37900+ entries in 0.258s
mircea_popescu: Starrrcx, yeah,
i think you're the years young-est person in there.
a111: Logged on 2018-04-19 18:29 mircea_popescu: and it all came from original idiocy, "oh, to have bash AT ALL you must have access to /sbin/bash or else a copy of it somewhere". bullcrap. look at what apache does -- somehow it DOES manage to run all users' php crapolade from whatever directories. bash can (and obviously should fucking have) worked the exact same way. of course you can run bash from your homedir even if that is /home/users/f/u/c//k/t/h/
i/s/l/u/s/e/r/john.
douchebag: mircea_popescu: Safe to say this is the oldest participant in the "
i will pay for your tits" campaign
Starrrcx:
i hear the price on it went crazy high since it was started
Starrrcx:
i dont have much of an opinion besides it being money can you tell me more about it?
ckang:
i imagine to infiltrate a project successfully they need to 'invest' into it before it becomes too large so theres not 1000s of nerds reviewing commits
ckang:
i could totally see them buying up new 0days and letting them go unpatched for future use
a111: Logged on 2018-04-16 16:05 zx2c4: mircea_popescu:
i take it now that mostly you're skeptical because the nsa was pushing ecc in the early years, before everyone else woke up to it
ckang: no,
i have not, pretty iffy?
ckang: openvz
i didnt care much for, docker has been solid though
ckang: mircea_popescu: yea,
i found the !!pay but !!ledger shows nothing
ckang:
i think it may have been when the code registration issue was happening
ckang: phf: ah if you have a spare board you can run on a local net,
i would be curious how it stacks up
phf:
http://btcbase.org/log/2018-04-19#1803375 <<
i have ipsec subnets to essentially identical openbsd installs, but egress is to wan.
i use pf to route specific things through the ipsec subnets.
i've never benchmarked it though. it's good enough to watch an occasional regioned youtube, or pull a torrent at 5mbit saturation
☝︎ mircea_popescu:
i must now retire and meditate in sadness over the miserable fate fate had in store for me this morn.
mircea_popescu: so
i pick the yesterday's chicken pilaf, and dump on it three spooning heapfuls of the mango-raisin-ginger jam in the half gallon jar. then a spoonlet of chilera. and then... a small and kinda tired&old but very ripe aguacate.
mircea_popescu: to eat, to eat, but what to eat! there's no fire going happily in the hearth, there's no water splashing on nude thighs unintentionally and aggravatingly, the kitchen's dead and
i must have leftovers!
mircea_popescu: bereft of female support,
i woke this morning among empty vast halls, ruin already gnawing silently in their corners.
a111: Logged on 2018-04-19 18:26 mircea_popescu: "
i can't identify you so here's the oval office"
mircea_popescu: you know what is the HARDEST, most screaming, wailing and tear ladden item every time
i explain unix, the posix model, linux basics etc to fundamentally minded slavegirls that are well accomplished in other fields and can think ?
mircea_popescu: and even if you think /home/users/f/u/c//k/t/h/
i/s/l/u/s/e/r/john is actuyally /
mircea_popescu: and it all came from original idiocy, "oh, to have bash AT ALL you must have access to /sbin/bash or else a copy of it somewhere". bullcrap. look at what apache does -- somehow it DOES manage to run all users' php crapolade from whatever directories. bash can (and obviously should fucking have) worked the exact same way. of course you can run bash from your homedir even if that is /home/users/f/u/c//k/t/h/
i/s/l/u/s/e/r/john.
☟︎ spyked: (note that
I did not claim this to be "the wrong way" or anything. just that in other access control schemes it can be explicitly expressed, in some cases at cost of implementation complexity etc.)
spyked: anyway,
I'm sure that this can be enforced by having all the other users except the "limited user" deny rwx access to their dirs. but this doesn't say anything about the "limited user" explicitly, only implicitly. kinda like in that joke with enclosing the sheep using as little fence material as possible.
spyked: mircea_popescu, okay, but can you make klinki see *only* /home/klinki/sikrit and nothing else? that's how
I understood hanbot's problem.
