log☇︎
114000+ entries in 0.068s
douchebag: not sure if there's a timezone difference
ben_vulpes: douchebag: your usuallies aren't going to serve you well here, whoever makes the rules makes the rules
douchebag: It was after midnight when you made that agreement for me yesterday
douchebag: So one month from today
douchebag: ben_vulpes: Usually I would figure if someone is offering money, they should be the one creating the contract or whatever
ben_vulpes: if you had issue with them you shoulda brought it up then instead of just not doing anything
ben_vulpes: dude because those were the terms
douchebag: You're the one offering the $
douchebag: Why can't trinque deed it
ben_vulpes: trinque: did he ever actually deed the agreement?
deedbot: http://qntra.net/2018/03/moves-in-trump-administration-signal-the-remains-of-the-us-moving-into-a-more-aggressive-posture/ << Qntra - Moves In Trump Administration Signal The Remains Of The US Moving Into A More Aggressive Posture
douchebag: I found the links myself
trinque encourages the Lords to let the kid grow an attention span and find the links himself.
BingoBoingo: douchebag: The second link is an older incarnation that was implemented by another party
trinque: sources can be found in the logs; search 'em.
douchebag: If you want it to be audited a bit more comprehensively
trinque: alright then
douchebag: Yeah no that's fine
douchebag: Still doing some thinking of what the best course of action to pwn deedbot will be
douchebag: is !~unix ping 127.0.0.1 the correct syntax?
douchebag: okay trinque
trinque: douchebag: also talk to the damned bots in PM
jhvh1: BingoBoingo: The operation succeeded.
BingoBoingo: !~later tell jurov http://p.bvulpes.com/pastes/JYKQV/?raw=true
lobbes: Check out the logs for 'bot directory'; I think pete_dushenski's page is probably still up
lobbes: Btw jhvh1 isn't related to deedbot (and, as far as I know, is not on a box with any coin contained within)
lobbes amused that all these payload urls are ultimately being forwarded to archive.is o.0.
jhvh1: douchebag: ec2-52-16-21-24.eu-west-1.compute.amazonaws.com (52.16.21.24): 5 packets transmitted, 5 received, 0% packet loss, time 4005ms rtt min/avg/max/mdev = 80.606/80.640/80.688/0.256 ms
jhvh1: douchebag: (unix ping [--c <count>] [--i <interval>] [--t <ttl>] [--W <timeout>] <host or ip>) -- Sends an ICMP echo request to the specified host. The arguments correspond with those listed in ping(8). --c is limited to 10 packets or less (default is 5). --i is limited to 5 or less. --W is limited to 10 or less.
jhvh1: douchebag: (list [--private] [--unloaded] [<plugin>]) -- Lists the commands available in the given plugin. If no plugin is given, lists the public plugins available. If --private is given, lists the private plugins. If --unloaded is given, it will list available plugins that are not loaded.
jhvh1: douchebag: Error: There is no command "htmllogger". However, "Htmllogger" is the name of a loaded plugin, and you may be able to find its provided commands using 'list Htmllogger'.
jhvh1: douchebag: (help [<plugin>] [<command>]) -- This command gives a useful description of what <command> does. <plugin> is only necessary if the command is in more than one plugin. You may also want to use the 'list' command to list all available plugins and commands.
deedbot: douchebag subscription to http://0:22/ failed
ben_vulpes: douchebag: what did you try to deed there?
ben_vulpes: mircea_popescu: going to nail down pricing for shells on this machine and then we can provision them, i expect that we can get hanbot a shell tomorrow ☟︎
trinque: douchebag: ^ if you want honest work, I will pay you for a demonstration that you can discover the balance of an arbitrary deedbot wallet user, on the condition that if in one month you can't, you drop this web security herp and take a task from me and complete it.
asciilifeform: in re inbanditry -- recall misfortunate boy without t-cells; ~he~ went in a plastic bubble, observe. him, rather than every possible other people who might sneeze on him.
trinque: would be pretty shocking if the web server's defaults didn't serve up txt properly.
asciilifeform: ^ no inbandbarf on any of the browsers i have in arm's reach
mircea_popescu: once the deed is up browsershots.org it lessee
trinque: nah, not on something served up as content-type text
ben_vulpes: i'll look into this unordered sets thing later
ben_vulpes: asciilifeform: well yes i did find the error message but i am still banging my head on the why of it
trinque: nah, guess I assumed in charity that herr douchebag looked at the thing's output before.
asciilifeform: and lemme guess, there is a browser that still parses htmlolade in these ??
trinque: oh lol, I'm already serving them up as txt.
a111: Logged on 2016-08-01 19:51 phf: oh that's beautiful
asciilifeform: or why not instead crapple fixes the box. or dies.
asciilifeform: so, what nao, onus on unicodists to avoid emitting it??
asciilifeform: there exists for instance the ipnoje, which famously chokes on some particular hindu glyph.
a111: Logged on 2018-03-23 04:52 mircea_popescu: we'll have to come to a unified set of something here in any case. as it stands right now it's not obvious whether one can or can't point shitfox at random republican website ; nor where to look to find out.
