40100+ entries in 0.295s
mircea_popescu: "
I would love to make a billion dollars ; Between a few people,
I have $3.5million that investors are willing to invest ; and
I have a team of people who are extremely skilled"
douchebag: and
I have a team of people who are extremely skilled
douchebag: Between a few people,
I have $3.5million that investors are willing to invest
douchebag:
I've been talking to a few investors in regards to InfoSec
douchebag: mircea_popescu:
I would love to make a billion dollars
mircea_popescu: BigTexasBingo
i don't want to read that, can there be a one line summary ?
douchebag: mircea_popescu: Everyone's got to start somewhere, and anyone who knows me knows very well that
I am one of the most strong willed people you'll ever meet
douchebag:
I make anywhere between $1k-20k/month doing my web app pentesting
douchebag: mircea_popescu:
I make $700/week from my current job
douchebag: and
I sure as fuck don't get paid to play video games
douchebag:
I don't play videogames, hacking stuff is much more entertaining than that
mircea_popescu: but as the elite increasingly opts out of supporting the "shiny happy faces of drooling imbeciles" modern of postmodern democracy, the thing will fall. it can't support itself, the only way it can live is for as long as you're willing to take $1k in lieu of "tell you what,
I OWN tmobile now, you can all go home / hit the unemployment lines"
mircea_popescu: douchebag anyway,
i'm not saying the options you're taking aren't on the table. they are.
i am however saying that the table won't last ; which of course is about as interesting in the direct as telling a brontosaurus happily chewing on a fern that a meteoir's coming. "so... what does this mean ~TO ME~, should
i switch to chewing palms ?"
BigTexasBingo:
I don't have civilized desk internet at the moment. Douchebag the goldmine is in burning the god damned colored hats.
douchebag:
I don't really like dealing with the blackhat crowd either
douchebag: For me
I am making alright money for the position
I am in
douchebag: Because they would rather pay me $2k to tell them how
I could have dumped their database
douchebag: and eventually
I got good enough where
I could pop boxes of multi-billion dollar organizations
douchebag: mircea_popescu: To be honest with you,
I got into web application hacking just to pwn websites of nerds for lulz
mircea_popescu: everyone involved in "technology", especially if the only language they speak is english and even more especially if their general philosophy is in the "
I think medical science is still pretty healthy, and that the consensus of doctors and researchers is more-or-less right on most controversial medical issues." vein of above-illustrated jwzism are strictly speaking subhuman, and a great and needless burden to the planet.
douchebag:
I think most web application developers have the mental capacity of a monkey with autism
douchebag: People fuck up, and
I'm really good and pointing out those fuck ups
douchebag: Yeah, this is the main reason
I focus on web application stuff
douchebag:
I found out that cookies were being scoped from parent domain to subdomains
mircea_popescu:
i guess. fucktards dun know how to separate eggs. pro tip : TAKE IT IN YOUR HAND. omfg, basic slavegirl kitchen training.
mircea_popescu: asciilifeform no, the moneyshot is, "
I'm going to need a source on that. the doctor dude seems to know what he's doing. also the ballistic gelatin is kinda hard to argue against"
a111: Logged on 2018-04-04 04:49 mircea_popescu: in other lulz, /me joins #lesswrong. there's a "* Loaded log from Sat Sep 20 11:53:02 2014" ; then /me joins #startups. there's a "Loaded log from Sat Sep 20 11:52:17 2014". apparently...
i did this once before ?
a111: Logged on 2018-04-04 04:32 mircea_popescu: asciilifeform ^ lemme know if
i left anything out.
mircea_popescu: aaand closing channels. #lesswrong is spectacularily retarded.
i mean wikitardia levels of inane wank. #clojure and #bash are mostly dead, 99% join/part and the rest hi guise,
i got a dumb question. startup and gaygeeks are dead.
lobbes: yeah, sorry,
I was kinda unclear; just lists the bot name, operator, and call command
lobbes:
I purposely decided not to curate the actual commands.
I figure that is best left to the operator to maintain
mircea_popescu: in other lulz, /me joins #lesswrong. there's a "* Loaded log from Sat Sep 20 11:53:02 2014" ; then /me joins #startups. there's a "Loaded log from Sat Sep 20 11:52:17 2014". apparently...
i did this once before ?
☟︎ douchebag:
I just jacked one of T-Mobiles sub domains
a111: Logged on 2018-04-04 02:19 lobbes: there's also an additional precaution
I could take: instead of the thing being on an hourly cronjob,
I could easily set up a quick 'validation report' for myself and then pull a 'manual' crank to initiate everything
mircea_popescu: and the time
i burned the koran/bible and the time
i stabbed that rabbit and so following.
mircea_popescu:
i mean my talk to ro politicians about basic economics from like 2005 is on the fucking web ffs!
a111: Logged on 2018-04-04 00:35 phf:
i did several talks on the idea that sanitizing data is retarded, and that you're supposed to have a proper parsing strategy instead. that it's in other words an impedance mismatch problem, and if you teach computer your assumptions it will be impossible to have injection issues
a111: Logged on 2018-04-04 00:46 asciilifeform: phf:
i was vaguely hoping he might grasp this by playing with pehbot / reading ffa ; but loox like no dice so far
a111: Logged on 2018-04-03 23:53 douchebag: and
I'll tell you why, when working for a company doing a security audit - you will get paid the most for RCE. Women love money, and that money can be used to help take care of the children
a111: Logged on 2018-04-03 23:48 lobbes:
I agree this needs archiving (
I'm currently working off their version of kritik der reinen vernunft as a german study aid). However, unlike kibo.com
I would wager the entirety of gutenberg is much much larger.
