trinque: have a fascist profile that ideally becomes the only one, and perhaps another profile that's more lax, used for porting over things or w/e.
asciilifeform: in particular this thought in asciilifeform's head sprung from noticing a CONFIG_PROTECT_MASK='/etc/gentoo-release /etc/sandbox.d /etc/terminfo /etc/ca-certificates.conf' in the default environment
trinque has considered using the portage profile feature for this
asciilifeform: i can see an argument for retaining an ability to emulate a sslistic client, for http-fetching heathenware when absolutely must . but beyond this -- it Must Die
trinque: -ssl hits some, other ebuilds (and this happens more by the day, on various) don't implement the use flag. "what, of course you want that!"
asciilifeform: ( or at the very least, if not purged, every proggy that attempts to lean on usg.pki-ism should generate a log event )
asciilifeform: unrelatedly, trinque , ever looked into purging sslism from gentoo ? in particular the existence of /etc/ca-certificates.conf and its contents as a ~mandatory package, i find quite irritating
trinque: AIDS patient doesn't ignore fungus because AIDS, but on the contrary
asciilifeform: not to mention lets any and all-comers hog sockets for as long as they can come up with fresh ip
asciilifeform: it is a little bit funny to talk of bogdown and dos 'vulnerability' in a proggy that happily does o(n) operations at the request of allcomers
trinque: rce isn't the only thing that'd be interesting, even cpu bog-down or mem usage DoS would be relevant to staying at the front of the chain.
ben_vulpes: "audits can only show presence of holes, never the absence" or how did it go
trinque: and obviously that wouldn't be reason to develop a false sense of security either.
ben_vulpes: today's marvelous self-licking ice-cream-cone: surgeon general suggests that everyone near to folks at risk for overdosing on fentanyl and friends carry naxalone. i for one can't wait to see what the new equilibrium intake rate is without mortality risk looming.
trinque: ftr if the report is "trb's deps are not susceptible to any known RCE" that'd be a fine thing to see written up too
trinque: gotta give the guy worthwhile targets to see
trinque: asciilifeform: in general you're probably right, though in general not most are persistent enough to join the republic.
asciilifeform: ave1: then too soon to say that it was magicked away
ave1: well shipping from US has taken anything from 1 to 4 weeks in the past
asciilifeform: went out on mar. the 22.
asciilifeform: ave1: unrelatedly, iirc you're the one who was lucky winner of 1 phree FG ? didja get it yet ?
asciilifeform: appears to be harmless, the retry-read always succeeds
ave1: yes, me neither
ave1: aha, I was wondering weather you noticed some led blinking, but log would do it
asciilifeform: ave1: we had just the other day a thread re 'gnat pro'. it's interesting, in principle, but i sure as fucking daylight ain't ever signing nonredistribution oaths for a compiler
asciilifeform: or do i misunderstand the q
a111: Logged on 2018-04-04 19:52 asciilifeform: meanwhile on the chinesium front, asciilifeform was pretty close to throwing out the 'rockchip' this morn., when saw that every few hrs it read-retries the sd flash. but apparently harmless eggog: comes from certain sad levelling firmwares , they cannot keep up with the host
asciilifeform: fwiw it dun hurt to try. ftr, asciilifeform's orig interest in reading the src, long before even running into mircea_popescu et al , was precisely this.
asciilifeform: considering the very tangible win from any such thing, going back years
asciilifeform: trinque: theoretically 'every private has a marshal's baton in his knapsack', but realistically it is not esp. likely that 'popping trb' had to wait for this 1 d00d to turn 19 or what he was.
asciilifeform: ave1: the surprising bit is the total absence of any mention of a working gnat for arm64 ( despite it being a quite common chip for several yrs )
a111: Logged on 2018-04-05 03:17 asciilifeform: but annoying that nobody seems to have ever published one or mentioned the existence.
ave1: asciilifeform: http://btcbase.org/log/2018-04-05#1793119, with this script http://ave1.org/2018/building-gnat-on-musl-now-with-a-signature/ it is possible to build a cross compiler for aarch64, I will try to use this cross-compiler to then create a native compiler.
