tmsr - Search: " T"

128300+ entries in 0.071s

asciilifeform: 'A TLV (type-length-value) structure is parsed and copied on to the parent stack frame. Unfortunately, there are missing bounds checks, and a specially crafted certificate can lead to a stack overflow...' etc

asciilifeform: however with the 0day -- might be doable.

trinque: I'm sure it doesn't work. meant only to marketing-work

asciilifeform: ( uefi dun get read until close to end of warmup process )

asciilifeform: trinque: dun help with bios-jtagging tho. it gotta be disabled AT RESET

trinque: https://www.phoronix.com/scan.php?page=news_item&px=AMD-PSP-Disable-Option << totally unrelated, pay no attention

asciilifeform: '... stack-based overflow in the function EkCheckCurrentCert. This function is called from TPM2_CreatePrimary with user controlled data - a DER encoded [6] endorsement key (EK) certificate stored in the NV storage....' ☟︎

a111: Logged on 2016-10-14 16:10 kmalkki: apu2 (with AMD PSP) does respond properly to JTAG IDCODE

asciilifeform: in other lulz, http://seclists.org/fulldisclosure/2018/Jan/12 >> ahahahahahaha the amd fritz chip, apparently finally killed

asciilifeform: this one -- went the 2nd.

asciilifeform: there's 2 ways those go.

asciilifeform: signed, i suspect, what was put in front of him to sign, without even reading.

asciilifeform: old bureaucrat, unpopular ( perhaps ) at office, picked as scapegoat for the infector leak of that year

a111: Logged on 2018-01-05 15:40 mod6: I went through each one, looks to be doing the sane thing. I'm probably going to write it up in a little post that can be looked at, as opposed to trying to explain all of that in 3 lines of irc.

mircea_popescu: goes well with the "didn't even afford paralelconstruct". this is some seriously low effort "job".

mod6: lemme break off here for a minute, i'll keep digging up the logs to prove we talked this over.

mod6: anyway, i appreciate all the feedback. its obvious that there is passion to get this part of my vtron right.

asciilifeform: in fact, if we weren't planning to take gpg behind the shed and shoot it, i'd publish my keyring-abolition patch ( gpg then DEMANDS pubkey FILE on cmdline for any op that uses one. ditto privates. )

mircea_popescu: http://btcbase.org/log/2018-01-05#1764975 << very sad fucking item, i would fire the producer. contains "if he were" boilerplate verbiage copy-pasted in there, for utter shame. ☝︎

mod6: i gotta find these logs. im actually now convinced that we've discussed this very item not just once, but maybe even 3 or 4 times.

asciilifeform: i don't want to see it. ever. if i'm seeing it, vtron is broken !

asciilifeform: see, asciilifeform's orig trick with tmp was ~specifically~ to abolish the gpg keyring nonsense

mod6: it's the ~keyring~

mod6: and i don't think people want 1Mb of shit dumped to stdout

asciilifeform: user should not have to look in tmp.

asciilifeform: rather than rubbish left in tmp

mod6: it sounds like my idea of "have something of a corpus to look at after failure" isn't as handy as simply just throwing it out.

mod6: anyway, we'll figure something out. that part im not worried about.

asciilifeform: afaik the best known solution is the one i used -- use the script lang's purpose-made lib for the item

asciilifeform: for so long as vtron uses gpg shell-out, it's stuck with the tmp dir crapola

asciilifeform: mod6: you can't make sure that the mains cord dun get pulled mid-press either

mod6: <+asciilifeform> mod6: afaik this dun actually happen on any known unix << this the rub tho. have to make sure that it actually /NEVER/ happens. i can't have people failing in anyway with this thing.

asciilifeform: ( thinkaboutit, tmp would be entirely useless if this were not so )

asciilifeform: if you have a handle to it, it dun get zapped

trinque: I don't think there's ever a case where , yeap

asciilifeform: mod6: afaik this dun actually happen on any known unix

mod6: sorry, lemme read back here. was just trying to type there.

mod6: maybe mktmpdir is sound for that. however, i remember discussing that before as well..and one fear that i had is that if you use mktmpdir, then you have a /tmp/23429adfsew32 dir.

mircea_popescu: mod6 why not use the system logs instead ?

mod6: before i ever 'green light' that kinda use of my vtron, i'd certainly like to test it myself etc. and ya, that dir would have to be unique.

mod6: now, for the concurrent part... now that's something I never did consider.

mircea_popescu: as he says, there be the logs.

mod6: anyway, if you see a .gnupgtmp, something failed. either the software failed, or the user interrupted the thing. either way, the responsibility has been on the user to determine if he should delete ~/.gnupgtmp or not.

mircea_popescu: mod6 i suspect the idea is sound, but maybe the posixism of "single fixed file" dun serve

asciilifeform: mod6: imho a good debugism would be a flag that forces the printing to stderr of all external proggy (gpg, gnupatch) invocations , and their args

a111: Logged on 2018-01-05 13:34 asciilifeform: http://btcbase.org/log/2018-01-05#1764882 << i'm quite tempted to give the archive another combing and make a sequel to my http://www.loper-os.org/?p=165 item

mircea_popescu: http://btcbase.org/log/2018-01-05#1764935 << prolly worth it, "re-examine history with new theoretical framework" ☝︎

mod6: i shouldn't say a lot. from time to time, one of alf's previous key ones would creep into ones flow or whatever, and you may want to check for yourself weather it verifies or not. or what gnupg might have been up to while executing v.