I dun see any practical way of doing it (other than by chroot'ing).
BingoBoingo: !Q later tell avgjoe
I don't talk to strangers in private
a111: Logged on 2018-04-19 10:24 spyked:
http://btcbase.org/log/2018-04-19#1803146 <-- this is (nearly?) impossible to achieve within the Unix access control model. it's easy to express "no one but user1 has access to dir1", but no reasonable way of expressing the reverse,
i.e. "user2 can access only dir2". must be one of the reasons why namespaces and cgroups were added to Linux
ckang:
i ended up just adding a deb8 vm and my entire router is virtualized now, only lose ~2Mbit off the top (148Mbit) while still only using the tunnel with wireguard
phf:
i should probably test it at some point in isolation. it would be a pointless exercise though since
i don't have a 20MBit/s pipe out anyway. perhaps the value might be "look at what custom board can do compared to this chinese crap", but
i somehow doubt that would be the result.
phf: ckang: so
i had a lot of throughput problems when
i started doing this, back when budged option was to flush consumer router firmware with a linux, but when
i built this router
i was already tmsring, so it's running openbsd and is more sekuriti oriented
phf: it's a shame that soekris stopped making their network boards. asciilifeform though thinks they were overpriced, but
i suspect it's "not made in china" premium.
i have one soekris board with 4 years uptime, and
i use another one for the router, which does some of the tricks ckang mentioned.
trinque: ah,
I thought we were talking about the arm thing, but it goes double for intel
ckang: spyked:
i think at that point
i would go with an intel atom board with dual or quad port from ali, they arent too bad price wise and you dont get stuck maintaining a fork
ckang: this is actually how
i stumbled across wireguard initially
ckang: then for a minute
I was exploring using the ESP32's cryptography accelerator with QSPI and DMA
trinque: yeah, it's fantastic to know the people touching the hardware.
I'm so far very pleased with the service.
lobbes: but okay,
I'll just hold tight for now
lobbes:
I was having issues with the logbot init step (wasn't pulling the patch into patches)
trinque: ah, looks like
I need to get the src dir pulled over to pizarro
lobbes: very useful for noobs like me to figure out wtf
I'm doing
lobbes:
I did! Was simple as removing the robots.txt from .seals. btw
I love the manual you included with yer vtron
a111: Logged on 2018-04-19 05:31 hanbot: <mod6> hanbot:
I can help, what are you trying to achieve? Changing /home/username from chmod 755, to chmod 700? <<
i want to make a user whose access is entirely limited to one specific dir.
i'm fed up for the night tho', will be back at it tomorrow evening if you still feel philanthropic then
spyked:
http://btcbase.org/log/2018-04-19#1803146 <-- this is (nearly?) impossible to achieve within the Unix access control model. it's easy to express "no one but user1 has access to dir1", but no reasonable way of expressing the reverse,
i.e. "user2 can access only dir2". must be one of the reasons why namespaces and cgroups were added to Linux
☝︎☟︎ a111: Logged on 2018-04-19 03:23 hanbot: <mircea_popescu> hanbot, quick solution is to restrict (and immutable) the directory right above the intended home. << actually, if
i do that, it tells me permission's denied to land in homedir ("Could not chdir to home directory /home/username/: Permission denied") and dumps me in... /
spyked:
http://btcbase.org/log/2018-04-19#1802935 <-- iirc execute bit on $dir toggles whether {user,group,others} can "search" (
i.e. chdir to) $dir or access other files within, including other dirs, making this a recursive thing. so this explains the chdir error.
