BingoBoingo: asciilifeform: "no resolve" sounds like a side effect of the DNS settings allowing NFS to do its thing not pointing at an NFS doing its thing as advertised
mircea_popescu: BingoBoingo ftr, it's euphEmisms and venezuEla. are your voewls shifting from all the tuna you're eating or what!
☟︎ douchebag: Alright, I still haven't written a V implementation. I would like to help, however programming is not my main area of expertise. I feel like writing a V implementation would not waste my time, but yours as well considering d
douchebag: others have written V implementations that would be much better than the one I would write.
douchebag: I've been focused on web application security for the past decade, just becase I'm only 20 doesn't mean I'm not skilled.
mircea_popescu: whether you're skilled or not has no bearing on this whole "area of expertise" nonsense. i've been writing for twenty years, doesn't mean i'll sit with my laptop while the girls eat each other out because fucking "isn't my area of expertise".
mircea_popescu: the whole point, not just of the "write a v" task, but of the republic altogether, is to make this sort of non-thinking you're going for both ridiculous and impossible.
mircea_popescu: i get it, it's hard and especially unpleasant in that it requires your getting off your ass, and god forbid confronting the unpleasant side of things. hurr.
douchebag: It would not be unpleasant if it had not already been done before multiple times, what's the point of reinventing the wheel?
☟︎ mircea_popescu: that it will force you to abandon your current mental rut. hopefully before it does any permanent damage.
mircea_popescu: you understand most people aren't ~born~ stupid, but become stupid through systematic effort over long intervals. do you ?
douchebag: No, I constantly put effort towards learning more and improving my skills as well as my self.
douchebag: I'd like to be helpful, I am generally a pretty helpful person. However, I just feel like I could be of more use if I focused on something I'm better suited to help with
mircea_popescu: what you're actually saying is "i opt to waste my youth". which is fine, it's yours to waste.
mircea_popescu: because you're sitting there waiting for reality to change so it may be admitted in yoru movie. that's not how reality works, though there's a bunch of people still waiting for bitcoin to be what they thought of it, back in 2015 or 2013 or 2011 or w/e the fuck they first heard of it, formed a fantasy and adhered to it.
☟︎ douchebag: Well I don't understand how I'm sitting here waiting for reality to change? Are you saying there's absolutely nothing that I could help with here in regards to Information Security?
mircea_popescu: i'm saying that your notion of helping is so constructed so as to preclude helping, yes.
douchebag: Okay, and suppose I do write a V. What's next?
douchebag: Like I said, I would like to help. I know how to code but I would be much better at helping w/ security related topics. I would not want to write a V just to find out that the only way for me to help would be for me to code stuff
douchebag: So, do you think I should even bother?
douchebag: or do you think I would just be disappointed
mircea_popescu: i don't think you can be anything but disappointed, in your current state.
a111: Logged on 2018-03-22 10:46 mircea_popescu: because you're sitting there waiting for reality to change so it may be admitted in yoru movie. that's not how reality works, though there's a bunch of people still waiting for bitcoin to be what they thought of it, back in 2015 or 2013 or 2011 or w/e the fuck they first heard of it, formed a fantasy and adhered to it.
diana_coman: douchebag, learning something is never a waste of time; and learning what you "are not good at" is quite doubly NOT a waste of time; "outcome" as you currently define it doesn't enter into it at all; and for that matter:
http://trilema.com/2015/causes-and-purposes/ douchebag: diana_coman: I agree with you. The reason I'm a bit hesitant is because I know what I'm not good at. I know how to code, I write code almost every single day. However, I don't code for the same reasons most people do
diana_coman: what are the "same reasons most people do" and ..how did you figure out "most people" in there and why they do what they do?
douchebag: I write code for the simple purpose of making my life easier. 95% of the code I write will never be ran by anyone else except myself
mircea_popescu: im pretty sure that's how it goes for most everyone here.
diana_coman: douchebag, why do you concern yourself with what other people do or not do *after* something you didn't even yet do; it's a recipe for insanity this
diana_coman: mircea_popescu, heh, remember WHY I wrote foxybot?
diana_coman: douchebag, your problem still seems to have as root the approach "towards purpose" instead of from causes; try and digest that post
douchebag: Okay, to clarify what I meant by saying "most people" is that people write code to publicly release and be used by others ect..
douchebag: I don't understand what a V is I have read about it, I have looked at examples and I still don't understand
☟︎ douchebag: If I understood it completely it would be no problem coding it.
