log☇︎
22700+ entries in 0.154s
a111: Logged on 2018-01-26 18:02 asciilifeform: mircea_popescu for instance prolly knew that one could paste a js into his php thing. but had no particular reason to give a damn
asciilifeform: mircea_popescu for instance prolly knew that one could paste a js into his php thing. but had no particular reason to give a damn ☟︎
a111: Logged on 2018-01-26 05:04 mircea_popescu: meanwhile in girls alf won't like, http://78.media.tumblr.com/33cb28925c37b2cd04d9ff82a675d37d/tumblr_nh7rhnlD9v1qd7u7zo1_1280.jpg
asciilifeform: but in re mircea_popescu's variant
asciilifeform: mircea_popescu: that wouldn't run js in the log page tho
mircea_popescu: ben_vulpes could just put it in an "url shortener"
asciilifeform: mircea_popescu: loads nao
asciilifeform: mircea_popescu: eggog
mircea_popescu: asciilifeform http://trilema.com/wp-content/uploads/2018/01/Documents_of_the_Assembly_of_the_State_of_New_York_1838.pdf
asciilifeform: mircea_popescu: to carry the analogy, luddite dun care whether clock or orrery, thinks 'gears'
asciilifeform: mircea_popescu: only in so much as the mosquitoes in my backyard have to do with your skin
asciilifeform: ( enemy has a very good idea of the efficacy of the mircea_popescu form of harem org , and tries to burn it down wherever and however the chance presents itself )
asciilifeform: mircea_popescu: entirely troo, there are no mechanical prostheses for love, loyalty, honour. the ancients -- knew this.
asciilifeform: hey mircea_popescu : asciilifeform sat down and tried to make a 'and i'll give you a 1btc prize' puzzler for douchebag re 'break pehbot' . but how to phrase the condition of said puzzle, i am still at a loss, burned half hour nearly.
a111: Logged on 2016-12-11 20:15 mircea_popescu: +++7F0QaZAgBgF3/7448/fmnc/DnT29zJipI3ZCWnifqyfJH6/nRzUt7979al5JtwrACPLNjDb5Pc false <<< ahahaha epic!
a111: Logged on 2018-01-26 05:06 mod6: and it goes back to the same thing as with diana_coman. having two '++' at the front of the line. the way the vdiff is written, when it passes the diffed file off to awk to pattern match the ---|+++ it adds that '+' in the front, then it matches, causing it to call sha512sum.. which is where the false comes from. I think.
asciilifeform: ( and lol, this has gotta be the 1st time i hear mircea_popescu refer to a hardcopy of sumthing..? ) ☟︎
asciilifeform: mircea_popescu: or even photo, if it's reasonably compact
mircea_popescu: at issue is the resumption of a redeemable currency in fact, through payments in specie, supported by new york alone and firmly opposed by our good friends in http://trilema.com/2018/the-principal-agent-problem-or-how-america-went-away/#footnote_9_77193 (ie, 2nd national bank and the wide array of western and southern banks dependent upon it. because guess who brought you slavery in the sense of financing it ? oh yeah, the re
asciilifeform waits for mircea_popescu to scream in 'joy' when he finds that not 1 attempt at any such pgpsig verifies, on account of newline mutilation in www stack
asciilifeform: mircea_popescu: this is one of those items that really wants the rsa fpga
a111: Logged on 2018-01-25 16:29 mircea_popescu: wait wait, i might have a pill
a111: Logged on 2016-08-01 20:03 phf: mircea_popescu: a lot of xss detection "solutions" rely on grepping for known bad input, like "script" or whatever. and there are ways to sidestep that, like '<scr' + 'ipt>' or a='ipt>';'<scr'+a. in this case whoever is fucking with detection by using this truly wtf feature i've never heard of, <meta charset="a">b</meta> that apparently parses b according to charset a rules
asciilifeform: mircea_popescu: lo, aaaah, but where will you get a microshit bugcount. the stars in the sky themselves not sufficient to count !11!