I'd prolly need moar storage than the ~200gb ssd on the dedicated home craptop
I'm currently using (but maybe not) >>
http://btcbase.org/log/2018-04-03#1792648 lobbes: there's also an additional precaution
I could take: instead of the thing being on an hourly cronjob,
I could easily set up a quick 'validation report' for myself and then pull a 'manual' crank to initiate everything
☟︎ lobbes: yeah, true,
I really should do both
lobbes: but
I CAN enumerate a valid url
lobbes:
I cannot possibly enumerate what
I haven't thought of
lobbes: hm okay, this is a bit over my head, but you are saying that
I need to understand what the grammar for a url is, and then have the parser follow that grammar?
lobbes: hm yeah, applying this to my case: there is only ONE point where user-entered data enters into the process, and that is where the bot snarfs from the chan and inserts into the first sqlite3 db. So really,
I just need to teach THAT part of my process what a valid url is, and then parse accordingly
a111: Logged on 2018-04-04 00:35 phf:
i did several talks on the idea that sanitizing data is retarded, and that you're supposed to have a proper parsing strategy instead. that it's in other words an impedance mismatch problem, and if you teach computer your assumptions it will be impossible to have injection issues
douchebag:
I've never programmed in the language it was written in
phf:
i did several talks on the idea that sanitizing data is retarded, and that you're supposed to have a proper parsing strategy instead. that it's in other words an impedance mismatch problem, and if you teach computer your assumptions it will be impossible to have injection issues
☟︎☟︎ phf: but relevant to the conversation,
i grew up in russia in the 90s, so
i did infosec until 2005 or so
phf: which reminds me that
i should implement the help feature, a111 is no conformant at the moment
douchebag: If those lines weren't stripped
I could potentially send my own commands to the ircd
douchebag: can
I try one last command really quick?
trinque:
I think mimisbrunnr only quotes log-lines; it's ben_vulpes'
douchebag: and
I'll tell you why, when working for a company doing a security audit - you will get paid the most for RCE. Women love money, and that money can be used to help take care of the children
☟︎ douchebag: Forsure,
I'm rather experience with application design from a security prespective so just let me know if you have any questions
lobbes:
I agree this needs archiving (
I'm currently working off their version of kritik der reinen vernunft as a german study aid). However, unlike kibo.com
I would wager the entirety of gutenberg is much much larger.
I'd prolly need moar storage than the ~200gb ssd on the dedicated home craptop
I'm currently using (but maybe not) >>
http://btcbase.org/log/2018-04-03#1792648 ☝︎☟︎ lobbes: douchebag well, it is very convoluted atm. besides,
I'd rather there be a static page
I can point to than just barfing it in the logs
douchebag: Just tell me essentially what it is you're trying to do, what you have already tried, and then
I'll suggest you how to write it properly
lobbes: and shinohai, as much as
I'd like to blame this on supybot, this one is all me (the exploited code was all brewed by yours truly)
douchebag: lobbes:
I'll help you make your bot more secure
lobbes: my plan tonight is to go through and map out whole process (
I'll probably tar up my code after
I attempt to sanitize inputs), will bake a blog post exposing my naivete to forum at large
douchebag: lobbes: Mind sharing the source code?
I could perhaps help you identify further exploits
lobbes: oy, yup this is the spoofed user agent that the phantomjs portion of the process was using. RCE was happening both at the bash level AND via the headless browser..
I got poked in several orifices >>
http://btcbase.org/log/2018-04-03#1792665 ☝︎ mircea_popescu: there's by now a large and visible class of dweebs who considered the "should
i learn github or get boobs" dilemma and came out with "better get boobs -- govt pays for it."
mircea_popescu: nfi,
i was discussing the "women in tech" trend generally.
douchebag: Yeah no it was fine most of the day, this kid would just get out of his seat and stand behind me and start staring at what
I was doing and asked a bunch of questions
douchebag: asking questions about everything
I type in my terminal
mircea_popescu: whole fucking natural language is nothing beyhond "add aix^
i terms until the damned P has only one real root."
BingoBoingo: mircea_popescu: Sure,
I will take a look at it
ben_vulpes: mircea_popescu: works,
i'll take it for bonds
mircea_popescu: ben_vulpes cash or bonds, though for the latter no actual discount was discussed in teh nsa boardroom. but
i guess
i'll go with .4 off the cuff and hope nobody throws gavels at me.
☟︎ ben_vulpes: mircea_popescu: thanks for extending the counteroffer,
i'll take it. will you take payment in pizarro credits?
mircea_popescu: spyked a good move at this point
i guess would be patching trinque 's bot to be all cll.
phf:
i believe rainer joswig hosts his websites on some arm box with CL-HTTP on top of it