tmsr - Search: " T"

199000+ entries in 0.118s

asciilifeform: (if you do, you will have to compile pl2303 into the kernel)

mod6: which is kinda weird, because i hvae a usb keyboard too

asciilifeform: hot damn, you found one of those linuxen with no pl2303 support ?!

Framedragger: asciilifeform: that's why i didn't wave around with the result :) yeah need to do more testing for sure.

mod6: dmesg says 'usb 3-2' for this guy.

Framedragger: asciilifeform: nah if you iterate thru pages will be other packages as well

Framedragger tried fg last weekend, was all good, (very) small sample (2.7MB) had 7.999936 bits of entropy per byte. but yet to test more thoroughly, including removing shields, etc.

asciilifeform: Framedragger: it seems to find strictly 1) glibc 2) quake (?!)

Framedragger: via that HN post, https://codesearch.debian.net/search?q=recvfrom+.*+MSG_PEEK

asciilifeform: then you can the the stty thing from the instructions.

asciilifeform: (depending on how many other ttl dongles you have)

mod6: it ~does~ power on though

asciilifeform: it will never be tty1

mod6: im using gentoo, having a hard time figuring out which usb device the one. i suspect that it's /dev/tty1 but lsusb doesn't exist on this box.

mod6: testing out this first fg here.

asciilifeform: https://news.ycombinator.com/item?id=14105718 ( https://archive.is/nmX2h ) << witness the unsurprising chorus : 'nobody used it! NOBODY! shuddup terrorist' ☟︎

asciilifeform: sadly there is no automatic means to discover which of the proggies contain exploitable invocations, other than with hard grindstone sweat (or usg's automated tool!1111)

asciilifeform: (still retarded, as discussed earlier, but won't trigger this particular boobytrap)

asciilifeform: now, not all of these invocations are of recv() for udp. most -- tcp.

Framedragger: that makes sense :) circulation is the keyword i suppose

BingoBoingo: Framedragger: You simply have to have a healthy bile cycle, don't try to live without bile, but also don't try to hold it all in.

Framedragger: need to start thinking about internetcensus2012 reboot, i tell ya

asciilifeform: gotta get the line matches, with context (say, 5 up / 5 down from match.) could qntra it.

Framedragger: BingoBoingo: i smell bile and i hate that taste. but possibly i am misconstruing things (i.e., not actual bile in #t)

asciilifeform: mircea_popescu , trinque , Framedragger , et al : part 2 : the bz2 search : http://wotpaste.cascadianhacker.com/pastes/iJwoo/?raw=true

BingoBoingo: <Framedragger> i'll grant you that i'm this overly naive kid as regards these matters. but i fear the psychological alternative :) (becoming an angry man full of bile; principle of charity has a psychological function to me, too). and eh, 'empire'. very binary << There's more than one psychological alternative. Why do you automatically go to the worst case?

asciilifeform marvels at the 'respectable kompooter sekoority community' today doing 10,000,001 things, none of them being THIS

asciilifeform: naturally all versions of gcc match ( they gotta, they have the header in'em -- snore )

asciilifeform: i'ma guess that mircea_popescu was grepping compressed tarballs with plain grep and naturally found nothing.

trinque: aha, asciilifeform, musl defines the flag only, in include/sys/socket.h:262

asciilifeform: Framedragger: not all of the hits are actual real-life invocations

shinohai: today is the 13th (Maundy Thrursday); There are now 13 Lords.

trinque: musl's probably defining the thing in net.h or w/e it was

asciilifeform: i want the motherfucking filenames and lines.

doppler: if you just want match then it's easy, as you said

asciilifeform: there are also bz2, which i have not tested (zgrep dun work on'em)

asciilifeform: and this is ONLY .tar.gz

asciilifeform: mircea_popescu , trinque , Framedragger , et al ^

doppler: they get the file index, and then grep each file separately

asciilifeform: e.g., tar xvfz cmake-2.8.10.2.tar.gz --to-stdout | grep -H MSG_PEEK > liquishit.txt

doppler: yeah, I'm working on that now

asciilifeform: doppler, trinque : the pipe method loses the filename in which the match was found

trinque: oh right, I mean the bash solution gets hairier from there

trinque: flag to tar

trinque: I'd do it through find for multiple files

doppler: gunzip | tar | grep

trinque: yup, can untar to stdout

asciilifeform: orc glyphs, gender commits -- as many as you want. useful everyday tools -- none. not since, say, 1995.

asciilifeform: ( zgrep only greps inside the unzipped tar, producing, e.g., '/usr/portage/distfiles/foo.tar.gz:Binary file (standard input) matches' and dun work on bz2 .

asciilifeform: in other lulz, apparently there is NOT a standard way to grep inside tar.gz.

ben_vulpes: here's a vacuum cleaner, get to work

ben_vulpes: every single spiderweb does not get its own trial

a111: Logged on 2017-04-13 13:52 Framedragger: i'll grant you that i'm this overly naive kid as regards these matters. but i fear the psychological alternative :) (becoming an angry man full of bile; principle of charity has a psychological function to me, too). and eh, 'empire'. very binary

trinque: http://btcbase.org/log/2017-04-13#1642876 << this is not unlike the "rich man must be sad" trope, could instead take pleasure in the way one keeps his cranial house. ☝︎

asciilifeform: steadfast liberal voices, regularly siding with vulnerable parties -- the poor, impoverished ... '

asciilifeform: in yet-other lulz, https://archive.is/mcaLO >> 'NEW YORK -- Sheila Abdus-Salaam, an associate judge on New York state's highest court and the first African-American woman to serve on that bench, was found dead Wednesday in the Hudson River, authorities said. ... became the first Muslim judge in the United States when she started serving on the state Supreme Court in 1994 ... On the court, Abdus-Salaam was among the most reliable and ☟︎☟︎

a111: Logged on 2015-01-12 19:41 pete_dushenski: so bitcoin_charlie what brings you by on this sunny day ?

