log☇︎
799900+ entries in 0.532s
pankkake: yes, but the mom shouldn't have declared a father
nubbins`: from what i can gather, the two moms got on welfare and the state wants the cup-cummer to repay $6k worth of welfare cheques
nubbins`: further food for thought: it's the state, not the women, who instigated this process
pankkake: with all these stories I'm afraid of where my sperm goes
nubbins`: "We are two hot lesbians who are looking for a man to visit our house and cum into a red Solo cup"
nubbins`: i can see the craigslist ad now
nubbins`: "...while agreeing to donate sperm in a plastic cup to Schreiner and Angela Bauer..."
nubbins`: but how was the sperm collected, you ask?
nubbins`: TL, DR: a doctor didn't collect the sperm
nubbins`: how many mpex brokers are there, anyway?
jspiros: I think the web is fine for what it was originally designed for; hacking desktop-style UIs into it is when things started to go wrong
nubbins`: web is the worst fucking medium to write for
jspiros: though I would be happy writing GUI apps too, for desktops; I'm just tired of mobile or web as the primary options
nubbins`: "hit F12... now C... now 3... Tab twice... F2 that..."
jspiros: I am in the same position as pankkake, I am tired of webdev and wish people would pay me to write CLI/TUI apps
nubbins`: developed in the 80s
nubbins`: at my last job, all the front-line staffed used TUI
pankkake: http://www.beeeeer.org/ now this is a good website design
kakobrekla: i think it would be better if its inbrowser faked cli
pankkake: especially the bad ones
pankkake: kakobrekla: well I do write CLI interfaces to talk to websites
kakobrekla: anyone wants to do bitbet console version :)
nubbins`: in general usage, web services don't have an I of any type, CL or otherwise
nubbins`: well sure, but they're not really used that way in real life
pankkake: true. that's what I was mostly doing with the webby stuff
kakobrekla: i think some do
pankkake: you had to run the interpreter and import the lib
pankkake: actually, at some point, I started projects that didn't even have a CLI
nubbins`: pankkake, there's plenty of coding to be done that's not web apps and not CLI
pankkake: not many people want to pay me to write CLI applications though!
pankkake: I am trying to branch out of web applications
nubbins`: i did web apps for 5 years and then ragequit
benkay: too bad web applications are the only way to develop affordably in a way that most mobile browsers can access surfaced data
nubbins`: "well that depends, can i just walk into your house and fuck your wife?"
nubbins`: at my last job, there was at least one asshole on each project who would ask "can we just disable the browser's back button?"
benkay: yeah i had a conversation recently where the conclusion was 'we no ams use back button'
nubbins`: fuck the back button
benkay: all the things
benkay: it's not that dev's can't in2 html, it's that once a person starts calling themselves a 'dev' they generally have left html behind because the dom is a stateful nightmare to program for
jurov: i'm using xml templates, somewhere there in between was the reason i can't just comment everything out
nubbins`: nah there's no doctype specified
pankkake: it probably just needs the html5 doctype
pankkake: jurov: no, that was the joke :p
kakobrekla: which translates to only idiots do it
nubbins`: making pages w3c compliant is suck a fucking pain in the hole
pankkake: no, html5 basically admits "devs can't write correct html, so we are going to spec how browsers should react to bad stuff"
nubbins`: it's also the html 4.01 spirit
pankkake: kakobrekla: that's the html5 spirit!
nubbins`: "fuck compliance" is the general mantra, yes
pankkake: yes, that's the way javascript should be included: <!-- <script></script> -->
nubbins`: tho few are willing to admit it
nubbins`: when i made sites with JSF, i don't think they generated any CDATA tags
jurov: and it just isn't possible to insert stuff marking the section reliably into xhtml
jurov: somewhat like literate programming to organize code to not get crazy
jurov: i am using a tool to generate stuff from outline
nubbins`: <![CDATA[//> tags everywhere
pankkake: given that I do a lot of website parsing, I hate it :p
nubbins`: but it tailors it to the individual's browser/os
nubbins`: i mean, the code it generates is FUCKED
nubbins`: it's not as bad as people like to think
pankkake: but things like php help you do exactly the wrong thing
pankkake: well, that depends on your tools, too. you can roll your own with libs that help you do the right thing
nubbins`: roll your own website, and you're taking on all that responsibility yourself
nubbins`: because generally intelligent people have thought this stuff through
nubbins`: yeah, no, i don't think it's do-able
nubbins`: "Session verification failed. Please try logging out and back in again, and then try again."
nubbins`: i think so
nubbins`: well you'd need to know the value of sesc to successfully load the iframe
kakobrekla: load the edit post page in iframe, read off the url?
nubbins`: but the question remains: how to get it?
kakobrekla: if you edit one of your own posts you get in in the url
nubbins`: not before the form is loaded tho
kakobrekla: yes but i think sesc is obtainable
nubbins`: TBF this would have been an issue with the forum software itself
nubbins`: okay, looks like all the important actions are protected from this by storing a session variable in a hidden text field and submitting that with the request
nubbins`: i was amazed to see shit like this in a production environment
mircea_popescu: nubbins` this is how you know a site that claims it's trading X btc/day actually does : ridiculous csrf bugs don't drive them out of business.
nubbins`: anyway, i tried to use the same trick to reset a user's email address -- that one is not possible
pankkake: also the guy isn't even providing new genesis blocks
nubbins`: i sometimes wonder how much money got stolen form havelock, btc-e, btctctctct, etc via these CSRF bugs
mircea_popescu: simlay sounds right. i thought it was frenchie's
pankkake: I thought of doing it, but the doing the "windows binaries" thing annoyed me
nubbins`: nah that was all hand-crafted by yours truly
pankkake: it's not mine… neither the much profit
nubbins`: mircea_popescu: the havelock one? yeah, they patched it up right away
mircea_popescu: o that page wasnt yours ?
nubbins`: FWIW here's the similar vulnerability i disclosed to havelock last summer:
pankkake: GlobalWarmingCoin now that would work!
nubbins`: i give up, may try to poke at it some more later
pankkake: I don't think there is anything worse than anynomous voting
mircea_popescu: the mem dood disappeared, to be replaced by a new muppet
Apocalyptic: you can't oppose people's will like this
Apocalyptic: pankkake, but they voted !
pankkake: the whole thing is depressing
pankkake: "75% out of almost 200 people voted the money should be returned.. Scam job wrote all over it, It's time to give negative rating to MPOE-PR"
nubbins`: post3 bumps you to /index.php
nubbins`: action=post2 spoils the request
kakobrekla: you are requesting action post 2 while posting the form
nubbins`: you know, you could potentially reset people's passwords like this
Apocalyptic: nubbins`, just start wireshark so you can compare the requests and see what you're missing