months of logs
ben_vulpes: douchebag: see dude this is why i can't take you seriously, you have zero context for what's going on here and yet you insist on strutting around as though you matter
douchebag: ben_vulpes: How am I supposed to take anything in here seriously if nobody can tell me anything besides
mircea_popescu: ben_vulpes "here is everything". he was promised his context is universal by teh universalist party.
douchebag: "read the logs"
mircea_popescu: you're not saying he was scammed, do you.
ben_vulpes: mircea_popescu: haw haw haw
ben_vulpes: douchebag: you did just get a link to trb
ben_vulpes: no fucking way anyone's going to try to enumerate the holes in your education
asciilifeform: ben_vulpes: i suspect that 'chukcha is not a reader, he is a writer'
douchebag: I didn't get a link to trb.
mod6: i gotta look this up now
shinohai: >Can't be annoyed to read logs, yet "can sit in front of computer 36 hours straight researching a specific topic"
mircea_popescu: http://btcbase.org/log/2018-03-22#1788649 << this is actually very true ; if theres a predicate for republican superiority, is the better choice of interests.
a111: Logged on 2018-03-22 16:37 douchebag: How am I projecting? You're the ones who are acting like you're somehow better because you have different interests.
ben_vulpes: also i don't give one watt of credence to this 'no time' thing; i've read logs daily for what, four years? started and sold out of a company, had more than one 'job' at points, manage a family and still keep up and contribute
asciilifeform: shinohai: he'll, apparently, read for 36 months if it's webgarbage by microshit press etc
mod6: I have personally, at least, posted 'thebitcoin.foundation' in here 196 times.
ben_vulpes: douchebag: if you cannot read through thebitcoin.foundation website and get to trb i do not know what future there is for you
asciilifeform: i dun think more than a week has gone by, at any point since trb first proclaimed , when trb was not mentioned in some way
douchebag: Okay, suppose I can get remote code execution w/ trb
mod6: then tell us for christsakes
mircea_popescu: that'd be interesting.
asciilifeform: douchebag: then you have various options. and you don't need me or anyone to tell you what these are.
asciilifeform: use imagination.
douchebag: Okay, I'll look into that.
asciilifeform: point being that a student who is tired of 'solved problems' can demonstrate mastery any time he's ready and able.
asciilifeform: by solving unsolved one.
mircea_popescu: http://btcbase.org/log/2018-03-22#1788650 << this is also interesting. note however it's misstated. whether you know better or not what to do with your time is not generally touched ; but you sure as fuck don't know better what NOT to do with your time, which is time and again the crux of the matter.
a111: Logged on 2018-03-22 16:41 douchebag: "i don't know how you think you know better what to do with your time than mp"
douchebag: I just don't see what was so damn difficult about that? If you guys told me to look for RCE in trb this conversation could have ended hours ago
shinohai: Because the Republic isn't in the business of tard wrangling?
ben_vulpes: i thought this was too obvious to point out, did not want to further insult douchebag's intelligence
asciilifeform: this is why 'technician'. an actual adept does not have to be told.
asciilifeform: technician -- told. 'my tv lost vertical raster, tell me what do'
asciilifeform: it is not insult to intelligence, either. technicians have a place. but douchebag gotta decide which it is that he wants to be, and stop pretending to be the other.
ben_vulpes: douchebag: until you wrap your head around what goes on here, you're going to be fighting this negative impression where you insist that you're smart and educated etc, just...not in any topics that anyone here cares about eg trb as a basis for murdering the megastate and all barnacles like ecommerce/ssl/securitycircus hanging off the side
ben_vulpes: not to insult your trade, but to try and hammer home the paradigms you're missing
ben_vulpes: man i can't even find the juice to beat this kind of thinking into the heads of people at $work; they gotta come preconfigured for utility
douchebag: ben_vulpes: Why do you write web applications if you're going to allow vulnerabilities in your code?
asciilifeform: douchebag: since you do not read logs, you may be surprised and interested to find out that folx like you show up regularly, e.g. http://btcbase.org/log/2017-03-24#1632239
a111: Logged on 2017-03-24 03:17 gabriel_laddel_p: BingoBoingo: "I should study more" isn't a winning idea. GTFO.