Framedragger: re manpage, thanks for educating me, as always - yeah ok it's the same thing

asciilifeform: i dun do the a priori thing. ( it may seem that way, because it does not ever take asciilifeform very long to distinguish flies from cutlets. but this comes from experience, and from flies and cutlets generally looking nothing alike. )

asciilifeform: Framedragger: fwiw i read the manpage prior to 'this is liquishit, there is 0 possible justification, it is exactly same as ungetc()'

a111: Logged on 2017-04-13 13:47 Framedragger: asciilifeform: hah, omg i've only heard about this and checking now, even the description is lulzy. "put stuff back into stream"

Framedragger: also there is an easy habit to slip into by which you start discarding any things a priori. (mp-emulator: that's not a bad thing(tm))

Framedragger: i'll grant you that i'm this overly naive kid as regards these matters. but i fear the psychological alternative :) (becoming an angry man full of bile; principle of charity has a psychological function to me, too). and eh, 'empire'. very binary ☟︎☟︎

asciilifeform: nope. there never is.

asciilifeform: 'but there's GOTTA be a valid reason!!1'

asciilifeform: still 'crediting the empire', eh, Framedragger .

Framedragger: you read in to a fixed size buffer and then discard info/connection if need be. they're pretending to be 'only reading one byte' but it's the kernel which chops off one byte from the rest of the packet

asciilifeform: so packet can be (why?!) read twice.

asciilifeform: does same thing as normal recv(), except for clearing the buffer.

Framedragger: yeah i see what you mean. ultimately it's bullshit/snakeoil. i was just saying that ~some~ sense was had (but you'll prolly deny even that - fair enough)

Framedragger: asciilifeform: hah, omg i've only heard about this and checking now, even the description is lulzy. "put stuff back into stream" ☟︎

Framedragger: it saves program-internal memory, but the card itself reads in the data regardless, sure.

asciilifeform: it is the exact equivalent of an older idiocy, ungetc()

Framedragger: (sure, data comes in to network card's buffer anyway)

asciilifeform: Framedragger: this is foolish, you're reading the packet regardless

Framedragger: i guess you could also do `recv(&one_byte_buffer)` and then later `recv(&larger_buffer)`, too; but their use at least makes some sense to me. imho.

Framedragger: it seems to use MSG_PEEK to check info on the connected peer (and drop it if need be), and by using this, it can avoid allocating additional memory to take in whole buffer

Framedragger: asciilifeform: actually i can see some rationale. checking that socat source and that line (https://github.com/craSH/socat/blob/master/xio-udp.c#L220), if you check the definition of buff1, it's `char[1]`.

Framedragger: i can find it elsewhere, too, but small/stupid projects

Framedragger: there is that.

asciilifeform: Framedragger: so far nobody's turned it up anywhere but in socat

Framedragger: can't you use `git blame` to find out the latter?

asciilifeform: kernel is not vtronic, naturally, but linus dun take patches from thin air, they all have names attached

Framedragger: maybe it is.. someone could be using it to get buffer length (folx exist who ask 'so how do i use MSG_PEEK for this...')

asciilifeform: also for some reason silence re authorship of the overflow.. ☟︎

asciilifeform: Framedragger: as far as i can tell -- it is

Framedragger: what are they supposed to say? that this is socat-specific? because it's not

asciilifeform: could say the truth, in theory, 'only used in socat, inserted by wrecker' ☟︎

asciilifeform: gotta wonder, the folx who signed off on the fix -- why they are silent ? why linus - silent

Framedragger: you can get the length of incoming message by other means than just reading it into the buffer (through ioctl or w/e)

Framedragger: hm. are there cases when the program would be like, "i don't have resources to handle this, later", in some embedded/realtime/low-resource context

Framedragger: asciilifeform: i dunno who uses it, either, and why would it be used. it's kind of "remind me about this later" feature, pretty weird/useless

mircea_popescu: and besides, they all spell it randomly.

mircea_popescu: fucking useless chinese names btw. gotta start requiring serial numbers from them folk, i betcha there's 10`000 "zhiang wang" s

asciilifeform: anybody here have a massive gentoo tarball mirror ? try searching for MSG_PEEK ?

a111: Logged on 2016-02-05 21:55 ascii_butugychag: 'A post to a technical forum discovered that the non-prime parameter was introduced more than a year ago. A note in the commit indicates that Socat was not working in FIPS mode because it requires a 1024 Diffie-Hellman prime, and added that a developer named Zhiang Wang provided a patch with the new prime. The poster revealed that Wang works at Oracle and contributes to Socat.'

a111: Logged on 2016-02-05 21:54 ascii_butugychag: '“I cannot for sure rule out the possibility of a backdoor,” said Gerhard Rieger, a Socat maintainer. “But personally I do not believe that the contributor has a backdoor because he uses an email address at a well known and reputated company, and if someone wants to install such a backdoor he would not use a parameter that can easily be proven as non prime.”'

mircea_popescu: nice find. apparently that's the ONLY thing on all github that does.

asciilifeform: Framedragger do you happen to know of one ?

mircea_popescu: eh, as long as it gets people on the new kernel. it's good for them.