243500+ entries in 0.148s
mircea_popescu: i'm also not going
to start quiting parts of a settled discussion in response
to arguments by ignorance.
mircea_popescu: "the anti-defamation league addedpepe
the frog
to
their database of hate symbols"
mircea_popescu: the "utility of junk boxes" is fully covered in republican literature. just gotta do
the work.
Framedragger: mircea_popescu: yep raspbian,
though
that should have been after patch, but - who knows
mircea_popescu: iirc
they had a "lightweight"
thing for raspberry-pis and such
Framedragger: (but seriously, may be interesting
to at some point brainstorm useful applications of botnet...)
Framedragger: "bless you, internet of
things, finally i can have my army"
Framedragger: asciilifeform: makes me want
to
try
top 100 password lists on
telnet/ssh/etc on
the whole ipv4, you know
Framedragger: this is probably a one-to-one demonstration of some carder forum
threads
Framedragger: mircea_popescu: kk. i'll print
this on my business card
phf: i was sipping my morning
tea, reading log wherein i discovered
that log is down
Framedragger: (btw google
translate gives "All
that is done is fault" which is rather metaphysical)
mircea_popescu: as an anonymous local derp pointed out in
the
timeless form of graffiti, "todo lo que hecho es culpa"
Framedragger: mircea_popescu: i mean, it would be a *crime* not
to put
them
to good use, eh.
mircea_popescu: Framedragger i have whole C blocks, if you can figure out way
to use
them.
mircea_popescu: asciilifeform wait a second.
the ssh server keyset was only 2mn ?
mircea_popescu: well, davos, you know. what
the fuck happens
there, random pop stars go
to lipsync now and again right ?
mircea_popescu: that's, by and large, more
than his entire disposable income by integer factors.
mircea_popescu: which strongly selects for high value boxes. because random schmuck can't afford
to pay his fucking car insurance for a decade straight. let alone A BOX
mircea_popescu: Framedragger systems
that were probably live and untouched SINCE 2008. and will stay live and untouched.
Framedragger: and it's
the end of
twenty fucking sixteen, and bug was patched in 2008.
Framedragger: need a pool of IPs
to circumvent fail2ban and similar
throttlers, but absolutely doable.
Framedragger: in fact.. due
to
https://hdm.io/tools/debian-openssl/ correctly pointing out
that "This flaw is ugly because even systems
that do not use
the Debian software need
to be audited in case any key is being used
that was created on a Debian system.", someone should attempt botnet-brute-login
to all 13M+ (i forget lol) ssh hosts with rng-fucked client keys.
☟︎ scriba: Logged on 2016-11-17: [15:40:00] <asciilifeform> btw everyone probably remembers
this from
the golden olden debian days, but
these chumps
tend
to also have remote ssh login with debianized keyz
shinohai: I'm sure she is, I
thought
the scowl was professional.
To keep
the weak people away.
mircea_popescu: phf applied. lemme know if needs new or different, i'll change
them np.
phf: mircea_popescu: not sure if
this is going
to work, but
try putting ns1.digitalocean.com. ns2.digitalocean.com. ns3.digitalocean.com.
phf: seem
to be, doing dig btcbase.org @ns-usa.topdns.com directly returns empty record
mircea_popescu: because hey, why do we have
these idiots if not
to bother and disturb.
mircea_popescu: i
think registrar switch
trashed records or some other passive-agressive idiocy
mircea_popescu: phf i don't expect lost, but
there seems
to be some wtf with
the dns
phf: mircea_popescu: did we lose btcbase.org domain? dig doesn't resolve it
to anything
mircea_popescu: holy shit
they actually have an ip gate for
the old
trunked phonelines ?
mircea_popescu: at least
the bot is QUICK, we've established
that much.
mircea_popescu: ah i guess
that's it, i didn't look at
the right segment.
these ARE ips after all,
they're not geodistributed evenly.
mircea_popescu: yeah.
the latino 3rd worlders are high on "open source" without understanding much of it /
the context.
mircea_popescu: kinda
the problem with rss and in general with pull-notify :
the polling interval is a magic number.
mircea_popescu: Framedragger yeah whenever deedbot polls it gets
the last 10. but in
that interval
the rss could have updated 500
times even
Framedragger: i
take it feed is
truncated due
to rss / whatever -
the actual amounts are much larger
mircea_popescu: we certainly see
the wisdom of phf's graying out
the bot.
shinohai: Phuctor is all happy
this morning I see
mircea_popescu: you're
the right guy
to ask, because
the provider rss should give out real data, but
to spit out in
the channel because of line limit rules you're excused
to shorten.
mircea_popescu: trinque can deedbot rss parsing be unprincipledly altered so
that any succession of alphanum characters in excess of 16 spaces is replaced with first4[...]last4 ?
☟︎☟︎☟︎ Framedragger: (though, iirc github removed shitty ssh client keys - don't recall when jurov collected
them, i
think he mentioned
this)
Framedragger: btw, afaik lots of ssh *client* keys got generated
this way. soo, ssh client key dump should be interesting... and it can also be used
to, you know, directly own boxes.
mircea_popescu: and if experience has
taught us anything, it's
that when discussing concrete crypto implementations "theoretically possible" means something like "it's
theoretically possible leonardo de caprio's new girlfriend will also get dumped when she
turns 25."
mircea_popescu: originally it was "oh whatever, it'll pop 0-epsilon, you can do
those by hand. if you even have anything
to do."
mircea_popescu: alf has finally found a way
to spam
the chan
that won't have him send cents
to
tipjar.
Framedragger: mircea_popescu: ya, aware of
that. no revenue from bitcoin business yet
tho :p
Framedragger: (and on a side note, "hang out on #trilema after splitting with gf" has been one of
the more constructive choices i've made in my life)
☟︎ mircea_popescu: Framedragger hey,
there's
the republican
tax, look into
that.
mircea_popescu: asciilifeform i can't, not really. as pissed off as i/anyone can be, "What I currently see as best option is
to actually comment out
those 2 lines of code. But I have no idea what effect
this really has on
the RNG.
The only effect I see is
that
the pool might receive less entropy. But on
the other hand, I'm not even sure how much entropy some unitialised data has. What do you people
think about removing
those 2 lines of code?
Framedragger: if i end up with any consultling work due
to phuctor at some point in
the future i'll commit
to sharing some of
the profitz lol.
this is good stuff. which reminds me, is "We expect
to add a detailed product page
to
the website" still happening? i'm just super curious
mircea_popescu: who you know, is ALSO on
the "openssl
team", where he does
the exact same
thing.
mircea_popescu: with a link
to "Kurt Roeckx is a contemptible shithead" article i hope.
mircea_popescu: phuctor,
that improbable playground
that just keeps right on giving.
Framedragger: cool. (no hurries as i'm busy with stuff
till next ~wednesday anyway)
mircea_popescu: well not really, he just needs
to discard everything prior
to yest night
Framedragger: asciilifeform: does your script pull out only
these debian-bullet-fucked moduli? would be nice
to be able
to distinguish in
the-db-which-im-gonna-put-them-in