tmsr - Search: " T"

111900+ entries in 0.15s

douchebag: I just jacked one of T-Mobiles sub domains

mircea_popescu: in other world wide webs, "* Topic for #gaygeeks is: Welcome to #gaygeeks, a PG-rated social channel for geeky LGBT people and friends."

deedbot: http://trilema.com/2018/no-such-labs-snsa-march-2018-statement/ << Trilema - No Such lAbs (S.NSA), March 2018 Statement

mircea_popescu: "password length can not exceed 12 characters". teh webfolk clearly doing it rite.

trinque couldn't say, haven't tilted at tar just yet

mircea_popescu: the flag tells tar whether to store this extra metadata with the files or not. generally droppoing it has no effect. ah ok then

asciilifeform did realize this

mircea_popescu: anyway. extended attributes is this ~dead standard that got implemented anyway, basically a kludgy extension of chown.

asciilifeform: and appear to work

asciilifeform: and i untarred in spite of this oddity, and the only barf was that python, ping, and cc1 binaries failed to extract. but oddly enuff extracted later manually...

mircea_popescu: just drop the flag, see what happens.

asciilifeform: nope. $box supports ext4 , but tar 1.26.

mircea_popescu: anyway, odds are you can just take it out.

mircea_popescu: probably once they started supporting ext4.

asciilifeform: q for trinque was , when did gentoo stage3 start using this 'feature'.

asciilifeform: it's in tar.

mircea_popescu: fwiw, iirc reiserfs has them too.

a111: Logged on 2018-04-04 02:30 asciilifeform: trinque: any idea when this liquishit crept in ?

a111: Logged on 2018-04-04 02:19 lobbes: there's also an additional precaution I could take: instead of the thing being on an hourly cronjob, I could easily set up a quick 'validation report' for myself and then pull a 'manual' crank to initiate everything

mircea_popescu: http://btcbase.org/log/2018-04-04#1792831 << this is the worst choice, in general. ☝︎

asciilifeform: mircea_popescu: it's chinese, therefore lulzy. mine seems to boot up with the shitrom broken...

a111: Logged on 2018-04-04 01:06 asciilifeform: and, interestingly, the entire public net appears to be EMPTY of ANY discussion of a cure.

mircea_popescu: http://btcbase.org/log/2018-04-04#1792818 << the english web is empty of EVERYTHING. there isn't anything there. i looked. ☝︎

mircea_popescu: http://btcbase.org/log/2018-04-04#1792817 << fuck 'em. let them sell to each other for bitpaybux until they fall over for all i care. ☝︎

mircea_popescu: eh, what;'s the rush.

a111: Logged on 2016-05-01 14:53 mircea_popescu: asciilifeform> mod6: the baked-in presumption of webtardism is almost insulting << it is insulting, not to us though. think about it : the crab has pincers because in its environment THAT WORKS ; and so does "GET /blog/blog-config.php~".

asciilifeform: doesn't show any symptoms of approaching the thing in any way other than http://btcbase.org/log/2016-05-01#1460013 ☝︎

asciilifeform: http://p.bvulpes.com/pastes/LsmJG/?raw=true << d00d's total effort in re pehbot , thus far.

mircea_popescu: incidentrally, the comments are something else.

asciilifeform: this almost takes out all the sport tho.

mircea_popescu: http://trilema.com/2009/banii-oamenii-si-valorile-liberale/ << uncharacteristically for vloggers, transcript is available.

asciilifeform: at the time understood maybe half . really oughta rewatch these days

asciilifeform actually watches the 2005 one , it was lulzy

mircea_popescu: and the time i burned the koran/bible and the time i stabbed that rabbit and so following.

mircea_popescu: i mean my talk to ro politicians about basic economics from like 2005 is on the fucking web ffs!