trinque: (and obviously, ~I do not use the trb wallet~)
trinque wonders if douchebag realizes what useful work it'd be, to know how easily trb nodes can be popped, given that the wallet will of course have to be sitting right there, with same permissions, on same box, and etc
mircea_popescu: the moderate rebels of syria, shooting rockets at the elected government. an' the moderate rebels of ukraina, shooting rockets at civillian airplanes.
asciilifeform: lobbes: got replaced in the Official fishwraps with 'moderate rebels' (tm)(r)
mircea_popescu: back in the 90s inca had a brief momentary delusion of security, in the vein of http://trilema.com/2016/consumerism-is-not-the-answer-though-it-will-put-you-to-sleep-or-american-history-x/
lobbes: Incidentally, anyone remember the term "freedom fighter"? I.e. "terrorist that is aligned with the Empire". Almost never heard in Incan media anymore it seems
asciilifeform: ( they show up via pnoje )
asciilifeform: in other lulz, 3 nukefest publicalert tests within 1 hr in washingtonistan
mircea_popescu: * mircea_popescu has changed the topic to: You have reached the public forum of The Most Serene Republic, a terrorist organisation dedicated to the creation of a safe space for the elites to productively defect to, leaving the pantsuit stranded behind. If you'd like to help see http://trilema.com/2016/how-to-participate-in-the-affairs-of-the-most-serene-republic/ . This channel is logged.
lobbes: Archive PSA: Semi-automatic archiving has resumed via my "manual" pulling of the crank at irregular intervals as a temporary "stop gap" solution. Fully automatic archiving to resume once I plug my security holes and build a sane parser for urls
asciilifeform: ( to be fair, not as if there was or is any working alternative. but -- swamp. )
mircea_popescu: #ada is asleep ; and in other lulz dbotton disappeared. (guy used to run getadanow.com, maybe still does)
mircea_popescu: avoidable. sooner or later the bootstrap problem kicks in.
asciilifeform 'seekritly' aims to break the 'need gnat to gnat' circle of nonsense
mircea_popescu: are the policeman intelligent or strong ?
mircea_popescu: other than that, there's also the spoon+swamp of "get sorta-gnat compiled on arm64 freebsd, use that to compile real gnat, use that to..."
mircea_popescu: technologists are universally treasonous, that's fundamentally what the word means, a new face on the old "bastard", son of no father. they might go for it.
asciilifeform: potentially interesting, i did not to date consider it. dun forget tho that they get ~infinite pile of printolade from lockheed, boeing, et al.
mircea_popescu: adacore is perhaps the closest contemporary approximation ; why not pay them a little for their pompous if economically dysfunctional "moneymaker" and then brazenly ask them to help you ruin the whole thing ?
mircea_popescu: just... here's the political reasoning : symbolics went to shit ~in part~ because nobody was there to corrupt the idiots involved into turning arms against the empire of stupid that spawned them and stab it in the back.
mircea_popescu: but otherwise it's very much not different in any meaningful way.
mircea_popescu: that';s the point, the support contract. can ask gingold and actually expect an answer, as opposed to hope for one.
mircea_popescu: anyway, im pretty sure the adacore people were fucking around with arm64 at some point. maybe asc gingold or someone ?
mircea_popescu: hey, check out the blogger from ealirer, there's enough stream of consciousness commentary there to last a legion of talk therapist.
asciilifeform: nobody does a lick of motherfuqinwork.
asciilifeform: but annoying that nobody seems to have ever published one or mentioned the existence.
asciilifeform: theoretically can build on on ordinary x64, 'crossdev'
asciilifeform: approx as useful as the x86 one lol
asciilifeform: aa the arm-eabi-.* bareboard thing
asciilifeform: where's the gnat for it tho
mircea_popescu: now, it has a whole pile of "intel me" bs (did i mention - xilinx ?) but nevertheless
mircea_popescu: listen. the zynq is a 64 board ; and it's in the adacore's list of somewhat supported packages.
