38300+ entries in 0.517s
mircea_popescu: ends up with cycle further down the line when unpacking
a tx
a111: Logged on 2018-03-23 04:37 ben_vulpes: asciilifeform: do you know anything about this data struct / can't have 2 outputs pointing to the same addr in
a transaction mircea_popescu mentioned?
mircea_popescu: hence my comment above,. " we'll have to come to
a unified set of something here". just because the line isn't drawn.
mircea_popescu: consider something simple : i took pride publicly on how trilema doesn't load google analytics, thereby giving away the usual set of telemetrics to the usg. fine and good. but your site can be coaxed to load ???.burpcollaborator.net by 3rd party ? so every time
a "normal" browser goes by it looks up wtf that doctype is and so on ?
mircea_popescu: we'll have to come to
a unified set of something here in any case. as it stands right now it's not obvious whether one can or can't point shitfox at random republican website ; nor where to look to find out.
☟︎ mircea_popescu: this is
a source of constant surprise, consider all the time phf sunk into chasing unicode obscura on his logger.
mircea_popescu: anyway, what we have here is
a tacit miss-standard, and the discussion is probably of most interest to people who aim to make their own blog thing, phf spyked whoever was looking at lisping it. because on one hand there's the older trilema standard that's web compatible, and on the other hand there's the emerging no shits given approach like on the deedbot site say, "what am i going to do now, alter deeds to mitigate sht brow
trinque: mind giving me
a sentence that isn't so widely applicable?
deedbot: ben_vulpes rated douchebag 1 << found
a couple of unsanitized fields
ben_vulpes: !!rate douchebag 1 found
a couple of unsanitized fields
mircea_popescu: trinque he's not even wrong : someone clicks on the link with
a shit browser, gets owned by that shit browser.
mircea_popescu: douchebag there's
a lengthy history of people's contributions respek, but they have to be contributory.
ben_vulpes: asciilifeform: do you know anything about this data struct / can't have 2 outputs pointing to the same addr in
a transaction mircea_popescu mentioned?
☟︎ trinque: anyone that wants to pwn deedbot might consider that it's
a wrapper around gpg.
mircea_popescu: im starting to understand that "the opposite of talking is not listening, the opposite of talking is waiting for your turn" quip may have been adequate in the early postmodern stage ; but by now it's truly
a case of "work efficiency is most work with least read." chucka wins in the end.
ben_vulpes: mircea_popescu: i'd have settled for
a plausible story of social engineering
trinque: douchebag: so why would the deed command parse xml, let alone go look up
a dtd?
ben_vulpes: i'll take
a clue if you have one handy
a111: Logged on 2018-03-23 04:12 douchebag: asciilifeform: I'm not here to argue or to social engineer you. I provided
a VALID proof of concept. Stop bitching about it and fix it.
a111: Logged on 2017-08-31 19:11 mircea_popescu: can't say i've encountered that many ; and can say that from actual lived experience, the "thinks he's jeddi" heuristic is
a fine indicator for "head so far up ass the net result of sufficient whipping will be soap", ie
http://trilema.com/2015/the-anal-child/ ben_vulpes: threat model etc, like
a Real Professional?
ben_vulpes: i'm clearly just an amateur, but an advanced security consultant like yourself should have no troubles explaining it to
a civvy
douchebag: asciilifeform: I'm not here to argue or to social engineer you. I provided
a VALID proof of concept. Stop bitching about it and fix it.
☟︎ douchebag: Listen, I understand that you're all upset that I made you look like an idiot for not sanitizing all user input. These are habits that are picked up after you learn about programming
a secure web application.
douchebag: I'm not here to argue with you children about whether or not you would have fallen for the attack. I provided
a valid proof of concept like any professional would do.
ben_vulpes: i'm going to need three rail cars of sugar and
a fuckton of smallish pvc tubes
ben_vulpes: but trinque what if someone visits
a deedbot page and their browser executes it!?!?!
trinque: they're going to what, steal your session on
a static site?
trinque: I don't much give
a fuck if someone puts
a script tag in
a deed.
ben_vulpes: i don't much give
a shit, take some initiative and do something?
douchebag: Okay, do you want me to do
a white box or black box audit?
ben_vulpes: mighta been asking an infantryman to fly
a helicopter, who knows
a111: Logged on 2018-03-22 11:14 douchebag: I don't understand what
a V is I have read about it, I have looked at examples and I still don't understand
a111: Logged on 2018-01-26 19:46 douchebag: Well, I'm just trying to figure out where my skillset could be best put to use, I would be more than capable of writing
a V implementation or setting up an IRC bot. I'm trying to leave it to you guys to tell me where my skillset could best be put to use
BingoBoingo: What is
a Qntra submission if not the most responsible possible disclosure
BingoBoingo: mod6: Had to give the fellow
a lead. Perhaps dude finds
a vulnerability in Fedwire and resets the UnifiedStandardDosiedo chain? Submits article. For the young and broken that might be more productive homework than "write
a V to understand why you are writing
a V"
BingoBoingo: douchebag: Find
a hole, have your fun and profit. Leave
a note about the aftermath for Qntra.