mod6: and if it did fail, then perhaps one can go and look at what went on -- at the time, there were a lot of seals that didn't verify for instance.

asciilifeform: mod6: the most serious bug is not even the failure to delete the tempdir, but that every run of the vtron uses ~same one~

mircea_popescu: mod6 any particular reason to want ? aid debugging ? or ?

mod6: the idea behind leaving the .gnupgtmp around after execution, is there because i wanted it to be there. not weather this is the Right Thing or not.

mod6: so previously, and im still digging in the logs...

asciilifeform: soo analogously 'plaintext' would be 'the integers'(tm)(r) whereas asciilifeform's conception would then be the finite-bitness integers one actually gets to use on a comp

mircea_popescu: i sadly lacked the formalism to usefully express it then. but now -- have.

mircea_popescu: which is why the whole "with mine owne eyes" screams were all about re previous pass of this, gpg-plaintext.

asciilifeform: ok that'd be a platonic plaintextitude, lol, not a physical item.

mircea_popescu: that is the "plaintext", that comes out as the other plaintext, displayed (via the ~yet other~ plaintext, the html)

mircea_popescu: here, from random article : Sorry, furfies looking for group, I guess I fucked this one up for you ((But had you NOT complained about it -- who knows, maybe you'd still have PMs available ?)).\n\nPS. Today as in <A href=http://trilema.com/2014/askfm-laid-bare-or-whats-half-a-million-uniques-to-you/>2014</a>,

asciilifeform: ( or heapless. consider, where do the external symbols get pulled from . )

asciilifeform: dunno that the meat parser is stackless

mircea_popescu: in my head, "plain text" means something else.

asciilifeform: in asciilifeform's head 'plain text' means strictly v100, i.e. this convenient (too convenient) item 'the customer Got Accustomed To'(tm)(r) in 1950s and is old, tired, being asked to do all sorts of contradictory things like sane diffability, structure-preserving edits, etc

mircea_popescu: asciilifeform neh! i have a magic box, into which i pour the transcendent substance that makes trilema. it comes out as ascii yes, but how is it plain.

asciilifeform: trinque: i'd bet d00d has spells of sobriety, he has afaik already outlived the expected life of a serious meth aficionado ☟︎

trinque: wiser folks hitting you on the head is a kindness.

asciilifeform: ( and given that i ain't his personal physician , i dun even care if he does the job while tripping , or while sober, so long as he does )

trinque: heh, so then. quit stimulants, dumbass. and I'll consider removing the negrate.

asciilifeform: aaanyway gabriel_laddel knows how to do this experiment. i look forward to hearing result

gabriel_laddel: you said LEAVE DUMBASS. I thought about it -- left.

trinque: what kind of appeal is this. "oh but I have limitations"

asciilifeform: trinque: fwiw i have never set foot in those lands. only met east cunts.

trinque: I lived in Portland among the pantsuit cunts

asciilifeform: do you now have a comp and able to work ?

gabriel_laddel: I never got a chance bc fighting all the idiots in CA myself. Same with archiver.Got banned before was able to host in house someone OK'd me for.

asciilifeform: gabriel_laddel: tried training on it ? vs , say, on /dev/urandom

asciilifeform: gabriel_laddel: didja ever download the 1GB example FG bin ?

asciilifeform: trinque: not as if we're awash in recruits. we have here this 1legged d00d, says he wants to fight.

gabriel_laddel: training a NN on FG output to see if it trains faster so I can sell them ☟︎

gabriel_laddel: I'm here for the lispm, and staying for the FUCKGOATS

gabriel_laddel: the order I was anticipating was: M release for tmsr (free, obo), then NNFG, then RSA. lobbes has done/ is doing archiver

asciilifeform: i.e. what brings gabriel_laddel to #t ?

gabriel_laddel: asciilifeform sorry, this is tasks I HAVE ACCEPTED onto stack.

trinque: gabriel_laddel: so where the fuck are these then.

asciilifeform: gabriel_laddel: here's a shot : take this http://btcbase.org/log/2017-12-29#1760563 needleman-wunsch, and turn it into a standalone ( use sbcl's save-lisp-and-die knob, say ) difftron util. come up with own format. ☝︎

trinque: I dunno how this one idiot kid slipped through the crucify-the-useless process

gabriel_laddel: never pdf to text, but yes, archiver, NN via FG, RSA impl in CL, yes linux distro

trinque: where's that, or was that just a paste one day when he needed a self-esteem boost

trinque: he was almost, maybe, sort of going to do an archiver and pdf-to-texter ☟︎

asciilifeform: trinque: he asked 'gimme useful item to do' neh

trinque: either to affirm some nonsense or surface against which to act out

asciilifeform: at 25 asciilifeform unsuccessfully peddled an industrial automation linux+sbcl+proggy-in-a-crate actually quite reminiscent of gabriel_laddel's thing

ben_vulpes: point also is not absolute age but years bouncing off the republic

trinque: guy pops in to give monologues about his psychological needs and that's it, and was ever it

asciilifeform: asciilifeform also had not produced anything useful to the republic, at 25

trinque: asciilifeform: I don't need extra reasons to hate the useless

trinque: to date the guy has produced zero anyone uses, and I dunno why anyone entertains the larping and dick-pulling

asciilifeform: trinque: out of curiosity, do the two of you know one another from meatspace ? and hated for 20yrs ? or how

trinque: who gives a shit. I made mine because it was trivial and I didn't want to hear about it anymore

asciilifeform: the misfortunate thing is that he labeled it 'lispm'