☟︎ diana_coman: douchebag, that already sounds healthier at any rate
diana_coman: douchebag, write somewhere a summary of what you understand of it and what you don't - it will help you formulate some clear questions to...ask in here, so people can help you understand
douchebag: I literally do not understand anything. I don't know what a vpatch is or anything. The concept just does not make sense
diana_coman: there are plenty of vpatches around - have a look at them for "what a vpatch is"
douchebag: It just appears to be way of updating code, pgp signing the updates
diana_coman: douchebag, it's fine, you just need to expand now from that
douchebag: If I do this and I am successful, am I going to be expected to work on programming projects or could I find something that I would be able to help with in regards to information security
douchebag: I can identify security flaws & help with properly remediating the issue
douchebag: I primarily focus on web application and network based penetration testing
douchebag: So, would those skills be of use here?
douchebag: Also, I would be interested in starting a security firm
douchebag: Offering remote & in person security solutions both offensive and defensive
douchebag: That was a plan of mine to do later down the road
douchebag: However, if you guys would be interested in doing that sort of thing I would be more than happy to help.
mircea_popescu: you really think you're going to eat out of blabla.php?=<alert whatever ?
mircea_popescu: information security is what apeloyee's been doing on alf's blog, or ave1 on diana_coman 's or so on and so forth.
mircea_popescu: do you read the logs douchebag ? or just stumble in this window now and again and that's it ?
douchebag: I've read the logs partially, however I haven't finished them
douchebag: Alright, yes that is some very interesting research. However, that's not exactly the same area of InfoSec that I have been studying.
douchebag: Yes, and that's one of the reasons why I'm not too sure if the areas I focus would even be relevant to the projects you guys work on
douchebag: For instance, what you mentioned in regards to XSS. XSS is the sort of thing that would have little to no impact on a site like trilema.com
douchebag: However, if it was found on an online banking platform it would be very serious.
diana_coman: I can't help but read that as "I'm not too sure if my focus on finding rats in take-aways would even be relevant to your actual cooking"
douchebag: Well, I've stated previously that I intend on learning more about some of the more low level attack vectors
douchebag: Most of the work I currently do is focused around protecting customers
douchebag: Perhaps I would be able to help w/ Pizzaro ISP?
a111: Logged on 2018-03-22 10:34 douchebag: It would not be unpleasant if it had not already been done before multiple times, what's the point of reinventing the wheel?
jhvh1: asciilifeform: Bitstamp BTCUSD last: 8552.65, vol: 14072.22693838 | Bitfinex BTCUSD last: 8550.8, vol: 60153.85681754 | Kraken BTCUSD last: 8558.0, vol: 12690.6100365 | Volume-weighted last average: 8552.15078783
mod6: I would say, douchebag, that if you don't know how to, at minimum, ~use~ V, you'll find it very difficult to participate.
mod6: I've said this to others, I'm sure, that before even contemplating writing a V, you should be well versed in it ~use~.
a111: Logged on 2014-02-16 22:04 asciilifeform: old man: 'drown him, father, drown, drown.'
shinohai: !!invoice danielpbarron 0.016496929 Ecu trade (ecu not settled yet )
shinohai: !!v 24A9E807E62D1F734080DD09045384C75311E123677AB55D72CB6BC4EB21F2AA
deedbot: Invoiced danielpbarron 0.016496929 << Ecu trade (ecu not settled yet )
mircea_popescu: i do however believe the foregoing statement, that high quality, sterling stupidity is always manufactured, never inborn. most people are poorly socialized from birth.
a111: Logged on 2018-03-22 06:11 mircea_popescu: BingoBoingo ftr, it's euphEmisms and venezuEla. are your voewls shifting from all the tuna you're eating or what!
mircea_popescu: the unsustainable, unacceptable etc systematically misrepresented to them as socially acceptable, the necessary, correct etc equally systematically misrepresented as socially unacceptable... it's true that this is grade A child abuse, but then again it's also true the children so abused carry on the sad smoldering stumps of what's left of their lives
☟︎ mircea_popescu: not even sure how original the whole "nopenopenope" thing is.