asciilifeform: http://btcbase.org/log/2018-03-23#1789151 << 'sanitization' in the sense of attempting to rescue every possible broken inbandparser is a catastrophically wrong thing. ☝︎
mircea_popescu: ends up with cycle further down the line when unpacking a tx
mircea_popescu: yes but you can't simply take that out.
a111: Logged on 2018-03-23 04:37 ben_vulpes: asciilifeform: do you know anything about this data struct / can't have 2 outputs pointing to the same addr in a transaction mircea_popescu mentioned?
trinque: source code for the item is in the logs, db it uses, blah, blah, blah.
trinque: of course, that.
trinque: entirely separate from "hey trinque can you do something practical while we yet rely on shittech"
trinque: the problem I was driving at was the sign of bad upbringing where I sit here and tell him where the vulns *certainly* are
mircea_popescu finally understood why the web even took off in the first place, instead of the much saner alternatives at the time available.
mircea_popescu: amusingly enough, the WHOLE UTILITY, and in any case the absolutely only reasons people use, like and like to use the web is specifically because of those two things. which makes naggum's perl rant misplaced : perl exhibits the characteristics he bemoans incidentally ; html is fundamentally build out of them and would not interest any of the webtards if it weren't, because it interests ~for them~ specifically.
mircea_popescu: in the end there's two broken points of old html, not merely the whole "statefulness on stateless protocol" cookies bs ; but also the "will mix code in the data nyah nyah nyah".
a111: Logged on 2018-03-22 17:06 douchebag: Wouldn't it make sense to make sure you're doing something the right way before you go ahead and do it?
mircea_popescu: in the end the deep root of http://btcbase.org/log/2018-03-22#1788727 is that all the inept dances html does to permit in-band signalling, so you never know if it's < or &lt; or what, is fundamentally a bad idea. ☝︎
mircea_popescu: because it was made by and for idiots from back in the day the web was ~equal to ye olde finger utility.
mircea_popescu: "modern" or however we shall call the shit browser errs on the side of loading everything it can
mircea_popescu: no js required for this.
mircea_popescu: hence my comment above,. " we'll have to come to a unified set of something here". just because the line isn't drawn.
trinque: because mitm can do the same thing to you
trinque: this line of reasoning leads to me going and getting an SSL cert
mircea_popescu: consider something simple : i took pride publicly on how trilema doesn't load google analytics, thereby giving away the usual set of telemetrics to the usg. fine and good. but your site can be coaxed to load ???.burpcollaborator.net by 3rd party ? so every time a "normal" browser goes by it looks up wtf that doctype is and so on ?
mircea_popescu: trinque yes, but we don't care about that. we just care about our not being dumb.
mircea_popescu: possibly that's the correct cut of this knot, "if you're not sanitizing force pages be text/plain"
trinque: but the gentleman's browser on the other side is still the mess it was
trinque can trivially make the thing serve up text/plain right now
mircea_popescu: we'll have to come to a unified set of something here in any case. as it stands right now it's not obvious whether one can or can't point shitfox at random republican website ; nor where to look to find out. ☟︎
trinque: at any rate I'm not questioning you to make you not diddle the XML holes. in your log reading you might've heard me refer to servers as outdoor toilets.
trinque declared the line of nomoars pretty far out on this one, aha.
douchebag: trinque: I would reprogram deedbot to become self aware and take over the world
mircea_popescu: this is a source of constant surprise, consider all the time phf sunk into chasing unicode obscura on his logger.
mircea_popescu: anyway, what we have here is a tacit miss-standard, and the discussion is probably of most interest to people who aim to make their own blog thing, phf spyked whoever was looking at lisping it. because on one hand there's the older trilema standard that's web compatible, and on the other hand there's the emerging no shits given approach like on the deedbot site say, "what am i going to do now, alter deeds to mitigate sht brow
trinque: mind giving me a sentence that isn't so widely applicable?
douchebag: I would then look around and determine how it could be best leveraged
trinque: but then what, now you're on the deedbot server and ?
trinque is aware of both of these types of problems
mircea_popescu: douchebag i was extending the discussion.
douchebag: it has to do with the XML parser on the server side
douchebag: The XML shit I am doing has nothing to do with the web browser
mircea_popescu: note that eg trilema (mp-wp, w/e) takes steps to mitigate this. by for instance not permitting html entities in user contributed fields, see ?
trinque: this was always the risk with browsers, all of which are shit
mircea_popescu: trinque he's not even wrong : someone clicks on the link with a shit browser, gets owned by that shit browser.
trinque: douchebag: so perhaps the feeds parser thing does, even. I have no idea. What happens next?
trinque: he's seeing if the XML parser somewhere pulls external schema files
douchebag: trinque: Because I haven't seen the source code so I don't know if dtd was disabled
deedbot: douchebag subscription to http://ec2-18-216-255-196.us-east-2.compute.amazonaws.com/230OOB/payload.xml failed
trinque: douchebag: why are you still trying the dtd thing?
douchebag: mircea_popescu: I was just shitposting sir, no need to explain
mircea_popescu: douchebag there's a lengthy history of people's contributions respek, but they have to be contributory.
trinque: and given that we're all still relying on it, exploits found and squashed in gpg would be lauded.
ben_vulpes: asciilifeform: do you know anything about this data struct / can't have 2 outputs pointing to the same addr in a transaction mircea_popescu mentioned? ☟︎