asciilifeform: aa that -- that's what they stuffed into recent xilinxen in place of the old ppc core
mircea_popescu: is the z7000 also 32 ?
asciilifeform: the inexistence of a binary arm64 adacore gnat distro
asciilifeform: ( that it gotta happen on another machine , is a give, given the impossibility of building a gnat without a working gnat )
mircea_popescu: "An advertisement costs $250/month or $1250/6 months, plus an extra $50 if you want me to design it for you. Ads can expect about 10,000 to 20,000 impressions per day. Past ads that were interesting and well-targeted have gotten about five hundred clickthroughs in their first week, followed by a steady fifty clickthroughs per week thereafter." jesus christ, and ~nobody reads it on top of everything else. how the fuck do you g
mircea_popescu: he reads to me like someone on antipsychotic medication. maybe at some point in his youth he was intelligent, i guess, but by now i'd much rather listen to the barristas. at least they giggle.
mircea_popescu: he's not technically on the level of the literate-since-yesterday redditard, but he's very much on the level right above that -- zero intellectual curiosity (in spite of a lot of meta herp derping about it), absolutely no critical ability whatsoever, a complete inadherence to humor, metaphore, rhetorical device, subtext, any sign of an intellectual life whatsoever.
mircea_popescu: i managed to get to point X of his ENDLESS "i can tolerate anything except the outgroup" "recommended article", after going through another two or three items placed higher on his list of self-recommendations ; but eventually my patience was exhausted.
mircea_popescu: aaaanyway, my original curio in http://btcbase.org/log/2018-03-31#1791647 is very much resolved. take the scott alexander fellow from above : he's been around for long enough, writes frequently enough, meets all the other criteria implied in the request. he's very VERBOSE too, and utterly fucking unreadable.
mircea_popescu: in simple terms, the terrorists long ago won all possible battles. they're just not who you thought would be the terrorists.
mircea_popescu: douchebag have you perchance read http://trilema.com/2016/to-be-clear-hillary-clinton-lost-the-presidential-election-on-june-16th-2016/ ? because you might be selling cabbage to the gardners.
BigTexasBingo: Mircea_popescu chance of posturing. Requires more digging. Possibly lulz blooming in the coming weeks, but likely no less than 10 days
mircea_popescu: anyway. some of the classical atenian poets stopped the rain. heck, one even sang his way into hell. he didn't actually accomplish anything down there, but he ALMOST did.
mircea_popescu: douchebag as above : according to whom, "the terrorists" ?
douchebag: mircea_popescu: Some of the people I have on my stoppped terrorism via hacking
BigTexasBingo: (+mircea_popescu) BigTexasBingo according to mexico ? or the honduran refugees ? << According to developing trumpism and Mexico
mircea_popescu: basically, you're engaging in the up to date equivalent of the athenian poetry competition.
mircea_popescu: try to leverage technology to convince the political power to give you some decidous leaves inscribed with flattering but ultimately hollow words such as "glory forever!" which will stick around for a season before turning to dust.
a111: Logged on 2015-09-07 12:55 punkman: then http://news.slashdot.org/story/99/12/10/0821224/esr-writes-on-surprised-by-wealth >> and now http://esr.ibiblio.org/?p=6835
mircea_popescu: http://btcbase.org/log/2015-09-07#1265178 << he did the exact same thing, except back when he also had the excuse of "all this being new" and "you don't know how it will go"
mircea_popescu: BigTexasBingo according to mexico ? or the honduran refugees ?
mircea_popescu: douchebag well, from experience you won't make it supporting the system ; but burning it down.
mircea_popescu: BigTexasBingo i don't want to read that, can there be a one line summary ?
douchebag: mircea_popescu: Everyone's got to start somewhere, and anyone who knows me knows very well that I am one of the most strong willed people you'll ever meet
BigTexasBingo: Ben_vulpes lowest effort cultures but their story in this case seems to check out.
mircea_popescu: think about it for a second, it's dubious if there are one thousand human beings alive today. the total monetary mass is well past the trillion mark.