douchebag: Wouldn't it make sense to make sure you're doing something the right way before you go ahead and do it?
ben_vulpes: bit of a nonsensical question
mircea_popescu: ahahaha he got you there didn't he ?
ben_vulpes: why bother fucking if your dick's going to pop out?
mircea_popescu: yes douchebag. the whole point is to do things right.
douchebag: Good, I'm glad someone is on the same page as me.
ben_vulpes: mircea_popescu: yeah i care quite deeply about folks clicking links with b58 encoded piles of trash in the url
mircea_popescu: indeed, this may be the first shared prior unearthed yet. but it's solid.
mircea_popescu: ben_vulpes ok, but it's not DIRECTLY obvious, this.
ben_vulpes: mircea_popescu: doing things correctly also implies knowing what hairballs of stupid to cut off and not consider.
mircea_popescu: kinda like... how he does ?
mircea_popescu: yues, fucking obviously, kuhn's notion of "paradigm" in research is precisely that, what beds to not look under.
danielpbarron: !!pay-invoice shinohai 1
ben_vulpes: !~later tell hanbot drop by #pizarro sometime soon and opine re http://logs.bvulpes.com/pizarro?d=2018-3-22#317360 please
mimisbrunnr: Logged on 2018-03-22 17:08 asciilifeform: i for instance do not see why , if it's wot l1 people living in it, it has to expend the cpu overhead to pretend-isolate and vm-ize. why not simply traditional unix accounts.
jhvh1: ben_vulpes: The operation succeeded.
mircea_popescu: use linux accounts. the "isolation" bs is bs.
ben_vulpes: mircea_popescu: tru tru; what objections would you field to sharing a host with l2?
mircea_popescu: if there's actual demand for some reason, can always stand up a box with all that crap later. or entreprising fellow can just resell one.
mircea_popescu: ben_vulpes depends what host. a blog ? i dunno man, what sikrits can they glean!!!!
asciilifeform: in general engineering practice, one of the very few good heuristics asciilifeform knows for 'improve X' is 'discard pretenses'
asciilifeform: as for example fg discards whitening
mircea_popescu: makes for spectacularly improved items, too.
asciilifeform: 'if there ain't any entropy, there wont be any fucking output, take it or leave'
asciilifeform: in asciilifeform's experience with shared unix boxen in youth, the most typical problem is not 'seekritz' but 'hamfist hoses the box'
mircea_popescu: asciilifeform i've not yet managed to properly speaking hose a modern box (hosed as in, root can't log in to fix it)
mircea_popescu: not even sure what it'd take, but we could have a competition, "shorters bash line that hoses box"
ben_vulpes: heh, this'll turn into our bitbet moderation cost center without care
asciilifeform: 'hose' perhaps was poor word. more of a 'root MUST come and fix because d00d decided to eat all of cpu' in box without quota-'fascism'
asciilifeform: ben_vulpes yes, potential risk
mircea_popescu: asciilifeform how will anyone eat all the ram, apache runs as nobody anyway.
asciilifeform: in scenario where the only user proggy is apache -- correct, cannot eat
asciilifeform: but once you introduce 'i want to run XYZ' -- can eat
mircea_popescu: well if you're not using it to publish web shits, get a proper box.
ben_vulpes: yo trinque can i get you to opine on http://logs.bvulpes.com/pizarro?d=2018-3-22#317403 please
mimisbrunnr: Logged on 2018-03-22 17:18 ben_vulpes: can we leverage chroot for this?
asciilifeform: back to the 'let's remove pretenses' -- let's put on record for the log: the 'traditional' style of vps is quite heavy in overhead, because pointlessly emulates for each inhabitant 'you have a i-cant-believe-its-not-a-physical-box-with-physical-nic-and-disks-etc' item
mircea_popescu: yes, i expect 60% of the box goes to that wastage by now.
asciilifeform: this is 1) costly , vmization imposes continuous context-switching for cpu, even with the acceleration garbage it is ruinous 2) pointless, because readily 'escaped' from
ben_vulpes: 60%!?
