tmsr - Search: " T"

487100+ entries in 1.836s

asciilifeform: if that's 'pretty clean', i shudder to imagine Naphex's idea of 'dirty'

Naphex: asciilifeform: and you get all sorts of added on. as well the standerd jre is pretty clean. most of the exploiting fun is on j2ee app servers and other enterprisey thingies

asciilifeform: other than by -not using it-

asciilifeform: Naphex: how do you take care of undiscovered 0days in turdware stack ?

assbot: Logged on 25-04-2015 18:29:26; mircea_popescu: not to even consider the fact that once this commodifies, the night discount goes away

asciilifeform: http://log.bitcoin-assets.com/?date=25-04-2015#1110320 << fits right in the the other 1,001 things that turn into turd ideas when 'everybody does it', like private automobile ☝︎

Naphex: asciilifeform: applets are applets and security issues are all around. being a good dev implies taking care with deploying your product ☟︎

asciilifeform: trinque: was among top ~10 for 'clojure' per se, for a while

trinque: asciilifeform: reminds me, you are the top result for "critique of clojure" on my googles at least

gribble: The Java Security Exploit in (Mostly) Plain English - Tim Boudreau: <http://timboudreau.com/blog/The_Java_Security_Exploit_in_(Mostly)_Plain_English/read>; Report: Half of all exploits target Java | JavaWorld: <http://www.javaworld.com/article/2104862/java-security/report-half-of-all-exploits-target-java.html>; Java and Java Virtual Machine security vulnerabilities ... - Black (1 more message)

Naphex: well its better to learn from best practices on these kind of things and drill down

assbot: Logged on 25-04-2015 18:22:57; mircea_popescu: http://log.bitcoin-assets.com/?date=25-04-2015#1110187 << you know how the literary criticism goes, "don't tell, show". you've not really shown.

trinque: neither is boot time being fast relevant

Naphex: trinque: boot time is fast anyway

mod6: but i'll just take your word for it.

mod6: i have a chroot set up, and all that. im still not even sure how any of this will work.

trinque: you still have to configure it

mod6: that's what i just am doing now. it's compiling from that.

trinque: uhuh, that's not a compiled kernel

Naphex: later you can keep on recompiling the kernel

assbot: Installing the Gentoo base system - Gentoo Wiki ... ( http://bit.ly/1bFqFwF )

asciilifeform: ;;later tell ben_vulpes http://imgur.com/a/xogco << back from this

Naphex: but if you wanna learn on aws go for it. if you just want to set up chroot and start bootstrapping

trinque: no sense in giving him the answers to the test

Naphex: trinque: i like doing it once and then just reusing the config on the same hardware :P

trinque: sure configuring a kernel is a massive pain in the dick, but at least you get more acquainted with what's in there

trinque: recompiling the kernel 100 times is sop

Naphex: trinque: yeah but might as well just skip the kernel.

mod6: i just copied my config to .config, w/e

Naphex: mod6: i'd just do the chroot thing and getting it done. doing a custom kernel won't help you much running in a hypervisor

trinque: typically I copy the config there, and also store it elsewhere for reuse

trinque: mod6: there may or may not be a flag to tell it to use a different config file, but by default it will use .config

mod6: ok qq: i saved the config as 'btc-dev-gentoo64-ami.config', under the chroot: /usr/src/linux ; do I need to do anything specific to ensure that I'm compiling with this config instead of the defaulted filename '.config' ?

trinque: it's a problem that from the perspective of trying to maximize occupancy is much easier to solve with the virtualization turd

trinque: that part might be retarded, and effort might be better put into anticipating what hardware needs to be on the racks already

trinque: that's where having racks that can rack/unrack hardware on the fly and a uniform backplane sounds appealing

trinque: so then, the nice thing about ec2 is you can spin up instances of various sizes and it "just happens" rapidly

williamdunne: Sure, just the general idea

trinque: not that I don't own many of them

trinque: williamdunne: yeah aside from the rpi being a particularly heinous device

trinque: williamdunne: I tend to think there's a place for metal as cheap as a micro ec2 instance for example

williamdunne: trinque: Wouldn't that be the same as any DC that offers cheap metal?

trinque: I am embarassed to admit that it took until this year for me to discover that

mod6: ok cool. thanks.

trinque: and from that screen a number key will let you jump to a result

mod6: i don't even see the paravirtualized guest support option

mod6: this menuconfig thing ...

trinque: I once worked for a company that was early (first?) in the server blade space; something like that where there's a uniform backplane which can host different configurations, maybe

trinque: what I'd love to see someday is a DC with no virtualization, just tinier boxes ☟︎

mod6: i guess this is just my first attempt at it. this build of gentoo needs to built with nothing extra so we can build all of the rest by hand, then we'll have a clue as to what tool chain it's using and it's not using something wacky behind our backs.

mod6: yeah, i got that from the above convo about hypervisors. thanks.