asciilifeform: the philosophical puzzler of 'what is a vuln' probably cannot be answered from strictly 1side pov. consider the ultimate degenerate case, microshit, who produces more vulns every day than mircea_popescu spermatozoids , but not 1 of them dings it in any substantial way ( and many in fact are a profit )
a111: Logged on 2018-01-25 16:42 asciilifeform: i dun actually disagree with mircea_popescu : i never liked bigendianism . but it did come from a particular cost analysis , ftr.
a111: Logged on 2018-01-16 17:08 mircea_popescu: (also, let it be pointed out for the benefit of the future noob : the use of xargs with shit from curl is dancing with the wolves. finest way to lose a box.)
asciilifeform: mircea_popescu: do you recall the case of http://btcbase.org/log/2016-08-01#1512390 ? ☝︎
mircea_popescu: asciilifeform there's two fundamental items i can readily identify, maybe more. 1. i actually did plop an echo $_GET in there. is this just bad coding ? is it a legitimate assumption ? 2. he has a point, as long as it's on trilema.com, a script has powers OUTSIDE of its implicit scope, "steal cookies" whatever. is this ~actually~ bad systems design ?
deedbot: mircea_popescu rated douchebag 1 at 2018/01/15 07:34:46 << hyde.solutions
a111: Logged on 2016-05-01 14:53 mircea_popescu: asciilifeform> mod6: the baked-in presumption of webtardism is almost insulting << it is insulting, not to us though. think about it : the crab has pincers because in its environment THAT WORKS ; and so does "GET /blog/blog-config.php~".
mircea_popescu: say /msg nickserv register your_password your_email_address ; use a good password and an email you actually can read, they'll send you a verification thing. this way someone else can't steal your name.
douchebag: !!deed gopher://darrq98n7ienm1nx3uw36dvyqpwik7.burpcollaborator.net:80/_TEST
deedbot: 6160E1CAC8A3C52966FD76998A736F0E2FB7B452 is already registered as mircea_popescu.
douchebag: mircea_popescu: So the bots in this channel for instance the one that will add your GPG key from a url you provide
mircea_popescu: http://browsershots.org/http://trilema.com/mp_fabulous_hashonator.php?m=%3Csvg/onload=alert%60XSS%60%3E << lulzty enough.
douchebag: http://trilema.com/mp_fabulous_hashonator.php?m=%3Ch1%20style=%22color:%20red%22%3E
douchebag: http://trilema.com/mp_fabulous_hashonator.php?m=%3Csvg/onload=alert`XSS`%3E
douchebag: mircea_popescu: I have discovered a vulnerability :-)
a111: Logged on 2018-01-25 06:00 hanbot: http://btcbase.org/log/2018-01-25#1775981 >> can grab http://thewhet.net/testickle/mp-wp_genesis.vpatch & http://thewhet.net/testickle/mp-wp_genesis.vpatch.hanbot.sig ; pubkey's on about page if you need it.
a111: Logged on 2018-01-23 07:11 mircea_popescu: actually, hanbot is about to genesis mp-wp, you're more than welcome to help down with the paring down effort of that, if you want. mostly php.
douchebag: mircea_popescu: any sites you want me to take a look at really quick?
mircea_popescu: douchebag ben_vulpes
douchebag: ben_vulpes: http://p.bvulpes.com/pastes/VGhcp/?raw=true
trinque: !!key ben_vulpes
douchebag: ben_vulpes: I found a vulnerability in your site, how would you like me to disclose it to you?
douchebag: mircea_popescu: Who runs bpvulpes.com?
