#asciilifeform | 2020-07-30

← 2020-07-29 | 2020-07-31 → ↓

Apocalyptic: in other nooz, BootHole vulnerability in grub2

Apocalyptic: "In the course of Eclypsium’s analysis, we have identified a buffer overflow vulnerability in the way that GRUB2 parses content from the GRUB2 config file (grub.cfg)."

asciilifeform: Apocalyptic: how the hell is this a vuln ? 'secure boot' is elementary fritzchip (i.e. 'secure against owner')

asciilifeform: this nonsense is rather like crapple's regular 'ohnoez, jailbreak found again, security vuln!'

asciilifeform: ( see also. )

snsabot: Logged on 2020-05-05 12:51:05 asciilifeform: violadivias: the 'attack resistance' in the linked piece is an artful distraction/disinfo. cr50 is there specifically to prevent the owner of the machine from getting 100% control over it.

Apocalyptic: my understanding is that the buffer overflow is independent from 'SecureBoot', but enabling the attack, still lulzy though

asciilifeform: 'attack' against what, though

asciilifeform: it's a jailbreak, for jailed pcs (which,sadly, exist..)

Apocalyptic: against the whole "signed by CAs" shitshow that occurs in SecureBoot, supposedly

asciilifeform: well yes. i.e. jailed pc.

Apocalyptic: "To dig a little deeper into the vulnerability itself, we’ll take a closer look at how the code works internally. In order to process commands from the external configuration file, GRUB2 uses flex and bison to generate a parsing engine for a domain-specific language (DSL) from language description files and helper functions." this also is telling what a pile of shit grub2 is

asciilifeform: Apocalyptic: it was titanic pile o'shit for almost whole time it existed. there's e.g. ttf glyph renderer, and fuckknows what else in there

asciilifeform: MBs of liquishit

asciilifeform: and, evidently, native support for microshit's formerly-'palladium' 'you dun own yer pc' attempts.

asciilifeform got 'grub' the fuck off all personally-owned and supported iron yrs ago

asciilifeform also doesn't buy palladiumized irons.

asciilifeform: i still gotta lul over the typical attempt to spin a jailbreak as a 'vulnerability' tho

asciilifeform: iirc intel did same when 'ME' 0day 1st published .

asciilifeform bbl.

Apocalyptic: asciilifeform, you switched to lilo on all irons ?

asciilifeform: Apocalyptic: all the x86+linux irons i had in active service, afaik. most of them did not have to switch, set up with it at start.

asciilifeform: !w poll

watchglass: Polling 12 nodes...

watchglass: 205.134.172.4:8333 : (172-4.core.ai.net) Alive: (0.085s) V=70001 (/therealbitcoin.org:0.7.0.1/) Jumpers=0x1 (TRB-Compat.) Blocks=641484

watchglass: 205.134.172.6:8333 : (172-6.core.ai.net) Alive: (0.082s) V=99999 (/therealbitcoin.org:0.9.99.99/) Jumpers=0x1 (TRB-Compat.) Blocks=641484

watchglass: 205.134.172.27:8333 : Alive: (0.124s) V=99999 (/therealbitcoin.org:0.9.99.99/) Jumpers=0x1 (TRB-Compat.) Blocks=641484 (Operator: asciilifeform)

watchglass: 205.134.172.26:8333 : Alive: (0.124s) V=99999 (/therealbitcoin.org:0.9.99.99/) Jumpers=0x1 (TRB-Compat.) Blocks=641484

watchglass: 108.31.170.3:8333 : (pool-108-31-170-3.washdc.fios.verizon.net) Alive: (0.110s) V=99999 (/therealbitcoin.org:0.9.99.99/) Jumpers=0x1 (TRB-Compat.) Blocks=641484 (Operator: asciilifeform)

watchglass: 192.151.158.26:8333 : Alive: (0.132s) V=70001 (/therealbitcoin.org:0.7.0.1/) Jumpers=0x1 (TRB-Compat.) Blocks=641484