mircea_popescu: douchebag as things currently stand, if it's fiats and it's not in the billions you're wasting your time.
ben_vulpes: so let me get this straight BigTexasBingo the daily derper can't rely on its people to catch up to new ip addresses but it can get the word of mouth out on new dns records?
mircea_popescu: the ammounts of money involved in all this are so trivial as to not meet the bar for being called money.
mircea_popescu: hey. ruining the possibility of pantsuit continuance is entertainment to me.
mircea_popescu: but as the elite increasingly opts out of supporting the "shiny happy faces of drooling imbeciles" modern of postmodern democracy, the thing will fall. it can't support itself, the only way it can live is for as long as you're willing to take $1k in lieu of "tell you what, I OWN tmobile now, you can all go home / hit the unemployment lines"
BigTexasBingo: Also in weev land https://dailystormer.name/we-won-but-you-still-need-to-call-the-white-house-today/ can you do it?
mircea_popescu: douchebag anyway, i'm not saying the options you're taking aren't on the table. they are. i am however saying that the table won't last ; which of course is about as interesting in the direct as telling a brontosaurus happily chewing on a fern that a meteoir's coming. "so... what does this mean ~TO ME~, should i switch to chewing palms ?"
BigTexasBingo: I don't have civilized desk internet at the moment. Douchebag the goldmine is in burning the god damned colored hats.
douchebag: A lot of them are incredibly stupid
mircea_popescu: yes dude. the failure of postmodern "democracy" is built out of the mass involvement of idiots who have no business outside of chained-in-dungeon, coupled with weak non-payments to pacify the elite and the self-seeking, comfort driven behaviours of everyone.
douchebag: than to go the blackhat route
douchebag: It's a lot easier for me to get paid directly by them
mircea_popescu: now you understand how their shit got written.
douchebag: For me I am making alright money for the position I am in
mircea_popescu: so they "pay" you in the sense of giving you nothing as far as they concerned to get in exchange the very valuable (as far as they're concerned) option to continue exactly as before ?
douchebag: than for their database to be dumped and lose a shit ton of money & bad press coverage
mircea_popescu: why do they pay you ?
douchebag: and they pay me for it
mircea_popescu: everyone involved in "technology", especially if the only language they speak is english and even more especially if their general philosophy is in the "I think medical science is still pretty healthy, and that the consensus of doctors and researchers is more-or-less right on most controversial medical issues." vein of above-illustrated jwzism are strictly speaking subhuman, and a great and needless burden to the planet.
douchebag: I think most web application developers have the mental capacity of a monkey with autism
douchebag: and chaining multiple fuck ups together to make a super serious fuck up
douchebag: Yeah, this is the main reason I focus on web application stuff
mircea_popescu: douchebag did you manage to do anything fun with it in the interim ?
douchebag: Well they already patched my Subdomain Takeover vuln
mircea_popescu: whole pile is actually a lot of wank in the general vein of, "r jwz, how to survive the coming of mp"
mircea_popescu: that bad things happen to good people shouldnt persuade them to tear down society and try starting all over again, because that leads to the chaos/tyrant choice, and we cant go there."
mircea_popescu: "So Peterson wants to ensure we dont get to the point where thats the only choice left; he advises his acolytes not to destroy society (which leads to the chaos/authoritarian dilemma), but to recognize that theyre going to choose to follow some order of some kind, and that they should therefore intentionally follow even a flawed societal order, because its better than gas chambers and ethnic cleansing. The reality
mircea_popescu: anyway, since we're reading "slate star codex", ie scott alexander's blog (the pantsuit-annointed official tlp replacement so tlp never actually happened), let's lul together : https://archive.is/Yyblu#selection-1259.852-1259.1460
BigTexasBingo: Network connectivity at the Cowork is down for predictably latino reasons.
mimisbrunnr: Logged on 2018-04-04 20:20 mircea_popescu: it's fundamentally wrong, ideologically offensive, practically useless at best and counterproductive in general, deeply myopic, utterly nonsensical and the list could go on. holy shit why even bother exist if you're going to be the guy that spewed it.
