41000+ entries in 0.273s
emmylark: How did I do sir? Was it acceptable? I sent
a second one just in case the first wasnt enough. I thought it might be nice to get to choose
mircea_popescu: tell me... how does it feel... to be all nude... like
a hm... like
a rolling stone.
douchebag: IF I were able to find
a bot that essentially returned the content of that URL and it was hosted on Amazon AWS
douchebag: Honestly, I bet
a lot of boxes could be popped just from messing around with IRC bots lol
douchebag: Well, since RSS is in XML format I was testing
a popular vulnerability that occurs in XML parsers which uses external entities, allowing an attacker to exfiltrate data
☟︎ douchebag: That actually can hold quite the potential of
a vulnerability
douchebag: mircea_popescu: So the bots in this channel for instance the one that will add your GPG key from
a url you provide
mircea_popescu: but this browsershots set is
a comedy goldmine! apparently
a good third of the failful firefox browsers ALSO are getting an "uptades" blabla popup
douchebag: It might be, I'm not sure at the moment if this was added with mp-wp or if it was uploaded to trilema.com's webhost
a later date
douchebag: So there is never
a session stored on the site?
douchebag: Is it alright if I link you to
a PoC of the vulnerability?
douchebag: mircea_popescu: I have discovered
a vulnerability :-)
douchebag: Where can I find
a copy of the source?
douchebag: To make my job
a little bit easier, could you tell me
a little bit about mp-wp and how it differs from Wordpress?
douchebag: mircea_popescu: any sites you want me to take
a look at really quick?
trinque: might help you more to do that reading I was talking about, and get
a v-tron set up.
douchebag: Are there any sites any of you guys would like me to check out? I'm
a bit bored right now and I am always up for
a challenge :-)
☟︎ trinque: guy's probably away for the night. why don't you drop him
a gpggram on his paste site, link him to it here
douchebag: It's not
a major issue and an easy fix, however it could potentially allow someone to create fake logs
douchebag: ben_vulpes: I found
a vulnerability in your site, how would you like me to disclose it to you?
douchebag: I suppose the point I'm trying to get across is that there is
a pretty good community involved with bug bounties, I especially like the classic hacker additude of most of the people in the sense that they're all working together to learn more
mircea_popescu: i know quite
a few people whose iq is over 150. the internet is good at collecting similar things. sadly -- this does little for the intelligence of the race in general.
douchebag: Oh yes, that's very true. However, I do know quite
a few people who have been very successful with it
mircea_popescu: i know
a girl that made $30 million with her ass ; and you must admit that for the average girl's ass this is indeed generous.
mircea_popescu: but you're not discussing an average person, you're discussing
a selected person.
douchebag: Haha, you do have to admit for the average person $40k in
a little over 3 weeks is pretty damn good.
douchebag:
A relatively well known bug bounty hunter I know has made $40k this month off of bug bounties, his goal is $50k for January
douchebag: However, even though I have to wait until they patch the bugs I found before they reward me, they did reward me $150 on triage and will be rewarding the rest at
a later date
douchebag: Well, I still have to wait until they patch them before they reward the bounty. They pay based on likelyhood/impact, now
a friend of mine reported
a vulnerability less serious than the one I found and he was rewarded $2,000 total
mod6: anyway, removing: ' false' from that line will indeed, yield the correct hash, and allow for
a proper base64 decoding.
mod6: So if you manually extract the 'mpwp/blog/wp-includes/js/tinymce/plugins/wpgallery/img/gallery.png.svg' from the mp-wp_genesis.vpatch, and place it in
a file, and attempt to base64 decode it, it fails to decode.
mod6: ok lemme see if i can do
a bit of debugging on this mpwp and see if that really was the issue there.
mod6: I appreciate all your hard work / blood / sweat / tears on your trb adventure with deedbot. Your contributions are and will make
a difference. This is why the republic is on top. We don't imagine the change we want to see in the world, WE MAKE THE CHANGE WE WANT TO SEE IN THE WORLD.
trinque often does this to
a person he thinks is qualified to give the argument
mod6: never hurts to ask
a tough question.
mircea_popescu: which is like "i'm satisfied X", together with "hey, wait
a minute, what if..."
mircea_popescu: i think i pointed out somewhere how boys that've never seen
a cunt still get wet dreams, but with boobs instead. same thing here -- before networks were well understood people still thought about network-like problems. just... in roman numerals.
mircea_popescu: asciilifeform it's not
a novel concept to me -- coins that are only verified on exchange.
a111: Logged on 2018-01-25 21:28 NoSatoshisHear: I worked on digital coin in 2001, but tried to find
a non-net solution, and finally just gave up. When you head the wrong way, you don't get there. Still feel stupid for not buying in at $5, but I had no interest in Silk Road.
mircea_popescu:
http://btcbase.org/log/2018-01-25#1776463 << hey, i knew
a guy who didn't finance (1980s!) porn ventures because "not interested in the loose women". bought "blue chip" fucking revlon and bs instead. i'm sure there's even today ossified mind going "i'm not into tmsr because i'm not interested in terrorism". hurr durr, you never know what things are really about.
