5100+ entries in 0.022s
Framedragger: (and no, the irony of linking to pdf which talks about stupid frontend formats is not lost on me... :( )
Framedragger:
http://log.mkj.lt/trilema/20161115/#349 << ohmygerd how i hate this shit. it ends with "to quote text in screenshot of screenshot, i'll make a screenshot". tumblr at least retains/-ed the concept of a "quote as a block of text". wouldn't be surprised if not for long.
Framedragger: mircea_popescu: yeah, i guess can't be certain. doesn't really fit for sure..
Framedragger: i see what you mean. now it's a closed bubble/system for them, sort of...
Framedragger: except for the whole "wasting time of actual people" side of things..
Framedragger: well, good for the skriptkiddies then. a spammy-scripty strategy is a strategy nonetheless.
Framedragger: could it be that half of them are bots, mircea_popescu? can't imagine them being able to use imagemagick for the life of me
Framedragger: mircea_popescu: i have this idea of doing focused not-for-coal-mines work this summer (some time after May) lol. so maybe even 2017!!1
Framedragger: aha yes, ssl certs should go into the oven, too.
Framedragger: but the 2nd ssh-key-extractor stage can do the stuff you want, yes.
Framedragger: aha, the way it'd work, it'd still scan only port 22 initially, because grabbing banners / doing stateful communication is much slower. doing the former is a matter of TCP SYN/ACK, with embedded 'cookies', no need for state
Framedragger: or banner-grabber? i have all the banners still. (and no i haven't done anything with them, yet)
Framedragger: asciilifeform: as in, scan additional ports, you mean?
Framedragger: (vc's cockbox vps don't care about no abuse complaintz.)
Framedragger: also, i may want to re-run the base ipv4 ssh server finder at some point, i'm sure i'll get some more keys :p
Framedragger: ah yeah i recall. i think my only modification is that it handles bulk amounts, but really nothing special
Framedragger: jurov: i have a trivial python script based on your openpgp-generator to convert arbitrary numbers of e,N,comment into pgp if interested (but you prolly have something of the same - just in case)
Framedragger: well for one ssh client keys normally have an email/ID associated with them, not sure if ssh agent would like an ssh server key. in theory, yes, sure
Framedragger: i mean in practical terms, of course, theoretically, but as in, would a canonical ssh agent eat it up
Framedragger: can you even use an ssh server key as ssh client key (and yes i agree if it's easy to do, someone will have done it)
Framedragger: well you cant fault them for not having heard of gossipd. (cue everyone: YES YOU CAN). re. i2p, well its an interesting project. but - doomed.
Framedragger: thanks much ben_vulpes. guess i'm good for now
Framedragger: mircea_popescu: point taken - this should ideally eventually change, etc...
Framedragger: (truncated. assumes 8 bits per char. not the favourite / not sure, but i like it.)
Framedragger: (ir pelenai buteliuose ir kraujo žiedas kol rūkau išplinta)
Framedragger: prakirsta galva ir nuo pilvo garuojantis sniegas
Framedragger: kur tik būdavau nuoširdus galėjau ant jos išsilieti
Framedragger: mircea_popescu: you said you generally like dns transport, but just fyi it afaik limits udp packets to 512 bytes (which iirc you hate). but i guess the term is something more like "tolerate", not "like"...
Framedragger: when i was hitch hiking in albania a few years back, i ate lotsa watermelons. because 1) they were awesome there, and 2) it was middle of summer, hot, so lower food intake overall
Framedragger: (yes, afaik decent place. tu-munich >> tu-berlin probably, tho)
Framedragger: asciilifeform: kewl. wonder what they will say. and what they used to generate the key..
Framedragger: how did that kharms story go, about the guy dreaming he was a bush..
Framedragger: lean and clean. i may just try that. i understand the need more and more.
Framedragger: quite delicious! mississippi mud pie. oreo base, brownie-esk filling. amateur-made (office tradition), but very much acceptabru.