mircea_popescu: which 60% can also be used to... you know, buffer the occasional mass mysql rewrite or w/e user needs
asciilifeform: ben_vulpes: correct. what do you suppose duplicate multi-GB linuxen in ram at all times, cost nothing ??
mircea_popescu: ben_vulpes yes. fucks up everything, cache, etc
mircea_popescu: it's the pantsuit gift of "progress", tends to soak up about 60% of the living life to do nothing at all. much like their tax system.
ben_vulpes: asciilifeform: does the 'cgroups' 'containerization' sharedhosting approach waste the same amount?
ben_vulpes: it's been some time since i gave a shit but the 'docker' folks were very proud of the resource sharing that linus wrote for them
asciilifeform: ben_vulpes: afaik that's more of an asymmetric-multiprocessing flavour of thing
asciilifeform: but i have not personally tried
asciilifeform: basic problem remains, if each inhabitant is given illusion of 'i have a comp', this is not free
asciilifeform: you have now N instances of the multi-GB garbage shitpile that is modern linux, instead of 1, in memory.
asciilifeform: and on disk.
mircea_popescu: particularly ill suited application for ibm compatible designed hardware.
ben_vulpes: sure, walls in highdensity apartment building also wasteful of square footage
mircea_popescu: because cpu is so small comparatively.
asciilifeform: and N kernels being run instead of 1 (each of which thinks that it owns an actual iron comp)
asciilifeform: not only cpu; they all share bus, and nic
mircea_popescu: ben_vulpes nah, walls in apt building is the linux user system. you're thinking of english "cottages" piled up in town, each with their 3 sq ft "garden" in front.
asciilifeform: and the friction is substantial and is in fact not 60 but 90+% of the resources spent at shitazon etc
ben_vulpes: heh oh okay
mircea_popescu: ever been to england btw ? worse wastage of construction materials never was seen.
ben_vulpes: not even japan with the traditional every-30-year rebuild of housing stock?
mircea_popescu: not even.
ben_vulpes: last time i was in england i was like 14
mircea_popescu: imo brits are the dumbest of animals, and for two reasons : the constant rape the muslims put them through, and the constant rape the real estatists put them through.
asciilifeform: japan at least has excuse of resource-impoverished godforsaken island with 0 minerals
ben_vulpes: was more interested in the adults with beer and teenaged girls
lobbes: Ah okay. Thank you asciilifeform, this http://btcbase.org/log/2018-03-22#1788767 satisfied my http://logs.bvulpes.com/pizarro?d=2018-3-22#317425 inquiry sufficiently
a111: Logged on 2018-03-22 17:31 asciilifeform: back to the 'let's remove pretenses' -- let's put on record for the log: the 'traditional' style of vps is quite heavy in overhead, because pointlessly emulates for each inhabitant 'you have a i-cant-believe-its-not-a-physical-box-with-physical-nic-and-disks-etc' item
mimisbrunnr: Logged on 2018-03-22 17:23 lobbes: To run with the house analogy: my current vps arrangements feel more like 'condominium' than 'roomies sharing a house'. E.g. I could set up a cronjob to blow away /var/www/ every hour if I felt like it. No need to consult (nor do I see) other renters
asciilifeform: the ~other~ engineering heuristic that's absolutely imho grand, and that i stole from mircea_popescu , is 'there is not a mechanical substitute for coming to an understanding with the people you live and work with'
asciilifeform: cpu quotas and other 'systems that can be exam-gamed' are not substitute for talking to people.
asciilifeform: and suddenly when you apply this you get flexibility that you could never get from mechanical fences.
mircea_popescu: i suppose a logical next step for pizarro is to have a bot dedicated to listing who's on boxes, what the load is like etc.
asciilifeform: unix even has helpful commandline items for this..
mircea_popescu: yup. and trinque made the bot, it's a pipe job.
asciilifeform: state of the art 1974!11
mircea_popescu: asciilifeform which may be the last time this (ie, sane people working) even occured.
mircea_popescu: very evidently same winds blew those sails up.
asciilifeform: aha exactly
mircea_popescu: http://btcbase.org/log/2018-03-22#1788711 << this reminds me of ye famous euler story, when he was punished to add all numbers up to 100.