asciilifeform reports, however, that the archaetypical emerge -av --update --deep @world on chinesiumtron , to the tune of 117 various packages, took ~4hr. which is, lulzily, approx the same as on my workstations
mircea_popescu: it's fundamentally wrong, ideologically offensive, practically useless at best and counterproductive in general, deeply myopic, utterly nonsensical and the list could go on. holy shit why even bother exist if you're going to be the guy that spewed it.
mircea_popescu: incidentally, that "'navigating-and-or-avoiding-the-inpatient-mental-health-system" is about as fucking terrible as haskellists code.
mircea_popescu: either that or the ever growing self-absorption of esl speakers has... well.. absorbed.
asciilifeform: possibly the truly prolific crackpots began to have problem navigating-and-or-avoiding-the-inpatient-mental-health-system(tm)(r) and left these...
asciilifeform: lol, small arms wank! where are the planet-eaters, the solar shade weapon specialists, the immortality pills?!11
mircea_popescu: the gist of the argument is, them : wank wank wank ; me : your wank is only meaningful self-referentially ; them : you are wrong because self-reference.
asciilifeform: 'navigating-and-or-avoiding-the-inpatient-mental-health-system' << already 'winning' in chan subjline !
mircea_popescu: asciilifeform no, the moneyshot is, "I'm going to need a source on that. the doctor dude seems to know what he's doing. also the ballistic gelatin is kinda hard to argue against"
a111: Logged on 2018-04-04 04:49 mircea_popescu: in other lulz, /me joins #lesswrong. there's a "* Loaded log from Sat Sep 20 11:53:02 2014" ; then /me joins #startups. there's a "Loaded log from Sat Sep 20 11:52:17 2014". apparently... i did this once before ?
asciilifeform: http://btcbase.org/log/2018-04-04#1792907 << >> http://trilema.com/2014/the-irc-world-is-a-big-but-very-flat-place
asciilifeform: but aside from this, 'throw out, or buy five more?', i have a self-rebuilding gentoo, and theoretically recent 'uboot' gives a blobless boot and ergo 100% blobless machine that actually fucking builds own kernel and gcc and etc etc
asciilifeform: meanwhile on the chinesium front, asciilifeform was pretty close to throwing out the 'rockchip' this morn., when saw that every few hrs it read-retries the sd flash. but apparently harmless eggog: comes from certain sad levelling firmwares , they cannot keep up with the host
mircea_popescu: 2.7k lines between 8 and 10 this am, that's like... more interest in the ro language than the romanian government ever managed to generate in the entire history of a romanian government, spanning 1866-2018
mircea_popescu: aaand in other http://btcbase.org/log/2018-04-03#1792405 : cat trilema.com.txt | grep "/2009/banii-oamenii-si-valorile-liberale/" | grep "leusercontent" > http://p.bvulpes.com/pastes/foK6J/?raw=true
lobbes: Lol. Rest of the world catching up to Qntra's accurate classifications of various Anglotardistans
BingoBoingo: https://www.rt.com/sport/423161-commonwealth-games-england-african-country/ << "Commonwealth Games organizers have confused England with the African Republic of The Gambia in the event’s official program, which contains information about the 71 nations participating."
mircea_popescu: i suspect the internet was actually LARGER in 1988.
mircea_popescu: aaand closing channels. #lesswrong is spectacularily retarded. i mean wikitardia levels of inane wank. #clojure and #bash are mostly dead, 99% join/part and the rest hi guise, i got a dumb question. startup and gaygeeks are dead.
lobbes: yeah, sorry, I was kinda unclear; just lists the bot name, operator, and call command
mircea_popescu: ah so basically you didn't ~include~ the command list.
