3300+ entries in 0.016s
Framedragger: mircea_popescu: (you may be aware of this but just in case - given tmsr's preference for keccak, fyi your sha512 above uses sha-2, not sha-3)
Framedragger: heh i recall buying some electronics at ccc in hamburg by doing a live transfer from mtgox. those were the funny days
Framedragger: 112.16.66.170 << running comware, "Comware is an industry-leading provider of network security solutions including products, professional services, and implementation. Our elite team of experts understands complex security issues ..."
Framedragger:
http://btcbase.org/log/2017-02-19#1615505 << just to note for asciilifeform and given that i didn't see it mentioned in the pdf (could have easily missed it), `EXPLAIN (ANALYZE, BUFFERS) $yoursqlquery` *is* useful. "buffers" will also show how much of postgres cache was hit during query execution, etc. etc.; it's quite nice.
☝︎ Framedragger: such dedication to the cause danielpbarron, i'm curious if you ever considered learning greek (new testament) and possibly hebrew/aramaic (old testament), to read scriptures etc.
Framedragger: may be possible to do things without full reinstall - will see. good news, not many things run there, not too much work.
Framedragger: (`!$ssh` won't work for a bit, database server which scriba connects to needs to be reinstalled from the ground up)
Framedragger: (things such as level of knowledge, or who is your daddy.)
Framedragger: fromsiphnos: no. if you don't answer that question, we are left to infer things on our own when you ask non-trivial questions, and people are busy.
Framedragger: fromsiphnos: you'll need to learn things, this is not a (completely) trivial hacker-kiddo thing, in the sense of finding a list of "hackable" IPs on a forum and then trying user/pass pairs. :) you'd need to be understand how public key based authentication works, and what the distinction between a server ssh key and a client ssh key is.
Framedragger: (what is nice is not bullshitting around and just providing raw data (at least as one of the options)).
Framedragger: (i must point out that these sorts of scans are nothing unique at all.
https://scans.io/ offers data, for example, but i can't be arsed to make an account and check. mebbe sometime.)
Framedragger: fromsiphnos: no, not user/pass, though one could try a bit of that, too, but as in, generate small set of "debianized" ssh client keys, and try all of'em. much smaller set. see logs above
Framedragger: so basically that's the kind of info available. more later, hopefully. there have been some scans of other ports on the ssh-broken (phucted, as in
http://phuctor.nosuchlabs.com/ ) boxes, etc.; but no central place for those scans.
Framedragger: i need to learn to use log-search quickly like you guyz
Framedragger: but good news, as asciilifeform et al. have pointed out before, a lot of client keys get generated on ssh servers. if random number generation or other things are broken on the latter, you can *derive* the (set of) the former, in some cases :)
Framedragger: fromsiphnos: what do you mean by access? connect to, and get a login challenge from server? yes. access as in "hack da system" login access? no - this is *server* ssh key, not client
Framedragger: mircea_popescu: true that, no shit :( (funny thing, i ended up with two $jobs and $uni to finish. as i said before, looking forward to summer, which will be *much* easier, with $things finished.)
Framedragger: (the siphnos datadrop (
http://siphnos.mkj.lt/datadrop/) gives the banners ("banners" folder) and keys (in various formats), including raw ssh-keyscan output (*_scan.tar.bz2), as e,N,IP CSVs (e-N-IP*), a.k.a. tmsr format, and converted openpgp (rfc4880) format.)
Framedragger: good question, and yet another shameful instance of my backlog (in an ideal world, you would find an article in regards to that on the most esteemed news source,
http://qntra.net/ )
Framedragger: the former (ssh-keyscan output) is basically, ssh-rsa public keys, plus ssh server banners (ssh hello's).
Framedragger: i suppose it's not documented anywhere properly as of yet, hm! fromsiphnos, are you by chance familiar with the `ssh-keyscan` tool (bundled in by default in the openssh package). it's basically output from that tool, plus a list of all IP addresses which can be connected to on port 22.
Framedragger: fromsiphnos: oh, are you the austrian dude who emailed fd@mkj.lt once? (given that you connected from vienna just now) :)
Framedragger: yes, *some*. but not enough automation, apparently; and not enough falsification in this case, as is very much apparent :/ should have been an obvious catch by either automated test or at least manual test. was (very shamefully) a wee bit too lazy with this last command.
