log☇︎
121700+ entries in 0.066s
douchebag: Where can I find a copy of the source?
mircea_popescu: hanbot just published an unofficial genesis, so you can just fire up your v and press that
mircea_popescu: it's a fork off 2.7 wp trunk iirc.
a111: Logged on 2018-01-23 07:11 mircea_popescu: actually, hanbot is about to genesis mp-wp, you're more than welcome to help down with the paring down effort of that, if you want. mostly php.
douchebag: To make my job a little bit easier, could you tell me a little bit about mp-wp and how it differs from Wordpress?
mircea_popescu: wp-mp, basically, like last time.
douchebag: mircea_popescu: any sites you want me to take a look at really quick?
douchebag: Mhmmm I already got it, thanks anyway though
trinque off for the night as well
trinque: might help you more to do that reading I was talking about, and get a v-tron set up.
douchebag: Are there any sites any of you guys would like me to check out? I'm a bit bored right now and I am always up for a challenge :-) ☟︎
trinque: guy's probably away for the night. why don't you drop him a gpggram on his paste site, link him to it here
douchebag: It's not a major issue and an easy fix, however it could potentially allow someone to create fake logs
douchebag: ben_vulpes: I found a vulnerability in your site, how would you like me to disclose it to you?
trinque: surely you can sleuth that one out.
douchebag: And how most people are more than willing to share the information they acquire through blogs and whatnot
douchebag: I suppose the point I'm trying to get across is that there is a pretty good community involved with bug bounties, I especially like the classic hacker additude of most of the people in the sense that they're all working together to learn more
douchebag: Very true
mircea_popescu: i know quite a few people whose iq is over 150. the internet is good at collecting similar things. sadly -- this does little for the intelligence of the race in general.
douchebag: Oh yes, that's very true. However, I do know quite a few people who have been very successful with it
mircea_popescu: but her ass is not actually all that average.
mircea_popescu: i know a girl that made $30 million with her ass ; and you must admit that for the average girl's ass this is indeed generous.
douchebag: Haha, you do have to admit for the average person $40k in a little over 3 weeks is pretty damn good.
douchebag: A relatively well known bug bounty hunter I know has made $40k this month off of bug bounties, his goal is $50k for January
mircea_popescu: i kept sayin' this!
mircea_popescu: hey, almost better than tits.
douchebag: However, even though I have to wait until they patch the bugs I found before they reward me, they did reward me $150 on triage and will be rewarding the rest at a later date
douchebag: Well, I still have to wait until they patch them before they reward the bounty. They pay based on likelyhood/impact, now a friend of mine reported a vulnerability less serious than the one I found and he was rewarded $2,000 total
mircea_popescu: how much do two vulnerabilities in yahoo pay ?
douchebag: I managed to find two vulnerabilities in Yahoo last night, I highly suggest their bug bounty program for anyone who is interested in doing that sort of stuff.
deedbot: http://www.contravex.com/2018/01/26/the-g-word/ << Contravex: A blog by Pete Dushenski - The G-word.
mod6: and it goes back to the same thing as with diana_coman. having two '++' at the front of the line. the way the vdiff is written, when it passes the diffed file off to awk to pattern match the ---|+++ it adds that '+' in the front, then it matches, causing it to call sha512sum.. which is where the false comes from. I think. ☟︎
mod6: both vdiffs fail on this.
mircea_popescu: basically her svging of binaries did some inadvertent fuzzing of the whole vdiff process
mod6: Perhaps something with the vdiff is doing this? Or maybe there was something weird in the original encoding of this image? But that seems to be the solution, remove that ' false' and that should work.
mod6: anyway, removing: ' false' from that line will indeed, yield the correct hash, and allow for a proper base64 decoding.
mod6: (note that in the genesis, there is an additional '+' at the front of the line)
mod6: Why? Because of the 'false' at the end of this line: ++6/l4BiDfMrebzvzrfh2UMH8cTMAsbHbPRFuih0reDbX30AD+17CB1JhgefoRhOIbIr3k3CDKGT false
mod6: So if you manually extract the 'mpwp/blog/wp-includes/js/tinymce/plugins/wpgallery/img/gallery.png.svg' from the mp-wp_genesis.vpatch, and place it in a file, and attempt to base64 decode it, it fails to decode.
mod6: ok lemme see if i can do a bit of debugging on this mpwp and see if that really was the issue there.
mod6: i gotta see this movie now
a111: Logged on 2018-01-26 00:33 mod6: I'd like to make another positive mention here about TMSR~, if I may : one thing that really makes me smile is that all of us, no matter how busy, or whatever, are always willing to drop whatever it is to pitch in when the ship needs trimming.
asciilifeform: http://btcbase.org/log/2018-01-26#1776638 << for some reason my automatic default mental picture was the scene from film 'das boot' ☝︎
asciilifeform: for thread-completeness i will point out that 'who runs the craft' is a problem that exists just the same in current-day bitcoinism.
mircea_popescu: are you... unsatisfied that it does ? :D
asciilifeform: next thing , maxwell's daemon will also 'figure out what to do himself!11' lol
mircea_popescu: if you had that alien it'd be perhaps wiser to just let him figure out what to do himself ?
asciilifeform: ( unsurprisingly, i'd hope, to errybody reading )
mircea_popescu: as the man said, "motherfucker, why didn't i think of that!"
asciilifeform: the orig scenario of course requires benevolent martian , who would gently pick up idjit humans who try to approach the box, like child picks up beetles, and puts'em elsewhere
mircea_popescu: and who runs the craft, http://trilema.com/the-hour-of-reckoning ?