ben_vulpes:
http://logs.bvulpes.com/trilema?d=2018-3-22#317063 << you showed up, said 'help, what do i do', and i said 'go, son, and this thing.' it's a severalfold test: can you wrap your head around the concepts in v? can you take orders when you ask for them? it's a layered pile of crash course in not flunking out of the republic. in re 'what am i expected to do', look either you eventually grow up and start picking
mimisbrunnr: Logged on 2018-03-22 11:17 douchebag: If I do this and I am successful, am I going to be expected to work on programming projects or could I find something that I would be able to help with in regards to information security
ben_vulpes: your own research targets in which case you're a man and can make your own decisions or you need orders and will be told what to do. picking your own targets is an act of *creativity*, which i muchly doubt i'll see much of from a metasploit crank-puller. as it stands i don't really expect you to do anything but it's a low bar and a single task to show me wrong.
mircea_popescu: now on to the issue of the vps. is pizarro coming up with something in short enough order it's worth having the whole genesis mp-wp wait on it, or rather should more business go away and hanbot pick herself yet another rando vps host ?
douchebag: ben_vulpes: Like I've said, I focus primarily on web application exploitation and I do everything manually.
douchebag: Where did you get this notion that I am a 'metasploit crank-puller'
ben_vulpes: mircea_popescu: working with asciilifeform to vpsify the idle box now
ben_vulpes: douchebag: well it's what it looks like from here, take the ad hominem and show me it's wrong yeah?
mircea_popescu: douchebag if 13 yo kid comes to psychologist's office because insomnia, and after some hymenlick maneouvering on the part of the professional comes out with the story that has "terrifying and disturbing dreams", thereuponwhich recounts numerous instances of dreamed tits, nipples and areola but 0 clits, labia or vaginal openings, the psychologist can safely thereby infer 13yo kid is a virgin.
☟︎ ben_vulpes: in unrelated "mouths of babes", "what's daddy doing? having a penis?" "every day, kiddo"
mircea_popescu: should however same kid in same situation describe anal beads with nubbins on them and other arcana 13yo kids notably (and notedly, throughout history of civilisation) can NOT on their own come up with, psychologist similarily has a solid child abuse referral case.
douchebag: Well, I've been paid thousands of dollars in bug bounties. All of which I have found manually.
☟︎ douchebag: I also work for a security firm at the moment.
ben_vulpes: douchebag: you realize you're "telling and not showing" and that nobody cares about your fiatland sekyooridee credentialing?
mircea_popescu: ben_vulpes in fairness he tried to show, and inexplicably it didn't work.
douchebag: I've showed mircea_popescu some of my blogs before
a111: Logged on 2018-03-08 21:29 mircea_popescu: meditation upon
http://btcbase.org/log/2018-03-08#1787343 yields the interesting result that problem spaces are not continuous. problem spaces are discrete, and there exists such a thing as problem spans.
ben_vulpes: douchebag: i dunno man, i'm going to weary of picking things for you in short order but maybe try to sidechannel the mpi lib?
shinohai: Here I thougt one got a certificate in monology
ben_vulpes: webshit is just uninteresting, like mcdonalds
mircea_popescu: it's interesting to me, honestly. i expect from his pow we appear as half insane half irresponsible, and the question of where's the hole the day comes in through quite poignant.
ben_vulpes: sure does not look like he's putting any time into figuring out why nobody cares about his boy scout badges.
douchebag: ben_vulpes: It's interesting to me, and considering pretty much any large company or organization has a web application in their infrastructure I feel like it's a pretty good area to focus on in terms of security research.
mircea_popescu: right. i expect it's the first time anyone even said within earshot this whole pantsuit badge collecting isn't even socially accepted, let alone required.
mircea_popescu: douchebag this is not unlike becoming a dermatologist because most people have skin.
ben_vulpes: douchebag: do you understand why it's uninteresting to this particular group of terrorists?
douchebag: You guys sure do feel great about yourselves don't you?
ben_vulpes: oh baby don't take it personally, sit with the discomfort for an hour and figure out the root of it.
douchebag: How am I projecting? You're the ones who are acting like you're somehow better because you have different interests.
