43800+ entries in 0.256s
spyked: diana_coman, yeah, but your webserver is ultra-conservative on user agents. :) the one from
http://btcbase.org/log/2018-01-19#1773164 didn't work, so
I faked one from an existing browser, which eventually did the trick. (nb for whoever wants to craft xml-rpc requests manually)
☝︎ diana_coman: re nodes: mine is still there but still not at the top;
I even pressed and ran asciilifeform's patch but it's unclear to me if it helped tbh;
I admit
I did not have much time to really dig deeper there exactly
☟︎ shinohai:
I have none besides advertised nodes
I showed you yesterday.
mod6:
i guess it is huh haha
spyked: !~later tell mircea_popescu
http://btcbase.org/log/2018-01-26#1776901 <-- neato! ftr, it seems that pingback responses vary a lot across web server configs, wp versions etc. some blogs. for example wordpress.com-hosted blogs give undocumented (or sometimes empty) responses, probably as an anti-spam measure. (after filtering out non-pingbackabble sites,
I sent all pingbacks manually, just to look at responses)
☝︎☟︎ mircea_popescu:
i was talking re "contempo" period, post ww2 not of the fucking know-nothing movement.
mircea_popescu:
i have about $1 trillion in trimmed pubic hairs. they, unlike a "transgender", are actually female, being XX.
a111: Logged on 2018-01-26 20:04 douchebag:
I would like to clarify with someone that
I properly understand everything required to create a V implementation.
douchebag: V implementation to use so that
I understand how everything is working together
douchebag:
I do not know what marching orders are at this time,
I'm going to have to read more into it to better understand
trinque:
I see guidance, not beating, no harm there
douchebag: Well, the web application would just be for viewing purposes, the PGP operations will still be done via command line.
I am quite comfortable writing web apps using Python's Flask web framework
douchebag: That's probably a good idea before
I start.
shinohai:
I'm genuinely curious to see gpg operations performed in a web app.
douchebag:
I'll write something up and let one of you take a look at it when
I'm finished.
trinque:
I don't see where
I condemned
douchebag:
I would like to clarify with someone that
I properly understand everything required to create a V implementation.
☟︎ lobbes: douchebag, -as you read more- the "how can
I best use my skillset" will become obvious to you
douchebag: Well,
I'm just trying to figure out where my skillset could be best put to use,
I would be more than capable of writing a V implementation or setting up an IRC bot.
I'm trying to leave it to you guys to tell me where my skillset could best be put to use
☟︎ douchebag: Well,
I'm not the best programmer out there however
I always make damn sure the code
I do write is secure as it can be
douchebag: Eh, perhaps. It's mainly just a hobby of mine, and
I'm constantly learning from it and it pays the bills for now.
douchebag: Everyone else
I know is working some shitty job, not getting a decent amount of experience, and they're just kind of stuck in the same place. Meanwhile,
I'm just entertaining myself with the challenge of hacking these companies
douchebag: Not really,
I know that by responsibly disclosing vulnerabilites to companies
I am building a pretty awesome resume which will benefit me later in life
BingoBoingo: douchebag:
I mean in the physical sense. You know... the old fashioned kind of flip and coin. Or flip and tire.
douchebag: Considering
I looked at one of my wallets and $50 transactions are now worth roughly $20,0000
douchebag: Not really too much,
I've held onto coin and made a bit here and there. Typically
I end up selling it right away so that
I can get my cash in hand and not have to worry about waiting for the price to fluctuate.
I know
I should have held onto it
phf:
i've seen the machinery work many times, though for some reason it reminded me of the case where it misfired, in a famous bit by feynman where he was cracking safes at los alamos, security resolution and the unexpected punchline is "don't let feynman near your safes"
mircea_popescu: phf the actual trick
i use to force a "no, go down obv branch" is by prepending a "you know" or whatever. but, sure.
phf: well,
i didn't know if you were aware, and
i can always fall back to the usual log "but tis was for the reader!"
mircea_popescu: phf ah, so it was just stating the obvious for some reason ?
i'm... aware that's how it propagatges o.O
douchebag: Alright, what do you guys suppose
I do
I've been trying to find vulns in Starbucks pretty much all night with very little success. Should
I continue hitting this bug bounty, or switch over to Yahoo's program?
mircea_popescu: phf no, no, the structure of the argument, "X propagates via r-selection" is not delivering on what
i expect is the intent ("of COURSE x is "bad" in the sense of illegitimate).
phf: mircea_popescu:
i'm perhaps failing to find a point at which your analogy connects with the situation.
i read it as "don't know on things that seem trivial"
phf:
i don't know the puritan arguments against sluts
BingoBoingo: In other exploits, tonight
I will be sleeping in a different bed because axe time gas time has some for the chinches de cama!
mircea_popescu: it's very solvable as stated, but not mechanically. "1. figure out v ; 2. press pehbot ; 3. say intelligent things about it." "intelligent according to whom ?" "intelligent according to me" "how am
i supposed to cheat this ?!" "you aren't."
a111: Logged on 2018-01-26 17:45 douchebag: 1BTC reward?