asciilifeform: ( 'machine' in the very general sense, you'd want >1 , which understand one another's keys and sync )
asciilifeform: and more generally, if one could park an rsa-speaking machine , of extraordinary physical resilience, somewhere nobody could reasonably get to, but can still maintain radio contact
asciilifeform: with the obvious physical gotchas.
asciilifeform: fwiw a literal martian bank would probably work quite well. ( you might have to put it farther than mars, or even on a continually-moving craft , so as it could not be templar-molested by 'french king' )
mircea_popescu: so therefore... unsatisfied it doesn't work.
mircea_popescu: i'm satisfied it doesn't work and not happy with this.
asciilifeform: mircea_popescu: i'll admit to a curiosity to hear moar re 'unsatisfied that it doesn't work'
mod6: This goes for all Lords and Ladies too. If that wasn't obv.
mod6: I appreciate all your hard work / blood / sweat / tears on your trb adventure with deedbot. Your contributions are and will make a difference. This is why the republic is on top. We don't imagine the change we want to see in the world, WE MAKE THE CHANGE WE WANT TO SEE IN THE WORLD.
trinque often does this to a person he thinks is qualified to give the argument
mod6: never hurts to ask a tough question.
a111: Logged on 2018-01-25 19:15 trinque: what is the foundation's role then?
trinque: http://btcbase.org/log/2018-01-25#1776346 << this ftr was said thinking that it *is* useful, wanted, etc. ☝︎
asciilifeform: even that 'works' for the usd value of 'works'..
a111: Logged on 2018-01-26 00:31 mircea_popescu: but you can see the appeal.
mircea_popescu: i meant the supernode, http://btcbase.org/log/2018-01-26#1776626 ☝︎
mircea_popescu: which is like "i'm satisfied X", together with "hey, wait a minute, what if..."
mircea_popescu: to put it tersely, i'm unsatisfied it doesn't work.
a111: Logged on 2015-08-02 21:00 mircea_popescu: you buy 6x6 inch panbes of glass and crash them
asciilifeform: mircea_popescu: closest thing i ever came up with to 'analogue bitcoin' was a variant of http://btcbase.org/log/2015-08-02#1222527 , where you have a sheet of $glasslike and a thermal stressor gadget is used to crack it into N 'jigsaw' pieces; idea being that adjacent pieces 'plug into' yours and can 'verify' it , and so on recursively ☝︎
mod6: It's pretty fantastic all around. Very good things.
mircea_popescu: i think i pointed out somewhere how boys that've never seen a cunt still get wet dreams, but with boobs instead. same thing here -- before networks were well understood people still thought about network-like problems. just... in roman numerals.
mod6: I'd like to make another positive mention here about TMSR~, if I may : one thing that really makes me smile is that all of us, no matter how busy, or whatever, are always willing to drop whatever it is to pitch in when the ship needs trimming. ☟︎
mircea_popescu: see, you can tell the guy is genuinely 60ish not just because of his specific pre-internet use of language ; but also because of his default mental models.
mircea_popescu: this'd be his take on that.
asciilifeform: dun mean that it makes any sense.
mircea_popescu: so there we go.
mircea_popescu: hey, swear to me you never EVER consider it.
asciilifeform: i can also see the appeal of fart-powered flight
mircea_popescu: but you can see the appeal. ☟︎
mircea_popescu: asciilifeform it's not a novel concept to me -- coins that are only verified on exchange.
asciilifeform: ( i dun know of anything else that could have fit this description )
asciilifeform: presumably meant the magical 'untamperable clipper chips' of the 1990s 'digital currency' derps
asciilifeform: dafuq even is -- even in principle -- 'non-net solution' to 'digital coin'
a111: Logged on 2018-01-25 21:28 NoSatoshisHear: I worked on digital coin in 2001, but tried to find a non-net solution, and finally just gave up. When you head the wrong way, you don't get there. Still feel stupid for not buying in at $5, but I had no interest in Silk Road.
mircea_popescu: http://btcbase.org/log/2018-01-25#1776463 << hey, i knew a guy who didn't finance (1980s!) porn ventures because "not interested in the loose women". bought "blue chip" fucking revlon and bs instead. i'm sure there's even today ossified mind going "i'm not into tmsr because i'm not interested in terrorism". hurr durr, you never know what things are really about. ☝︎
mod6: Honestly, I loved the homework for ffa_calc. That was awesome.
mod6: I think so too, I took a peek at it. I'm actually excited that you put homework problems in there. And I'll do 'em for sure.
asciilifeform: mod6: i have a feeling you'll love the ch8 homework.
mod6: yes. I'm starting to love ada, at least, syntactically. The way you've used it, is very straight forward -- at least once one understands how array access / slices work.
asciilifeform: ( this is deliberate )
asciilifeform: the other fortunate bit, at least re ffa, is that it is not complicated from the ada pov
mod6: I'm gonna get this vtron stuff out of the way, then dive in. I should be able to make it through the first 3 chapters pretty easily. I even wrote my own unit tests for those parts.
asciilifeform: mod6: aha, you were among the earliest iirc to get on that ship
mod6: Thankfully I put the time in.
mod6: We have to understand every line.
mod6: <+asciilifeform> mod6: i dun particularly disagree with any of this, but the pov that 'vetting ffa' is a 1time thing, that can be done and then 'is done', imho is mistake : each user must read it ~himself~. << I basically just mean for me & ben.
mircea_popescu: yes, they must, but not with a view to validate theory of evolution ; with a view to expunge head cockroaches
mircea_popescu: asciilifeform sorta like "Each user must read darwin theory for himself"