asciilifeform: where did mod6 get the idea that this was a gentoo-specific thing ?

asciilifeform: why -- ask the wreckers, not me.

asciilifeform: default is a non-8bitclean tty.

asciilifeform: it has to be done on all known unixlikes.

asciilifeform: ( i must point out, if it doesn't , you may not get any warning, other than idiot linux kernel silently dropping bytes, e.g. 0x03 )

asciilifeform: mod6: stty thing worked without problems ?

asciilifeform: congrats mod6

asciilifeform: mircea_popescu: sorta the whole point in even having pediwikia -- so that they can have this.

asciilifeform: 'Also on #bitcoin-assets, but that place is very toxic. People on #bitcoin-assets probably have info about bitbet.us, but they aren't quite sane, so be careful.' << lolx2

asciilifeform: '...for all the bad rep Mircea Popescu gets (trolling, narcissist and an asshole in general), his websites are trustworthy, never been hacked and works.' << lel

asciilifeform: ( http://archive.is/fJuR7 << expert entomologists only ! )

asciilifeform: in other lulz, bitbet.us '...is no more, for what he thought was h2o, was h2so4'

asciilifeform: psaki ?

asciilifeform: they're the intended victim, much of the time.

asciilifeform: ( the various 'buried in cement' routers, modems, etc. exhibited in phuctor , say . )

asciilifeform: megatonnes of 'internet of shit' boxen hanging around, unpatchably.

asciilifeform: if only

asciilifeform: the almost forcible induction of gendercommitters, wimminzintech, etc. mushminds into open sores -- tops off the supply of deniable, 'free-range, organically grown' liquishit

asciilifeform: the lulzy bit re pwnholes is that they are a renewable resource: every major version of ~everything introduces a few dozen new ones.

asciilifeform: iirc it was spared, last-minute.

asciilifeform: warthog is actually gone nao ?

asciilifeform: waiwat

asciilifeform: (dun mean it's impossible.)

asciilifeform: also i have difficulty picturing enemy burning a hole without having ready replacement.

asciilifeform: pretty sure that they earnestly see it like this.

asciilifeform: mircea_popescu: per the tards' internal logic -- 'we burned the vuln -- we own the tendrils'

asciilifeform: mircea_popescu: you'll also love how it is done because... prngs sometimes PASS when you do this (how ? idk)

asciilifeform: ( also note, rarely is anyone interested in ALL possible branches in ALL of ram -- typically you want some particular set. )

asciilifeform: but again i don't have a working set of box+proggy. only box and manuals.

asciilifeform: it's as reliable as the box it was slaved to, signalled when the bucked filled, to go and empty.

asciilifeform: well of course fixed, how else.

asciilifeform: (and to store whatever else that dun fit in the standard debug regs)

asciilifeform: mircea_popescu: iirc it worked by cordoning off a portion of l0/1 caches to use as trace record

asciilifeform: Framedragger: https://archive.is/qEQNe << likbez

asciilifeform: but for 'record all jumps'

asciilifeform: mircea_popescu: he wasn't trying for ordinary trace

asciilifeform: Framedragger: nope and nope, intel's thing only works with their shitware

asciilifeform: so of 0 use, unless somebody gets hold of the magic proggy.

asciilifeform: lulzily enough, asciilifeform ~has the box~ -- but 0 software for it, it never leaked. box turned out to contain empty fpga.

asciilifeform: other than with intel's magic probe box.

asciilifeform: Framedragger: i dun recall it ever working.

asciilifeform: mircea_popescu: asciilifeform can't possibly be the first to ever try to search inside a dir of tarballs. srsly, 0 support?!

asciilifeform: (took fucking forever)

asciilifeform: it's what i ended up doing.

asciilifeform: aha!

asciilifeform: mircea_popescu: null result

asciilifeform: and of course it thinks 'single file', it's presently the only known way to grep in a tar.gz.

asciilifeform: mircea_popescu: it dun do any good for searching in tars.

asciilifeform: this is discussed afaik nowhere. but now -- here.

asciilifeform: anyone who uses apr, and works on datagram socket, gets nailed.

asciilifeform: cleverly disguised, also, it doesn't specifically mention datagram.