Framedragger: mircea_popescu: i'm curious, do you currently manually add entries to your hosts file? wireshark shows so much gunk flying around. like, i've got ad blockers and everything, but still lotsa facebook dns requests all around, etc.
Framedragger: what is nice is that the dns transport itself is quite elegant - questions/answers - one packet for query, another for answer. so transport is (in principle) compatible with session-less gossipd model, i think.
Framedragger: oh god. dns is defined using a shitload of RFCs. but easiest way to learn of low-level transport nuances is, well, wireshark. so, wiresharking and eating cake. at the very least this will end up as (possibly) useful website comment for future adventurers.
Framedragger: mircea_popescu: you'd still want r-dns to be able to serve existing dns clients though, right? i mean, things like `nslookup`, dns resolution libraries, etc - the current dns protocol? or no?
Framedragger: well, BIND is.. not vulernability-impaired. lots of fleas. and code quality - can only imagine
Framedragger: mircea_popescu: thanks for bearing with me. yes, fixation.
Framedragger: ah, "r-dns" is republican dns. not reverse dns or sth like that. more clear
Framedragger: the administration / record-updating would be a separate layer in any case.
Framedragger: up until this point i thought that the idea would be to use an existing dns server, for sake of ease
Framedragger: i wonder if a simpler key-value store wouldn't work as a replacement for dns server. "flatten" the whole thing, so that, as you say, dns server wouldn't distinguish between types of substrings. the latter would be up to the client, if it willed to do so.
Framedragger: yes indeed; and now i see that maybe there wouldn't be too much of a redundancy there - that is, when gossipd arrives, dns server could still accept pgprams, they'd simply come via gossipd - and the latter may even sit behind an abstracted network interface, etc.
Framedragger: and, i suppose, republican dns server could work in a way that already facilitates session-less communication - pgprams issuing orders to change zone files, etc.
Framedragger: mircea_popescu: my excuse is, i don't feel like i have enough original content to keep spamming your comments box. what can i say. such self esteem
Framedragger: and maybe it's worth to focus on gossipd first. but i see what you're saying regarding these two things being parallel. i guess.
Framedragger: the whole "patch a DNS server and run alternative root" effort sounds interesting and useful, but, as you said, eventually the underlying layer would need to swapped for gossipd anyway. in gossipd, UDP/TCP as currently used by DNS may not even work. hence there may be a redundancy of effort;
Framedragger: so yeah, running a republican dns root would still imply "collaborating" with current internet infrastructure. reform, not revolution. something like, in those tmsr ISP discussion, someone e.g suggesting to acquire an autonomous system number for tmsr. "is it even worth it."
Framedragger: to an extent, i would say, no? in gossipd, user would have their own "hosts" file, mapping mircea_popescu to $fingerprint or w/e
Framedragger: there is a nuance: if lotsa customization is needed, perhaps time/energy is better spent on gossipd. a logistical question i guess.
Framedragger: hmm. i'm still not sure if your scheme does not require additional customization of dns server software (bind/unbound/whatever). i mean, if it does, so be it.
Framedragger: delegate = "i don't know about this, but this guy does. ask him"
Framedragger: (i mean, there could be caching servers, but they'd have to have the same up to date map of all strings to IPs.)
Framedragger: mircea_popescu: this implies that there's basically a single dns server, though. it does not delegate to other dns servers, like what we have now
Framedragger: ben_vulpes: do you have logs for #opennic somewhere handy by chance?
Framedragger: ben_vulpes battling it out in #opennic, i see!
Framedragger: "His "reactor" ended when the EPA declared his backyard as a Superfund cleanup site due to hazardous levels of radiation." oh yeah i remember reading about that! hm. so, radiation kills, then. RIP boy scout.
Framedragger: (btw amusingly, non-reich DNS roots are called "alt roots". tmsr could call it "*the* dns root", or "the republican dns root". or something.)
Framedragger: this is fine as long as it's made clear in regards to ownership etc.; but it does put some additional responsibility / ontological charge(?) onto folks who'd own a TLD