I'm up for that challenge any day
BingoBoingo: <asciilifeform>
http://btcbase.org/log/2018-01-26#1777052 <<
i'd like to make such a challenge. but turns out that we do not even yet have a usable formula for what exactly even is an exploit. << Dude finds way through pehbot commands to replace host machine BIOS with "Hypercard" binary that shipped with OS7
☝︎ a111: Logged on 2018-01-26 17:45 douchebag: 1BTC reward?
I'm up for that challenge any day
douchebag:
i gotta run, be back in about 30 mins
mircea_popescu: well, no,
i mean something like "just because it has cogs in it doesn't mean it's a clock, could be a car transmission"
mircea_popescu:
i dunno that any of those has anything to do with my harem tbh.
mircea_popescu:
i suspect this is what we are gazing upon in amazement : that slavegirl must ~love~, ie that there is no mechanical solution to the problem.
a111: Logged on 2018-01-26 05:06 mod6: and it goes back to the same thing as with diana_coman. having two '++' at the front of the line. the way the vdiff is written, when it passes the diffed file off to awk to pattern match the ---|+++ it adds that '+' in the front, then it matches, causing it to call sha512sum.. which is where the false comes from.
I think.
mircea_popescu: asciilifeform
i got a hardbound copy. shall
i have it transcribed ?
mircea_popescu: in entirely unrelated lulz :
i recommend to the expert entomologist item #341 of the assembly of the state of new york, entered into record april 12, 1838 (a message from W L Marcy, the governor).
a111: Logged on 2018-01-23 19:52 phf:
i can see the education angle, and how it fails these people, but what
i'm surprised about is the lack of personal drive? it's some kind of learned helplessness
mircea_popescu: but, take heart douchebag : there's not that many people your age that can say "hey,
i sent mp to meditation room" ; and they're overwhelmingly female to boot.
mircea_popescu:
i suppose the workings of this insane nut posse must be quite disconcerting to the professional. "
i told this guy he had an xss hole in some file and he proceeded to sign an unrelated snippet of javascript".
mircea_popescu: asciilifeform
i didn't expect it'd work mechanically ; but there it is now.
a111: Logged on 2018-01-25 16:29 mircea_popescu: wait wait,
i might have a pill
a111: Logged on 2016-08-01 20:03 phf: mircea_popescu: a lot of xss detection "solutions" rely on grepping for known bad input, like "script" or whatever. and there are ways to sidestep that, like '<scr' + 'ipt>' or a='ipt>';'<scr'+a. in this case whoever is fucking with detection by using this truly wtf feature
i've never heard of, <meta charset="a">b</meta> that apparently parses b according to charset a rules
mircea_popescu: hey,
i was looking for a pretext to get a test, so bbs.
a111: Logged on 2018-01-25 16:42 asciilifeform:
i dun actually disagree with mircea_popescu :
i never liked bigendianism . but it did come from a particular cost analysis , ftr.
mircea_popescu:
i honestly believe it's as big as the concept of link.
mircea_popescu: but the "you enabled js, you're dead" position is untenable --
i use js for the selection thing. and
i fucking need it
mircea_popescu: if
i'm responsible for the above why am
i not responsible for sending emmylark nude on a harley to luser's house to tear out intel ME out of his chip ?
mircea_popescu: asciilifeform there's two fundamental items
i can readily identify, maybe more. 1.
i actually did plop an echo $_GET in there. is this just bad coding ? is it a legitimate assumption ? 2. he has a point, as long as it's on trilema.com, a script has powers OUTSIDE of its implicit scope, "steal cookies" whatever. is this ~actually~ bad systems design ?
a111: Logged on 2015-08-13 19:00 phf: mats: well,
i actually meant the opposite. classes of attacks can be eliminated by not using c.
i think that majority of the attacks come from leaky abstractions. there's no <string> in c, but there's a null terminated memory region. there's no <sql> in perl, but there's a character array with sql text in it. one of the solutions is to plug abstraction holes on a level of the language, in such a way that you can't not use improved abstractions