watchglass: 208.94.240.42:8333 : Alive: (0.202s) V=99999 (/therealbitcoin.org:0.9.99.99/) Jumpers=0x1 (TRB-Compat.) Blocks=641484

watchglass: 143.202.160.10:8333 : Alive: (0.221s) V=70001 (/therealbitcoin.org:0.7.0.1/) Jumpers=0x1 (TRB-Compat.) Blocks=641484

watchglass: 213.109.238.156:8333 : Alive: (0.392s) V=99999 (/therealbitcoin.org:0.9.99.99/) Jumpers=0x1 (TRB-Compat.) Blocks=641484

watchglass: 188.121.168.69:8333 : (rev-188-121-168-69.radiolan.sk) Alive: (0.374s) V=99999 (/therealbitcoin.org:0.9.99.99/) Jumpers=0x1 (TRB-Compat.) Blocks=641484

watchglass: 176.9.59.199:8333 : Busy? (No answer in 20 sec.) (Operator: jurov)

watchglass: 103.36.92.112:8333 : Busy? (No answer in 20 sec.)

asciilifeform: !q uptime

snsabot: asciilifeform: time since my last reconnect : 0d 0h 0m

asciilifeform: pretty interesting -- found that bot was hung. 1st detectable instance of this since wrote it.

asciilifeform: aaand it was still receiving 'pings' from fleanode..

asciilifeform suspects problem on fleanoad end

asciilifeform: makes trinque's algo seem appealing.

snsabot: Logged on 2020-07-29 11:55:49 trinque: even considered having a pair of twins bot deployment which chatter to each other to confirm connection, rather than trusting that someone on the server side PONGed

asciilifeform: !q uptime

snsabot: asciilifeform: time since my last reconnect : 0d 0h 14m

asciilifeform: !q uptime

snsabot: asciilifeform: time since my last reconnect : 0d 0h 45m

feedbot: http://thetarpit.org/2020/briefly-on-programming-irc-bots-using-common-lisp << The Tar Pit -- Briefly, on programming IRC bots using Common Lisp

asciilifeform: ^ hey spyked :

asciilifeform: what'd be wrong with , e.g. :

asciilifeform: (defmacro if-timeout (timeout timeout-form &body body)

asciilifeform: "Return timeout-form if timeout times out, otherwise return result of body."

asciilifeform: `(handler-case (bordeaux-threads:with-timeout (,timeout)

asciilifeform: ,@body)

asciilifeform: (condition (bordeaux-threads:timeout)

asciilifeform: (declare (ignore timeout))

asciilifeform: ,timeout-form)))

asciilifeform: and then, e.g. :

asciilifeform: (if-timeout *your-timeout* (format yer-log "eggog...") (progn (.........) ))

asciilifeform: on top of this, the python example is 100% synchronous, and doesn't even require this kinda thing -- 'except socket.timeout' gets thrown if recv() actually returns timeout eggog code, strictly

asciilifeform: ACHTUNG, readers! logotron updated with sane date handling for next/prev (i.e. skips empty days, but behaves correctly if these are req'd manually.) plox to report bugs ! will later issue vpatch.

asciilifeform: includes also 'dawn of time' handling ( example . )

asciilifeform: logotron homepage updated w/ vpatch!

asciilifeform: jurov: observe that 'sparse' chans like #therealbitcoin are now easy to read 'cover to cover'.

feedbot: http://mvdstandard.net/2020/07/intendencia-of-montevideo-number-of-endemic-trash-dumps-more-than-doubled-in-three-years/ << The Montevideo Standard -- Intendencia Of Montevideo: Number Of "Endemic Trash Dumps" More Than Doubled In Three Years

asciilifeform: !q uptime

snsabot: asciilifeform: time since my last reconnect : 0d 9h 17m

← 2020-07-29 | 2020-07-31 → ↑