5800+ entries in 0.021s
Framedragger: mircea_popescu: because i thought the question may have been truly stupid, and turns out it sorta was!
Framedragger: mircea_popescu: ah, shit. for some reason the first time i've read the message storage format (in the general sense), i.e. "time, X, Y, text", i read it as from X directed towards Y. my shitty fault
Framedragger: (the PoC seems neat, with a custom bogus malloc library that mysql is told to use by a malicious config file loaded by malicious mysql trigger)
Framedragger: and also from the cve, "The vulnerability can be exploited even if security modules SELinux and AppArmor are installed with default active policies for MySQL service on major Linux distributions."
Framedragger: summary by one lucb1e, "people that can run queries on your MySQL server, either by legit access (shared webhosting or something else) or via an SQL-injection vulnerability, can execute commands that might root your server. Looking at the PoC, it seems possible to overwrite any file that the MySQL user (or whichever user MySQL runs as) can write to."
☟︎ Framedragger obligatory swear towards paywalled PDFs. two evils at the same time, "CS" "academia" ftw
Framedragger: topic-based publish/subscribe has been sorta well researched, but i guess this problem is on another 'layer': gossipd document would leave this for 'implementation'. even though it may not be trivial at all, to make decisions regarding such matters, choose best spec, or design it from ground zero. but of course makes sense to discuss the foundations first
Framedragger: mircea_popescu, asciilifeform: regarding gossipd, aside from the central point of disagreement, regarding a "lighter" matter: what about subscribing/unsubscribing to "topics" (a kind of pubsub model)? because there's no discussion of multiparty chat as of now; or is there not to be, in gossipd?
☟︎ Framedragger: yeah meknows, it should first do the hostmask and only then enter room. will need to check innards of bot.
Framedragger: (may put in additional commands but those are lower priority)
Framedragger: asciilifeform: re. "Enemy can spam the channel but each of his packets can be rejected in ~constant time~" - ahh! that clarifies matters for me. will comment on blog later by PC. ttyl
Framedragger:
http://log.mkj.lt/trilema/20160911/#199 << ah, scheiße. unfortunately fix involves rewriting part of the log viewer which is based on regex. (to be clear, my fault entirely, of course). will be done - but not instantaneously, am afraid. thanks.
Framedragger: [things are back up. also, doing ssh stuff via shitphone sometimes worx.]
Framedragger: (and ftr hosting a parliament candidate's website on the same server as something to do with tmsr may have been a choice too curious.)
Framedragger: r them to recover, and meanwhile i'm off to a punk concert. ttyl.
Framedragger: mircea_popescu and everyone, so just in case it was unclear, everything to do with mkj.lt is down 'cause (apparently, as of now) the network is down. cause as of yet unknown, as they've confirmed when i called. the system also helpfully informs me that server is using 64.50 GB out of available 10.00 GB, and the free disk space available ("-54.50 GB") is less than the recommended free space amount. things shall be migrated, i will however wait fo
Framedragger: [lol, massive outage of servers (
http://gedimai.iv.lt/?id=493) - "we hereby inform that presently the majority of our network nodes are experiencing issues [read, are +/- down]; therefore the servers behind said nodes may be unreachable." i'll bitchslap them after they recover
☟︎ Framedragger: if they send me a letter saying "our network got fucked due to ddos initiated at your ip" imma laugh
Framedragger: gonna learn to host tmsr stuff separately from $random_websites_for_relatives_etc , too; collateral damage much
Framedragger: so apparently the hosting provider which i've been paying since 2008 without sweat just went down. like, i can't load their homepage and client area. they better have a good explanation for entire cluster going down
Framedragger: mircea_popescu: no objections!! this is good stuff. can't see home partition under `mount` - disk subsystem appears to have failed. (so unfortunately may not be due to bots - yet; OR.. things are even more ominous, in which case, fun!)
Framedragger: (crazy. i'm dumping the contents of vim buffer through the literal ssh terminal, by hand, 'cause i can't save them and i need to. good times!)