a111: Logged on 2018-03-22 16:58 asciilifeform: point being that a student who is tired of 'solved problems' can demonstrate mastery any time he's ready and able.
asciilifeform: and observe, mircea_popescu does not pack his harem gurlz 2-3 to a room by sawing off their beaks
asciilifeform: but by getting'em to get along.
lobbes: Honestly, my knee-jerk reaction against sharing a box is probably based on the old idea of sharing it with $random_orcs. Sharing it with L1s may actually be a Good Thing (I'd probably learn a few useful things)
asciilifeform: mircea_popescu: gauss
mircea_popescu: o was it ?
mircea_popescu: lobbes considering what the level of committment required to try it is... what, waste 20 bux ?
mircea_popescu: i believe, i believe.
asciilifeform: ^ somebody sat and tried to collect all known versions of the legend
asciilifeform: because he asked 'how the fuck do we know it ~was~ gauss'
asciilifeform: earliest mention seems to be an 1877 item.
ben_vulpes: lobbes: i think it'll be great; will push everyone on the box to standardize on known-ok package versions. "we support weechat 1.4 and fuckyou"
ben_vulpes: s/fuckyou/for your benefit, dear customer/
mircea_popescu: kinda the idea.
mircea_popescu: faux choice of meaninglessness is the cornerstone of that entire http://btcbase.org/log/2018-03-22#1788602 system.
a111: Logged on 2018-03-22 16:02 mircea_popescu: the unsustainable, unacceptable etc systematically misrepresented to them as socially acceptable, the necessary, correct etc equally systematically misrepresented as socially unacceptable... it's true that this is grade A child abuse, but then again it's also true the children so abused carry on the sad smoldering stumps of what's left of their lives
mircea_popescu: consider hanbot's problem : there is "An abundance" of vps hosten to "choose" from. with the aforegiven knowledge that buttpay and shitsandwich. "but it's our policy to suck" and http://btcbase.org/log/2018-03-21#1788393 dedication and so on.
a111: Logged on 2018-03-21 14:41 a111: Logged on 2018-03-08 00:21 mircea_popescu: this entire exercise in idiocy has, practically speaking, resulted in me paying various hard working ticos a grand or so, to the people fucking in the ass the "security" paradigm of pantsuit.fetlife. IN LIEU of having paid that much, and rather more, to the fetlife itself.
mircea_popescu: fuck this "choice".\
a111: Logged on 2018-03-22 16:43 douchebag: https://i.imgur.com/2Tn47SJ.png
mircea_popescu looks into the logs, sees 62 instances of eg - http://testasp.vulnweb.com/t/fit.txt%3F.jpg and similar garbage. this, of course, is "web security" or "penetration testing", or however you'd call it. a set of "tools", no doubt "professional" that permit one A CERTAIN KIND of cargo-cultish periphrastic cvasi-but-not-really involvement in their chosen field.
mircea_popescu: it is sold to ignorant youths on the basis that "hey, SOMETIMES it yields results, when applied randomly to the web". that may be, as Framedragger 's ssh tests or phuctor dredged up, everything, every last bit of nonsense can be found "on the web".
mircea_popescu: nevertheless... do you expect the 62nd application of the same magic wand upon trilema is liable to yield anything more, or better, than the previous 61 ?
mircea_popescu: that's the problem with pantsuit "tools", branded however they may be branded : there's 0 marginal utility to them.
a111: Logged on 2017-02-09 18:03 asciilifeform: the expulsion of 'In all likelihood, there was no change at all to the labor-intensiveness, but the labor was more "fun" for a certain class of people. Now, industrious retards can be a horrible thing. Over a number of years, close to a decade, Perl accreted bits and pieces from programming languages and became usable in lieu of a programming language by people who lacked the mental wherewithall to do programming. Tinkerers, repair
a111: Logged on 2017-02-09 18:03 asciilifeform: ers, handymen, the auto mechanics of the IT industry, all flocked to Perl because they could tinker so well with it with no required knowledge or skills.' ( http://www.xach.com/naggum/articles/3241270848355795@naggum.no.html ) would go a long way.