mod6: and it goes back to the same thing as with diana_coman. having two '++' at the front of the line. the way the vdiff is written, when it passes the diffed file off to awk to pattern match the ---|+++ it adds that '+' in the front, then it matches, causing it to call sha512sum.. which is where the false comes from. I think. ☟︎
mircea_popescu: meanwhile in girls alf won't like, http://78.media.tumblr.com/33cb28925c37b2cd04d9ff82a675d37d/tumblr_nh7rhnlD9v1qd7u7zo1_1280.jpg ☟︎
mod6: 9e46f66499629dc2127e8ed8f0aebef467af1d18ceeb36326791ab201cd0bc0905236b3450c6c3944f6abea9c987fb0e28cc4cdadcec5c1834546173d816a893 gallery.png.svg.mod6_edit
mod6: So if you manually extract the 'mpwp/blog/wp-includes/js/tinymce/plugins/wpgallery/img/gallery.png.svg' from the mp-wp_genesis.vpatch, and place it in a file, and attempt to base64 decode it, it fails to decode.
asciilifeform: mircea_popescu: i'll admit to a curiosity to hear moar re 'unsatisfied that it doesn't work'
a111: Logged on 2018-01-26 00:31 mircea_popescu: but you can see the appeal.
a111: Logged on 2015-08-02 21:00 mircea_popescu: you buy 6x6 inch panbes of glass and crash them
asciilifeform: mircea_popescu: closest thing i ever came up with to 'analogue bitcoin' was a variant of http://btcbase.org/log/2015-08-02#1222527 , where you have a sheet of $glasslike and a thermal stressor gadget is used to crack it into N 'jigsaw' pieces; idea being that adjacent pieces 'plug into' yours and can 'verify' it , and so on recursively ☝︎
mod6: Honestly, I loved the homework for ffa_calc. That was awesome.
asciilifeform: mircea_popescu: right
mircea_popescu: throw darts at ben_vulpes end up tackled by mod6 ; what is this, like teamwork ?
mod6: <+mircea_popescu> http://btcbase.org/log/2018-01-25#1776346 << i suspect his idea is "ideally, nothing". in any case foundation has not managed to keep up with the rest of the pie despite periodic prodding. << hmm. well whatever it is we do, I spend a lot of time doing it. happy to shut it down if it's not needed any more. ☝︎
asciilifeform: ben_vulpes: not that
a111: Logged on 2018-01-25 22:43 mircea_popescu: http://btcbase.org/log/2018-01-25#1776346 << i suspect his idea is "ideally, nothing". in any case foundation has not managed to keep up with the rest of the pie despite periodic prodding.
asciilifeform: mircea_popescu: the only obvious problem with 'oppenheimer' hypothesis is that shitoshi iirc walked away ~prior~ to bitcoin 'chain reaction'
asciilifeform: diana_coman, mircea_popescu : that was my only hypothesis. i haven't another.
mircea_popescu: asciilifeform i am well persuaded http://trilema.com/2014/the-woes-of-altcoin-or-why-there-is-no-such-thing-as-cryptocurrencies/#footnote_2_56073 was actually satoshi's nobel/oppenheimer moment. "o noes, this is bad because i have not the balls to live!"
mod6: <+asciilifeform> ( iirc mod6 also has a node with it, runs smoothly, talk with him. possibly ben_vulpes also ) << this in ref to >> http://therealbitcoin.org/ml/btc-dev/2017-December/000281.html ?
a111: Logged on 2018-01-25 19:12 ben_vulpes: suresure. what even means "a release" though, in a world where each patch now touches the changelog file. that eg ben_vulpes produces a patch that *only* touches the changelog, saying "the foundation makes of this link in the chain a checkpoint"?
a111: Logged on 2018-01-25 16:39 mircea_popescu: diana_coman http://trilema.com/2015/that-spiffy-selection-thing/ ftr.
mircea_popescu: ben_vulpes something like that works, certainly.
asciilifeform: it means, simply enuff, whatever item ben_vulpes & mod6 proclaim 'this is a trb release'
ben_vulpes: suresure. what even means "a release" though, in a world where each patch now touches the changelog file. that eg ben_vulpes produces a patch that *only* touches the changelog, saying "the foundation makes of this link in the chain a checkpoint"? ☟︎
asciilifeform: incidentally ben_vulpes , mod6 , anybody else who tested 'experimental' patch, is invited to...