☟︎ douchebag: "i don't know how you think you know better what to do with your time than mp"
☟︎ douchebag: "mp is better than you; stop pretending like he isn't"
☟︎ a111: Logged on 2018-01-23 06:43 douchebag: I can sit in front of my computer for 36 hours straight researching a specific topic
a111: Logged on 2018-01-23 06:53 douchebag: I also have an extremely good memory compared to most people, I can remember very specific details about events and conversations that happened years prior
a111: Logged on 2018-03-22 16:26 douchebag: Well, I've been paid thousands of dollars in bug bounties. All of which I have found manually.
shinohai: I could continue, but what do I care? I'm on my way out here myself.
douchebag: Oh yeah, and I'm the one projecting.
ben_vulpes: you did come here and ask for guidance, lol
douchebag: No, I came here so that I could help.
ben_vulpes: this "all hobbies are equally valid" thing ain't gonna carry water fwiw
douchebag: No, I figured that maybe I could help more
douchebag: but instead you jerkoffs just told me to write a v implementation
douchebag: asciilifeform: I can find bugs in just about any web framework, not just php.
mod6: douchebag: did you ever build trb?
mircea_popescu: douchebag no, actually : we are explicit about the [little] we feel good about ourselves. the "alternative" such as it misrepresents itself, is very successfully implicit about how [grandiosely] it feels good about itself. but somehow you don't go up to some clueless dork pretending to run a "security business" and be "your boss" and ask him whence he feels that insanely overstretchedkly good about himself. for SOME reason.
mircea_popescu:
http://btcbase.org/log/2018-03-22#1788651 << amusingly enough, i'm probably a better "website security" dood than you, if that's what you mean, or at least so the folk in the know believe, on the strenght of the various website fuckings / wp ddos writeups etc i've piled up over the years. but this is a little like disputing the sackrunning competition.
☝︎ a111: Logged on 2018-03-22 16:41 douchebag: "mp is better than you; stop pretending like he isn't"
mod6: you have never read the logs 'eh
mod6: you can't say that you read the logs, and also do not know where trb is or what it is.
douchebag: mod6: not in full, I don't have a ton of time on my hands to read 6 months of logs
ben_vulpes: douchebag: see dude this is why i can't take you seriously, you have zero context for what's going on here and yet you insist on strutting around as though you matter
douchebag: ben_vulpes: How am I supposed to take anything in here seriously if nobody can tell me anything besides
mircea_popescu: ben_vulpes "here is everything". he was promised his context is universal by teh universalist party.
ben_vulpes: douchebag: you did just get a link to trb
ben_vulpes: no fucking way anyone's going to try to enumerate the holes in your education
mod6: i gotta look this up now
shinohai: >Can't be annoyed to read logs, yet "can sit in front of computer 36 hours straight researching a specific topic"
a111: Logged on 2018-03-22 16:37 douchebag: How am I projecting? You're the ones who are acting like you're somehow better because you have different interests.
ben_vulpes: also i don't give one watt of credence to this 'no time' thing; i've read logs daily for what, four years? started and sold out of a company, had more than one 'job' at points, manage a family and still keep up and contribute
mod6: I have personally, at least, posted 'thebitcoin.foundation' in here 196 times.
ben_vulpes: douchebag: if you cannot read through thebitcoin.foundation website and get to trb i do not know what future there is for you
douchebag: Okay, suppose I can get remote code execution w/ trb
mod6: then tell us for christsakes
mircea_popescu:
http://btcbase.org/log/2018-03-22#1788650 << this is also interesting. note however it's misstated. whether you know better or not what to do with your time is not generally touched ; but you sure as fuck don't know better what NOT to do with your time, which is time and again the crux of the matter.
☝︎ a111: Logged on 2018-03-22 16:41 douchebag: "i don't know how you think you know better what to do with your time than mp"
douchebag: I just don't see what was so damn difficult about that? If you guys told me to look for RCE in trb this conversation could have ended hours ago
shinohai: Because the Republic isn't in the business of tard wrangling?
ben_vulpes: i thought this was too obvious to point out, did not want to further insult douchebag's intelligence
ben_vulpes: douchebag: until you wrap your head around what goes on here, you're going to be fighting this negative impression where you insist that you're smart and educated etc, just...not in any topics that anyone here cares about eg trb as a basis for murdering the megastate and all barnacles like ecommerce/ssl/securitycircus hanging off the side
ben_vulpes: not to insult your trade, but to try and hammer home the paradigms you're missing
ben_vulpes: man i can't even find the juice to beat this kind of thinking into the heads of people at $work; they gotta come preconfigured for utility
douchebag: ben_vulpes: Why do you write web applications if you're going to allow vulnerabilities in your code?
a111: Logged on 2017-03-24 03:17 gabriel_laddel_p: BingoBoingo: "I should study more" isn't a winning idea. GTFO.
douchebag: Wouldn't it make sense to make sure you're doing something the right way before you go ahead and do it?
