4200+ entries in 0.028s
Framedragger has a guess that many 'native speaker' derps can get confuzzled when encountering future perfect ("will have hacked")
Framedragger: yeah, would be great to have ssl certs etc all in the same place, timestamped, so one could track history, to an extent. (and then be able to offer realtime scans and alerts as a service, say...)
Framedragger: i guess the scanned banners could go into a separate "scans" table with timestamps / scan event numbers, so that one could JOIN and check multiple banners for ip, especially when i plan to later re-scan everything again, etc.
Framedragger: i guess as long as everything's stored in a sane manner and format, it's no big diff.
Framedragger: the later "rescan" only added previously-unseen IPs, + new IPs. same ip was never scanned twice, assuming it already spat out a banner and pubkey the first time.
Framedragger: mircea_popescu: nono - sorry for confusing - "older" as in "previously seen in same logfile", it's for my internal use so i don't go insane. all of this is from single scan even in 13-14 june.
Framedragger: imma dump all this in a nice format now, i'll separate OS string from ssh versionstring i guess
Framedragger: but it also does shit like [SSH-2.0-OpenSSH_5.1p1 Debian-5] vs. older [SSH-2.0-OpenSSH_5.5p1 Debian-4ubuntu5]
Framedragger: btw i'm going thru those ssh banners from ssh scan logs finally, and there's some inconsistent crap there (thanks openssh): same ip&port may respond with two different banners during same scan (the ssh-keyscan utility may spit banners for same server multiple times). it seems usually the mismatch is in adding a minor version onto ssh server string only (e.g. [SSH-2.0-OpenSSH_5.8] vs. older [SSH-2.0-OpenSSH_5.8p2])
Framedragger: 'tis what i figured :) my christmasy spirit will not be diminished, tho!
Framedragger: (a rather decent bitcoin invoicing interface btw)
Framedragger just placed an order for FG-USB and feels very christmas-y!
Framedragger: shinohai: s/Palyrma/Palmyra/ (1st sentence) :) (also not sure if you wanted Months to be capitalised but maybe stylistic pref)
Framedragger: i guess it's legitimate to bitch about that. i've never been sure. but i did poke at an acquaintance who had plans of working at gchq. to be consistent, i should.. be consistent.
Framedragger: ah, well, that does make one feel.. more uneasy..
Framedragger: /me received one from google even, once. (for doing stuff related to... tor!!11eleven)
Framedragger: ohno he received a cheque from microshit??? that hitler!! cmon now.
Framedragger: (but that's different from a developer endorsing js crypto, of course)
Framedragger: which is, you know, how you end up in a pool, surrounded by sharks and tigers :p / :(
Framedragger: i suppose so, but his tone was more like "gpg UI is shit => gpg is shit => eh fuck gpg, i'll just use signal/otr etc [and i encourage others to do the same]"
Framedragger: shinohai: why should it selectively disallow to sign whatever you wanted?
Framedragger: fwiw i still like moxie, but it's sad that he's doing the "i don't use gpg anymore" thing, too
☟︎ Framedragger: well.. that's one of the problems. i don't really keep names in my mind, it's not worth the space. sorry if i implied that i'd be able to point at anything interesting
Framedragger: indeed, attack is stronger than initially pictured. "sane" "developers" actually promote js crypto, etc.; i guess that just means that one has to be even more vigilant (and proactively declare those to be insane).. :)
Framedragger: (but for clarity, keybase works perfectly well without being supplied with privkey, no?) ("i'm just sayin'" - not defending keybase.)
Framedragger: ( yeah, SV is web scale but SV interviews are not :D )
Framedragger: trinque: yeah, hm. i've seen more than one instance on that. i see what you mean. it was basically a case of, from what i gathered, "data sent; waiting for response; not a single byte sent back by server". either because server wasn't
http, or some "hang forever, fucker" anti-DoS measure..
Framedragger: trinque: by default it shows how long it sits, but that's about it, by default no headers etc
Framedragger: ben_vulpes: nice. re. curl timeouts, yeah you need them, otherwise it'll hand for a long time on some of those IPs (i saw this) :)
Framedragger: ssh host key not automatically regenned upon upgarde, is it
Framedragger: or windows admin running ssh server so he can actually get work done :p
Framedragger: prolly need to build a pipeline for postprocessing all phuctor finds....
Framedragger: mircea_popescu: huh not the worst idea! i'll see if i can arrange when i'm back for christmas week after next :P
Framedragger: "hey dude, nice work on semantics, btw your box is fucked"
Framedragger: well it _could_ have permanent storage, *in principle*.. and one could even reconstruct the past counters from logs which are saved
Framedragger: ^ when it reconnects, the counters start from 0 again
Framedragger: asciilifeform: like, everything on a single page (or some iframe or js thing)?
Framedragger: well, its status is prolly still unclear. but basically current govt doesn't really take to end to end encryption, in a more serious manner than previous govts; or at least this one managed to push things forward a bit
Framedragger: it's a small terrorist republic, but i'll leave it to mr. MP
Framedragger: goldfinger: constraints stimulate creativity, it's like haiku
Framedragger: shinohai: investigatory powers act if you want keywords
Framedragger: +/- that, plus hacking into shit will become commonplace police practice (eh who am i kidding and being naive about, they're simply 'streamlining' all that in the judicial sense..)
Framedragger will try to find time to tie up some loose ends (log, ssh banners in nice format, etc)
Framedragger: (~545 boxes out of 1319 phuctored respond to
http - only the ones that do are in there.)
Framedragger just made a shitty .ru joke and is very proud of it
Framedragger: (ah. suresure. well if one plans to do that on millions of machines or more, better to use simple tcp sockets hm. say that masscan for 1st phase uses its own tcp stack to not exhaust kernel handles accidentally, etc...)
Framedragger: for some initial additional data, i think so yeah..
Framedragger: i guess i should rerun the scanner at some point at any rate
Framedragger: the particular scanner used for extracting pubkeys is not meant for that kind of stuff, but.. the first phase thing ("check who's alive") can grab banners, yeah.. would require fiddling (connections would become stateful, right now first phase uses 'SYN cookies') but ya sure possible
Framedragger: hmm, a rather visual answer, fair nuff :p well, glory awaits someone!
Framedragger: mircea_popescu: no coding really needed, mind you! at least not for this 'phase' of analysis. but ya sure
Framedragger: random question: have there been considerations for introducing financial instruments to eulora at some point, for trade etc? just curious
Framedragger: i mean, it does seem pretty pathetic... plus, yknow, pay-"call me / charge me back some time"-pal
Framedragger: i'm just sayin', you didn't try hard enough :p