144700+ entries in 0.981s
mircea_popescu: asciilifeform in other news - they've made
a new extra dark chocolate icecream. i can't explain it.
assbot: Logged on 14-08-2015 00:32:27; mircea_popescu:
http://log.bitcoin-assets.com/?date=13-08-2015#1237131 << im starting to suspect
a "alf's guide to coreboot" full doc would be more valuable than anything on cryptome currently and really
a great addition to loper-os. provided it actually is complete.
shinohai: ;;later tell mod6 gentoo was
a sucess \o/
mircea_popescu: in the sense that yes they could come out of ANYWHERe, and make
a hole anywhere, but then had to spend time to loot, and then had to come back AT THE HOLE, ie not anywhere. so either take time to make
a new hole or go back to where the old one was. in either case, giving the imperial army enough time to plug their ass.
mircea_popescu: if you can't have clean water, not only is it that you can't take
a hot bath - it's that you couldn't conceivably want to.
mircea_popescu: there's
a reason people who only have sewer water don't take hot baths in it.
mircea_popescu: just like the upside of picking sane girls to fuck isn't "that hot blondie" but "i fucked over
a thousand women in my life, most of whose names i don't remember, and yet i never had
a venereal disease". that's the upside.
assbot: Logged on 13-08-2015 17:21:57; asciilifeform: but upside is that we aren't passing around
a massive binary turd.
mircea_popescu:
http://log.bitcoin-assets.com/?date=13-08-2015#1237221 << upside is massive but hard to quantify. upside is that we HAVE FOUND THE HOLES IN GCC! upside is that we know what to say about linux, and why we're saying it. upside is that we have rotor, and that we know why nobody without
a rotor has
a chance. upside of
a sane approach is never "where it gets you", but always "where it didn't take you".
☝︎ assbot: Logged on 13-08-2015 16:44:22; phf: i think that's the biggest advantage NSA has incidentally, because they can print money, they can probably just spin up
a team for every single "core dump on
a funny input" and bring it to
a point where it'll successfully eat
a shellcode. older salaried reversers simply don't have time or desire for that sort of stuff. that's in software world anyway.
assbot: Logged on 13-08-2015 16:37:05; phf: when was that exactly? because i stopped following infosec in 2003 (i think last toorcon i've been to was 2005) and looking at it now not much has changed. the releases are definitely
a lot less interesting, because of the 0day market, but when i ragequit it was the same shit. weak releases by pushy guys in faux military gear as
a norm, occasional interesting stuff from the usual suspects and practically negati
mircea_popescu: we can even have
a "usg affiliated entities pay 4x, people not in wot pay 2x."
assbot: Logged on 13-08-2015 14:46:10; funkenstein_: The man has
a great point, but, where did this thing start that humans are not animals, and in what crib do I find it to strangle it?
assbot: Logged on 13-08-2015 14:06:12; asciilifeform: i am not
a clairvoyant, cannot read your hard disk ! gotta give me something to work with.
mircea_popescu: obviously once rigurous education is abandoned, the whole of society reverts to
a "tribe of monkeys" levels.
trinque: yeah, I had
a hex clock on my taskbar for
a bit
kakobrekla: hm when i was
a kid
a had
a base2 wrist watch
trinque: I'll take
a machine for that
mats: he did
a buncha 3x5 (digit) calculations for me to prove he could do it, i was impressed
mats: i met
a guy that took abacus classes and placed p high at competitions in junior high
assbot: Image taken from page 582 of 'The United States of America.
A study of the American Commonwealth, its natural resources, people, industries, manufactures, commerce, and its work in literature, science, education and self-government. [By various authors.] | Flickr - Photo Sharing! ... (
http://bit.ly/1DQIWDy )
phf: the idea that "would do better job with better tools" applies very differently when you're dealing with people who are already operating at near capacity and would benefit from
a better tool
ag3nt_zer0: on another note I was doing some reading on the history of astrology yesterday and came across the "fact" that originally, in mesopotamia, what became astrology began as
a simple catalog of omens, reflected in "if this, then that" statements... this avenue was state-sponsered too... just got me thinking of the "evolution" of this logic and how these same statements are now applied to exclusively reductionist pragmatic mat
mircea_popescu: roast
a fuckjing rabbit take it over or something sane.
assbot: Logged on 13-08-2015 09:36:42; cazalla: guy's
a barber too but just like his offer to take what i want from his backyard, i turn down offers for haircut and straight razor shave
mircea_popescu: this was
a major thought cleavage, which i noticed at the time, and i noticed that people were actually visibly... peculiar about other things.