☟︎ ben_vulpes: why bother fucking if your dick's going to pop out?
douchebag: Good, I'm glad someone is on the same page as me.
ben_vulpes: mircea_popescu: yeah i care quite deeply about folks clicking links with b58 encoded piles of trash in the url
mircea_popescu: indeed, this may be the first shared prior unearthed yet. but it's solid.
ben_vulpes: mircea_popescu: doing things correctly also implies knowing what hairballs of stupid to cut off and not consider.
mircea_popescu: yues, fucking obviously, kuhn's notion of "paradigm" in research is precisely that, what beds to not look under.
mimisbrunnr: Logged on 2018-03-22 17:08 asciilifeform: i for instance do not see why , if it's wot l1 people living in it, it has to expend the cpu overhead to pretend-isolate and vm-ize. why not simply traditional unix accounts.
jhvh1: ben_vulpes: The operation succeeded.
ben_vulpes: mircea_popescu: tru tru; what objections would you field to sharing a host with l2?
mircea_popescu: if there's actual demand for some reason, can always stand up a box with all that crap later. or entreprising fellow can just resell one.
mircea_popescu: ben_vulpes depends what host. a blog ? i dunno man, what sikrits can they glean!!!!
mircea_popescu: asciilifeform i've not yet managed to properly speaking hose a modern box (hosed as in, root can't log in to fix it)
mircea_popescu: not even sure what it'd take, but we could have a competition, "shorters bash line that hoses box"
ben_vulpes: heh, this'll turn into our bitbet moderation cost center without care
mircea_popescu: asciilifeform how will anyone eat all the ram, apache runs as nobody anyway.
mircea_popescu: well if you're not using it to publish web shits, get a proper box.
mimisbrunnr: Logged on 2018-03-22 17:18 ben_vulpes: can we leverage chroot for this?
mircea_popescu: yes, i expect 60% of the box goes to that wastage by now.
mircea_popescu: which 60% can also be used to... you know, buffer the occasional mass mysql rewrite or w/e user needs
mircea_popescu: it's the pantsuit gift of "progress", tends to soak up about 60% of the living life to do nothing at all. much like their tax system.
ben_vulpes: asciilifeform: does the 'cgroups' 'containerization' sharedhosting approach waste the same amount?
ben_vulpes: it's been some time since i gave a shit but the 'docker' folks were very proud of the resource sharing that linus wrote for them
mircea_popescu: particularly ill suited application for ibm compatible designed hardware.
ben_vulpes: sure, walls in highdensity apartment building also wasteful of square footage
mircea_popescu: ben_vulpes nah, walls in apt building is the linux user system. you're thinking of english "cottages" piled up in town, each with their 3 sq ft "garden" in front.
mircea_popescu: ever been to england btw ? worse wastage of construction materials never was seen.
ben_vulpes: not even japan with the traditional every-30-year rebuild of housing stock?
ben_vulpes: last time i was in england i was like 14
mircea_popescu: imo brits are the dumbest of animals, and for two reasons : the constant rape the muslims put them through, and the constant rape the real estatists put them through.
ben_vulpes: was more interested in the adults with beer and teenaged girls
a111: Logged on 2018-03-22 17:31 asciilifeform: back to the 'let's remove pretenses' -- let's put on record for the log: the 'traditional' style of vps is quite heavy in overhead, because pointlessly emulates for each inhabitant 'you have a i-cant-believe-its-not-a-physical-box-with-physical-nic-and-disks-etc' item
mimisbrunnr: Logged on 2018-03-22 17:23 lobbes: To run with the house analogy: my current vps arrangements feel more like 'condominium' than 'roomies sharing a house'. E.g. I could set up a cronjob to blow away /var/www/ every hour if I felt like it. No need to consult (nor do I see) other renters
mircea_popescu: i suppose a logical next step for pizarro is to have a bot dedicated to listing who's on boxes, what the load is like etc.
mircea_popescu: asciilifeform which may be the last time this (ie, sane people working) even occured.
a111: Logged on 2018-03-22 16:58 asciilifeform: point being that a student who is tired of 'solved problems' can demonstrate mastery any time he's ready and able.
