40800+ entries in 0.222s
mimisbrunnr: Logged on 2018-03-29 00:13 trinque: great.
I'd like you to review the dependencies of trb (which were frozen at particular versions) for known public exploits, and to publish a report of this on your own mpwp blog.
douchebag: Is there anything else
I could do in exchange for BTC?
douchebag: mircea_popescu: Could you just send it to an address
I provide?
mircea_popescu: trinque does he need rep in order for me to be able to pay him or is deedbot mothballed because of the failed down or am
i butterfingering the format again or wut.
douchebag:
I've been having a lot of fun with XML parsers lately, last night
I reported a vulnerability to a mail provider. They didn't allow use of SYSTEM or DTD's however since Entities were being processed
I could have knocked the whole service offline using a billion laughs attack
douchebag: trinque: One thing
I was wondering though in regards to deedbot, the RSS feed which library are you using for XML parsing?
trinque: great.
I'd like you to review the dependencies of trb (which were frozen at particular versions) for known public exploits, and to publish a report of this on your own mpwp blog.
☟︎ douchebag: Now,
I'm not going to completely abadon the web app related stuff - mainly because that's my primary source of income at the moment. However,
I am open to trying new things to improve myself.
trinque: hm yeah,
I could chase all that, but then some human operator will see it happen and take care of it.
douchebag: Oh wait, wrong person
I meant to tell trinque
douchebag: The only thing
I managed to find w/ it is getting permavoiced
douchebag: ben_vulpes: Alright,
I pretty much give up at pwning deedbot
spyked: hm.
I understand the specific problem with my vpatch set now.
I'll reread the whole discussion to make sure
I've wrapped my head around this.
mod6: This is not ok. And is rejected.
I simply removed the two vpatches that are not required for the latter path (see the paste above where
i simply pressed 'vtools_2', the second press-path) then your vpatch is included to the flow no problem.
spyked: thanks mod6.
I wonder if it's one of those cases that spawned the discussion which led to the idea of a manifest file. in any case, it looks like the patch above (vdiff_lib_xalloc_static_xnmalloc) can have multiple children.
spyked: (also,
I had to redo the patch anyway, since
I initially used the keccak vdiff; but
I'm pretty sure this should be a child of vdiff_fixes_newline_gcc, since the hashes for vtools/lib/xalloc.h match)
spyked: v.pl flow. not sure how to debug this yet, but
I can take a look at it tomorrow
xanthyos:
i installed gpg software on this machine when he knew full well
i wouldnt 'be able to do anything with it
mod6: wow, can
i get the same deal dpb?
xanthyos: mircea_popescu: dpb just said he'd give me free btc if
i had enough presence in the wot to be able to !up myself
phf: hmm,
i wonder if adacore's gprbuild uses its own gcc or global one
☟︎☟︎ mod6: (which is why
i chose this particular environment to build your vtools upon)
mod6: which is the only version
i've been able to stand up that seems to work 100% with ffa.
mod6: for what its worth, at the bottom of my paste,
i've denoted that im using gcc 4.9.4 and adacore 16
phf: maintaining two separate builds in the same patch tree is sort of experimental, and
i'm happy that it seems to work out of the box
mod6: But what
I ended up doing is pressing to leaf 'vdiff_sha_fixes_newline_gcc.vpatch' into 'vtools', and pressing to leaf 'vtools-vpatch.vpatch' into 'vtools_2'.
I went into vtools_2, and found the similar problems as hanbot.
mod6: So there are a few things that
I probably should ask about, as it wasn't wholly clear to me about the pressing side of things. Since there are multiple roots, and multiple leaves, there are two different press paths. Now, maybe
I'm not supposed to have all of these in there?? But it looked to me from the thread at phf's site, that
I needed to have them all.
phf:
i think brk/sbrk is a reasonable alternative to malloc, since it makes a claim on a certain amount of processes's address space, without allocator's bookkeeping, that you then can use for heterogenous purposes. it's a dynamic alternative to having something like a static int heap[HEAP_SIZE] in your code.
phf: there's a bunch of others, around
i think gets/getc, brk/sbrk, etc.
phf: spyked: if you sign your patch,
i can include it in the vtools graph, a "collaborative" experience :)
phf: in other words, it's either static inline or the #define { ...} while(0); trick, because extern inline/inline doesn't make any guarantees.
i think it'll be adequately tmsr solution to just moved those definitions into own functions and not worry about "speed"
mircea_popescu: asciilifeform
i dunno that it's entirely wrong ; "don't link libc if you're making a library" is right!
phf:
i'm not sure it's the correct solution then,
i thought you reproduced. xn* is defined by differ itself in xalloc.c, so it might have something to do with multiple includes and specific combination of static/inlines
phf: the issue was already reported by someone else, but at the time the suggested fix was to put a bunch of C level annotations (some combination of static inlines), which
i didn't think was an adequate solution, given that
i don't understand why it does or doesn't work. but ascii's explanation makes sense, though
i can't reproduce the issue on any of the machines
i have with adacore's gnat (freebsd, osx, debian)
mircea_popescu:
i am thinking this is actually something that needs changing in vdiff and being made a general rule.
mod6:
I might be in over my head, phf, enlighten us when you have a moment plz.
mod6: huh, well that's news to me --
I was prodded to use that in the latest version of my vtron.