a111: Logged on 2018-04-04 00:35 phf: i did several talks on the idea that sanitizing data is retarded, and that you're supposed to have a proper parsing strategy instead. that it's in other words an impedance mismatch problem, and if you teach computer your assumptions it will be impossible to have injection issues

mircea_popescu: much in the vein astronomy can not be grasped playing with ptolemaic spheres.

a111: Logged on 2018-04-04 00:46 asciilifeform: phf: i was vaguely hoping he might grasp this by playing with pehbot / reading ffa ; but loox like no dice so far

mircea_popescu: http://btcbase.org/log/2018-04-04#1792811 << this is not something that can be "grasped" as such. ☝︎

mircea_popescu: phf it's supposed to produce no more than one line per command.

mircea_popescu: and in other "best villains of the silver screen", https://www.youtube.com/watch?v=-N9LnkKQfuc

mircea_popescu: ^ there douchebag , now you can learn lips.

a111: Logged on 2018-04-03 23:53 douchebag: and I'll tell you why, when working for a company doing a security audit - you will get paid the most for RCE. Women love money, and that money can be used to help take care of the children

a111: Logged on 2018-04-03 23:48 lobbes: I agree this needs archiving (I'm currently working off their version of kritik der reinen vernunft as a german study aid). However, unlike kibo.com I would wager the entirety of gutenberg is much much larger. I'd prolly need moar storage than the ~200gb ssd on the dedicated home craptop I'm currently using (but maybe not) >> http://btcbase.org/log/2018-04-03#1792648

mircea_popescu: http://btcbase.org/log/2018-04-03#1792736 << it's not that big. but, if indeed it is that big this is a reason to find more storage space, can't really cut them off. ☝︎

asciilifeform: incidentally trinque do you know of a musltronic stage3 for arm ?

a111: Logged on 2018-04-03 23:41 phf: mircea_popescu: "Unlike obligate coprophagiacs, subsistence hunters could not be stone age fucktards, but for whatever reason opt not to." is there a double not in there?

mircea_popescu: http://btcbase.org/log/2018-04-03#1792728 << yes, actually. x could not be y, but opt to not-not be y. is this bad ? ☝︎

asciilifeform: what's the most recent stage3 that hasn't got it ?

asciilifeform: trinque: any idea when this liquishit crept in ? ☟︎

asciilifeform: hey trinque , i was attempting a gentoo , and found that i cannot even extract a 2016 stage3 on a sane box because --xattrs-include='*.*' and my tar has nfi what xattrs are

lobbes: there's also an additional precaution I could take: instead of the thing being on an hourly cronjob, I could easily set up a quick 'validation report' for myself and then pull a 'manual' crank to initiate everything ☟︎

lobbes: yeah, true, I really should do both

trinque: sure douchebag, not saying do that either

lobbes: I cannot possibly enumerate what I haven't thought of

lobbes: well, it seems like phf's (and others') approach is slightly saner. Even if user input doesn't go to bash, well.. what about the phantomjs exploit you found

douchebag: lobbes: Why not completely avoid sending any user input to a bash interpreter at all?

lobbes: hm okay, this is a bit over my head, but you are saying that I need to understand what the grammar for a url is, and then have the parser follow that grammar?

trinque: parser implements a given grammar, turning a string (whether considered as text or raw bits) into an abstract syntax tree

lobbes: hm yeah, applying this to my case: there is only ONE point where user-entered data enters into the process, and that is where the bot snarfs from the chan and inserts into the first sqlite3 db. So really, I just need to teach THAT part of my process what a valid url is, and then parse accordingly

trinque: the grammar asserts what ought to be there; it rejects everything else, but it didn't reject the "all else" item by item.

lobbes: so, this is kind of like the "default-deny" philosophy? "you may only build the house from this valid list of materials" versus "grab any material you can find, but watch out for this list of lethal building materials"? >> http://btcbase.org/log/2018-04-04#1792809 ☝︎

asciilifeform: and, interestingly, the entire public net appears to be EMPTY of ANY discussion of a cure. ☟︎

asciilifeform: being one of the few languages with actual docs, and of which i used a deliberately small subset -- oughta be pretty simple.