trinque: rules out a class of problems I guess, but certainly should still be considered enemy territory

trinque: mod6: of course as per earlier thread, this idea that xen guests can be secure is laughable

assbot: Your emotions are irrelevant, and you've missed the point - Chedr ... ( http://bit.ly/1DnrEXF )

menahem: seeing as everyone is posting their blog love, i did write this today: http://chedr.ca/2015/04/your-emotions-are-irrelevant-and-youve-missed-the-point/ (brings up mircea_popescu 's discussion on RIPple with W3C) ☟︎

mod6: ok thx!

mod6: yeah, not on this machine. i'll probably end up creating a totally seperate 32bit instance at another time.

trinque: no-multilib is probably fine if you don't intend to use any 32bit things

trinque: what's the title

trinque: dunno them by number :)

mod6: alright. pretend i don't know what any of that means.

trinque: with the normal glibc, not any of the alternatives

trinque: mod6: I tend to use the hardened profile along with a hardened kernel

mod6: trinque: going throught this 'building a gentoo ami' guide... any thoughts on the "Select system profile" section? I was about to pick #11...

cazalla: ben_vulpes, first link in your "Bitcoin needs no changes to destroy your world" article is busted

wyrdmantis: williamdunne: I appreciate the "Lego Under the Giant's Feet" header among other things. And the paypal post also :)

williamdunne: Wyrdmantis: Thanks for the words earlier.

assbot: Logged on 25-04-2015 18:27:00; mircea_popescu: cazalla dude the http://qntra.net/archives/ page kicks ass.

cazalla: http://log.bitcoin-assets.com/?date=25-04-2015#1110314 <<< this is just the default manner wordpress creates an archive page, i think, unless bb made changes ☝︎

williamdunne: While comparisons between bitcoin and a party fully of popped-collars are fine it doesn't really answer the question

williamdunne: I guess what missing from it is that I still don't see why the increase in block-size, or easier access to running a semi-node is inherently bad

ben_vulpes: hey well mircea_popescu i'm off to have some real coffe

williamdunne: depredations of the vile capitalists, ultimately serving only their own cronies at the expense of both those who funded their campaigns and those who voted for them. " heh

williamdunne: "I am not saying that the needs of the many will not be heard or, when they're justified needs, attended to, but I am saying that they must be channeled through their liege lords instead of democratically elected "representatives" who solicit donations from the rich by promising to protect them from the ravages of the destitute mob, and votes from the destitute mob by promising to protect them from the

ben_vulpes: the point is a constrasting of how people use keys (properly) and how people use trezors (improperly)

assbot: Your reputation is a commodity — Lego Under the Giant's Feet ... ( http://bit.ly/1PBwfOT )

mircea_popescu: ima read this noob blog later, off to eat some steak. you know what this means, ben_vulpes ? steak ? yes ?

mircea_popescu: https://pbs.twimg.com/profile_images/572468782057013248/WtdCdJXG_400x400.jpeg << so who are teh people ? ☟︎

mircea_popescu: sucks toi be you i guess.

williamdunne: But I would prefer to be in business and doing compliance than out of business and not

mircea_popescu: i know that if i'm the guy where the buck stops (usually rendered as "ceo" in anglocircles) then god damned are my opinionsmandatory for the whole organisation. wtf else are we even doing.

williamdunne: mircea_popescu: More specifically it means staying in business is more important than my morals

mircea_popescu: and whence is mimex to get OTHER opinions from ? you got a coo ?

mircea_popescu: "CEO MIMEX, opinions displayed do not reflect those of MIMEX" << what sense does this make ? if the opinions of the ceo are not mandatory for mimex, then what does "ceo" mean ?

assbot: Your reputation is a commodity — Lego Under the Giant's Feet ... ( http://bit.ly/1PBvAwW )

ben_vulpes: heh without trust there *is* no product.

mircea_popescu: the trustworthyness of the operator is first. liquidity second. features maybe third tho ideally the thing should be just open and anyone can build their own features.

williamdunne: ben_vulpes: I'd disagree, while liquidity is important when it comes to profiting through trading there are features that matter, i.e leverage

assbot: Venture Backing isn't enough if no-one wants your product — Lego Under the Giant's Feet ... ( http://bit.ly/1PBv81B )

ben_vulpes: http://thethug.life/product-before-capital/ << an add'l note on the exchanges is that the product here is of necessity undifferentiable except with how liquid your shit is

mircea_popescu: (what i mean is, you don't get the option ot have some here and none there. if you have some, it's everywhere)

mircea_popescu: socialism, after all, is not optional anymore than water level is optional.

williamdunne: I think I covered the WoT a bit (well, GPG contracts) in 'Your reputation is a commodity'

mircea_popescu: make it the job of banks to police, etc.

mircea_popescu: puts the entire serenissima vs nato dispute in much better contrast, from this angle. they want to infect everything with everything,

mircea_popescu: take discrimination and put it in the wot <-> currency has no business discriminating.

mircea_popescu: "immutable, fungible, non-discriminatory, and trustless" hm. this seems actually correct.

williamdunne: Sure thing, well someone had to make use of the gTLDs

mircea_popescu: williamdunne so add it to the scoop

assbot: Lego Under the Giant's Feet ... ( http://bit.ly/1PBuzVF )