☝︎ mod6: I think so too, I took
a peek at it. I'm actually excited that you put homework problems in there. And I'll do 'em for sure.
mod6: <+asciilifeform> mod6: i dun particularly disagree with any of this, but the pov that 'vetting ffa' is
a 1time thing, that can be done and then 'is done', imho is mistake : each user must read it ~himself~. << I basically just mean for me & ben.
mircea_popescu: yes, they must, but not with
a view to validate theory of evolution ; with
a view to expunge head cockroaches
mod6: I'd like to see the Republic continue to expand the number of trb nodes we have available this year. There are activities currently afoot that immensly support that. Getting FFA vetted and used as
a base lib really will help get the ball rolling for any proposed trbi.
mod6: However, until n00bs get into the fold with what 'V' is, they kinda need just 1 stable thing to build with
a 1-button-push. Which means folding things in slowly.
mod6: Some of this is my fault, I've been trying to keep up here. Getting kinda swampped with
a bunch of things at once. But! These are all good things. FFA, eucrypt, ada, vtron stuff, et. al.
mircea_popescu: jesus what
a juggernaut this guy is. YO! that's not the sentiment.
mod6: nothing personal. i feel like the foundation is
a good thing ; maintaining all of the things re: trb.
mod6: <+mircea_popescu>
http://btcbase.org/log/2018-01-25#1776346 << i suspect his idea is "ideally, nothing". in any case foundation has not managed to keep up with the rest of the pie despite periodic prodding. << hmm. well whatever it is we do, I spend
a lot of time doing it. happy to shut it down if it's not needed any more.
☝︎ NoSatoshisHear: shitcoin nonsense combined with the current addicted gamblers might be
a fun public spectacle.
mircea_popescu: yes, but
a perfectly dumb item is as respectable as the perfect woman.
NoSatoshisHear: you got it, dumb.
a working solution would be even dumber.
NoSatoshisHear: centralized system, so one server counts the ticks, it would simply be
a demo of reddit "the button" style idiocy combined with gambling. Sounds viral, like the 1918 flu.
☟︎ mircea_popescu: honestly your coin idea isn't even bad, in theory. in practice it has
a fundamental flaw. you see, bitcoin acts AS
A CLOCK. this is its principal function. your thing has no clock.
ben_vulpes:
http://btcbase.org/log/2018-01-25#1776478 << in the "journal of negative results", china thing went ~nowhere, i had some 6-7 notional meatsacks try to use irc, one managed to reg
a key and then fell off the map; now waiting for bisp to come online to host on republican terms
☝︎ mircea_popescu: hanbot hey, make
a mp-wp install for the young'un ? i've
a mind to publicly expose her.
NoSatoshisHear: and almost
a dollar auction, auctioneer gets nothing, puts up the initial $100, gets lot of lulz if the crowd ever starts trying to win on the money rake game. Demos of economics are just plain w00ty tooty fun times.
a111: Logged on 2018-01-25 21:19 NoSatoshisHear: so, I may make
a fun shitcoin for lulz. I like the hellcoin idea. The block gets awarded to the last 10 suckers^h^h^h^h^h miners that put
a "realcoin" into the chain. We start at $100 and let people "mine" with coins, last 10 when the timer ticks down get the block.
mircea_popescu: what can you do ? she's not setting up any bouncers as
a three day old.
mircea_popescu:
http://btcbase.org/log/2018-01-25#1776348 << this is
a much deeper problem anyway. emmylark chick is like "do you have
a preference" re windows irc clients. i don't, i don't run windows. "what should i run ?" "err... we'll talk of this later, slut". which is fine, she's used to "you're too dumb to be told this story yet", EXCEPT in this case it's not her that's too dumb.
☝︎ trinque: isn't doing
a thing for you other than whatever virtue signaling with the hackerkids
NoSatoshisHear: W00t! learned
a lot from TRB, so thx to all of you maintainers! Will not make
a V prolly though. Still learning lightning, now with "onion routing". HODL on, and buy my tethers plz.
NoSatoshisHear: so, will be back later with
a verifiable ID instead of this anon lunacy, thx for the lulz and info in the meantime.
NoSatoshisHear: I worked on digital coin in 2001, but tried to find
a non-net solution, and finally just gave up. When you head the wrong way, you don't get there. Still feel stupid for not buying in at $5, but I had no interest in Silk Road.
☟︎ NoSatoshisHear: still wonder if I mean Satoshi at one of the parties with Tim May and James
A Donald and some of the other early coiners. I was surprised to find peeps I hung with in SF...
NoSatoshisHear: yes, will do
a real ID, just flaming some crap right now. I have my main server back for repairs, so when it comes home I will do the do.
NoSatoshisHear: it would not be
a coin, but
a gambling experiment. Either no one would play, or lots would and the game could never end.
NoSatoshisHear: try and even get the hdmi spec, I'm still looking for
a "dumped" version. Love the ethernet spec they built in...
NoSatoshisHear: so, I may make
a fun shitcoin for lulz. I like the hellcoin idea. The block gets awarded to the last 10 suckers^h^h^h^h^h miners that put
a "realcoin" into the chain. We start at $100 and let people "mine" with coins, last 10 when the timer ticks down get the block.
☟︎ NoSatoshisHear: what are my three premises? sounded like
a binary joke extended. ETLA's
NoSatoshisHear: was pretty cool getting to be in the architect meeting. They introduced the FU chip in 2004 as
a seperate processor. I so voted it down. It sounded like
a spy chip and it was.
NoSatoshisHear: you get
a percent of the profit every quarter, I started at 25% of salary, and got
a 10% bump at 1 year, some 20 year+ doods have 2000% multipliers.
NoSatoshisHear: I have, came last summer, fugged around, left with
a copy of trb to play with, will make
a real name and gpg id in the near future....
NoSatoshisHear: intel got no options, you get
a multiplier. best paid job ever.
NoSatoshisHear: ffa, some cool stuff, making
a braindead c one just cause I can learn better. Sure wish I could pour some fast multiply hardware, but don't know enough prolly.
mircea_popescu: you can sorta guess when exactly the "strong independent woman" will start bawing like
a little girl on the basis of the displayed priors.