mircea_popescu: the situation is approximately the same as of a "young aspiring gold prospector" who goes to the designated ROOM in his local community center, where he spits on some pebbles / digs through the plasticine cubes.
mircea_popescu: very fucking definitionally a room is not a mine.
mircea_popescu: and the only folk to whom the difference is immaterial are our stone age friends from the cargo-cult, cave dwellers as they find themselves.
mircea_popescu: to them -- room is mine and mine is room, sure thang.
asciilifeform: ( 'chukcha computing' )
mircea_popescu: but hey -- vulnweb "works" and therefore... "works". the confusion between these workings is lost to the noob. and yet... magic also "works" in the first case -- when magician/warlock/condoleeza rice walk into room with sickman and wave magic wand, SOMETIMES IT HEALS IT!!!
mircea_popescu: yet magic doesn't work in the working sense of the verb to work, as found in hospitals as opposed to magic shaman nigger hut.
mircea_popescu: asciilifeform rather.
mircea_popescu: in other webs, big bang empire is moderately amusing. you're a pornstar looking for work.
douchebag: mircea_popescu: Anyone who uses scanners such as acunetix or whatever that is called is not a professional.
douchebag: There is nothing professional about running a scanner and reading the results.
asciilifeform: douchebag: if you indeed do something moar than running scanners, it still remains to be seen here
asciilifeform: douchebag: consider to demonstrate some skilled work.
asciilifeform: as discussed, re e.g. trb.
mircea_popescu: douchebag aha.
douchebag: Yes, I'm going to be looking into that ater work
asciilifeform: possibly funnily , early in trb life , asciilifeform on a lark put it through a $maxint scamolade 'cpp security auditor' proggy that the imperial slavegalley he was working in, had bought. the result -- unsuprisingly to tuned-in folx, i expect -- was so unremarkable that i did not bother to post it.
asciilifeform: ( evidently , shitoshi -- for whatever his other flaws -- knew how to run 'lint' )
douchebag: Yeah generally speaking when it comes to security, you should never depend on a scanner or set of 'tools' to comprehensively perform an audit
asciilifeform: douchebag: i suspect that your idea of 'comprehensive audit' is exaggeratedly painless
asciilifeform: if it's in any kind of way influenced by 'industry best practice'(tm)(r) in particular.
douchebag: what do you mean by that?
asciilifeform: douchebag: do you, for example, think that it is easier to audit a program, than to write it ?
douchebag: It depends on the complexity of the program
douchebag: it also depends on who wrote the program
asciilifeform: so evidently douchebag you think that it is possible to speak of 'having audited' a program that you did not fully understand, in the sense where you could sit down in a room with a 'clean' comp and write it again ?
asciilifeform: if you think that it suffices to look for 'known types of questionable code', you are then a meat scanner
asciilifeform: exactly like the idjit payware linter, but more expensive because you are made of meat
asciilifeform: at least the linter only wants a few watts to run
asciilifeform: whereas meat linter wants 100+watt, and house, and gurlz, and fast cars, and hell knows what else
douchebag: No, I think if you're auditing code you should understand exactly what, why and how that code is doing what it is doing
asciilifeform: then from whence came the 'it depends...' ?
douchebag: Because sometimes people use complex solutions for simple problems - complexity doesn't necessarily mean it is better
asciilifeform: how does this connect to the thread ?
asciilifeform: in what case, douchebag , is proper audit somehow easier than writing the program from empty space to solve the same problem. describe one.
asciilifeform: audit is in all cases ~considerably harder~
mircea_popescu: BingoBoingo by now i suspect they're pasty enough to make great bottoms.
douchebag: asciilifeform: If the audit reveals that everything was done properly and to a high standard
asciilifeform: douchebag: auditor studies three separate ( and usually in cases where audit is called for, quite disjoint ) items -- a) the problem the program is solving b) what the author ~declared~ to be the solution to (a) c) what the program he wrote, ~actually does~, under the closure of all possible inputs
asciilifeform: douchebag: from whence comes the idea in your head of 'high standard' ? what program have you read that 'was written to high standard', wouldja know it 'if it bit you' ??