lobbes: as it stood, my own bot's commands on the old directory weren't even represented accurately. plus the spec does specify each bot should have a "help" command listing all other commands
lobbes: I purposely decided not to curate the actual commands. I figure that is best left to the operator to maintain
lobbes: not sure if pete_dushenski is ever coming around again or what, so I went ahead and created a page for the tsmr bot directory: http://lobbesblog.com/static/tmsr_bot_directory.html
mircea_popescu: in other lulz, /me joins #lesswrong. there's a "* Loaded log from Sat Sep 20 11:53:02 2014" ; then /me joins #startups. there's a "Loaded log from Sat Sep 20 11:52:17 2014". apparently... i did this once before ?
mircea_popescu: and oh look, anil dash still exists. in fact, the whole twitter "tech" poser scene is still there! amazing.
mircea_popescu: in other world wide webs, "* Topic for #gaygeeks is: Welcome to #gaygeeks, a PG-rated social channel for geeky LGBT people and friends."
mircea_popescu: the flag tells tar whether to store this extra metadata with the files or not. generally droppoing it has no effect. ah ok then
asciilifeform: and i untarred in spite of this oddity, and the only barf was that python, ping, and cc1 binaries failed to extract. but oddly enuff extracted later manually...
mircea_popescu: just drop the flag, see what happens.
mircea_popescu: probably once they started supporting ext4.
mircea_popescu: fwiw, iirc reiserfs has them too.
a111: Logged on 2018-04-04 02:19 lobbes: there's also an additional precaution I could take: instead of the thing being on an hourly cronjob, I could easily set up a quick 'validation report' for myself and then pull a 'manual' crank to initiate everything
asciilifeform: mircea_popescu: it's chinese, therefore lulzy. mine seems to boot up with the shitrom broken...
a111: Logged on 2018-04-04 01:06 asciilifeform: and, interestingly, the entire public net appears to be EMPTY of ANY discussion of a cure.
mircea_popescu: http://btcbase.org/log/2018-04-04#1792818 << the english web is empty of EVERYTHING. there isn't anything there. i looked.
mircea_popescu: http://btcbase.org/log/2018-04-04#1792817 << fuck 'em. let them sell to each other for bitpaybux until they fall over for all i care.
mircea_popescu: eh, what;'s the rush.
a111: Logged on 2016-05-01 14:53 mircea_popescu: asciilifeform> mod6: the baked-in presumption of webtardism is almost insulting << it is insulting, not to us though. think about it : the crab has pincers because in its environment THAT WORKS ; and so does "GET /blog/blog-config.php~".
asciilifeform: doesn't show any symptoms of approaching the thing in any way other than http://btcbase.org/log/2016-05-01#1460013
mircea_popescu: incidentrally, the comments are something else.
asciilifeform: this almost takes out all the sport tho.
asciilifeform actually watches the 2005 one , it was lulzy
mircea_popescu: and the time i burned the koran/bible and the time i stabbed that rabbit and so following.
mircea_popescu: i mean my talk to ro politicians about basic economics from like 2005 is on the fucking web ffs!
a111: Logged on 2018-04-04 00:35 phf: i did several talks on the idea that sanitizing data is retarded, and that you're supposed to have a proper parsing strategy instead. that it's in other words an impedance mismatch problem, and if you teach computer your assumptions it will be impossible to have injection issues
mircea_popescu: much in the vein astronomy can not be grasped playing with ptolemaic spheres.
mircea_popescu: and in other "best villains of the silver screen", https://www.youtube.com/watch?v=-N9LnkKQfuc
mircea_popescu: ^ there douchebag , now you can learn lips.
a111: Logged on 2018-04-03 23:53 douchebag: and I'll tell you why, when working for a company doing a security audit - you will get paid the most for RCE. Women love money, and that money can be used to help take care of the children
a111: Logged on 2018-04-03 23:48 lobbes: I agree this needs archiving (I'm currently working off their version of kritik der reinen vernunft as a german study aid). However, unlike kibo.com I would wager the entirety of gutenberg is much much larger. I'd prolly need moar storage than the ~200gb ssd on the dedicated home craptop I'm currently using (but maybe not) >> http://btcbase.org/log/2018-04-03#1792648
mircea_popescu: http://btcbase.org/log/2018-04-03#1792736 << it's not that big. but, if indeed it is that big this is a reason to find more storage space, can't really cut them off.
