Hide Idle (>14 d.) Chans


← 2020-07-29 | 2020-07-31 →
Apocalyptic: "In the course of Eclypsium’s analysis, we have identified a buffer overflow vulnerability in the way that GRUB2 parses content from the GRUB2 config file (grub.cfg)."
asciilifeform: Apocalyptic: how the hell is this a vuln ? 'secure boot' is elementary fritzchip (i.e. 'secure against owner')
asciilifeform: this nonsense is rather like crapple's regular 'ohnoez, jailbreak found again, security vuln!'
snsabot: Logged on 2020-05-05 12:51:05 asciilifeform: violadivias: the 'attack resistance' in the linked piece is an artful distraction/disinfo. cr50 is there specifically to prevent the owner of the machine from getting 100% control over it.
Apocalyptic: my understanding is that the buffer overflow is independent from 'SecureBoot', but enabling the attack, still lulzy though
asciilifeform: 'attack' against what, though
asciilifeform: it's a jailbreak, for jailed pcs (which,sadly, exist..)
Apocalyptic: against the whole "signed by CAs" shitshow that occurs in SecureBoot, supposedly
asciilifeform: well yes. i.e. jailed pc.
Apocalyptic: "To dig a little deeper into the vulnerability itself, we’ll take a closer look at how the code works internally. In order to process commands from the external configuration file, GRUB2 uses flex and bison to generate a parsing engine for a domain-specific language (DSL) from language description files and helper functions." this also is telling what a pile of shit grub2 is
asciilifeform: Apocalyptic: it was titanic pile o'shit for almost whole time it existed. there's e.g. ttf glyph renderer, and fuckknows what else in there
asciilifeform: MBs of liquishit
asciilifeform: and, evidently, native support for microshit's formerly-'palladium' 'you dun own yer pc' attempts.
asciilifeform got 'grub' the fuck off all personally-owned and supported iron yrs ago
asciilifeform also doesn't buy palladiumized irons.
asciilifeform: i still gotta lul over the typical attempt to spin a jailbreak as a 'vulnerability' tho
asciilifeform: iirc intel did same when 'ME' 0day 1st published .
Apocalyptic: asciilifeform, you switched to lilo on all irons ?
asciilifeform: Apocalyptic: all the x86+linux irons i had in active service, afaik. most of them did not have to switch, set up with it at start.
asciilifeform: !w poll
watchglass: Polling 12 nodes...
watchglass: 205.134.172.4:8333 : (172-4.core.ai.net) Alive: (0.085s) V=70001 (/therealbitcoin.org:0.7.0.1/) Jumpers=0x1 (TRB-Compat.) Blocks=641484
watchglass: 205.134.172.6:8333 : (172-6.core.ai.net) Alive: (0.082s) V=99999 (/therealbitcoin.org:0.9.99.99/) Jumpers=0x1 (TRB-Compat.) Blocks=641484
watchglass: 205.134.172.27:8333 : Alive: (0.124s) V=99999 (/therealbitcoin.org:0.9.99.99/) Jumpers=0x1 (TRB-Compat.) Blocks=641484 (Operator: asciilifeform)
watchglass: 205.134.172.26:8333 : Alive: (0.124s) V=99999 (/therealbitcoin.org:0.9.99.99/) Jumpers=0x1 (TRB-Compat.) Blocks=641484
watchglass: 108.31.170.3:8333 : (pool-108-31-170-3.washdc.fios.verizon.net) Alive: (0.110s) V=99999 (/therealbitcoin.org:0.9.99.99/) Jumpers=0x1 (TRB-Compat.) Blocks=641484 (Operator: asciilifeform)
watchglass: 192.151.158.26:8333 : Alive: (0.132s) V=70001 (/therealbitcoin.org:0.7.0.1/) Jumpers=0x1 (TRB-Compat.) Blocks=641484
watchglass: 208.94.240.42:8333 : Alive: (0.202s) V=99999 (/therealbitcoin.org:0.9.99.99/) Jumpers=0x1 (TRB-Compat.) Blocks=641484
watchglass: 143.202.160.10:8333 : Alive: (0.221s) V=70001 (/therealbitcoin.org:0.7.0.1/) Jumpers=0x1 (TRB-Compat.) Blocks=641484
watchglass: 213.109.238.156:8333 : Alive: (0.392s) V=99999 (/therealbitcoin.org:0.9.99.99/) Jumpers=0x1 (TRB-Compat.) Blocks=641484
watchglass: 188.121.168.69:8333 : (rev-188-121-168-69.radiolan.sk) Alive: (0.374s) V=99999 (/therealbitcoin.org:0.9.99.99/) Jumpers=0x1 (TRB-Compat.) Blocks=641484
watchglass: 176.9.59.199:8333 : Busy? (No answer in 20 sec.) (Operator: jurov)
watchglass: 103.36.92.112:8333 : Busy? (No answer in 20 sec.)
asciilifeform: !q uptime
snsabot: asciilifeform: time since my last reconnect : 0d 0h 0m
asciilifeform: pretty interesting -- found that bot was hung. 1st detectable instance of this since wrote it.
asciilifeform: aaand it was still receiving 'pings' from fleanode..
asciilifeform suspects problem on fleanoad end
asciilifeform: makes trinque's algo seem appealing.
snsabot: Logged on 2020-07-29 11:55:49 trinque: even considered having a pair of twins bot deployment which chatter to each other to confirm connection, rather than trusting that someone on the server side PONGed
asciilifeform: !q uptime
snsabot: asciilifeform: time since my last reconnect : 0d 0h 14m
asciilifeform: !q uptime
snsabot: asciilifeform: time since my last reconnect : 0d 0h 45m
feedbot: http://thetarpit.org/2020/briefly-on-programming-irc-bots-using-common-lisp << The Tar Pit -- Briefly, on programming IRC bots using Common Lisp
asciilifeform: ^ hey spyked :
asciilifeform: what'd be wrong with , e.g. :
asciilifeform: (defmacro if-timeout (timeout timeout-form &body body)
asciilifeform: "Return timeout-form if timeout times out, otherwise return result of body."
asciilifeform: `(handler-case (bordeaux-threads:with-timeout (,timeout)
asciilifeform: ,@body)
asciilifeform: (condition (bordeaux-threads:timeout)
asciilifeform: (declare (ignore timeout))
asciilifeform: ,timeout-form)))
asciilifeform: and then, e.g. :
asciilifeform: (if-timeout *your-timeout* (format yer-log "eggog...") (progn (.........) ))
asciilifeform: on top of this, the python example is 100% synchronous, and doesn't even require this kinda thing -- 'except socket.timeout' gets thrown if recv() actually returns timeout eggog code, strictly
asciilifeform: ACHTUNG, readers! logotron updated with sane date handling for next/prev (i.e. skips empty days, but behaves correctly if these are req'd manually.) plox to report bugs ! will later issue vpatch.
asciilifeform: includes also 'dawn of time' handling ( example . )
asciilifeform: jurov: observe that 'sparse' chans like #therealbitcoin are now easy to read 'cover to cover'.
feedbot: http://mvdstandard.net/2020/07/intendencia-of-montevideo-number-of-endemic-trash-dumps-more-than-doubled-in-three-years/ << The Montevideo Standard -- Intendencia Of Montevideo: Number Of "Endemic Trash Dumps" More Than Doubled In Three Years
asciilifeform: !q uptime
snsabot: asciilifeform: time since my last reconnect : 0d 9h 17m
← 2020-07-29 | 2020-07-31 →