Framedragger wonders if it's the trilema-following bot army. will check
Framedragger: [oh shit, mkj suddenly went from 16gb disk space available to 0; bear with me]
Framedragger: " 'how long node a and b have been in communion'" - right, that i can understand, that it's not good
Framedragger: asciilifeform: tho am not sure if it's necessarily bad, to leak incremental nonces. i mean, i know you don't want to leak one single useful bit to da enemy; i don't know if it's a practical constraint, even if it is laudible.
Framedragger: actually, nm. if you don't want to leak incremental info of this kind, i guess it does become more difficult
Framedragger: nonce + hmac? ah, but, hmac uses symmetric crypto oh noes :/
Framedragger: asciilifeform: that's what i'm worried about, you may have to burn IP, too. and i'm all up for mesh networks and post nuclear radio, but kinda sucks that the whole internet backbone may be incompatible with proper gossipd, gotta admit.
Framedragger: [like, *of course* the only reason we want a spec which allows for data in initial syn packet is for shitphones to be able to load google ads quicker. use for security???! nowai]
Framedragger: [OT just for the record, it seems that rfc 7413 ("tcp fast open") won't do any good because (lo and behold) not only would it not save against syn floods, it'd actually introduce new attacks (2.2 and beyond). and existing mitigation techniques may not work. gotta love those people. yeah, fuck tcp.]
Framedragger: true that. goes the extra way to fuck women, metamorphosis and all, so i'll give him that tho
Framedragger: and gossipd without any auth whatsoever wouldn't really be that? in all honesty, i should reread the spec, which is probably outdated, and log search sucks, fml
Framedragger: besides, they'd get confused themselves, what with deliberately no message authenticity; and we shall have a good time. am i stretching here?
Framedragger: mircea_popescu: how about i (an nsa employee, say) just make a filter which grabs all observed gossipd traffic (packet timing or w/e, and if it's an actually new transmission protocol, then supreme joy is me) and send it for further analysis. i shall assume that while it's not certain which messages are legit and which are not, the offending t3rr0rist group is too lazy to transmit proper false positives to provide noise,
Framedragger: yes this is lulzy and a disservice and i agree the reputation is not insanely great.., so to speak.
Framedragger: maybe. and i agree that without prototype difficult to talk of this anyway
Framedragger: mircea_popescu: statistical models? sure, no *guarantee*.
Framedragger: (i am aware that proper gossipd doesn't have to run over internet)
Framedragger: btw wouldn't "nothing signed" gossipd reality actually be not "only among chosen clique" but rather "only chosen among clique [so, okay, not for all] plus whoever listens to internet backbone including all teh agencies"?
Framedragger: semi-orthogonal (but not too orthogonal): ditching the conceptual level for a second and thinking about mundane reality, would a new transport layer even *work* given current internet infrastructure? there are problems with ICMP traffic on some ISPs (sure, ISPs should die anyway, and esp. those i hear you say.) this can be tested to some extent, hm.
Framedragger: is rfc7413 even supported by any tcp stack tho? (inb4 all tcp stacks must die!1 [not disagreeing in principle])
Framedragger: then the argument does admittedly slide a little: yes okay, this is great that it can't be DoS'd that easily when the time comes; and yet it still has to parse multiple packets before it determines that hey, i don't know this fingerprint.
Framedragger contemplates a PoC `register` attack on deedbot
Framedragger: mircea_popescu: pull the key. which it effectively does with the `register` command
Framedragger: ah, you mean that it could restrict sending challenges to gpg identities that it *already* knows about (l1 / l2 / whatever)?
Framedragger: asciilifeform: also, talk about increased attack surface / complexity
Framedragger: right. wonder if it's any harder to have the p2p part be separate. it can create a local mountpoint which would just be additional folders/files for V to process
Framedragger: why not have p2p client for stuff like this but which would be agnostic to internals of V, and separate from V? it can use V's .wot, tho
Framedragger: omg attempting
https on trilema.com gives common name = server1.nigger.com, email = ssl@server1.nigger.com -- l0l0l.
Framedragger: will make it so previous links on e.g. your site don't break; just that default links generated when clicking don't include the thing
Framedragger: like, there's a line between stimulating the forum and trolling that should not be breached
Framedragger: it did, it did! but i feel i may be wasting people's time by asking to look into half-baked ideas