douchebag: I've never programmed in the language it was written in

asciilifeform: going by the log in #asciilifeform-test, d00d 1) still refuses to actually read the proggy 2) continues to think that it remaining standing has something at all to do with 'sanitizing' or anticipating whatever attack

asciilifeform: phf: i was vaguely hoping he might grasp this by playing with pehbot / reading ffa ; but loox like no dice so far ☟︎

phf: so cl-irc isn't "stripping away" faulty sequences, there's a state machine parser there that only accepts a valid irc protocol, likewise the renderer is not escaping html, instead the dom is constructed server side and where you have strings, you can only have strings. they will be serialized into html according to html escaping rules.

phf: i did several talks on the idea that sanitizing data is retarded, and that you're supposed to have a proper parsing strategy instead. that it's in other words an impedance mismatch problem, and if you teach computer your assumptions it will be impossible to have injection issues ☟︎☟︎

phf: but relevant to the conversation, i grew up in russia in the 90s, so i did infosec until 2005 or so

douchebag: In regards to programming/security/technology ect..

douchebag: phf: What sort of topics do you primarily focus on?

phf: well, since we're testing things http://btcbase.org/log/2018-04-03#1231231231231

phf: douchebag: a111 logs, speaks logs, responds to #!s #!seen #!seenbefore #!born and #!vulpes

phf: which reminds me that i should implement the help feature, a111 is no conformant at the moment

asciilifeform: i've temporarily moved it to #asciilifeform-test, douchebag , justforyou !

douchebag: If those lines weren't stripped I could potentially send my own commands to the ircd

douchebag: I was talking about a111

asciilifeform: well, pehbot that is

asciilifeform: actually, douchebag , it does no such thing

douchebag: Good job stripping them !

douchebag: can I try one last command really quick?

asciilifeform: trinque: not as such. BUT he really oughta build the proggy and do in his own shell.

trinque: any chance this can be done in pm asciilifeform ?

pehbot: douchebag: I am PehBot. See also http://www.loper-os.org/?p=2051 . My Width is currently fixed to 256 and Height to 32.

a111: Logged on 2018-04-03 19:51 mircea_popescu: BingoBoingo mind redirecting www to . sometime too ?

trinque: I think mimisbrunnr only quotes log-lines; it's ben_vulpes'

pehbot: asciilifeform: I am PehBot. See also http://www.loper-os.org/?p=2051 . My Width is currently fixed to 256 and Height to 32.

douchebag: whats the syntax

a111: Logged on 2016-09-17 02:55 mircea_popescu: trinque fancy that, you had to have someone tell you! nature teaches by example, you stick more data into woman each time than you ever did into all machines you ever touched. yet...

trinque: http://btcbase.org/log/2016-09-17#1543393 << thread ☝︎

trinque: why, is that's what sperm do, my man.

douchebag: PWN BOXES 2 HELP THE CHILDREN

douchebag: and I'll tell you why, when working for a company doing a security audit - you will get paid the most for RCE. Women love money, and that money can be used to help take care of the children ☟︎

douchebag: trinque: That's true

trinque: heh, meanwhile, all of sexual reproduction is based on getting those RCEs

douchebag: Just make sure a problem like that doesn't occur again. Remote code execution is just as bad as it can get

a111: Logged on 2018-04-03 19:41 mircea_popescu: oh, and : lobbes other than the design review, consider lifting the whole of gutenberg into your archive ? the idiots already have a https that is broken, so far http only works but who knows how long.

lobbes: I agree this needs archiving (I'm currently working off their version of kritik der reinen vernunft as a german study aid). However, unlike kibo.com I would wager the entirety of gutenberg is much much larger. I'd prolly need moar storage than the ~200gb ssd on the dedicated home craptop I'm currently using (but maybe not) >> http://btcbase.org/log/2018-04-03#1792648 ☝︎☟︎