mircea_popescu: well, specifically what triggered me was the proposition that "this man that is doing
a bad job would do
a better job weith better tools"
phf: no, my school was ran by
a strong georgian woman pretty much on her terms. 35A 35B starting classes were reduced to 12A 15B by 12th grade, through gentle "your kid is just not right for this place. i suggest you remove him, because it might get very HARD for him to study here very soon"
mircea_popescu: the notion that people in china dislike their government to any degree is not unlike claiming that there's going to be
a peasant revolt that'll shoot stalin', where stalin' = stalin - 99.9% of the killings.
mircea_popescu: ag3nt_zer0 you have to understand that this entire "market" thing is more of
a DoS thing than
a local thing. there isn't
a substantial similarity between ukraina and china that makes both appear in the press you read as "so and so square".
ag3nt_zer0: asciilifeform:
a while back we were having an exchange about tienanmen and it's relation (or non) to the fall of the wall... I have looked
a bit in the direction you indicated but haven't found so much... you got any rcommended paths for that ?
mircea_popescu: it turns out that the sort of people who write good code write it in asm for
a z80 or in c
phf: traditional infosec solution to problems like that is
a proactive bandaid and then yelling at people for not using bandaid appropriately
phf: mats: well, i actually meant the opposite. classes of attacks can be eliminated by not using c. i think that majority of the attacks come from leaky abstractions. there's no <string> in c, but there's
a null terminated memory region. there's no <sql> in perl, but there's
a character array with sql text in it. one of the solutions is to plug abstraction holes on
a level of the language, in such
a way that you can't not use improved abstractions
☟︎ assbot: Logged on 28-07-2014 19:19:31; asciilifeform: results - and from this comes strength; the fight now turns, from
a draining, futile floundering - to
a merry, wrathful clobbering of
a dying vermin, who with us - men - has nothing whatsoever in common. But it all begins - with nonparticipation.' (Беркем аль Атоми, articles. translation mine.)
assbot: Logged on 28-07-2014 19:19:31; asciilifeform: sheath, you have traded places with the *pederasti* - now you are sighted, and they are blind. Now you no longer struggle in the darkness with something foggy and omnipresent, which softly absorbs every blow - instead, you can now clearly make out
a pathetic piece of shit, which has smeared itself over the most important part - the eyes - of
a large and powerful man. You can now deal blows, directly s
assbot: Logged on 28-07-2014 19:19:31; asciilifeform: 'Learn not to participate - to the point of utter impossibility of meeting the enemy 'half-way' - and you will see that inside there lay
a very useful mindfuck: in learning to 'nonparticipate,' in fact you drew out your *will* from its scabbard - to which it seemed so securely riveted by your upbringing. The appearance of *your will* changes everything and forever. With your own will slipped into your
mats: well, sure. like
a detective or
a physician, folks attempting to write secure applications begin from
a position of weakness. and rarely win.
phf:
a deployment strategy in that case could be qemu-x86 -hda bitcoind.img -hdb /dev/blockchain_drive
assbot: Logged on 13-08-2015 14:56:38; funkenstein_: perhaps in some way similar to simply passing around
a massive virtual machine file (yes I'm fishing for
a correction on this)
mats: as I think more about it, there may yet be
a software solution... will share later. asciilifeform will not like it - this involves, inevitably,
a multitude of mitigations
phf: mats: there's
a systematic solution to an entire class of problems. in the poor people world perl "solved" buffer overflows on string input by closing the abstraction leak, meanwhile introducing its own leaky abstraction, i.e. string injection attacks. the solution to that problem was known for 50 years now, specifically structured/validated data
phf: i think that's the biggest advantage NSA has incidentally, because they can print money, they can probably just spin up
a team for every single "core dump on
a funny input" and bring it to
a point where it'll successfully eat
a shellcode. older salaried reversers simply don't have time or desire for that sort of stuff. that's in software world anyway.
☟︎ mats: just shrinking the attack surface
a bit.
phf: i dunno, i think people sit on
a lot of denial of service, but developing that to
a working exploit takes time and unhealthy level of juvenile ocd.
phf: when was that exactly? because i stopped following infosec in 2003 (i think last toorcon i've been to was 2005) and looking at it now not much has changed. the releases are definitely
a lot less interesting, because of the 0day market, but when i ragequit it was the same shit. weak releases by pushy guys in faux military gear as
a norm, occasional interesting stuff from the usual suspects and practically negative desire to come up with systemati
☟︎ phf: i think you have higher expectation of what should be coming out of security conferences. toorcon, schmoocon, defcon, blackhat (though i always though bh is like
a grownup version) always seemed like
a poc||gtfo in
a face-to-face with beer format
phf: asciilifeform: i think that's
a standard blackhat fair. i think the useful part is another cubbyhole to put rootkit fallback hooks, but it's presented like an earth shattering revelation, because
BingoBoingo has
a feeling asciilifeform could be the entire speaker slate at blackhat with things known since time immemorial.
A few years ago I thought things being presented were novel. Now I look at the program and see loads of snore.