179200+ entries in 0.107s
sina: I am sure asciilifeform would disagree of course,
that it is remotely possible
to ever secure anything :P
mircea_popescu: on
the basis of its record of accomplishments it's not even directly obvious if it was made by usg
to orange revolution random shitholes, or rather
to mentally swamp
the not-entirely-dim lightbulbs in its own collegiate stables.
sina: same sandboxing
techniques can be used
to go a long way
sina: anyway,
this was all just
to answer ben_vulpes question about how you can make sure
the "job" doesn't fuck with its billing supervisor
sina: "with
this one simple
trick" :P
sina: at
the
time I was v interested in
tor hs, before it became completely obvious
that GCHQ/NSA had ability
to look across
the whole onion, and I just wanted
to demonstrate hey it is actually possible
to not ride your bike into
the side of
the bus
sina: which Ulbricht had done several
times
sina: mircea_popescu: it was
trying
to prove at
the
time,
that you could construct system in such a way
that it can't expose its own info by amateur fuckups
mircea_popescu: now, a bunch of all-talk wedidits couldn't do whatever medium diff
task. ok. how's
this relate
to silk road dood ?
ben_vulpes off, robosprinklers pointed out
the
time and suddenly v.
tired
sina: ah yep, sorry I
think we are one branch further down
the
tree
mircea_popescu: nfi what you folks are discussing. i meant,
the metering irc bot would be interesting.
sina: due
to shit sandboxing
sina: several
times during operation he exposed
the public IP of
the hs
ben_vulpes: lol sina he got nabbed by insiders and physical
tails what are you on about
sina: mircea_popescu: it was more
to prove
the point at
the
time
that Ulbricht was a numpty who couldn't secure his own ass
sina: (because of
the sandbox
techniques)
sina: nobody could ever deanon it even
though
they had shell access
sina: once long ago, I ran a
tor hidden service
that allowed anyone
to execute any command
they liked on it, as a deanonymisation challenge
☟︎ sina: you can run
the command in a sandbox and
track it with cgroups in linux
ben_vulpes: cl runs 3-4x longer
than
the go impl after attending
to all
the compiler notes i can; probably need a pointer on profiling common lisp code
to squeeze much more out of it
sina: oh
the
thing
tracking billing?
ben_vulpes: if it runs any shell command, what's
to keep it from getting at your monitor?
sina: instead, IRC bot which accepts any shell command,
tracks CPU
time, mem used, block and network IO consumed and presents a bill
sina: I
think
this is a much more interesting idea
than
the IRC bot I was goign
to make
that plays chess
mircea_popescu: gotta separate your vision from
the shit on
the glasses.
sina: in situation 1, I assume
there is no bricktop and we exchange wotpaste directly
mircea_popescu: now look : in situation 1, where bricktop decided
to introduce me
to you, and you do me, for which purpose he sent you some wotpaste and me similarily
ben_vulpes: also worth mentioning
the feedback loop where a and c get
the wrong keys somehow and go
talk
to b about it
sina: and I am basically just grokking
the
thing less
than a week ago
sina: it's because you have an implicit mental model of
the
thing and years of log context
sina: transitive peer recognition
through
trusting
the fucker
sina: as B has fucked C and A and exchange paper with both of
them
sina: I guess I was
thinking of C
tells A
sina: so in your way of
thinking, B is irc.freenode.net?
sina: I did but in my mind
that falls more under A fucks B
a111: Logged on 2017-06-28 02:18 mircea_popescu:
the only way for A and B
to be introduced, outside of
the grandfatherly, A fucks B and
they exchange bits of paper, is C
tells A about B and B about A.
sina: I get
the feeling
that
the
task would be much simpler if
there was only 1 public IP for
the whoel system where you could retrieve
the results of whatever "job" you
triggered
sina: I'm just
trying
to envision what a "one" is
sina: but both might spin up 5 "new ones"
to do
the
task
sina: that's what
they call you mate
mircea_popescu: i suppose i'm missing out on a lot of watching four movies at once
through pay per view.