asciilifeform: y'know, it : http://apr.apache.org/docs/apr/1.5/group__apr__network__io.html

asciilifeform: there's a recvfrom(...MSG_PEEK...) in apr.

asciilifeform: and hey hey hey lbj!!

asciilifeform: recvfrom(....MSG_PEEK

asciilifeform: tightvnc -- ditto

asciilifeform had nfi that any awktron knew how to open sockets.

asciilifeform: in socketopen()

asciilifeform: gawk has proper invocation, exploitable

asciilifeform: ahahahaha guess what

asciilifeform: mircea_popescu: not on running disk, they live on cd somewhere

asciilifeform: mircea_popescu: no shit it's in gcc. headers.

asciilifeform: wtf is it doing in awk.

asciilifeform: Framedragger, mircea_popescu , et al : http://wotpaste.cascadianhacker.com/pastes/N9Eir/?raw=true << zgrep -E 'recvfrom.*MSG_PEEK' ... ( and bzgrep ...) from several gentoo boxen here. i even found one with -- lol -- socat

asciilifeform: lol zebra

asciilifeform: Framedragger et al : bzgrep -E 'recvfrom.*MSG_PEEK' /usr/portage/distfiles/*.tar.bz2; zgrep -E 'recvfrom.*MSG_PEEK' /usr/portage/distfiles/*.tar.gz; zgrep -E 'recvfrom.*MSG_PEEK' /usr/portage/distfiles/*.tgz

asciilifeform: mircea_popescu: see continuation of thread

asciilifeform: (if you do, you will have to compile pl2303 into the kernel)

asciilifeform: or do you have module loading disabled ?

asciilifeform: hot damn, you found one of those linuxen with no pl2303 support ?!

asciilifeform: mod6: ls /dev/ttyUSB* gives you what ?

asciilifeform: Framedragger: dieharder in particular loops around . (why ? because customary bit-poverty) ☟︎

asciilifeform: Framedragger: recommended sample size is 1GB

asciilifeform: Framedragger: it seems to find strictly 1) glibc 2) quake (?!)

asciilifeform: (unfortunately NO unixlike sets 8bit cleanliness by default, afaik)

asciilifeform: then you can the the stty thing from the instructions.

asciilifeform: check dmesg after plugging in, it will be clearly visible.

asciilifeform: (depending on how many other ttl dongles you have)

asciilifeform: where n is 0...9

asciilifeform: will be, in all likelihood, /dev/ttyUSBn

asciilifeform: it will never be tty1

asciilifeform: mod6: works ?

asciilifeform: mod6: oh hey

asciilifeform: https://news.ycombinator.com/item?id=14105718 ( https://archive.is/nmX2h ) << witness the unsurprising chorus : 'nobody used it! NOBODY! shuddup terrorist' ☟︎

asciilifeform: sadly there is no automatic means to discover which of the proggies contain exploitable invocations, other than with hard grindstone sweat (or usg's automated tool!1111)

asciilifeform: (still retarded, as discussed earlier, but won't trigger this particular boobytrap)

asciilifeform: now, not all of these invocations are of recv() for udp. most -- tcp.

asciilifeform: gotta get the line matches, with context (say, 5 up / 5 down from match.) could qntra it.

asciilifeform: gentlemen, start yer engines, perlists, awkists.

asciilifeform: ( bzgrep MSG_PEEK ..... )

asciilifeform: mircea_popescu , trinque , Framedragger , et al : part 2 : the bz2 search : http://wotpaste.cascadianhacker.com/pastes/iJwoo/?raw=true

asciilifeform marvels at the 'respectable kompooter sekoority community' today doing 10,000,001 things, none of them being THIS

asciilifeform: naturally all versions of gcc match ( they gotta, they have the header in'em -- snore )

asciilifeform: (i initially did same, when waking up)

asciilifeform: i'ma guess that mircea_popescu was grepping compressed tarballs with plain grep and naturally found nothing.

asciilifeform: but we won't know until we have a proper search

asciilifeform: Framedragger: not all of the hits are actual real-life invocations

asciilifeform: and hah, bzgrep exists

asciilifeform: i want the motherfucking filenames and lines.

asciilifeform: there are also bz2, which i have not tested (zgrep dun work on'em)