I'll have to look into that. Not that my thing is related to hanbot's problem.
mircea_popescu: like two-three meters out on the balcony, you know... at first
i thought it's swooping in for my dick.
mod6: diana_coman: thanks for your careful reading of the Pizarro Feb statement, the error has been corrected,
I believe.
mod6: btw,
I enjoyed the pics from the eagle (falcon) post. how majestic was that 'eh?
mod6: <+mircea_popescu> eggs can totally do it though. << yeah,
I think you're probably right.
i was fine until about 3-4 hours after breakfast.
diana_coman: (
I mirrored the gnat
I recommend too, given previous experience with everything pretty much)
hanbot: phf listen,
i failed to anticipate my build environment being incapable of making yer patcher. wouldja mind sharing how you put together what you compiled your keccak vpatch with?
hanbot:
i haven't put together anything special for ada yet. what was that supposed to be, install gnat (which ?)?
phf: asciilifeform: building weechat on a work laptop using homebrew.
i mean, that's deep behind enemy lines, so it's not surprising, but
i'm fascinated by the increasing levels of fail
mod6: <+hanbot> ooo ty asciilifeform, quite right. now how did
i end up with old vtron and new usermanual, lol << oh, herp, didn't even see this.
phf:
i've avoided any particular scheme, because it might introduce equivalence that doesn't exist. sha512 as an "alternative" vs. sha512 as aggressively deprecated.
phf: right now keccak/sha512 vpatches are not differentiated in any way, so having both of them in the same workflow might result in confusion (in fact it did when
i was testing things at some point). it might be worthwhile to introduce some kind of hash tagging scheme, eg keccak:<hash> vs sha512:<hash> and keep <hash> without prefix as sha512 for legacy reasons.
hanbot: ooo ty asciilifeform, quite right. now how did
i end up with old vtron and new usermanual, lol
trinque: mircea_popescu: this and also "
I can't push you anything"
mircea_popescu:
i suspect that however you turn it, something LIKE rss we will have to have, and that like is so close as to not make the killing worth the bullets.
mircea_popescu: trinque there's two layers here. layer 1 : there's a lot of flexibility in letting it be rss ;
i can have a rss reader read it for me rather than put all failure points in freenode-dns.
hanbot:
i do have the old mod6 vtron,
i'll look @ new, ty asciilifeform
trinque: mircea_popescu: depends on "web"
I should've said.
I'd sooner skip the RSS feed part and have the bot directly message folks when interesting things happen. the usefulness of this is blunted by the fact that currently gossipd is implemented by gpg-paste.
ben_vulpes: mircea_popescu: fixed, ty.
i'll get to the multiple-links thing later
mimisbrunnr: Logged on 2018-03-27 07:13 mimisbrunnr: Logged on 2017-11-03 12:31 asciilifeform:
i still dun fully grasp the middle kingdom's 'feed the enemy until he dies of old age' philosophy, so cannot comment
spyked:
http://btcbase.org/log/2018-03-26#1789669 <-- of course,
I'd be glad to! though
I agree with diana_coman's observation that
I'm a candidate but maybe not fit for lordship yet (perhaps a superfluous comment on my part, but since you asked)
☝︎ mimisbrunnr: Logged on 2017-11-03 12:31 asciilifeform:
i still dun fully grasp the middle kingdom's 'feed the enemy until he dies of old age' philosophy, so cannot comment
ben_vulpes: in other news,
i think that fare broke the "simple-date" behavior in the cl "postmodern" postgresql client library
ben_vulpes: mircea_popescu:
i suppose the thing to do is invoice once with a link to the deeded linen items
mod6: ben_vulpes: sure,
I'll look this over and get back to you.
douchebag: Yeah
I realize that,
I just read up on a new technique and
I'm geniunely interested to see if it's successful
douchebag: And
I'm not sure why it's failing,
I'm not even reciving the request in the access logs
mircea_popescu:
i taught her a lesson in handicapping of magnificent splendour rarely seen : halfway through last quarter, the score being 80 (to 40 something)
i asked her whether they clear 94. no way. she bet me, and well...
mircea_popescu: in other proceedings,
i met hanbot for drinks at the blue marlin (local brothel), where we watched teen hussies duke it out. literally : uconn beat the shit out of south carolina (all black girls, for maximum lulz. a tall lanky one even cried!).
phf:
i took a long walk over sf hills, and wanted to take an ocean dip at the end, but the last 15km on the way to the ocean were on flats, with a piercing cold wind.
i was cold wearing a shirt and a sweater, so no swimming, but still it was a pleasant walk. there's really nothing bad to say about the weather here.
phf:
http://btcbase.org/log/2018-03-26#1789697 << not as hot as palm springs (which is full blown summer at this point), but basically spring. it was raining last week, but right now it's a shirt weather. if you're close to the ocean, then it's blowing cold wind. what
i'm trying to say is that the weather is excellent, and
i'm loathing going back to the swamps.
☝︎ diana_coman: you stamp it,
I stomp it ; will find someone to chew it too
BingoBoingo: <asciilifeform> ( anybody been to para- ? what's it like ? ) << From what
I hear much hotter and poorer. It is the lawless land where Uruguayos go for cheap vacations.
mircea_popescu: lobbes ima put it in the mar report ; but the short story is, server
i supposedly bought in feb still not here by late march, minigame dun have a server now.
BingoBoingo: That's kinda what
I understand Dominican Spanish to be.
I kind of have an overview of Immigration to Uruguay post half baked in my head. Need to sit down and shove it through the keyboard.
mircea_popescu: whole lotta "france got me!
i'm a phrancophone!
i only eat at French's diner in wisconsin."
BingoBoingo: "
I credit that group with creating my identity consciousness. Before that,
I was a brown kid that wanted to be white. Eusa Nia (Swahili for Black Purpose) got me."
BingoBoingo: ^ Ah, bonus
I didn't notice until pasting the text. Author's name is PATEL!!! A wild PREEET