Framedragger: (re. "contains", since it's a.. nuanced bot, it was actually meant to work correctly, i.e. did not confuse "contains" with "starts with", so.. need to look at it to understand wtf.)
Framedragger: ^ oh, that's a bug, should only be one of those.
Framedragger: my initial optimistic idea was to s/yearly/monthly/ or even weekly :) (certainly possible, and automatable.) will have to wait. but at least yearly -- certainly (not too much effort for latter, i think)
Framedragger: guess that at this point it'd be great if it gave *more* info, huh. (server hello from :80 / :443, etc.) if anyone wants to work on latter while i'm busy with unrelated things, could provide current code / info on setup
Framedragger: (is this to be expected, statistically speaking, and so on. but yes have logs, will check ~tomorrow or today)
Framedragger: the `ssh` command should take multiple IPs per msg, btw
Framedragger: will check later! main guess is that there's no actuall ssh server running on port 22 (or rather, there was none at time of scan.) would be great to know the overall statistics, yes.
Framedragger: (i'm afraid i won't have much time to work on bot or anything for the next ~two months, though. will maintain things and slowly move ahead, tho.)
Framedragger: (re. v-tree code analysis bot, mmm sounds hot.)
Framedragger: on the other hand, i could see the latter being *really* useful for many. granted, neither you or me are altruists.
Framedragger: re. a), i totally hear ya. i mean, who does. re. b), yes i can see that.
Framedragger: that does break the 'change, see immediate effects' loop, hm.
Framedragger: why's that bad? i understand if the 'time it takes to render' function is exponential in some way or another, but if linear growth and less than say 30 min - what of it, really
Framedragger: i'm still preferring
http://btcbase.org/log/2016-07-15#1503181 but granted, don't have a working "moderated but without captcha" comments solution. best i can think of is, write very light backend service to handle comment post requests, store them somewhere sensible, allow operator to accept/deny comments (could be flat text files)
☝︎☟︎ Framedragger: asciilifeform: yeah pure primary green, crt, i figued! hah
Framedragger: (i personally like the pink highlight, it's immediately noticeable but still readable)
Framedragger: bouncer is actually quite nice, as phf said; that's what he had before, he wanted db for xrefs etc
Framedragger: nothing pretty. if any use, could give tarball of bouncer logs
Framedragger: phf: if at it, may i have a copy of your logs too, please? :)
Framedragger: (in america, no-one is poor; some are millionaire entrepreneurs with current cashflow problems)
Framedragger: mircea_popescu: names of women you fucked. i know the names and there aren't too many of 'em. and for some strange indefensible reason i think this applies to many folx here. but this is a tangent
Framedragger: (something tells me that mircea_popescu's latest example does not work amazingly well here)
Framedragger: a timestamped and signed wot (navigable via time axis) may be one of those few technical tools within wot management which may actually be helpful :)
Framedragger: (yes and for that reason V is an insanely useful and (i'm coming to realize) very important tool.)
Framedragger: i'm sorry but that's false equivalence. EC crypto is used in timestamping service which is used for actual business transactions. not as trivial as dead passive animal under house
Framedragger: ...and so it is that tmsr uses elliptic curve crypto in its production :)
☟︎ Framedragger: a fine morning to yourself! i see you rise early
Framedragger: i suppose this ties into the "view WoT rating as a representation of degree of certainty" approach, aha.
Framedragger: anyway, maybe one day someone will elucidate me why -10 ratings is a thing for humans who have done a magicaltux
Framedragger: i'm like that (useless) teacher in kobo abe's "woman in the dunes", walking around the desert and examining bugs :) one day i'll fall into a pit which houses a house and a woman, and i won't want to get out
Framedragger: mircea_popescu: i suppose so, at least the latest concept iteration as developed in the comments
Framedragger: but the originally conceived idea of a site which serves 'smart' JS which does pgp must be disposed of. i even looked into the state of the art in pinning (say, JS) web resources in html5 so the browser can be sure it's being served the same stuff, but it's ~undoable because the whole browserstack is rotten (and obvs JS doubly so)
Framedragger: but the thing *could* be developed orthogonally to gossipd's efforts, which is nice.