a111: Logged on 2018-04-03 23:41 phf: mircea_popescu: "Unlike obligate coprophagiacs, subsistence hunters could not be stone age fucktards, but for whatever reason opt not to." is there a double not in there?
asciilifeform: what's the most recent stage3 that hasn't got it ?
lobbes: ala deedbot and other items
lobbes: there's also an additional precaution I could take: instead of the thing being on an hourly cronjob, I could easily set up a quick 'validation report' for myself and then pull a 'manual' crank to initiate everything
trinque: sure douchebag, not saying do that either
lobbes: well, it seems like phf's (and others') approach is slightly saner. Even if user input doesn't go to bash, well.. what about the phantomjs exploit you found
lobbes: hm okay, this is a bit over my head, but you are saying that I need to understand what the grammar for a url is, and then have the parser follow that grammar?
trinque: parser implements a given grammar, turning a string (whether considered as text or raw bits) into an abstract syntax tree
lobbes: hm yeah, applying this to my case: there is only ONE point where user-entered data enters into the process, and that is where the bot snarfs from the chan and inserts into the first sqlite3 db. So really, I just need to teach THAT part of my process what a valid url is, and then parse accordingly
trinque: the grammar asserts what ought to be there; it rejects everything else, but it didn't reject the "all else" item by item.
a111: Logged on 2018-04-04 00:35 phf: i did several talks on the idea that sanitizing data is retarded, and that you're supposed to have a proper parsing strategy instead. that it's in other words an impedance mismatch problem, and if you teach computer your assumptions it will be impossible to have injection issues
lobbes: so, this is kind of like the "default-deny" philosophy? "you may only build the house from this valid list of materials" versus "grab any material you can find, but watch out for this list of lethal building materials"? >> http://btcbase.org/log/2018-04-04#1792809
asciilifeform: and, interestingly, the entire public net appears to be EMPTY of ANY discussion of a cure.
asciilifeform: being one of the few languages with actual docs, and of which i used a deliberately small subset -- oughta be pretty simple.
douchebag: I've never programmed in the language it was written in
asciilifeform: going by the log in #asciilifeform-test, d00d 1) still refuses to actually read the proggy 2) continues to think that it remaining standing has something at all to do with 'sanitizing' or anticipating whatever attack
phf: so cl-irc isn't "stripping away" faulty sequences, there's a state machine parser there that only accepts a valid irc protocol, likewise the renderer is not escaping html, instead the dom is constructed server side and where you have strings, you can only have strings. they will be serialized into html according to html escaping rules.
phf: i did several talks on the idea that sanitizing data is retarded, and that you're supposed to have a proper parsing strategy instead. that it's in other words an impedance mismatch problem, and if you teach computer your assumptions it will be impossible to have injection issues
phf: there might be an xss somewhere in btcbase, but highly unlikely
phf: but relevant to the conversation, i grew up in russia in the 90s, so i did infosec until 2005 or so
douchebag: If those lines weren't stripped I could potentially send my own commands to the ircd
douchebag: Good job stripping them !
trinque: there ya go.
asciilifeform: trinque: not as such. BUT he really oughta build the proggy and do in his own shell.
douchebag: whats the syntax
douchebag: trinque: What other bots are in here besides lobbes and deedbot
douchebag: PWN BOXES 2 HELP THE CHILDREN
douchebag: and I'll tell you why, when working for a company doing a security audit - you will get paid the most for RCE. Women love money, and that money can be used to help take care of the children
douchebag: Forsure, I'm rather experience with application design from a security prespective so just let me know if you have any questions
a111: Logged on 2018-04-03 19:41 mircea_popescu: oh, and : lobbes other than the design review, consider lifting the whole of gutenberg into your archive ? the idiots already have a https that is broken, so far http only works but who knows how long.