mircea_popescu: "FOR
THE DEMOCRACY! PEOPLE HAVE A RIGHT
TO LOOK UP YOUR BLADDER!"
mircea_popescu: people are liek "oh, mp can't be rich & powerful because rich & powerful people don't irc".
totally, because it is really
the goal of my life as well as everyone reasonable
to be as rich and powerful as
trump, so as
to live
the great life of idiots
trying
to insert cathetercam up your dick as you're
trying
to pee
sina: but
tmsr in general, everything
that anyone has done sucks and is
to be
torn down and rebuilt in some quirky fashion
sina: an idea I had,
then I saw someone had done it way better
than my idea
sina: day
to day, everything is postmodernism. any idea you have, someone did it. probably better
than you. in fact, one example of
that is MPex
sina: seriously hanging here is
the least bored I ever am
sina: costs nothing
to check for existence of shit software compared
to payoff :P
sina: php shell was usually <100 lines of base64 encoded
thing
that'd shell out
to whatever you wanted
sina: customer sites used
to get scanned/pwned/php shell uploaded on
the regular
mircea_popescu: dunno how much useful anything can a windows box execute, but for
the sake of argument
sina: sure, but
that is largely a lack of originality in
the
types of commands executed, but
the botnet itself can execute whatever
mircea_popescu: people's understanding of "botnet" goes as far as
the very deliberate automattic wp hole, for isntance.
mircea_popescu: the
typical botnet is what, a bunch of fridges sending ntp requests ?
☟︎ mircea_popescu: bitcoin+gossipd+uci -> pretty much
time
to say goodnight.
sina: so basically it's just a pay
to play botnet?
sina: you need
to be Eastern European or Chinese
sina: well someone like me could write software
to do
these
things but
the deployment would need
to be outside of jurisdiction, hard for me as an AU citizen
mircea_popescu: this
thing exists
to put an end
to non-tmsr computing, give or
take.
sina: so
this
thing literally exists on
the market
today and its fucking cheap for example
to use Amazon Lambda...is
the reason you want your own basically boil down
to 1. no irc gw 2. not
tmsr?
sina: technically both of
those are just pieces of code you'd write
though
mircea_popescu: gotta put a price
tag on
this whole "we're
too lazy
to do security"
sina: so what's wrong with candi_lustt for
this role? it just needs a billing
thingo?
mircea_popescu: there's
two kinds of computers : public, and private. everyone else's computers are public, and by public i simply mean, not
theirs.
sina: you mean,
the ransomware bot shoudl have been UCI bots? haha
sina: fde wouldn't have protected
them
mircea_popescu: then all
the ad-hoc uci impls doing full disk encryption for maerks could be actually useful.
mircea_popescu: sina
the idea is for me
to go "do
this" and for it
to go "here's your bill sir"
mircea_popescu: which depends on deedbot payments, which reminds me... how's
that going
trinque ?
☟︎ sina: anyway, it would be
trivial
to place an irc gateway in front of
that
sina: no commits
to zerovm github since 2015 same for zerocloud middleware for swift :(
sina: and since
then
the project has been stealth or just stagnant
sina: mircea_popescu: when
the people I know first wrote ZeroVM it was like 2012 or so, and at
the
time I was working at a startup you may recall
that. and I
told everyone we shoudl get involved, was ignored,
then ZeroVM got "acquihired" by Rackspace
sina: I rant about it
to my boss at least once a week
sina: mircea_popescu: no problem with it, just nobody wants
this!
sina: you've probably heard of Amazon S3, it's an object store with REST API, so it responds
to primitives GET/HEAD/PUT/DELETE/POST ...there is an equivalent open source project part of OpenStack called Swift. some people I know worked on a sandbox
that only accepts input on stdin and writes
to stdout, and wrotesome middleware for swift so you can for example upload a datset and compute on it and get
the result
sina: hmm ok so
there is an interesting
technology I have worked on