41100+ entries in 0.274s
douchebag:
I have plenty of priors,
I work with a team of highly trained security professionals every day and we have audited all sorts of applications
mod6:
I've read enough of this for today.
douchebag: asciilifeform: You're not even worth responding to at this point,
I think you're the one who wouldn't know 'if it bit you'
☟︎ mircea_popescu: BingoBoingo by now
i suspect they're pasty enough to make great bottoms.
douchebag: No,
I think if you're auditing code you should understand exactly what, why and how that code is doing what it is doing
douchebag: Yes,
I'm going to be looking into that ater work
ben_vulpes: lobbes:
i think it'll be great; will push everyone on the box to standardize on known-ok package versions. "we support weechat 1.4 and fuckyou"
lobbes: Honestly, my knee-jerk reaction against sharing a box is probably based on the old idea of sharing it with $random_orcs. Sharing it with L1s may actually be a Good Thing (
I'd probably learn a few useful things)
mircea_popescu:
i suppose a logical next step for pizarro is to have a bot dedicated to listing who's on boxes, what the load is like etc.
mimisbrunnr: Logged on 2018-03-22 17:23 lobbes: To run with the house analogy: my current vps arrangements feel more like 'condominium' than 'roomies sharing a house'. E.g.
I could set up a cronjob to blow away /var/www/ every hour if
I felt like it. No need to consult (nor do
I see) other renters
a111: Logged on 2018-03-22 17:31 asciilifeform: back to the 'let's remove pretenses' -- let's put on record for the log: the 'traditional' style of vps is quite heavy in overhead, because pointlessly emulates for each inhabitant 'you have a
i-cant-believe-its-not-a-physical-box-with-physical-nic-and-disks-etc' item
ben_vulpes: last time
i was in england
i was like 14
ben_vulpes: it's been some time since
i gave a shit but the 'docker' folks were very proud of the resource sharing that linus wrote for them
mircea_popescu: yes,
i expect 60% of the box goes to that wastage by now.
mircea_popescu: asciilifeform
i've not yet managed to properly speaking hose a modern box (hosed as in, root can't log in to fix it)
mircea_popescu: ben_vulpes depends what host. a blog ?
i dunno man, what sikrits can they glean!!!!
mimisbrunnr: Logged on 2018-03-22 17:08 asciilifeform:
i for instance do not see why , if it's wot l1 people living in it, it has to expend the cpu overhead to pretend-isolate and vm-ize. why not simply traditional unix accounts.
ben_vulpes: mircea_popescu: yeah
i care quite deeply about folks clicking links with b58 encoded piles of trash in the url
douchebag: Good,
I'm glad someone is on the same page as me.
a111: Logged on 2017-03-24 03:17 gabriel_laddel_p: BingoBoingo: "
I should study more" isn't a winning idea. GTFO.
ben_vulpes: man
i can't even find the juice to beat this kind of thinking into the heads of people at $work; they gotta come preconfigured for utility
ben_vulpes:
i thought this was too obvious to point out, did not want to further insult douchebag's intelligence
douchebag:
I just don't see what was so damn difficult about that? If you guys told me to look for RCE in trb this conversation could have ended hours ago
a111: Logged on 2018-03-22 16:41 douchebag: "
i don't know how you think you know better what to do with your time than mp"
douchebag: Okay, suppose
I can get remote code execution w/ trb
ben_vulpes: douchebag: if you cannot read through thebitcoin.foundation website and get to trb
i do not know what future there is for you
mod6:
I have personally, at least, posted 'thebitcoin.foundation' in here 196 times.
ben_vulpes: also
i don't give one watt of credence to this 'no time' thing;
i've read logs daily for what, four years? started and sold out of a company, had more than one 'job' at points, manage a family and still keep up and contribute
a111: Logged on 2018-03-22 16:37 douchebag: How am
I projecting? You're the ones who are acting like you're somehow better because you have different interests.
mod6:
i gotta look this up now
douchebag: ben_vulpes: How am
I supposed to take anything in here seriously if nobody can tell me anything besides
ben_vulpes: douchebag: see dude this is why
i can't take you seriously, you have zero context for what's going on here and yet you insist on strutting around as though you matter
douchebag: mod6: not in full,
I don't have a ton of time on my hands to read 6 months of logs
mircea_popescu:
http://btcbase.org/log/2018-03-22#1788651 << amusingly enough,
i'm probably a better "website security" dood than you, if that's what you mean, or at least so the folk in the know believe, on the strenght of the various website fuckings / wp ddos writeups etc
i've piled up over the years. but this is a little like disputing the sackrunning competition.