lobbes: Honestly, my knee-jerk reaction against sharing a box is probably based on the old idea of sharing it with $random_orcs. Sharing it with L1s may actually be a Good Thing (I'd probably learn a few useful things)
mircea_popescu: lobbes considering what the level of committment required to try it is... what, waste 20 bux ?
ben_vulpes: lobbes: i think it'll be great; will push everyone on the box to standardize on known-ok package versions. "we support weechat 1.4 and fuckyou"
ben_vulpes: s/fuckyou/for your benefit, dear customer/
a111: Logged on 2018-03-22 16:02 mircea_popescu: the unsustainable, unacceptable etc systematically misrepresented to them as socially acceptable, the necessary, correct etc equally systematically misrepresented as socially unacceptable... it's true that this is grade A child abuse, but then again it's also true the children so abused carry on the sad smoldering stumps of what's left of their lives
a111: Logged on 2018-03-21 14:41 a111: Logged on 2018-03-08 00:21 mircea_popescu: this entire exercise in idiocy has, practically speaking, resulted in me paying various hard working ticos a grand or so, to the people fucking in the ass the "security" paradigm of pantsuit.fetlife. IN LIEU of having paid that much, and rather more, to the fetlife itself.
mircea_popescu looks into the logs, sees 62 instances of eg -
http://testasp.vulnweb.com/t/fit.txt%3F.jpg and similar garbage. this, of course, is "web security" or "penetration testing", or however you'd call it. a set of "tools", no doubt "professional" that permit one A CERTAIN KIND of cargo-cultish periphrastic cvasi-but-not-really involvement in their chosen field.
mircea_popescu: it is sold to ignorant youths on the basis that "hey, SOMETIMES it yields results, when applied randomly to the web". that may be, as Framedragger 's ssh tests or phuctor dredged up, everything, every last bit of nonsense can be found "on the web".
mircea_popescu: nevertheless... do you expect the 62nd application of the same magic wand upon trilema is liable to yield anything more, or better, than the previous 61 ?
mircea_popescu: that's the problem with pantsuit "tools", branded however they may be branded : there's 0 marginal utility to them.
a111: Logged on 2017-02-09 18:03 asciilifeform: the expulsion of 'In all likelihood, there was no change at all to the labor-intensiveness, but the labor was more "fun" for a certain class of people. Now, industrious retards can be a horrible thing. Over a number of years, close to a decade, Perl accreted bits and pieces from programming languages and became usable in lieu of a programming language by people who lacked the mental wherewithall to do programming. Tinkerers, repair
mircea_popescu: the situation is approximately the same as of a "young aspiring gold prospector" who goes to the designated ROOM in his local community center, where he spits on some pebbles / digs through the plasticine cubes.
mircea_popescu: and the only folk to whom the difference is immaterial are our stone age friends from the cargo-cult, cave dwellers as they find themselves.
mircea_popescu: but hey -- vulnweb "works" and therefore... "works". the confusion between these workings is lost to the noob. and yet... magic also "works" in the first case -- when magician/warlock/condoleeza rice walk into room with sickman and wave magic wand, SOMETIMES IT HEALS IT!!!
mircea_popescu: yet magic doesn't work in the working sense of the verb to work, as found in hospitals as opposed to magic shaman nigger hut.
mircea_popescu: in other webs, big bang empire is moderately amusing. you're a pornstar looking for work.
douchebag: mircea_popescu: Anyone who uses scanners such as acunetix or whatever that is called is not a professional.
douchebag: There is nothing professional about running a scanner and reading the results.
douchebag: Yes, I'm going to be looking into that ater work
douchebag: Yeah generally speaking when it comes to security, you should never depend on a scanner or set of 'tools' to comprehensively perform an audit
douchebag: It depends on the complexity of the program
douchebag: it also depends on who wrote the program
douchebag: No, I think if you're auditing code you should understand exactly what, why and how that code is doing what it is doing
douchebag: Because sometimes people use complex solutions for simple problems - complexity doesn't necessarily mean it is better
mircea_popescu: BingoBoingo by now i suspect they're pasty enough to make great bottoms.
