218500+ entries in 0.133s
phf: that's where i'm going with
that one ;)
BingoBoingo: phf: Or a chance for pete
to code and make a patch from 0.7-ish
phf: seems like a candidate for shiva extension, since it's so
trivial
to write
pete_dushenski , very late
to
the party, wishes for getpeerinfo in
trb
pete_dushenski: fully 45/72 connections
to node are from 138.197.x.x, ie. digitalocean. weird.
a111: Logged on 2017-02-02 01:20 asciilifeform: (equivalent in commonlisp world would be a program
that relies ~only~ on
the ansi standard)
ben_vulpes: i did write an article about
the material changes from each version
ben_vulpes: pete_dushenski:
the most i can imagine you'll learn about
the differences between prb and
trb without reading
the source is
that
the latter doesn't have a gui
ben_vulpes: perhaps some day in peacetime i shall compare
the hashes of
the bins you sent over
to my other archives
pete_dushenski: i have no such software in operation atm.
though i may fire one up just
to see what i can learn about
the cuts
trb ultimately made.
pete_dushenski: bv had asked for my archived copies a few weeks back, presumably with
the intent
to run on spare macware.
pete_dushenski: ben_vulpes: any progress updates on
the 0.8.2 / 0.8.6
tests ? curious
to see what hacks are needed, if any.
shinohai: The sig campaign spam camp is
that way >>>
shinohai: or whatever
the fuck he calls it.
mircea_popescu: anyway, what was
the official front page of
the internet, voat something ?
mircea_popescu: but something
tells me
there's going
to be left very little of andressen's "nice going
team" after a coupla years' worth of headwind.
mircea_popescu: time
to find out exactly how much fat
the "incubator
that produced a hundred billion in new companies" actually has on
the bones.
ben_vulpes: shinohai:
they didn't even know it existed pre election
mircea_popescu: foregone conclusion anyway, i see zero possibility of outfits like iab / conde nast /
the atlantic / new york
times / guardian / etcetera borrowing in
the future.
they won't be able
to finance ops, and so it's myspace
time for
them all.
shinohai: Was surprised
they didn't do it pre election
mircea_popescu: didn;'t
they ban pretty much everything non conde nast last year anyway ?
ben_vulpes: shinohai: it's simple, you just have
to correctly price
the paper
that everyone else has mispriced.
shinohai: One single bet could make your lolzporium more profitable
than OpenBazaar ben_vulpes
ben_vulpes: "come on down
to ben_vulpes' discount lolzporium!"
mircea_popescu: if you win
that bet i'll seriously start consulting you for financial advice.
mircea_popescu: "i wouldn't steal, honest!" "why are you wearing 48 wrist watches on your arms ?" "oh...
that's
the soviet fashion.
they're... um... gifts!"
mircea_popescu: the fact
that he failed
to understand something (and failed SILENTLY!11) a mere five minutes prior gives him no pause, much like any other socialist retard, "trust me, i'm a good guy" with blood and guts all over.
a111: Logged on 2017-02-01 21:50 fromsiphnos: if,
there is something which i don't understand , ( i did understand all you were saying
til now ) , I .. will ask !
mircea_popescu:
http://btcbase.org/log/2017-02-01#1610795 << prety lulzy how
the delusion of "independence" and "in control of self and own destiny" works in retards,
too.
this schmuck actually imagines himself in a position
to... recognize, by himself, for himself, when he didn't understand something.
☝︎ shinohai: Sorry Framedragger shoulda done
that sooner
trinque: "hello fellow h@X0rZ, got any leet warez
today?"
fromsiphnos: if,
there is something which i don't understand , ( i did understand all you were saying
til now ) , I .. will ask !
☟︎ Framedragger: fromsiphnos: no. if you don't answer
that question, we are left
to infer
things on our own when you ask non-trivial questions, and people are busy.
fromsiphnos: are you guys
the good guys ? or bad guys ?
shinohai pokes BingoBoingo awake
to ask
these questions.
mircea_popescu: and yet again passing silently over noob's failure
to respond
to "who are you"
turns out
to have been a stupid move.