☝︎ douchebag: asciilifeform:
I can find bugs in just about any web framework, not just php.
douchebag: No,
I figured that maybe
I could help more
douchebag: No,
I came here so that
I could help.
douchebag: Oh yeah, and
I'm the one projecting.
shinohai:
I could continue, but what do
I care?
I'm on my way out here myself.
a111: Logged on 2018-03-22 16:26 douchebag: Well,
I've been paid thousands of dollars in bug bounties. All of which
I have found manually.
a111: Logged on 2018-01-23 06:53 douchebag:
I also have an extremely good memory compared to most people,
I can remember very specific details about events and conversations that happened years prior
a111: Logged on 2018-01-23 06:43 douchebag:
I can sit in front of my computer for 36 hours straight researching a specific topic
douchebag: "
i don't know how you think you know better what to do with your time than mp"
☟︎ douchebag: How am
I projecting? You're the ones who are acting like you're somehow better because you have different interests.
☟︎ mircea_popescu: right.
i expect it's the first time anyone even said within earshot this whole pantsuit badge collecting isn't even socially accepted, let alone required.
douchebag: ben_vulpes: It's interesting to me, and considering pretty much any large company or organization has a web application in their infrastructure
I feel like it's a pretty good area to focus on in terms of security research.
mircea_popescu: it's interesting to me, honestly.
i expect from his pow we appear as half insane half irresponsible, and the question of where's the hole the day comes in through quite poignant.
shinohai: Here
I thougt one got a certificate in monology
ben_vulpes: douchebag:
i dunno man,
i'm going to weary of picking things for you in short order but maybe try to sidechannel the mpi lib?
douchebag:
I've showed mircea_popescu some of my blogs before
douchebag:
I also work for a security firm at the moment.
douchebag: Well,
I've been paid thousands of dollars in bug bounties. All of which
I have found manually.
☟︎ douchebag: Where did you get this notion that
I am a 'metasploit crank-puller'
douchebag: ben_vulpes: Like
I've said,
I focus primarily on web application exploitation and
I do everything manually.
ben_vulpes: your own research targets in which case you're a man and can make your own decisions or you need orders and will be told what to do. picking your own targets is an act of *creativity*, which
i muchly doubt
i'll see much of from a metasploit crank-puller. as it stands
i don't really expect you to do anything but it's a low bar and a single task to show me wrong.
mimisbrunnr: Logged on 2018-03-22 11:17 douchebag: If
I do this and
I am successful, am
I going to be expected to work on programming projects or could
I find something that
I would be able to help with in regards to information security
ben_vulpes:
http://logs.bvulpes.com/trilema?d=2018-3-22#317063 << you showed up, said 'help, what do
i do', and
i said 'go, son, and this thing.' it's a severalfold test: can you wrap your head around the concepts in v? can you take orders when you ask for them? it's a layered pile of crash course in not flunking out of the republic. in re 'what am
i expected to do', look either you eventually grow up and start picking
mircea_popescu:
i do however believe the foregoing statement, that high quality, sterling stupidity is always manufactured, never inborn. most people are poorly socialized from birth.
mod6:
I've said this to others,
I'm sure, that before even contemplating writing a V, you should be well versed in it ~use~.
mod6:
I would say, douchebag, that if you don't know how to, at minimum, ~use~ V, you'll find it very difficult to participate.
douchebag: Perhaps
I would be able to help w/ Pizzaro ISP?
douchebag: Most of the work
I currently do is focused around protecting customers
douchebag: Well,
I've stated previously that
I intend on learning more about some of the more low level attack vectors
diana_coman:
I can't help but read that as "
I'm not too sure if my focus on finding rats in take-aways would even be relevant to your actual cooking"
douchebag: Yes, and that's one of the reasons why
I'm not too sure if the areas
I focus would even be relevant to the projects you guys work on
douchebag: Alright, yes that is some very interesting research. However, that's not exactly the same area of InfoSec that
I have been studying.
douchebag:
I've read the logs partially, however
I haven't finished them
douchebag: However, if you guys would be interested in doing that sort of thing
I would be more than happy to help.
douchebag: Also,
I would be interested in starting a security firm
douchebag:
I primarily focus on web application and network based penetration testing
douchebag:
I can identify security flaws & help with properly remediating the issue
douchebag: If
I do this and
I am successful, am
I going to be expected to work on programming projects or could
I find something that
I would be able to help with in regards to information security
douchebag:
I literally do not understand anything.
I don't know what a vpatch is or anything. The concept just does not make sense