douchebag: asciilifeform: If the audit reveals that everything was done properly and to a high standard
douchebag: asciilifeform: In my head an idea of 'high standard' is when functionality and security are both taken into consideration during implementation
a111: Logged on 2018-03-22 16:25 mircea_popescu: douchebag if 13 yo kid comes to psychologist's office because insomnia, and after some hymenlick maneouvering on the part of the professional comes out with the story that has "terrifying and disturbing dreams", thereuponwhich recounts numerous instances of dreamed tits, nipples and areola but 0 clits, labia or vaginal openings, the psychologist can safely thereby infer 13yo kid is a virgin.
douchebag: asciilifeform: You're not even worth responding to at this point, I think you're the one who wouldn't know 'if it bit you'
☟︎ mod6: I've read enough of this for today.
douchebag: I have plenty of priors, I work with a team of highly trained security professionals every day and we have audited all sorts of applications
douchebag: Apache doesn't - that's why it's called A patch e
ben_vulpes: that's ancient and incorrect apocrypha
mircea_popescu: douchebag "shared priors" is a term of art, denoting those useful notions that two participants to a discussion share identically.
douchebag: I can tell you Yahoo is a less secure company than Google
douchebag: Uber also has a very good security team, despite recent press
mircea_popescu: two people in euclidean geometry share the priors noted down by euclid. some other guy on a bannach sphere somewhere, does not.
mircea_popescu: asciilifeform did you do this thing as a kid, where you'd go about the parked cars in the street after leaving school to see "asta cit prinde ?!?!" ie, "how fast does this one go ???"
mircea_popescu: to be established by the number written on the rightmost spot on the odometer.
douchebag: When working with extremely large codebases, vulnerabilities are going to occur
mircea_popescu: douchebag how do you know yahoo is more secure than alphabet ?
douchebag: Because I've worked on pentesting both of them
mircea_popescu: as a subplot, why would a large company require a large codebase ?
douchebag: I never said large companies require large codebases
mircea_popescu: douchebag so you covered say 80% of google's code and 70% of yahoos, and on this basis the 8`844`644 holes you found with yahoo makes you suspect the mere 2`333`156 holes found in google's schweitzer reflect a lesser per-cubit average of holes ?
mircea_popescu: (sub-subplot : calculate the probability of that statement being true ; show the math you used.)
mod6: How many man hours are being wasted on this?
lobbes:
http://btcbase.org/log/2018-03-22#1788893 << you know this wasn't personal right? (Pantsuitism trains emotional response to criticism, I know). He's trying to lead you to realise an important point for yourself (this is a true beauty of this place, incidentally; can meaningfully confront the Self, if you are willing)
☝︎ a111: Logged on 2018-03-22 19:15 douchebag: asciilifeform: You're not even worth responding to at this point, I think you're the one who wouldn't know 'if it bit you'
lobbes: Though, some simply are not willing
ben_vulpes: im kinda surprised to see the indoctrination so thick in a twenty year old
ben_vulpes: although i suppose it comes with a decade of 'security community' baggage
BingoBoingo: !!up douchebag Have you considered getting hard, poking around the internet for warm receptive holes, and submitting writeups to Qntra?
deedbot: douchebag voiced for 30 minutes.
lobbes: Right? Sucks, because he has more knowledge at 20 than I do now at 30. Sadly, also moar cockroaches
BingoBoingo: lobbes: It's a hazard of pantsuit education. Fellow can get loaded up with training as a technician while being sideloaded with broken priors
mod6: BingoBoingo: re !!down that man. I don't have time to read through all this nonsense to pick out 3 important lines to pizarro.
ben_vulpes: lobbes: you should see the girls; i swear the only ones who aren't wholly corrupted by the anxiety machine are the 1st-generation ethnic imports who take care of my kid
mod6: We need to get to work, this is getting in the way. 0 signal, max noise.
BingoBoingo: douchebag: Find a hole, have your fun and profit. Leave a note about the aftermath for Qntra.
BingoBoingo: mod6: Had to give the fellow a lead. Perhaps dude finds a vulnerability in Fedwire and resets the UnifiedStandardDosiedo chain? Submits article. For the young and broken that might be more productive homework than "write a V to understand why you are writing a V"
ben_vulpes: oh and twist, douchebag skip the responsible disclosure fingertrap and fuck 'em hard.
BingoBoingo: What is a Qntra submission if not the most responsible possible disclosure
mod6: Ok finally caught up now.
deedbot: douchebag voiced for 30 minutes.
mod6: douchebag: Let's raise the sig/noise ratio. Try to heed your betters in here. And do take some time to read the logs, they're enriching.