Framedragger: fromsiphnos: you'll need
to learn
things,
this is not a (completely)
trivial hacker-kiddo
thing, in
the sense of finding a list of "hackable" IPs on a forum and
then
trying user/pass pairs. :) you'd need
to be understand how public key based authentication works, and what
the distinction between a server ssh key and a client ssh key is.
Framedragger: (what is nice is not bullshitting around and just providing raw data (at least as one of
the options)).
Framedragger: (i must point out
that
these sorts of scans are nothing unique at all.
https://scans.io/ offers data, for example, but i can't be arsed
to make an account and check. mebbe sometime.)
Framedragger: fromsiphnos: no, not user/pass,
though one could
try a bit of
that,
too, but as in, generate small set of "debianized" ssh client keys, and
try all of'em. much smaller set. see logs above
Framedragger: so basically
that's
the kind of info available. more later, hopefully.
there have been some scans of other ports on
the ssh-broken (phucted, as in
http://phuctor.nosuchlabs.com/ ) boxes, etc.; but no central place for
those scans.
fromsiphnos: yet, it seems it's
the "only one out
there"
a111: Logged on 2016-11-17 16:02 Framedragger: in fact.. due
to
https://hdm.io/tools/debian-openssl/ correctly pointing out
that "This flaw is ugly because even systems
that do not use
the Debian software need
to be audited in case any key is being used
that was created on a Debian system.", someone should attempt botnet-brute-login
to all 13M+ (i forget lol) ssh hosts with rng-fucked client keys.
Framedragger: i need
to learn
to use log-search quickly like you guyz
Framedragger: but good news, as asciilifeform et al. have pointed out before, a lot of client keys get generated on ssh servers. if random number generation or other
things are broken on
the latter, you can *derive*
the (set of)
the former, in some cases :)
Framedragger: fromsiphnos: what do you mean by access? connect
to, and get a login challenge from server? yes. access as in "hack da system" login access? no -
this is *server* ssh key, not client
Framedragger: mircea_popescu:
true
that, no shit :( (funny
thing, i ended up with
two $jobs and $uni
to finish. as i said before, looking forward
to summer, which will be *much* easier, with $things finished.)
fromsiphnos: i
think i agree with mircea_popescu here !
Framedragger: (the siphnos datadrop (
http://siphnos.mkj.lt/datadrop/) gives
the banners ("banners" folder) and keys (in various formats), including raw ssh-keyscan output (*_scan.tar.bz2), as e,N,IP CSVs (e-N-IP*), a.k.a.
tmsr format, and converted openpgp (rfc4880) format.)
fromsiphnos: are you saying you actually can access
those ip's ?
Framedragger: good question, and yet another shameful instance of my backlog (in an ideal world, you would find an article in regards
to
that on
the most esteemed news source,
http://qntra.net/ )
fromsiphnos: i am familiar yes ! but i was curious
to find out, how did you managed
to scan around 15 mil + ip's
to find
their banners and
their keys
Framedragger: i suppose it's not documented anywhere properly as of yet, hm! fromsiphnos, are you by chance familiar with
the `ssh-keyscan`
tool (bundled in by default in
the openssh package). it's basically output from
that
tool, plus a list of all IP addresses which can be connected
to on port 22.
fromsiphnos: well , i was curious as
to what kind of infos are
there on
the above site you mentionated
Framedragger: fromsiphnos: oh, are you
the austrian dude who emailed fd@mkj.lt once? (given
that you connected from vienna just now) :)
Framedragger: yes, *some*. but not enough automation, apparently; and not enough falsification in
this case, as is very much apparent :/ should have been an obvious catch by either automated
test or at least manual
test. was (very shamefully) a wee bit
too lazy with
this last command.
ben_vulpes: nuanced == "spilling out of head
through ears"?
trinque: aha, I saw a bentley
the other day
that had only
two seats
Framedragger: (re. "contains", since it's a.. nuanced bot, it was actually meant
to work correctly, i.e. did not confuse "contains" with "starts with", so.. need
to look at it
to understand wtf.)
ben_vulpes: you
take
that back a
turbocharger is not a rev bump