douchebag: I agree with that
asciilifeform: this is a genuine problem with whole fucking field, not a personal flaw of douchebag
asciilifeform: there is ~precious~ little 'high standard' anything to learn from.
asciilifeform: and so, without any ill will to douchebag , i would put the likelihood that he had learned from something worth learning from, as somewhere near 0
douchebag: asciilifeform: In my head an idea of 'high standard' is when functionality and security are both taken into consideration during implementation
a111: Logged on 2018-03-22 16:25 mircea_popescu: douchebag if 13 yo kid comes to psychologist's office because insomnia, and after some hymenlick maneouvering on the part of the professional comes out with the story that has "terrifying and disturbing dreams", thereuponwhich recounts numerous instances of dreamed tits, nipples and areola but 0 clits, labia or vaginal openings, the psychologist can safely thereby infer 13yo kid is a virgin.
asciilifeform: douchebag: you speak of 'program written to high standard' as if it were a concrete item that you have actually seen or touched
asciilifeform: rather than empty words. which i suspect , in your head, it right now is.
asciilifeform: like the smooth doll vulvas of the boy's dream.
douchebag: asciilifeform: You're not even worth responding to at this point, I think you're the one who wouldn't know 'if it bit you'
asciilifeform: so no shared priors then ?
asciilifeform: and no response to the very imho concrete q, of what exactly 'to high standard' program douchebag has seen, read, used ?
mod6: DISQUALIFIED.
asciilifeform: mod6: maybe miracle -- of miracles -- d00d will... answer ?
mod6: I've read enough of this for today.
mod6 bangs gavel.
douchebag: I have plenty of priors, I work with a team of highly trained security professionals every day and we have audited all sorts of applications
asciilifeform: ahahahahaha
asciilifeform: nao to be fair maybe d00d dun speak the king's english, whoknows
douchebag: I can tell you for instance
asciilifeform: but apparently does not know what is 'shared priors'
douchebag: nginx cares about security
douchebag: Apache doesn't - that's why it's called A patch e
ben_vulpes: that's ancient and incorrect apocrypha
asciilifeform: and hillary clitler 'cares about the children' ahahaha.
mircea_popescu: douchebag "shared priors" is a term of art, denoting those useful notions that two participants to a discussion share identically.
douchebag: I can tell you Yahoo is a less secure company than Google
douchebag: Uber also has a very good security team, despite recent press
mircea_popescu: two people in euclidean geometry share the priors noted down by euclid. some other guy on a bannach sphere somewhere, does not.
mircea_popescu: asciilifeform did you do this thing as a kid, where you'd go about the parked cars in the street after leaving school to see "asta cit prinde ?!?!" ie, "how fast does this one go ???"
mircea_popescu: to be established by the number written on the rightmost spot on the odometer.
asciilifeform: mircea_popescu: worse, with pictures of carz. from 'turbo' chewing gum.
douchebag: When working with extremely large codebases, vulnerabilities are going to occur
douchebag: Nothing is 'perfect'
mircea_popescu: douchebag how do you know yahoo is more secure than alphabet ?
douchebag: Because I've worked on pentesting both of them
mircea_popescu: as a subplot, why would a large company require a large codebase ?
ben_vulpes: the holding company?
douchebag: I never said large companies require large codebases
mircea_popescu: douchebag so you covered say 80% of google's code and 70% of yahoos, and on this basis the 8`844`644 holes you found with yahoo makes you suspect the mere 2`333`156 holes found in google's schweitzer reflect a lesser per-cubit average of holes ?
mircea_popescu: (sub-subplot : calculate the probability of that statement being true ; show the math you used.)
mod6: How many man hours are being wasted on this?
mircea_popescu: mod6 im just going to bed o.O
mod6: C-ya
mod6: !!down douchebag
lobbes: Tsk. Shame
lobbes: http://btcbase.org/log/2018-03-22#1788893 << you know this wasn't personal right? (Pantsuitism trains emotional response to criticism, I know). He's trying to lead you to realise an important point for yourself  (this is a true beauty of this place, incidentally; can meaningfully confront the Self, if you are willing)
a111: Logged on 2018-03-22 19:15 douchebag: asciilifeform: You're not even worth responding to at this point, I think you're the one who wouldn't know 'if it bit you'
lobbes: Though, some simply are not willing
ben_vulpes: im kinda surprised to see the indoctrination so thick in a twenty year old
ben_vulpes: although i suppose it comes with a decade of 'security community' baggage
BingoBoingo: !!up douchebag Have you considered getting hard, poking around the internet for warm receptive holes, and submitting writeups to Qntra?