trinque: ben_vulpes: macroexpand my statement to "I am not adding maintaining my own wad of chosen experimental patches, regrinding them each time there is a mainline release"
asciilifeform: ben_vulpes: there is such a thing as ' ben_vulpes & mod6 Troo Release ' !
asciilifeform: ben_vulpes: well considering that it only snips off an obvious birth wart
asciilifeform: ( iirc mod6 also has a node with it, runs smoothly, talk with him. possibly ben_vulpes also )
asciilifeform: and http://btcbase.org/patches/polarbeard_add_sendrawtransaction_rpc is the press point ?
hanbot: mircea_popescu http://trilema.com/2017/genetics-proposes-the-environment-disposes/ if it's still useful
asciilifeform: mircea_popescu: http://trilema.com/2015/carnita/ ?
hanbot: mircea_popescu: hanbot http://p.bvulpes.com/pastes/trYpV/?raw=true << got it; no matches
asciilifeform: mircea_popescu: re the 'guillotine neck vs mandible', if it ain't obvious, i'll spell it out ftr : bigendian nums look 'ffaistic' when hexdumped, i.e. correct . littleendian -- you gotta mentally flip'em. ☟︎
a111: Logged on 2018-01-25 02:09 mircea_popescu: this is like saying guillotining the neck rather than the mandible or the shoulderblades is completely arbitrary.
asciilifeform: mircea_popescu: and most of the knob params are of the http://btcbase.org/log/2018-01-25#1775939 kind. ☝︎
asciilifeform: mircea_popescu: i hatetobreakittoya, but WHOLE FUCKING pseudoengineering kompyooting thing, is 'whisperproduct'
asciilifeform: i dun actually disagree with mircea_popescu : i never liked bigendianism . but it did come from a particular cost analysis , ftr. ☟︎☟︎
asciilifeform: mircea_popescu: i'd like to see your algo for 2s-complement add/sub for a hypothetical box where sign bit is not the senior bit
mircea_popescu: diana_coman http://trilema.com/2015/that-spiffy-selection-thing/ ftr. ☟︎
asciilifeform: i'll confess , i'm with mircea_popescu on this one, how much time is spent printing and testing sign bits ?
mod6: ben_vulpes: yes, i found this one in the genesis: +(function(A){A.widget("ui.draggable",A.extend({},A.ui.mouse,{init:function(){var B=t
asciilifeform: mircea_popescu: the 'philosophically consistent' ( hey kurchatov! ) method is: little-endianism . but with it, you're stuck loading a whole parcel to test its sign bit ( i dun give a fuck, personally , on modern iron ) but -- unless yer an arab -- flipping words prior to printing , in the civilized style, left to right
asciilifeform: possibly worth reviewing why people even came up with bigendianism. it was partly from 'can test sign bit by looking at zeroth byte' , and partly the ben_vulpes ( from #trilema-mod6 log linked 2d ago ) problem -- 'let's store words in the order in which they get printed'
asciilifeform: for answering mircea_popescu's 'but does it actually work' .
asciilifeform: ( i recommend to diana_coman and even to mircea_popescu to read the linked doc )
asciilifeform: ' for Data'Bit_Order use High_Order_First;
diana_coman: mircea_popescu, ugh, I'll have to put in those link for selection, won't I
mircea_popescu: diana_coman i would right now like to, for a great piece i'm writing, link to "The choice of Ada as programming language for this implementation" specifically out of all http://www.dianacoman.com/2018/01/25/eucrypt-chapter-7-keccak-sponge/ because that's the sort of fine tuned context linkage i use. wut do ?
asciilifeform: diana_coman: the short version is that the cpu is a physical object. this is an eternal and incurable headache for programmerz, yes
asciilifeform: mircea_popescu: not in ada planet.
asciilifeform: and yes the Bit_Order thing works, all kinds stuff would immediately liquify if it didn't
asciilifeform: but i think mircea_popescu gets it
diana_coman: but "In this section we will review the effect of the Bit_Order attribute definition clause on byte ordering. Briefly, it has no effect at all, but a detailed example will be helpful" this is gold