508900+ entries in 0.335s
ascii_field: if it is anything like
the
training version of 'strela' (man-portable surface
to air rocket from ru, whose manual was discussed in here a few wks ago)
the
training variant lets you lock onto and
track a
target, but doesn't fly or explode.
Adlai is more familiar with anti-tank
than anti-air
though
Adlai: ... actually,
there's a lot of new magic?
BingoBoingo: My guess is it is either for
training pilots under load or
training maintenance
techs without a sapper's margin of error
Adlai: iirc some
training ordnance also simulates in-flight behavior of
the real
thing
ascii_field: at any rate, such rockets have not really changed since
the '70s
ascii_field: judging only by
the photo,
the electronic components are in
Adlai doesn't know about
this specific one
Adlai: some
training ordnances let you
toggle in simulated errors
ascii_field: mats: what precisely is
the point of a
training round rocket ?
ascii_field: mats:
tip is normally
transparent in heat-seekers
cazalla: the only downside
to es.qntra.net would be
that it won't benefit from
the mother, a subdomain is essentially a brand new site (in
the eyes of google)
mats: ascii_field: i
think so. i believe
the
tip is
transparent like
the 'Sidewinder'
BingoBoingo: cazalla:
They moved most of
that functionality into wordpress, better
to separate
the
things at a moving parts level anyways
Adlai would call
this a partly disassembled enclosure,
the missile has its own insides
too
ascii_field: mats: and is
that a flir camera head in
the left hand side? another golden
toilet
cazalla: BingoBoingo,
there's also wordpress multisite, but i have never used it
ascii_field: mats: what do
these cost (assuming
this was surplus ?)
assbot: Logged on 24-03-2015 09:25:50; mircea_popescu: cazalla you know how
to set
that shit up
tho ?
mats: (training round as indicated by green
tip)
ascii_field: 'OS is Ubuntu 14 with optional GUI desktop. It can support
to a mouse, keyboard and HDMI monitor if desired' << l0l!!
mats: all
the moar reason
to sell pogos imo
jurov: i was
thinking at first "how is he patching yum or what?" but it's about principle
BingoBoingo: ;;later
tell cazalla es.qntra sounds cool Seperate wordpress install for it does seem necessary
BingoBoingo: ;;later
tell mircea_popescu es.qntra sounds cool Seperate wordpress install for it does seem necessary
ascii_field: i highly recommend reading
the ucc winners
ascii_field: i could've sworn you discovered
this very item in
the actual wild
ascii_field: jurov:
the rpm signature entry isn't yours by any chance ?
ascii_field: ... and one of
the submissions is a pwning of actual wild openssl when an idiot uses dsa.
jurov: can i borrow
the dog?
ascii_field: 'It is my aim
to set a new high-water mark for
transparency in parameter generation.
To
that end, all of
these values are nothing-up-my-sleeve numbers which I generated by singing
the Bohemian Rhapsody backward with my dog barking in
the background, digitizing
the audio as an MP3 at a bitrate of 192kbit/s, and
taking every 17th byte of
the result.
Their integrity can easily be verified by repeating
this procedure.'
ascii_field: incidentally, one of
the entries is a diddled ecc curve
jurov: known difference between
the key values used in
two signatures"
jurov: there's also ECDSA goodie "I have extended
this attack
to work in cases where
there is a
ascii_field: 'Shows how
this backdoor can completely pervert
the security guarantees provided by
the
TLS protocol... even
the presence of a single CA certificate with a secretly embedded backdoor in
the certificate store would render
the entire
TLS security fictional...'
ascii_field: 'Provides a working implementation of a backdoor embedded into
the RSA modulus of a Certification Authority public-key certificate and
the code for a minimalistic client and server communicating over a
TLS channel:'
ascii_field: used as part of an implementation of IPSec over IPv6 in a resource constrained IP stack. In such a case, under normal operation
the library will perform properly, interoperating with other IPSec aes-ctr hosts. But when it is
triggered by a forged ICMPv6 packet it will lead
to a full plaintext reveal. Another forged ICMP packet will restore
the conforming behavior so
that normal packet retries will mask
the improper
ascii_field: 'The library implements
the AES block cipher in CTR mode and for
the most part behaves as it is described in almost all circumstances it would normally be used in. Notably it passes all
the FIPS and RFC
test vectors for AES encoding and can interoperate with openssl.