deedbot: douchebag voiced for 30 minutes.
lobbes: Right? Sucks, because he has more knowledge at 20 than I do now at 30. Sadly, also moar cockroaches
douchebag: I could submit writeups
BingoBoingo: lobbes: It's a hazard of pantsuit education. Fellow can get loaded up with training as a technician while being sideloaded with broken priors
mod6: BingoBoingo: re !!down that man. I don't have time to read through all this nonsense to pick out 3 important lines to pizarro.
ben_vulpes: lobbes: you should see the girls; i swear the only ones who aren't wholly corrupted by the anxiety machine are the 1st-generation ethnic imports who take care of my kid
mod6: We need to get to work, this is getting in the way. 0 signal, max noise.
BingoBoingo: douchebag: Find a hole, have your fun and profit. Leave a note about the aftermath for Qntra.
BingoBoingo: !!down douchebag
asciilifeform: ben_vulpes: in my experience 20yo who already took home xxx,xxx $ 'for' doing The Wrong Thing , is incurable. but it was worth a try.
BingoBoingo: mod6: Had to give the fellow a lead. Perhaps dude finds a vulnerability in Fedwire and resets the UnifiedStandardDosiedo chain? Submits article. For the young and broken that might be more productive homework than "write a V to understand why you are writing a V"
ben_vulpes: oh and twist, douchebag skip the responsible disclosure fingertrap and fuck 'em hard.
BingoBoingo: What is a Qntra submission if not the most responsible possible disclosure
mod6: Sure.
mod6: Ok finally caught up now.
mod6: !!up douchebag
deedbot: douchebag voiced for 30 minutes.
mod6: douchebag: Let's raise the sig/noise ratio. Try to heed your betters in here. And do take some time to read the logs, they're enriching.
deedbot: http://qntra.net/2018/03/rising-african-political-star-criticises-poor-australia-no-black-people-to-exploit/ << Qntra - Rising African Political Star Criticises "Poor" Australia: "No Black People To Exploit"
asciilifeform: ^ 'analogue' shannonizers
mod6: wb! you don't sleep much huh
mircea_popescu: i guess not huh!
mod6: :]
ben_vulpes: credit where credit is due, douchebag went from http://btcbase.org/log/2018-01-26#1777226 to http://btcbase.org/log/2018-03-22#1788527 (albeit a stealth admission of personal shortcomings) but contextual lulz of the week go to http://btcbase.org/log/2018-03-22#1788529
a111: Logged on 2018-01-26 19:46 douchebag: Well, I'm just trying to figure out where my skillset could be best put to use, I would be more than capable of writing a V implementation or setting up an IRC bot. I'm trying to leave it to you guys to tell me where my skillset could best be put to use
a111: Logged on 2018-03-22 11:14 douchebag: I don't understand what a V is I have read about it, I have looked at examples and I still don't understand
a111: Logged on 2018-03-22 11:15 douchebag: If I understood it completely it would be no problem coding it.
ben_vulpes: oh and other obvious pentesting targets douchebag: qrrqobg jnyyrg (rot13)
ben_vulpes: !!reputation douchebag
ben_vulpes: guten tag, trinque !
trinque: hola ben_vulpes!
trinque: yeah sure poke her holes
ben_vulpes: douchebag: you can voice yourself you know
trinque: I seem to recall this kid being told to do things, came back with his snowflake personality and american dream.
ben_vulpes: i'm a softie what can i say
ben_vulpes: mighta been asking an infantryman to fly a helicopter, who knows
trinque: if he could discover where the wallet actually lives, I'd be mighty impressed.
ben_vulpes: douchebag: don't tell me you lost your key
← 2018-03-21 | 2018-03-23 →