lobbes: I agree this needs archiving (I'm currently working off their version of kritik der reinen vernunft as a german study aid). However, unlike kibo.com I would wager the entirety of gutenberg is much much larger. I'd prolly need moar storage than the ~200gb ssd on the dedicated home craptop I'm currently using (but maybe not) >> http://btcbase.org/log/2018-04-03#1792648
lobbes: douchebag well, it is very convoluted atm. besides, I'd rather there be a static page I can point to than just barfing it in the logs
douchebag: Just tell me essentially what it is you're trying to do, what you have already tried, and then I'll suggest you how to write it properly
lobbes: and shinohai, as much as I'd like to blame this on supybot, this one is all me (the exploited code was all brewed by yours truly)
phf: mircea_popescu: "Unlike obligate coprophagiacs, subsistence hunters could not be stone age fucktards, but for whatever reason opt not to." is there a double not in there?
deedbot: lobbes rated douchebag 2 << exploited several security holes in my archive process, but was nice enough to tell me rather than pwn me
lobbes: oy, yup this is the spoofed user agent that the phantomjs portion of the process was using. RCE was happening both at the bash level AND via the headless browser.. I got poked in several orifices >> http://btcbase.org/log/2018-04-03#1792665
douchebag: just buy the fucking water filters already
shinohai: http://therealbitcoin.org/ml/btc-dev/2018-April/000295.html << ty jurov for handling donation, cheers! [~]D
asciilifeform did in the end find one : ye olde ft232
asciilifeform: in other 'holyfuq, chinesium', 1500000 (!) baud default uart.
mircea_popescu: there's by now a large and visible class of dweebs who considered the "should i learn github or get boobs" dilemma and came out with "better get boobs -- govt pays for it."
mircea_popescu: nfi, i was discussing the "women in tech" trend generally.
mircea_popescu: ain't enough they kicked women out of the last well paying job available to them (nursing), now they're gonna steal the tits, too ?
douchebag: Yeah no it was fine most of the day, this kid would just get out of his seat and stand behind me and start staring at what I was doing and asked a bunch of questions
trinque: shinohai: https://archive.is/TgtPb << breitbart didn't neglect the "wearing a headscarf" deets
mircea_popescu: whole fucking natural language is nothing beyhond "add aix^i terms until the damned P has only one real root."
mircea_popescu: this actually misses the all-important mechanism. "when we need to disambiguate, we add more words such as to contradict one of the two possible solutions the string could eval to"
mircea_popescu: try without the www
a111: Logged on 2018-02-26 17:11 mircea_popescu: spyked the bot is a solved problem, genesis and all.
spyked: mircea_popescu, it's good timing, since I've been doing some reading ircbot code and comparing with my own implementation. I've actually been contemplating http://btcbase.org/log/2018-02-26#1786288 and rolling my own was not a wholly useless endeavour, i.e. http://trilema.com/2016/how-to-participate-in-the-affairs-of-the-most-serene-republic/#selection-322.0-322.5 so I'll document the whole thing on the blog.
mircea_popescu: epic contributions from "paul nakata" (hey, nobody on a stick but has a keybase key), some dork who "programs in cl every day" and the whole menagerie of "nobody told us to shut the fuck up like, ever"
mircea_popescu: ben_vulpes cash or bonds, though for the latter no actual discount was discussed in teh nsa boardroom. but i guess i'll go with .4 off the cuff and hope nobody throws gavels at me.
mircea_popescu: oh, and : lobbes other than the design review, consider lifting the whole of gutenberg into your archive ? the idiots already have a https that is broken, so far http only works but who knows how long.
ben_vulpes: mircea_popescu: thanks for extending the counteroffer, i'll take it. will you take payment in pizarro credits?
mircea_popescu: i suppose the question of lisp standardization, soon to be visited upon our fair republic, will be one helluva burning flame.
phf: spyked: i prefer ccl on low powered machines, the only parts of trinque's bot that rely on sbcl are one or two functions related to thread management
douchebag: Oh but yeah, until then - let me know if there are any IRC bots or web applications you want me to take a look at
asciilifeform: spyked: i found 1st gen raspi (entirely aside the q of closed shitware) to be ~unusable -- it shared a usb bus between nic (already slow) and disk