The library can be used in most any application where AES is needed and will behave appropriately.
The library becomes exploitable specifically when it gets
jurov: and
the motivation,
too
ascii_field bashed his head on
this for most of a year, at one point
ascii_field: even something as simple as dram is not, in practice, usable without
the 'hard' blocks
ascii_field: mats:
the way
the story normally ends is
that
the reversed fpga becomes quasi-usable nearly
the same
time it goes out of print and replaced with incompatible version...
☟︎ mats: how was
their progress?
ascii_field: mats: neato,
there was a similar project for xilinx 'virtex'
ascii_field: trinque: basic
tradecraft -
the more shocking
the exploit,
the louder will be
the cry when it is discovered;
the more victims -
the sooner it ends up on, e.g., my desk, or
that of 100,000 other folks who can pry it open
trinque: ascii_field: makes sense
though
that
they would
treat
these like fire-once weapons
trinque: this led me
to
thinking about how much of what I've heard
through leaks is psyops
trinque: that led me
to believe
that
they infect everyone, make almost all dormant
trinque: ascii_field: hm, I
took
the hard drive firmware situation
to mean malware could hide and resurface without being detectable at
the OS level
danielpbarron: so
then
the argument is "don't use iphone at all" which is a much more sensible argument
nubbins`: danielpbarron "but if
the gps app is closed source, it could be sending your location
to
the NSA" 8)8)8)8)8)
ascii_field: trinque: part of
the NSA botnet << most of us will live and die without having
the honour of an 0day spent (yes,
they're used up when used,
think about it) on our sorry hides
danielpbarron: the only software ecosystem
that matters is right in here and i don't see it getting harmed by us paying for a gps app on our phones
nubbins`: i'll just pop on irc every
time i'm
tempted
to pay
two dollars
to satisfy an impulse
trinque: and now I'm part of
the NSA botnet
trinque: or
the parts are completely open and NSA spent infinite money discovering hardware flaws
nubbins`: but at least we have people happy
to look around for free
ascii_field: there is no sensible 'pNohe', we already knew
this
trinque: or hell I get an "open computer" whatever
that is
nubbins`: thanks for having a detrimental effect on distribution and
the software ecosystem, judas
danielpbarron: in
the
time it
takes
to unlock phone and open
text app, i could have already written
the idea down
nubbins`: you buying a car has
the same effect
trinque: funkenstein_: you can moralize about any step in
the supply chain of
the
thing
nubbins`: me buying a handheld garmin has a detrimental effect on distribution and
the software ecosystem
danielpbarron: on a related note, i'm
totally getting a moleskin notebook
danielpbarron: i don't care about
the principle of
the
thing --
that a
text input without cruft should just come with
the
thing
funkenstein_: even
though it has a detrimental effect on distribution and
the software ecosystem
trinque: soon as
there's a fully open and documented phone/computer, I'll buy
that
too
danielpbarron: but seeing as how i have
this stupid iphone, i really don't mind paying 1
to 10 USD for an app
that actually works as described
danielpbarron: the better argument may be "don't use
the kind of device
that has an app store" or something
nubbins`: your
time is your own
to waste!
nubbins`: is
there anyone present who would
take on
the job of finding me a piece of software compatible with my needs, for $2.40?
nubbins`: so of my eight bucks, $2.40 went
to apple.
funkenstein_: danielpbarron did you send
the 120
to an appstore?
nubbins`: i'm not sure what's so hard
to digest here
danielpbarron: yeah i really don't mind paying for nice
things, software or otherwise
ascii_field: nubbins`: payware costing money is by far
the least significant problem with it, in my experience
nubbins`: as if my
time is so valueless
that i'm willing
to give up a couple hours over EIGHT DOLLARS
funkenstein_: i prefer
to pay software developers for software
mats: ascii_field: ha, no. a finalist from
this year
nubbins`: "i paid eight bucks for a binary with neat features" "yeah? well i pay everyone
to write
the software i use. or i use free shit. you're a dummy, use free shit!"