BingoBoingo: lobbes: It's
a hazard of pantsuit education. Fellow can get loaded up with training as
a technician while being sideloaded with broken priors
ben_vulpes: although i suppose it comes with
a decade of 'security community' baggage
ben_vulpes: im kinda surprised to see the indoctrination so thick in
a twenty year old
lobbes:
http://btcbase.org/log/2018-03-22#1788893 << you know this wasn't personal right? (Pantsuitism trains emotional response to criticism, I know). He's trying to lead you to realise an important point for yourself (this is
a true beauty of this place, incidentally; can meaningfully confront the Self, if you are willing)
☝︎ mircea_popescu: douchebag so you covered say 80% of google's code and 70% of yahoos, and on this basis the 8`844`644 holes you found with yahoo makes you suspect the mere 2`333`156 holes found in google's schweitzer reflect
a lesser per-cubit average of holes ?
mircea_popescu: as
a subplot, why would
a large company require
a large codebase ?
mircea_popescu: asciilifeform did you do this thing as
a kid, where you'd go about the parked cars in the street after leaving school to see "asta cit prinde ?!?!" ie, "how fast does this one go ???"
mircea_popescu: two people in euclidean geometry share the priors noted down by euclid. some other guy on
a bannach sphere somewhere, does not.
douchebag: Uber also has
a very good security team, despite recent press
douchebag: I can tell you Yahoo is
a less secure company than Google
mircea_popescu: douchebag "shared priors" is
a term of art, denoting those useful notions that two participants to
a discussion share identically.
douchebag: Apache doesn't - that's why it's called
A patch e
douchebag: I have plenty of priors, I work with
a team of highly trained security professionals every day and we have audited all sorts of applications
a111: Logged on 2018-03-22 16:25 mircea_popescu: douchebag if 13 yo kid comes to psychologist's office because insomnia, and after some hymenlick maneouvering on the part of the professional comes out with the story that has "terrifying and disturbing dreams", thereuponwhich recounts numerous instances of dreamed tits, nipples and areola but 0 clits, labia or vaginal openings, the psychologist can safely thereby infer 13yo kid is
a virgin.
douchebag: asciilifeform: If the audit reveals that everything was done properly and to
a high standard
douchebag: Yeah generally speaking when it comes to security, you should never depend on
a scanner or set of 'tools' to comprehensively perform an audit
douchebag: There is nothing professional about running
a scanner and reading the results.
douchebag: mircea_popescu: Anyone who uses scanners such as acunetix or whatever that is called is not
a professional.
mircea_popescu: in other webs, big bang empire is moderately amusing. you're
a pornstar looking for work.
mircea_popescu: the situation is approximately the same as of
a "young aspiring gold prospector" who goes to the designated ROOM in his local community center, where he spits on some pebbles / digs through the plasticine cubes.
a111: Logged on 2017-02-09 18:03 asciilifeform: the expulsion of 'In all likelihood, there was no change at all to the labor-intensiveness, but the labor was more "fun" for
a certain class of people. Now, industrious retards can be
a horrible thing. Over
a number of years, close to
a decade, Perl accreted bits and pieces from programming languages and became usable in lieu of
a programming language by people who lacked the mental wherewithall to do programming. Tinkerers, repair
mircea_popescu looks into the logs, sees 62 instances of eg -
http://testasp.vulnweb.com/t/fit.txt%3F.jpg and similar garbage. this, of course, is "web security" or "penetration testing", or however you'd call it.
a set of "tools", no doubt "professional" that permit one
A CERTAIN KIND of cargo-cultish periphrastic cvasi-but-not-really involvement in their chosen field.
a111: Logged on 2018-03-21 14:41 a111: Logged on 2018-03-08 00:21 mircea_popescu: this entire exercise in idiocy has, practically speaking, resulted in me paying various hard working ticos
a grand or so, to the people fucking in the ass the "security" paradigm of pantsuit.fetlife. IN LIEU of having paid that much, and rather more, to the fetlife itself.
a111: Logged on 2018-03-22 16:02 mircea_popescu: the unsustainable, unacceptable etc systematically misrepresented to them as socially acceptable, the necessary, correct etc equally systematically misrepresented as socially unacceptable... it's true that this is grade
A child abuse, but then again it's also true the children so abused carry on the sad smoldering stumps of what's left of their lives
lobbes: Honestly, my knee-jerk reaction against sharing
a box is probably based on the old idea of sharing it with $random_orcs. Sharing it with L1s may actually be
a Good Thing (I'd probably learn
a few useful things)
a111: Logged on 2018-03-22 16:58 asciilifeform: point being that
a student who is tired of 'solved problems' can demonstrate mastery any time he's ready and able.
mircea_popescu: i suppose
a logical next step for pizarro is to have
a bot dedicated to listing who's on boxes, what the load is like etc.
mimisbrunnr: Logged on 2018-03-22 17:23 lobbes: To run with the house analogy: my current vps arrangements feel more like 'condominium' than 'roomies sharing
a house'. E.g. I could set up
a cronjob to blow away /var/www/ every hour if I felt like it. No need to consult (nor do I see) other renters
a111: Logged on 2018-03-22 17:31 asciilifeform: back to the 'let's remove pretenses' -- let's put on record for the log: the 'traditional' style of vps is quite heavy in overhead, because pointlessly emulates for each inhabitant 'you have
a i-cant-believe-its-not-
a-physical-box-with-physical-nic-and-disks-etc' item
ben_vulpes: it's been some time since i gave
a shit but the 'docker' folks were very proud of the resource sharing that linus wrote for them
mircea_popescu: well if you're not using it to publish web shits, get
a proper box.
mircea_popescu: not even sure what it'd take, but we could have
a competition, "shorters bash line that hoses box"
mircea_popescu: asciilifeform i've not yet managed to properly speaking hose
a modern box (hosed as in, root can't log in to fix it)
mircea_popescu: ben_vulpes depends what host.
a blog ? i dunno man, what sikrits can they glean!!!!
mircea_popescu: if there's actual demand for some reason, can always stand up
a box with all that crap later. or entreprising fellow can just resell one.
ben_vulpes: mircea_popescu: tru tru; what objections would you field to sharing
a host with l2?