☝︎ trinque:
I dunno, we sit in silence and read too
ckang: thankfully
i will never get to experience passing a 10lb child out from my insides
trinque: nah,
I'm told my head wasn't as squashy as they often are
☟︎ ckang: oh not fat,
i was a tall baby though
trinque: anyhow
I don't think much about the ideal woman, people don't come that way
ckang:
I was an ounce shy of 10lb
trinque: maybe
I should've said "obeyed" instead of "listened to"
trinque:
I think mircea_popescu is the one to talk to about that firmware upgrade
trinque:
I speak to my woman all the time; brain parts and mouth parts work fine
ckang:
i read as 'one child with all who believe'
ckang:
i heard his stuff may have gotten stolen, he was making vids again for a bit
ckang: terry would put in 48hr marathons
i bet, given he had power and a place to sleep
ckang:
i can tell you about the time a finger got poked into it if you really want
trinque: latest templeos.org;
I can empathize with that
a111: Logged on 2018-04-19 05:12 ckang: last
i heard, his sister told him to take meds or leave, he left to SD, his van got tickets and was impounded leaving him homeless
ckang:
i mean thats what may separate it from other anus' (not necessarily yalls)
ckang: BingoBoingo:
i suppose, up until this point its been unidirectional
mircea_popescu: but when
i say "hey x, how about you do y" it's based on my understanding of x's history, not something else.
ckang: yea, understandable, ive just been trying to soak things in up until this point, a lot of the stuff you speak about id need to look into further because
i wont even pretend to have any idea on
BingoBoingo: ckang:
I will lend you a +1 rating for a resume, life story, and a picture of a sharpie in your pooper with the string n3gg34Z on your cheeks
hanbot: BingoBoingo> None may know the timing of the MP... except maybe hanbot... And the idaho girlie... And... <<
i must regret to inform
i have no MP clock, no MP clock at all!
hanbot: <mod6> hanbot:
I can help, what are you trying to achieve? Changing /home/username from chmod 755, to chmod 700? <<
i want to make a user whose access is entirely limited to one specific dir.
i'm fed up for the night tho', will be back at it tomorrow evening if you still feel philanthropic then
☟︎ ckang:
i can learn new stuff, but there needs to be some interest in the subject for me to dive deep and enjoy it
ckang: well
i don't want to limit myself to only things ive done
a111: Logged on 2018-04-19 04:43 ckang: if you have any projects and it fits my skillset
i would be happy to take a stab
a111: Logged on 2018-04-19 04:42 ckang:
i noticed things are more pleasant when they arent upset though
elevatedgal:
I was just touching it, not trying to hide
mircea_popescu: and
i mean look at the weird shit. elevatedgal what are you doing with that hand ? explain it to me, are you saving on nipple or what is it ?
a111: Logged on 2018-04-19 04:36 trinque: ckang: listen, why don't you do this all at once.
I'm just about to fire off 12 and you bring in two more.
ckang: last
i heard, his sister told him to take meds or leave, he left to SD, his van got tickets and was impounded leaving him homeless
☟︎ trinque: can go find wherever they had it in a git repo somewhere else, if
I'm lucky, but here, who's responsible, what they did, and to what, crystallized right before the operator.
trinque: and dwell on that for extant portage,
I cannot look at it and know who's responsible for that particular damned line in that ebuild.
ckang: more to it than
i thought
ckang:
i imagine ebuilds are like makefiles but more package level?
ckang: lol gentoo is out of my element but nothing
i cant figure out, ive built/maintained package repos on rhel/centos and apt
ckang:
i can figure most things out if its centered around a specific goal or doing something
ckang: im the type
i simply need direction
trinque: then when my finger's hovering over the negrate button
I'll have something to think about besides "brings in narcissistic nothing-holes that talk too much"
ckang: if you have any projects and it fits my skillset
i would be happy to take a stab
☟︎ ckang:
i noticed things are more pleasant when they arent upset though
☟︎ trinque: and
I have other things to do
trinque: ckang: listen, why don't you do this all at once.
I'm just about to fire off 12 and you bring in two more.
☟︎